LEADERSHIP
VOL/09 | ISSUE/07
BUSINESS
TECHNOLOGY
VIJAY SETHI, VP-IS, HR and CIO; and ANIL DUA, SVP, Sales, Marketing and Customer Care, Hero MotoCorp, joined hands to redefine business with outsourcing.
SYNC MART
The practitioner’s guide to working with the business and revolutionizing it using analytics, cloud computing, mobility, and outsourcing. Page 30
MAY 15, 2014 | `100.00 WWW.CIO.IN
VIEW FROM THE TOP Ashish Chauhan on growing the BSE with technology. Page 82
SECURITY: CHANGING TACK How to adapt security to a brave new world. Page 86
FROM THE EDITOR-IN-CHIEF
UBLISHER, PRESIDENT & CEO Louis D’Mello P ASSOCIATE PUBLISHER Parul Singh E D I TO R I A L
Time Out? We often clear our workstations or e-mail, but we seldom do that with our minds. In today’s corporate world we put so much stock in outperforming others, in putting in longer hours at the office or by working harder, that it seems that we’ve taken the Olympics motto ‘Citius, Altius, Fortius’ (Faster, Higher, Stronger) a bit too literally. There seems to be a perception that ours is a world of hypercompetition, a world of matsya nyaya, where the strong devour the weak. Even if this perception is accurate, isn’t our response still too extreme? One outdoes competition by being smarter, by initiating better responses rather than by putting in more hours, by missing vacations, by spending less time with friends. In a recent article for Psychology Today, Emma Seppala, associate director of the Center for Compassion and Altruism Research at Stanford University, not only suggests attacking the problem in very different ways but also observes that taking time off actually makes you much more productive. Quoting from many studies, Seppala observes that overwork often doesn't end in success; that too much self-discipline is taxing and, over time, actually leads to willpower fatigue; and, that too much focus can actually hurt our creative problem-solving skills. We often clear our workstations or e-mail, but we seldom do that with our minds. She suggests two ways by which we can actually break the pattern of overwork and become “more efficient and effective by working less.” When do we get moments of insight or creativity, Seppala asks. It’s often not at work. It might be in the shower, while walking, listening to music or relaxing in any other way. “Things seem to fall into place and just "click"—we have an "AHA" moment. The trick to self-mastery actually lies in the opposite of control: Effortlessness, relaxation and wellbeing,” she observes. Go out of your way to be kind and help others, that, Seppala says, is a great way to stop focusing so damn hard and to enhance your positive mood. “Research shows its good for your mental and physical health, you'll live longer [and] be happier…,” she observes. When was the last time you were truly creative?
EDITOR-IN-CHIEF Vijay Ramachandran EXECUTIVE EDITORS Gunjan Trivedi, Yogesh Gupta DEPUTY EDITOR Sunil Shah FEATURES EDITOR Shardha Subramanian ASSISTANT EDITORS Gopal Kishore, Radhika Nallayam, Shantheri Mallaya SPECIAL CORRESPONDENT Sneha Jha PRINCIPAL CORRESPONDENTS Aritra Sarkhel, Shubhra Rishi, Shweta Rao SENIOR CORRESPONDENT Eric Ernest SENIOR COPY EDITOR Vinay Kumaar LEAD DESIGNERS Pradeep Gulur, Suresh Nair, Vikas Kapoor SENIOR DESIGNERS Sabrina Naresh, Unnikrishnan A.V. VIDEO EDITOR Kshitish B.S. TRAINEE JOURNALISTS Madhav Mohan, Mayukh Mukherjee, Vaishnavi J. Desai, Bhavika Bhuwalka, Ishan Bhattacharya SALES & MARKETING PRESIDENT SALES & MARKETING Sudhir Kamath VICE PRESIDENT SALES Sudhir Argula GM MARKETING Siddharth Singh GENERAL MANAGER SALES Jaideep M. MANAGER-KEYACCOUNTS Sakshee Bagri MANAGER-SALES SUPPORT Nadira Hyder SR. MARKETING ASSOCIATES Archana Ganapathy, Benjamin Jeevanraj, Arjun Punchappady, Cleanne Serrao, Margaret DCosta MARKETING ASSOCIATES Lavneetha Kunjappa, Shwetha M. LEAD DESIGNER Jithesh C.C. SENIOR DESIGNER Laljith C K MANAGEMENT TRAINEES Bhavya Mishra, Chitiz Gupta, Deepali Patel, Aditya Sawant, Mayur R Shah, R. Venkat Raman, Brijesh Saxena, Eshant Oguri, Deepinder Singh TRAINEE Sejuti Das O P E R AT I O N S VICE PRESIDENT HR & OPERATIONS Rupesh Sreedharan FINANCIAL CONTROLLER Sivaramakrishnan T.P. CIO Pavan Mehra SR. MANAGER OPERATIONS Ajay Adhikari, Chetan Acharya, Pooja Chhabra SR. MANAGER ACCOUNTS Sasi Kumar V. SR. MANAGER OPERATIONS T.K. Karunakaran MANAGER OPERATIONS Dinesh P. EXEC ASSISTANT TO THE CEO Tharuna Paul MANAGER CREDIT CONTROL Prachi Gupta ASST MANAGER ACCOUNTS Poornima
All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.
Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in VOL/9 | ISSUE/06
Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.
IDG Offices in India are listed on the next page
REAL CIO WORLD | A P R I L 1 5 , 2 0 1 4
1
contents MAY 15, 2014 | VOL/9 | ISSUE/07
Mobile Masters Dose-tinted Lenses
55 | Practitioner's Guide to Analytics Move over intuition. It's information that business wants. How to get anaytics right.
The Right Stuff Employable Insights Ahead with Analytics
69 | Practitioner's Guide to Cloud Cloud computing is here to stay. It's time to build a robust cloud strategy.
Cloud Built Up 5 Tips to Keep Data Secure in the Cloud 8 Sure-fire Ways to Screw Up a
3 0
Cloud Contract more Âť
30 | Smart Sync FEATURES | TECHNOLOGY Savvy CIOs are increasingly aligning with business to get the most out of analytics, cloud computing, mobility, and outsourcing. Here's how you can too.
8 2
32 | Practitioner's Guide to Sourcing Outsourcing can go a long way in helping organizations deal with SMAC and find greater agility. Here's how to do it well. COVER DESIGN BY UN NIKRISHNAN AV
Outstanding Outsourcing 10 Steps to Outsourcing Failure Dealing with Multiple Outsourcers
43 | Practitioner's Guide to Mobility Mobile technologies have excited IT and business leaders across industries. Here's how mobility is changing the dynamics of business.
Mobility Matters
2
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VIEW FROM THE TOP: “When we take the number of investors from 2.5 crore to 25 crore then our vision and objective for BSE will be met," says Ashish Chauhan, CEO, BSE.
VOL/9 | ISSUE/07
DEPARTMENTS 1 | From the Editor-in-Chief Time Out? By Vijay Ramachandran
7 | Trendlines
6 0
Innovation | Game of Drones Healthcare | To the Heart of the Matter Internet | Listen to My Voice Legal | Smartphone Kill-switch Popular Science | Sniffing Out Disease Consumer Electronics | Mood Detectors Opinion Poll | What’s Going Mobile? Technology |Nothing Fishy Here Business | US Paper Accept Bitcoins Space | Life on Mars, Here on Earth Robotics | Humanoid Robotic Firefighters By the Numbers |Riding the Digital Wave
16 | Alert Data Theft | Hacked to Death Best Practices | Security Cover
86 | Security in the Brave New World
103 | Essential Technology Open source | Open Source Rules Software | Open Up the Old
FEATURE | SECURITY Not all the proven practices of the past work in today’s interconnected, heterogeneous world. Here’s what you need to do differently. By Bud Mathaisel, Terry Retter, and Galen Gruman
Columns
108 | Endlines
52
21 | Ready for Your Electronic Tattoo? TECHNOLOGY The concept sounds simultaneously futuristic and bizarre. But let’s get this straight: You'll get one. And sooner than you think.
Technology | Fighting Fakery By Lauren Brousell
3 9 0 3
By Mike Elgan
23 | Lose Focus, Gain Creativity LEADING EDGE Losing the relentless focus and taking a team-wide break from punishing project schedules can make you more productive than ever before. By Gunjan Trivedi
28 | Who’s the Leader? CAREER The CIO at Washington Suburban Sanitary Commission talks about the difference between leaders and managers and suggests some ways to bridge the gap. By Mujib Lodhi
4
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
CIO EXECUTIVE BOARDS EVENT: CIO magazine launches an all new series of events around analytics, mobility, cloud computing and outsourcing. Find out what you missed.
VOL/9 | ISSUE/07
www.cyberoam.com
Turning CIO into the next-generation catalyst Cyberoam NGFWs enable enterprise CIOs harness IT & network transformation with insights beyond security, helping them innovate, monetize and differentiate.
Key business benefits of Cyberoam NGFWs to CIOs:
• Next-generation threat protection (also secures critical infrastructure / SCADA networks)
• Wirespeed gigabit performance • Visibility into BYOD and Virtual environments • Easy compliance • On-appliance Web Application Firewall (WAF)
For more information contact marketing@cyberoam.com
Cyberoam Product Line : Network security appliances (Next-Generation Firewalls/UTMs)
Centralized Management (Hardware & Virtual)
© Copyright 2014 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.
Centralized Reporting
CIO Online
.in CIO ADVERTISER INDEX
[ CI O TV ]
Accenture Services
17
Cisco Systems India
IFC
Video Library
Cyberoam Technologies
From peer-to-peer advice, and new technology developments to international events, our videos cover everything that affects you. Keep yourself abreast with the world of IT, watch our online videos.
Hitachi Data Systems India
[ Ca se S tudies ] Real Solutions
To know about the different business challenges that companies in your industry and beyond faced and how their IT departments came to their rescue, read our case studies. Real problems. Real people. Real solutions. cio.in/find/case_study
[ S l i des hows ] From cloud tools to other tech projects, view our slideshows for all that and more.
5
HCL Comnet
13 3
HP BCS
IBC
Microsoft Corporation (India) 8 & 9 & False cover Netmagic IT Services Ricoh India
24, 25 & 26 19
SAS Institute (India)
65
Vodafone India Ltd ( Corp)
BC
[ Su r veys ]
By the Numbers Our surveys are a treasure trove of technology, staffing, security trends and beyond. They mirror economic realities and how they impact you. Visit the By the Numbers section online. cio.in/by-the-numbers
[ N EWS ] Our CIO World newsletter gives you a daily dose of everything that impacts you, your staff, and your business. Log on to check out the latest news.
Don't receive our newsletters? Log on to our website to subscribe today!
>> cio.in/news
Read More@ cio.in 6
>> Case Studies >> Whitepapers >> Articles >> Slideshows >> CEO Interviews >> Events
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
FOLLOW US ON www.facebook.com/CIOIndiaIDG twitter.com/CIOIn
This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.
VOL/9 | ISSUE/07
EDITED BY SUNIL SHAH
NEW
*
HOT
*
UNEXPECTED
Game of Drones
elections. We are traveling with TV Today on its Election Express (a mobile studio),” says Mehta. The drones are powered by lithium polymer batteries and are operated via remote control from the ground by Quidich pilots. To make the cut, pilots need over 300 hours of drone flying time. The idea to build Quidich germinated when Rahat Kulshreshta, CEO, Chahal Garg, design head, Tanuj Bhojwani, technical head, and Mehta met at the Young India Fellowship,
a post graduate program that focuses on experiential learning. “We were all from very different backgrounds and that helped us come up with creative ideas,” says Mehta. “We wanted to change the way aerial filming was perceived and to make it affordable. Even a single aerial shot or a few seconds of video takes production quality to a whole new level.” —By Aritra Sarkhel
TRENDLINES
I N N O V A T I O N What’s common between Headlines Today, the Indian Railways, and Volkswagen Motorsport? The use of Quidich. No, not the game from Harry Porter. Quidich is a Delhi-based company that builds drones, unmanned aerial vehicles loaded with cameras, which are controlled from the ground. In India, the commercial use of drones is still a new concept, but Quidich already has its hands full. “We have barely been around for two months, but we’ve already done work for Volkswagen Motorsport, Aaj Tak, Indian Railways, and NDTV to name a few,” says Gaurav Mehta, marketing head, Quidich. The drones carry cameras that record aerial images and HD quality video and are being used by some news channels to cover the 16th Lokh Sabha elections. “We have some fabulous shots of the
To the Heart of the Matter
VOL/9 | ISSUE/07
have been on the market for years, but Eko’s accessory allows doctors who prefer traditional analog devices to bring them into the digital age. The Eko pairs automatically with a doctor’s smartphone and digitizes the audio signals that the stethoscope picks up, streaming them to the phone for use in the Eko app. With the app, the doctor can view the waveforms from the stethoscope in real time. “Their goal is to listen to that heart and determine if there’s anything that warrants further investigation,” said Eko founder and CEO Connor Landgraf. An Eko costs less than a typical digital stethoscope but Landgraf says, there’s
another reason doctors would rather add the company’s adapter to the traditional analog version: It still looks like a stethoscope. “No one wants to be the doctor wearing the weird-looking stethoscope,” Landgraf said. One challenge for Eko is there’s no prescribed format for audio files in standard medical records systems. The company has incorporated its audio into a few medical records systems that allow for file storage, Landgraf said. It’s exploring ways to store the information in the format most commonly used for exporting and sharing all types of medical data, called HL7, he said. —By Stephen Lawson REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
IMAGES BY T HIN KSTOCK
Seeing the latest smartphone makes some people’s hearts beat faster. Now there’s an app that can hear them. The app, from a company called Eko Devices, works with a device that attaches to a standard analog stethoscope. Via the Bluetooth Low Energy protocol, the Eko adapter sends the audio from the stethoscope to the doctor’s phone or tablet for recording, viewing, analysis and sharing. Digitizing the heart and lung sounds that a stethoscope picks up allows doctors to view them as waveforms, giving them another tool to detect potential ailments. Digital stethoscopes
H E A LT H C A R E
7
The cloud that helps win the race. The winning edge can boil down to nanoseconds. Data can be as important as the driver. Powered by Microsoft Dynamics, Azure and Office 365, Lotus F1 Team analyses and shares data from over two hundred sensors that measure everything from engine fatigue to torque and vibration. Working in sync with the right information, the team from the factory to the garage to the track can make the calls that make the difference between winning and losing.
This cloud gives teams an edge. This is the Microsoft Cloud.
Social
learn more at microsoftcloud.com
Productivity
Platform
Insights
Listen to My Voice
— By Tim Hornyak 10
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
Smartphone Killswitch Could Save $2.6B a Year Technology that remotely makes a stolen smartphone useless could save American consumers up to $2.6 billion (about Rs 15,600 crore) a year if it is implemented widely and leads to a reduction in theft of phones, according to a new report. US law enforcement officials and politicians are pressuring cellular carriers to make such technology standard on all phones shipped in the US in response to the increasing number of smartphone thefts. They believe the so-called “kill switch” would reduce the number of thefts if stolen phones were routinely locked so they became useless. But carriers have resisted these requests and there are now bills proposed at the US Senate, US House of Representatives and California State Senate that would mandate such a system. The report, by William Duckworth, an associate professor of statistics, data science and analytics at Creighton University, found most of the savings for consumers would come from reduced insurance premiums. Duckworth estimated that Americans currently spend around $580 million (about Rs 3,480 crore) replacing stolen phones each year and $4.8 billion (about Rs 28,800 crore) paying for handset insurance. If a kill-switch led to a sharp reduction in theft of phones—something supporters argue would happen because stolen phones would lose their resale value if useless—most of the $580 million spent on replacing stolen phones would be saved. A further $2 billion (about Rs 12,000 crore) in savings could be realized by switching to cheaper insurance plans that don’t cover theft. The report found that 99 percent of consumers thought cellular carriers should allow all consumers to disable a phone if stolen, 83 percent thought a kill switch would reduce smartphone theft, and 93 percent believed they should not be asked to pay extra money for the ability to disable a stolen phone. —By Martyn Williams
LEGAL
VOL/9 | ISSUE/07
IMAGES BY T HIN KSTOCK
TRENDLINES
INTERNET Fujitsu has developed technology that makes synthesized speech sound a little more natural and less robotic by adopting the appropriate tone for different situations. For instance, if there’s an emergency it would select an alarming tone of voice. In a noisy environment, it would choose to speak louder and more clearly. A tranquil environment might elicit a relaxing tone. To create the voice, the technology uses machine learning algorithms to analyze the patterns of natural speech and extract voice characteristics relatively quickly from a small voice sample. From those characteristics, a high-quality synthetic voice can be built and imbued with the right tone for a given situation, Fujitsu said. The synthesis technology could work with local or cloud data so that a voice system could give out information with the appropriate tone and pitch. It might inform factory workers of a valve problem, for example, by adopting an urgent tone of voice. An audio sample in Japanese presents a synthesized voice repeating a warning about a duct error with increasing urgency, rising in pitch and speed. In a country like Japan, where everything from escalators to trucks issue automated voice warnings to users or people nearby, making synthetic voice systems aware of environmental and other data could make them more effective. But the technology could be used wherever synthetic voices are needed. “Some examples of potential applications for this technology are voice-based work support solutions in factories and other work environments, natural disaster-related broadcast solutions, car navigation systems, text-to-speech services for online content, text-to-speech email solutions and automated messaging services,” a Fujitsu spokesman said. The know-how might also lead to applications that clone a person’s natural voice, which would be useful for those who are losing their ability to speak due to illness. It would take about three to five hours of someone reading out a text to create a database, the spokesman said, after which the person’s voice could be cloned. If the user were to lose the ability to speak, a PC could speak typed words with the cloned voice.
Sniffing Out Disease
What’s Going Mobile? According to a recent survey, productivity tools are the most popular category of apps that are being ‘mobilized’.
OPINION POLL
58%
Productivity
51%
Collaboration
49%
Line-of-Business
45%
Business Intelligence
43%
Time Tracking/Expense
35%
Field Service Social Networking Salesforce
25%
21%
Source: Citrix
VOL/9 | ISSUE/07
Computers That Can Detect Your Mood Dell Research, a new division of the recently privatized Dell, is conducting early experiments with brain and body sensors to detect a person’s mood for use in computers involved with education and communications. It could also be used to monitor a person’s mood while driving or playing games. The mood experiments are among others underway at Dell Research that stretch across four broad areas: Security, data insights, mobility and the Internet of Things, and cloud and modern datacenters, according to Jai Menon, a vice president and Dell’s chief research officer. Dell’s focus on moods and emotions will use a person’s brain waves combined with heart rate, pulse or other body functions in hopes of detecting when a person is happy, sad, anxious, fearful or has other feelings, Menon said. Eventually, such mood input could be channeled to help a teacher know when students are most alert and ready to learn or to help managers better communicate with workers, he said. “There’s a lot of potential in daily use. Say I’m in my car and calling somebody and sudden fear is sensed. Well, that fear could drive a call to 9-1-1, for example,” Menon said. “In gaming, the game can become more interesting depending on our moods, and if a device senses trepidation on my opponent’s part, then maybe I can beat you now.” The area of brain-computer interfaces (BCI) “has made strides in the last few years and a lot of it is high end, but our focus is on the less expensive, consumer-grade capabilities,” Menon said. In the work, Dell researchers are evaluating a range of devices, including products from NeuroSky and Emotiv, that use electroencephalography (EEG) to detect brain activity, heart rate, pulse and other sensors. One question for researchers is how specific a certain level or location of brain activity must be in order to indicate a certain mood, Menon said. Researchers must also find out if certain brain activity or other body indicators cause the same moods for more than, say, 80 percent of people. —By Matt Hamblen
CONSUMER ELECTRONICS
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
TRENDLINES
P O P U L A R S C I E N C E If you’re worried about being out of shape, or suspect you might have a disease like diabetes, just breathe into Toshiba’s new tube. It’s part of a prototype medical breath analyzer that’s small enough to be used in small clinics or gyms. By detecting trace gases that are exhaled, it could be used to monitor health indicators such as fat metabolism and help diagnose disease, Toshiba said. “The main feature of this analyzer is its compact form,” said a spokesman for Toshiba. “It’s the size of a personal computer. Previously developed devices were larger and could only be used in facilities such as hospitals.” Another merit is speed, providing analysis results in about 30 seconds, he said. Toshiba used gas analysis technologies from its semiconductor and other manufacturing operations to develop the device. An infrared laser shines on the exhalation while a spectrum analysis component checks for telltale signs of organic compounds. Using a quantum cascade laser, which is a semiconductor laser used in gas analysis, allowed the analyzer to have a small form factor while retaining the accuracy of larger, floor-mounted devices, Toshiba said. The current version of the device can measure organic compounds such as acetone, which can indicate obesity and diabetes, and acetaldehyde, which is involved in the chemistry of hangovers. —By Tim Hornyak
11
Nothing Fishy Here
TRENDLINES
T E C H N O L O G Y MIT researchers have created a soft, autonomous robotic fish that can change direction in a fraction of a second—nearly as fast as a real fish can. The softness of the robot enables the machine to continuously change into an “infinite range” of configurations, according to MIT. Each side of the robotic fish’s tail has a long, undulating channel inside it. A canister in the robot’s body releases bursts of carbon dioxide, inflating the channel and causing the tail to sway back and forth, propelling the robot and allowing it to turn quickly in the water. “We’re excited about soft robots for a variety of reasons,” said Daniela Rus, a professor of computer science and engineering and director of MIT’s Computer Science and Artificial Intelligence Laboratory. “As robots start interacting with people, it’s much easier to” keep them safe “if their bodies are so soft that there’s no danger if they whack you.”
The device was developed by Rus and colleague Andrew Marchese, a graduate student in MIT’s Department of Electrical Engineering and Computer Science, “The fact that the body deforms continuously gives these machines an infinite range of configurations, and this is not achievable with machines that are hinged. A rigid-body robot could not do continuous bending,” she added. MIT noted that its research team is using 3D printer technology. The mold for the fish’s tail and head from silicone rubber and the polymer ring that protects the electronics in the fish’s guts was built by a 3D printer. Rus said the robotic fish should eventually be able to work for 30 minutes at a time on various tasks, such as swimming amid a school of fish to gather data about their behavior. —By Sharon Gaudin
The Chicago Sun-Times is now accepting bitcoins as payment for subscription, becoming the first major US newspaper to take the digital currency. The paper’s goal is to keep evolving with changing technology, and accepting bitcoin payments is one way it is trying to stay digitally focused, Editor-in-Chief Jim Kirk said in a release. The Sun-Times partnered with San Francisco-based micropayments startup Bitwall so readers could donate bitcoin or tweets on Twitter to benefit an organization called the Taproot Foundation, which pairs professionals with nonprofit groups for pro bono work. “We were encouraged by our paywall experiment in February,” Kirk said in an interview over Twitter. “We believe there is an opportunity here to expand our readership with Bitcoin.” The Chicago Sun-Times claims 6 million unique monthly online readers. It was the eighth-largest US newspaper by total average circulation in March 2013, according to the Alliance for Audited Media, an advertising and content provider industry
BUSINESS
12
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
group. For its print and digital subscriptions, the newspaper is working with Coinbase, a bitcoin wallet service also based in San Francisco. In a blog post, Coinbase said that content providers such as the Sun-Times are one of the early leaders in getting merchants to adopt the cryptocurrency. In January, Bitcoin-related news sites reported that Dutch newspaper NRC Handelsblad was planning to accept bitcoin as a payment method for individual articles. A Reddit poster, claiming to be a webmaster for the paper, said the new payment method was being implemented step by step. Although Bitcoin has been overshadowed by allegations of fraud and hacker attacks such as in the collapse of Japanbased bitcoin exchange Mt. Gox, content providers and bloggers are turning to the digital currency in part because it’s a cheaper means of moving payments around, with transaction fees which can be lower than 1 percent. —By Tim Hornyak
VOL/9 | ISSUE/07
IMAGE: M. SCOTT BRAUER \ COMPUTERWO RL D
US Paper Accept Bitcoins
CUSTOM FEATURE HCL TECHNOLOGIES
CASE STUDY
Overhaul of Growth Strategy:
Getit Infomedia Gets IT Right Jaspreet Bindra, CEO, Getit Infomedia, speaks on how HCL Technologies is aiding his company become infrastructure-ready when it grows its consumer base by five times by 2016. By Shweta Rao
upwards at an exponential rate in the past four years and plans to grow five times in the next three years. That said, the rapid growth would have exceeded its IT infrastructure capacity within the next 12-18 months. “We wanted to be infrastructure-ready for a ten times increase in our consumer base and reduce customer on-boarding time from days to hours. We had to be extremely agile in expanding our services portfolio, as our older systems were monolithic and didn’t represent the digital culture we were trying to get our customers to adopt,” Bindra says.
W
ith a network of over 40 offices around the country and employee strength of over 1,000, Getit Infomedia (GI) provides an excellent local search platform for SMBs and consumers to converge into. Until about four years ago, GI was predominantly into the print business. Following a business consolidation with Infomedia, the company built a resilient infrastructure and a support team that delivers high value local search and allied services across print, voice, online, and mobile platforms. “As we scaled up, we realized that we needed to not only improve our efficiency, but also completely redefine the experience of consumers and businesses utilizing our services,” says Jaspreet Bindra, CEO, GI, who laid down the simple objectives for the company’s IT renovation. Becoming the Fittest Bindra set two broad goals for GI’s technologycum-business revamp—each with a short, medium, and long-term horizon. “The first goal is to become service-oriented. We want to be the first end-to-end destination for businesses, consumers, and the talented developer ecosystem in India. Our second goal is around creating a dynamic infrastructure, completely elastic without the constraints of computation limits,” he says. These goals had a bearing on the fact that GI has surged
Jaspreet Bindra CEO, Getit Infomedia Today, GI is reengineering most of its IT systems around SOA principles and Dynamic Infrastructure in collaboration with HCL Technologies. “HCL has solid credentials in the vertical we belong to, in addition to the fact that they have some of the best talent out there. While much of what we are doing can be characterized as cutting-edge and high risk, we are very happy with the flexibility we have seen in HCL’s delivery,” he adds. Commenting on this comprehensive engagement, a HCL spokesperson says, “GI’s strategic outsourcing deal with HCL is of utmost strategic importance as it is the
first of its kind in India which includes IT infrastructure, applications, and BPO. It is also the first time that 111 employees have been rebadged successfully to HCL in the India business.“ GI took the first step of moving into the public cloud a few months ago. “We are running one of the largest public cloud setups in India currently. This year, we want to build on that and make our core infrastructure completely invisible. Capacity shouldn’t come in the way of innovation or scaling services,” says Bindra. Almost everything that GI has moved into production is in the Beta stage, “We believe that discovering a viable product is far more important than being perfect in the first go. In that way, we try out stuff and if it doesn’t work, we move to something else,” explains Bindra. No Holds Barred Interestingly, almost all elements of GI’s transformation would be traditionally thought of as high risk in most enterprises. “We have moved lock, stock, and barrel to the public cloud. We run absolutely everything including our voice business and ERP out of the cloud. All our app deployments are pushed out from the cloud. We adopted tablets for our sales force, completely adopted Bring Your Own Device (BYOD) for the whole organization, and phased out the traditional IT helpdesk in most physical locations,” says Bindra. In a sense, GI has constantly been on an evolving mode which has helped Bindra and his team tackle change management effectively. “We are trying to mimic what our consumers are like today and want to behave less like an enterprise,” he adds.
This case study is brought to you by IDG Services in association with HCL Technologies
Life on Mars, Here on Earth A six-astronaut crew has begun its 120-day “mission” on Mars. They’re not actually astronauts and they’re not actually on Mars, but three men and three women have begun a fourmonth mission to investigate how they would interact and survive long-duration space exploration, such as a trip to Mars. The crew of the Hawaii Space Exploration Analog and Simulation (HI-SEAS)will live in what the University of Hawaii describes as isolation in an “extremely remote,” 1,000-square-foot habitat that’s 8,200 feet above sea level on Mauna Loa, one of five volcanoes that form the island of Hawaii. The crew members, who began their NASA-funded mission at the end of March, will spend the mission living in a geodesic dome, a sphereshaped structure. If they leave the dome, they can only do so in simulated spacesuits. “Missions like this, reduce the risk of going to Mars,” said Kim Binsted, the principal investigator on the HI-SEAS project. NASA is focused on trying to send astronauts to Mars by the 2030s. While contracting out work to ferry supplies and eventually astronauts back and forth to the International Space
TRENDLINES
S PA C E
Station, NASA is focused on building the heavy-lift rockets, robotics and spacecraft needed to get humans into deep space. NASA estimates that a Mars mission, to the Red Planet and back, would take three years. The space agency needs to study how astronauts are apt to react to each other and their confined, potentially dangerous, environment. “They’re going to be taking a whole bunch of psych tests looking at their mood, looking at how they relate to each other, looking at the cognitive skills and how they change over time, but we are also going to be measuring their performance,” Binsted said. Each crew member was given a different role to play, as well as different scientific projects to work on. For example, Tiffany Swarmer, a biologist and research assistant with the University of North Dakota’s Human Spaceflight Laboratory, is experimenting with 3D-printed surgical tools in confined and extreme environments. Lucie Poulet, a research associate and Ph.D candidate at the Institute of Space Systems of the German Aerospace Center, is assigned to growing plants for consumption inside the habitat. — By Sharon Gaudin
Humanoid Robotic Firefighters
IMAGE: HI- SEAS.O RG
R O B O T I C S Some day, if there’s a fire on a US naval ship, a humanoid robot may rush in to put it out. That’s the vision coming out of the US Navy’s Office of Naval Research, which will host a test of robotic firefighters this summer. Firefighting robots would take on high-risk tasks, such as going into an intensely hot and smoky environment, that a human sailor would normally have to do. “People can only stand relatively short periods of time directly fighting the fire because of the heat, the radiation, the smoke and the steam,” said Thomas McKenna, program officer in the Office of Naval Research’s Warfighter Performance Department in the Human-Robot Interaction Division. “A firefighter during a shipboard fire may only be able to be exposed for 15
14
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
minutes. The idea is to get around those human limitations.” The Navy plans to test the robots on the USS Shadwell, a decommissioned landing ship where the Navy conducts some of its damage control research. The Navy will be working with the two-legged Shipboard Autonomous Firefighting Robot (SAFFiR), which was built by scientists at Virginia Tech, the University of California, Los Angeles and the University of Pennsylvania. Two different versions of the SAFFiR will be tested—one an approximately 5-foot-tall machine with a basic set of legs and a simple control mechanism, and another 6-foot-tall robot with more advanced legs that should be capable of more robust locomotion, according to McKenna.
During the test, the robots will need to balance on a boat, turn valves, find, pick up and drag a fire hose and then turn the water on the fire, using its vision system to track the fire and search for victims. The demo also will test new sensors that have been designed to “see” through smoke. The robots also will have stereo, infrared and laser scanning sensors. In May 2012, a fire aboard a nuclear submarine, the USS Miami, injured seven people, including three shipyard firefighters. The sub was drydocked at the Portsmouth Naval Shipyard in Kittery, Maine. Unable to afford to make the repairs, the government was forced to inactivate the submarine. A shipyard worker admitted to setting the fire. — By Sharon Gaudin
VOL/9 | ISSUE/07
COMPILED BY SHUBHRA RISHI
Best Practices
Riding the Digital Wave Indian CIOs are catching the digital wave and opening up new business opportunities and creating a technologically advanced enterprise. According to PwC’s 2014 Digital IQ Survey of IT and business leaders, Indian companies are utilizing the power of technology to drive productivity, costeffectiveness, and competitiveness of their businesses more effectively compared to their global counterparts. About 92 percent of Indian CIOs believe they have a strong or very strong digital IQ—a company’s ability to understand technology and leverage its benefits—as compared to the overall global digital IQ of 63 percent. And this is because more than 50 percent of Indian companies today are enabling digital transformation by investing in technologies such as data mining and analysis, virtual meeting and collaboration, private cloud, mobile apps, cyber security, and data visualization. Another reason for this digital wave, according to the survey, is the fact that Indian IT leaders are increasingly getting closer to the business. This has elevated the role of IT in Indian organizations. Over 80 percent IT leaders say their CEO or senior-most business leader is an active champion of IT in their organizations. About 56 percent of business leaders rated their organisation’s IT department as having an ‘excellent’ understanding of the business strategy. This is a clear indication of the fact that the gap between business and IT is narrowing and as a result investment in new technologies is increasing.
1
CREATE a holistic digital strategy that considers every dimension of your business and every possible digital opportunity with its respective challenges.
2
DEFINE and design the digital capabilities structure within the organization to ensure that the right decision-makers and people with the right skillsets are engaged throughout the entire process.
3
BUILD an IT strategy and enterprise architecture that considers the increased demands of the new and emerging digital channels.
TRENDLINES
I
Indian CIOs are pushing the digital agenda in their organizations, increasing investment in new technologies.
Pushing the Digital Agenda
92%
Of Indian CIOs believe they have a strong or very strong digital IQ—a company’s ability to understand technology and leverage its benefits.
India Inc is Investing in… 1.
Virtual meeting and collaboration technologies
2. Private cloud 3. Data mining and analysis 4. Mobile apps 5. Data visualization
56%
Of business leaders rated their organization’s IT department as having an ‘excellent’ understanding of the business strategy. SOURCE: PWC 2014 DIGITAL IQ SURVEY
VOL/9 | ISSUE/07
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
15
alert
ENTERPRISE RISK MANAGEMENT
Hacked to Death H
IMAGES BY THINKSTOCKPHOTOS.IN
acking is no longer just a game for tech-savvy teens looking for bragging rights. It is a for-profit business—a very big business. Yes, it is employed for corporate and political espionage, activism (“hacktivism”) or even acts of cyberwar, but the majority of those in it, are in it for the money. So, security experts say, one good way for enterprises to lower their risk is to lower the return on investment (ROI) of hackers by making themselves more expensive and time-consuming to hack, and therefore a less tempting target. It’s a bit like the joke about the two guys fleeing from a hungry lion. “I don’t have to outrun him,” one says to the other. “I just have to outrun you.” Of course, this only applies to broad-based attacks seeking targets of opportunity—not an attack focused on a specific enterprise. But, in those cases, being a bit more secure than
others is generally enough. David Meltzer made that argument recently in a post on Tripwire. “How do you stop a smart attacker? Simple: Reduce their ROI to make exploiting you fiscally irresponsible.” That is the consensus of other experts. “If you make it more difficult and less rewarding for the nontargeted, financially motivated attacker, she or he will likely move on to an easier mark,” said Deena Coffman, CEO of IDT911 Consulting. Bob West, chief trust officer at CipherCloud, agrees. “The commercialization of cybercrime in the last decade has elevated ROI as a very important factor in many attacks,” he said. So does Bogdan “Bob” Botezatu, senior e-threat analyst at Bitdefender.
FINDINGS
Security Deficit
Court settlements Loss of intellectual property Audit and consulting services
16
60% 47%
Damage to brand/reputation
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
36% 35% 34%
Lower the ROI of Hackers That, of course, raises the obvious question: What, specifically, should enterprises do to make themselves less tempting targets, especially since it is cheaper than ever to launch broadbased attacks? While it is still expensive, time consuming and takes high skill to launch a sophisticated attack on a single target, the marketplace on the so-called Dark Web provides, “software apps for less-skilled thieves to purchase for little money
Security breaches can empty an organization’s coffers and cause long-term monetary damage. Here’s what Indian CISOs include in their calculations while assessing financial losses due to security breaches.
Factors Included in Calculation of Financial Losses Loss of customer business
“Commercial, or non-state-sponsored hackers are usually trying to get the most profit with minimum amounts of money,” he said. “The more difficult the attack, the less interested they are.”
62%
Of Indian CISOs say their organizations have cyber insurance that protects them from misuse of electronic data. SOURCE: GISS 2014
VOL/9 | ISSUE/07
alert
ENTERPRISE RISK MANAGEMENT
and use to attack companies that leave their networks exposed or only have a single layer of security,” said Coffman. There is general agreement that an enterprise should start by evaluating its assets based on what an attacker would find attractive. But there are differences among experts about their worth. Most agree that the value of credit card data declines rapidly—as soon as the breach is known, the cards are destroyed and replaced. Russ Spitler, vice president of product strategy at AlienVault, said credit cards, “are easy to steal, but actually reasonably difficult to turn into money at scale, due to the fraud detection that the card providers have developed.” But, he said credit cards remain a valuable asset for enterprises, “and the one that is easiest to sell.” He believes e-mail lists have even less value. “They really require very high volumes to resell. E-mail lists are practically free these days,” he said. But not all his colleagues agree. Botezatu said customer e-mails, “are the foundation of any business. They are sold and rented on underground forums for a specific amount of money. Often they are sold to multiple cybercriminals, so the profit, even if small, is constant.” And Coffman said e-mail addresses are valuable because they are, “now used as account names. Once an attacker has an e-mail account that can be used to reset and access all other accounts that use that e-mail address. If your bank will e-mail your new password to your e-mail account, then access to your e-mail account is akin to access to your banking account.
Source code is another asset that prompts mixed opinions. Coffman described its value as, “very high as the attackers now know how to compromise the application in a way that is unlikely to be detected.” Spitler agreed with Coffman that source code can be, “a resource to be used in developing future attacks against the company or other users of the software.” But he said it is rarely a target in a broad-based attack for simple profit because, “it is very hard to resell.” Whatever the value of various assets to an enterprise, the ways to improve their security are not necessarily complex or expensive. Meltzer recommended decentralizing them, so they are not all in one place. Coffman agreed, adding that they should be protected with strong encryption— something Bob West, chief trust officer for CipherCloud, said will effectively cut the ROI of an attacker. Even in the event of a breach, he said, it will be costly and time consuming to, “convert valuable data that’s been strongly encrypted into its non-gibberish state.” One of the seemingly simplest ways to lower the ROI of attackers is to keep software up to date. Sophos Labs reported recently that, “91 percent of the booby trapped documents in our reports from January and February 2014 would have been rendered harmless by just two Microsoft patches, issued two and four years ago.”
Experts are unanimous in saying enterprises need to install patches promptly. But Botezatu said it is not always as simple for them as it is for the individual downloading a fix to a laptop. “Enterprises are known for their slow patching cycle,” he said, “but this is mostly because they have to take the machines out of production, which means downtime and, implicitly, money loss. “Another reason for not upgrading is that some applications custommade for a company only work on specific configuration, such as Internet Explorer 6. An update would break the tools and rewriting these could be too costly for the company.” In general, however, the consensus is that basic but rigorous security measures will keep an enterprise ahead of the pack. “Organizations now have to focus more on restricting access to raise the bar,” said Yo Delmar, vice president of MetricStream. “That means a well-thought-out defense and in-depth strategy with continuous monitoring.” Coffman recommends having an outside company, “regularly scan for ‘open doors’ in your network that make you an easy target for the majority of potential data thieves that are just using inexpensive tools to troll for the slowest gazelle in the herd.” CIO
Taylor Armerding is a writer for CSO magazine. Send feedback to editor@cio.in
[ONE LINER:]
Whether or not our users understand it, their safety is our responsibility. We’re moving to a world where all content is encrypted always. — ALEX STAMOS, CISO, YAHOO
18
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
CUSTOM FEATURE RICOH INDIA
CASE STUDY
MAKING HEALTHCARE
MORE ACCESSIBLE A pioneer in the Indian diagnostic services industry, Dr. Lal Pathlabs wanted to up the ante in patient care service. Here’s how the organization managed to achieve it with effective use of the cloud.
“We have integrated the application with thirdparty LoB applications through an Enterprise Service Bus. The data transmits to the required applications such as ERP and Laboratory Information Management System (LIMS) even before the sample reaches the laboratory for processing,” he adds.
By Shweta Rao
S
ince its humble beginnings in 1949, Dr. Lal Pathlabs (LPL) has carved out a formidable reputation for itself. With an array of over 3,000 tests, 1,000 collection centers, and 2,500 pick-up points across the country, LPL is one of the largest diagnostic service providers with an impressive panIndia presence.
Progressive Outlook In recent years, LPL has grown to the level of catering to approximately 35,000 customers on a daily basis. Munender Soperna, head-IT at LPL, understands that lab processes across the industry have not matured and streamlined, owing to unclear policy guidelines. LPL also wanted to automate its home sample collection services to cater to the growing need of its customers. Tackling Challenges Phlebotomists at LPL were facing an everincreasing number of patient registrations manually. This meant handing out at least 20 paper receipts in return of samples collected. Not only did this slow the registration process, but it also led to revenue leakages at the customer initiation point. Soperna and his team wanted to devise a mobility solution that would automate LPL’s customer requests, but zeroing in on the appropriate solution proved to be a challenge.
Munender Soperna,
Head-IT, Dr. Lal Pathlabs
“As a customer-facing company, LPL manages heterogenous pricing and sales structures,” explains Soperna. Therefore, LPL needed a solution that could manage different pricing structures to a variety of franchisees. Formulating a Solution LPL partnered with Ricoh India to come up with the quintessential solution. Called m-registration, the solution requires patients to call a central desk contact number to place requests for medical sample collection. A phlebotomist then visits the patient’s residence on the allotted day and collects the samples. The phlebotomist then cross-verifies all the details related to the patient, on the tablet he/she carries during the visit. She receives alerts while on the go and can upload test results for the patients to see them online. “The data entered is stored over the cloud and is automatically transferred to the ERP i.e. Microsoft Dynamics Axapta 2009 which is a Line of Business (LOB) of LPL,” explains Soperna.
Countering Implementation Blockages Soperna’s biggest challenge was to transition smoothly, considering the interest of LPL’s customers. M-registration is designed and tested to take a load of about 5,000 patients per day. Although m-registration expedited the process, LPL’s phlebotomists required considerable special training. The implementation also brought in a hybrid cloud scenario as the ERP was hosted on LPL’s inhouse datacenter. Rejuvenated Operations Ricoh’s m-registration has drastically improved LPL’s customer service. The system-generated receipts have given customers value for money along with worldclass service. The solution has also reduced pre-analytical errors in the process and given patients clear visibility of the data. “M-registration has reduced our TAT for sample testing by an average of 1.5 hours per patient,” says Soperna. “Moreover, the solution presents a strong check on revenue leakage.“ It has also provided better visibility to LPL’s management team as the business data is already captured on the cloud, thereby resulting in substantial cost savings. This feature is brought to you by IDG Services in association with Ricoh India
alert
ENTERPRISE RISK MANAGEMENT
Security Cover
Establish a Data Breach Response Team While technical remediation is usually handled by IT security staff, agencies should create a team to oversee responses to a suspected or confirmed data breach, including the program manager of the program experiencing the breach, CIO, chief privacy officer or senior agency official for privacy, 20
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
communications office, legislative affairs office, general counsel, and the management office which includes budget and procurement functions.
Train Employees Agencies should train employees on their data breach response plan and their roles and responsibilities should a breach occur. Specifically, the US Office of Management and Budget (OMB) requires agencies to initially train employees on their privacy and security responsibilities before permitting access to agency information and information systems and thereafter provide at least annual refresher training to ensure employees continue to understand their responsibilities.
5-year-old Hacks Xbox
D
ata breaches seem to be happening at an absurdly rapid rate these days with reported incidents involving the theft of personally identifiable information hitting 25,566 in 2013 up from 10,481 in 2009, according to US Government Accountability Office report. The GAO stated that data breaches involving personal information can occur under many circumstances and for many reasons. They can be inadvertent, such as from the loss of an electronic device, or deliberate, such as from the theft of a device or a cyber-based attack by a malicious individual or group, foreign nation, terrorist, or other adversary. Incidents have been reported at a wide range of public-and private-sector institutions, including federal, state, and local government agencies; educational institutions; hospitals and other medical facilities; financial institutions; information resellers; retailers; and other types of businesses. “The loss or unauthorized disclosure or alteration of the information residing on federal systems, which can include [personal information], can lead to serious consequences and substantial harm to individuals and the nation,” the GAO stated. In its testimony the watchdog agency presented an outline of how US government IT entities in particular should handle data breaches. The details of the suggested response is certainly applicable to other firms as well.
Prepare Reports On Suspected Data Breaches Agencies should establish procedures for promptly reporting a suspected or confirmed breach to the appropriate internal management entities and external oversight entities. For example, the breach response team should be notified about all suspected or confirmed breaches. Further, agencies must report all incidents involving personal information within 1 hour of discovering the suspected or confirmed incident. CIO
Michael Cooney is online news editor for Network
World. Send feedback on this feature to editor@cio.in
A 5-year-old San Diego boy has been commended by Microsoft for his security skills after finding a vulnerability in the company’s Xbox games console. Kristoffer Von Hasssel’s parents noticed earlier this year that he was logged into his father’s Xbox Live account and playing games he was not supposed to. He hadn’t stolen his father’s password. Instead, he stumbled upon a very basic vulnerability that Microsoft is said to have now fixed. After typing an incorrect password, Kristoffer was taken to a password verification screen. There, he simply tapped the space bar a few times, hit “enter” and was let into his father’s account. The password allowed him to access not only the games but everything else on the Xbox, including a non-age-restricted YouTube account, his father, Robert Davies, said. “I was like, ‘Wow, that’s so cool,’” Davies said. Despite some who insist that Kristoffer must have had help, Davies said his son indeed accessed the Xbox account on his own. Perhaps it was in his genes: Davies is a security engineer at the San Diego offices of ServiceNow, an enterprise IT cloud services company. Davies reported the bug to Microsoft, which fixed it right away. Kristoffer’s name is now listed among Microsoft’s March list of security researchers who have disclosed vulnerabilities in its products.
— Zach Miners
VOL/9 | ISSUE/07
Mike Elgan
TECHNOLOGY
Ready for Your Electronic Tattoo? The concept sounds simultaneously futuristic and bizarre. But let’s get this straight: You'll get one. And sooner than you think.
G
ILLUST RATION BY T HINKSTOCK
oogle is in the process of selling parts of Motorola to China's Lenovo, but not all of it. It's not selling Motorola's visionary research group, Advanced Technology and Projects (ATAP), for example. Reports that mention Google's ATAP group typically list a few of the better-known and more colorful projects they're working on. One of these is Project Ara, which is a modular phone concept that enables people to use 3D printers and other hacks to build just about any kind of phone they want. Google recently announced hardware-hacking conferences for the project that began in April. Some say the phone could go on sale as early as next year for as little as $50 (about Rs 3,150). Wow! Cool! Another is a pill called a "vitamin authentication pill" that generates a password when swallowed. Uh, OK. That sounds, er, interesting. The company is also working on electronic tattoos. Wait a minute—electronic tattoos? That makes no sense. How can a tattoo be electronic? Electronic tattoos sound ultra-futuristic—something in the realm of transport beams, Martian terraforming and cheap iPhones. Here's what everybody needs to know about electronic tattoos: They make perfect sense; they're inevitable; and they're going to be on the market very soon. In fact, it's almost certain that you'll at least try one within the next five years.
What is an Electronic Tattoo? First, let me tell you what they're not: They're not tattoos. There's no ink, needles or piercing of the skin. The reason they're called "tattoos" is that their application is similar to those in children's fake tattoos. It usually starts out on
VOL/9 | ISSUE/07
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
21
Mike Elgan
TECHNOLOGY
a sheet of plastic, is then applied to the skin and rubbed on from outside the plastic, then the plastic is peeled away, leaving only a very thin, rubber patch that has a layer of flexible silicon wires. The concept behind electronic tattoos is simple. The idea is to create an electronic device, usually involving sensors, that is thinner than a sheet of paper and as flexible as a Band-Aid that can stick to the skin. The secret sauce is flexible electronics. The core benefit is that they become part of the body in a non-invasive, painless and relatively inexpensive way. In addition to sensors, the electronics package can contain wireless networking capability, so they can not only convey sensor data easily, but also be controlled from a remote computer or smartphone.
Why are Electronic Tattoos Happening Now? Almost every big technology revolution is preceded by a materials revolution. For example, the computer revolution owes its trajectory to the development of semiconductor materials, including silicon, which replaced vacuum tubes and brought into existence Moore's Law, the law that states the number of transistors on integrated circuits doubles roughly every two years. The electronic tattoo revolution is coming about because of the development of miniature and flexible electronics. In fact, development of flexible electronics has been in the works for decades. Most consumer electronics, from phones to digital cameras, contain circuits that are flexible in order to bend circuit boards for the purpose of cramming everything into a tiny space. But in recent years, it's become increasingly possible to create flexible circuits that can roll, stretch and, most importantly, flex repeatedly without failing.
But there are other applications for this idea beyond the doctor's office. Google, for example, has specific patents for an electronic tattoo that functions as a lie detector. There's also a throat tattoo that conveys sounds from the throat to a smartphone or other connected device. The idea might be useful as a microphone for talking in a noisy environment. A company called Electrozyme makes electronic tattoos that appear to target athletic performance. They can measure lactate levels, which show how much muscle fatigue is happening. The patch can detect pH values on the skin, which shows hydration levels, and other metrics of clear value to athletes. Imagine an entire pro football team wearing such patches and the medical staff monitoring their vitals and making recommendations to the coach to prevent burnout and injury. Electronic tattoos are the ultimate wearable computer. There's no telling what a patch of electronics stuck to your body somewhere and connected wirelessly to a smartphone can do once app developers get involved. It will start out with primarily medical uses, then evolve into a cyborg-like capability of melding human flesh with electronic sensors and communication.
Almost every big technology revolution is preceded by a materials revolution. For example, the computer revolution owes its trajectory to the development of semiconductor materials, including silicon.
What are Electronic Tattoos For? Researchers envision all kinds of medical applications for electronic tattoos. For example, extremely precise thermometers that can track tiny fluctuations in body temperature and set off alarms when the level goes above or below a set threshold. Because they're so thin and flexible, a thermometer patch could be worn for months. In a few years, it's likely that a single, inexpensive rubber patch, attached to the chest of a patient or even a newborn baby will monitor a wide range of vital signs including heart rate, nutritional status, body temperature, hydration and breathing rate. This is where most of us will encounter electronic tattoos. Slapping an electronic tattoo on patients to monitor vital signs will probably become widespread in healthcare. 22
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
The Real Revolution is Flexible Electronics The astonishing fact about electronic tattoos is that they're only one byproduct of the flexible electronics revolution. It will enable other good things. One will be smart clothing. Electronics built into pants, shoes, shirts and jackets will bring wearable computing into our clothing. Google's Android chief, Sundar Pichai, recently used the example of a "smart jacket" when talking about the possibilities of the wearables software development kit he was announcing. Flexible electronics will enable flexible devices—the first major example of which is the LG Flex, a curved smartphone. But we can look forward to clamshell devices that, when opened out flat, form a continuous screen across both halves. There will be other uses for flexible electronics, but one of the biggest will be electronic tattoos. It's an idea that's coming soon. Once it arrives, it's really going to stick. CIO
Mike Elgan writes about technology and tech culture. Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/07
Gunjan Trivedi
LEADING EDGE
Lose Focus,Gain Creativity Losing the relentless focus and taking a team-wide break from punishing project schedules can make you more productive than ever.
Y
IMAGE BY T HIN KSTO CK PHOTO
ou understand a problem. You come up with an answer. You figure out ways to introduce the solution. You execute the project. You assess the results. You either celebrate success or analyze failure. You plan to improvise further. And then, you go about identifying another problem to solve. Sounds familiar? I am sure we all are aware of the loop that we have got ourselves and our teams into. And, I believe we know that this persistent, unending, multi-dimensional spiral can easily sap our creativity and throw us off track. Yet, most of us just continue down the path despite realizing that it’s detrimental to our productivity and effectiveness at large. It’s like you are so focused on pushing down hard on the accelerator that you may forget to change the gears. You get the drift, I am sure. Ironically, it’s not just about individuals burning out at work. It in fact impacts team personality and organizational behavior as well. I am no life coach and I am not even attempting to paraphrase Who Moved My Cheese. I am rather interested in drawing your attention to a tad simple approach in dealing with this dilemma. The CEO of a game developing company Double Fine Productions, Tim Schafer calls it ‘Amnesia Fortnight’. The idea is pretty straightforward. It seems an uncanny combination of stepping back to take breaks and shelf engineering. The entire 60-member studio takes a two-week break from big, multi-million dollar projects, and simply forgets what it is working on.
VOL/9 | ISSUE/07
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
23
Gunjan Trivedi
LEADING EDGE
Journalist and writer, Joshua Rivera reports in an article in Fast Company on this Amnesia Fortnight phenomena. He writes that the studio is divided into four teams, each focusing on creating a small game prototype, all unrelated to the organization’s main projects. Rivera writes that the first Amnesia Fortnights happened a few years ago during the development of Double Fine’s second production¬—a heavy metal-themed action game called Brütal Legend—as a way to keep the team from burning out. “I thought, I love being in this crazy heavy metal fantasy world for five years, but maybe not everybody does. Maybe they would like a break,” says Schafer in Fast Company’s article. Schafer credits this approach to award-winning Chinese filmmaker Wong Kar-wai. The director adopted this technique during the three-year production of his film: Ashes of Time. Kar-wai took actors and crew to Hong Kong out of the production schedule, without almost any script or plan, and made much acclaimed and incredible films like Chungking Express and Fallen Angels during the break. “Moreover, I think even the act of experimentation has to be experimented with,” Schafer further observes in the article. “So we change how we do the format of Amnesia Fortnight every year, and we come up with new twists to it all the time. Because even if you're doing this wild and crazy
experimental thing, if you just do the same thing every time people will start to repeat ideas.” Quite naturally, the teams return to their main task at hand much rejuvenated, with a profound sense to continually innovate. In fact, over the years the creative experiments that began as morale-boosting, innovation encouraging organization-wide breaks, kept the gaming studio alive as well. With their sequel to their mega game dead, the company had four small games developed during their Amnesia Fortnight experiments. All four—Costume Quest, Iron Brigade, Stacking, and Sesame Street: Once Upon a Monster-—were released in a span of two years. Nevertheless, an argument can be made that this approach lends itself more to an organization with creative pursuits. But, I strongly believe that there are good lessons to be learnt. We can definitely improvise on such techniques to suit our scope better. Ready to forget and experiment? CIO
Gunjan Trivedi is executive editor at IDG Media. He is an awardwinning writer with over a decade of experience in Indian IT. Before becoming a journalist, he had been a hands-on IT specialist, with expertise in setting up WANs. Reach him at gunjan_trivedi@idgindia.com
Where Presentations Come Alive!
WWW
IN ASK A QUESTION
WEBINARS
Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! www.cio.in/videos
NTT GLOBAL FORUM PAVES THE ROADMAP TO THE FUTURE Held for the first time in India, the international conference by Netmagic and NTT Communications garnered an overwhelming response with the participation of technology leaders from India and abroad. By Shweta Rao
N
etmagic, an NTT Communications Company and India’s only Datacenter Infrastructure Lifecycle Management (DILM) service provider, recently launched a new datacenter in Bangalore on 27th March. Located at Electronic City at Bangalore, the new 110,000 sq.ft. datacenter facility is the first ever collaboration of Netmagic and NTT Communications in building an entire facility from the ground up. As part of the launch, the company hosted a gala launch event at ITC Gardenia, where thought leaders and technology leaders shared information on advanced technologies
and business insights that influence the global market. The international conference garnered an overwhelming response with the participation of almost 300 senior level technology professionals from India and abroad. The global forum was inaugurated by Akira Arima, President and CEO, NTT Communications, who delivered a keynote on NTT Communications’ Nexcenter range of premier datacenter services, which has the capability of becoming the new benchmark for datacenters in India. Arima mentioned that the new facility was part of NTT Communications and Netmagic’s Global Cloud Vision to become
a genuine global ICT partner for enterprises, providing seamless ICT solutions such as networks, datacenters, and applications, thereby capitalizing on the trend of enterprises’ migrating their on-premise systems to the cloud. The organization has been successfully solving complex technology infrastructure problems for global businesses growing along with the awareness that business is not just about technology. Sharad Sanghi, MD & CEO, Netmagic, also elaborated on NTT Communications and Netmagic’s business strategy for India in the near future. “Bangalore offers a strong growth
potential and a supply-constrained market, making this the most opportune moment to launch our new datacenter. Given the large concentration of data-intensive activities in Bangalore, our objective is to fulfill enterprises’ demand to house their critical IT infrastructure closer to them, as well as ensure that our datacenters have the scalability to meet their growing needs, while offering highly efficient services at the same time,” he said. A key highlight of the day was the unveiling of the new Netmagic datacenter by Akira Arima and Sharad Sanghi along with top executives from NTT Communications and Netmagic. The new facility aims to enhance customers’ confidence and strengthen the company’s position as one of India’s leading IT infrastructure management players. This new datacenter offers co-location space with high power and cooling densities, and can offer not only individual racks, but also highly secure
cages and enclosed server rooms to meet the requirements of large global enterprises. Underlining the importance of security in the enterprise cloud storage domain, Sachin Saxena, VP-Cloud Business Operations at Bluecoat (a customer of Netmagic and NTT Communications) charted out global and Indian security market trends. “New technologies like cloud and social media have made business 68 percent more profitable and efficient. But about 25 percent of the cloud storage apps are accessed without IT’s consent and that is a major concern,” he said. “The Nexcenter range of services are designed to secure cloud and empower businesses at the same time.” Technology leaders and CIOs from leading Indian and global enterprises also participated in a panel discussion on creating a future-ready datacenter strategy for enterprises. Shashi Mohan Executive VP, CTO and CIO, Polaris; Sankarson Banerjee, MD-Technology, Products
and Cloud India Lead at Accenture; Anup Purohit, Head-IT at The Ratnakar Bank; Amod Malviya, SVP, Head of Engineering, Flipkart; Shamik Sharma, Chief Technology and Product Officer at Myntra; and Radhakrishna HS, AVP at Infosys; were part of the discussion which centered around building stronger infrastructure that can adapt to advanced business demands. “We need a more integrated, converged approach when combining service delivery models, IT assets, and facilities,” said Banerjee. Following this, B.V. Jagadeesh, Founder Exodus Communications, and Managing Partner KAAJ Ventures, presented his perspective on the future of IT infrastructure. “Datacenter infrastructure is changing like never before. The new enterprise IT has to adapt, evolve, and grow to face the new needs,” he said. The rousing finale to the event was provided by Terence Lewis Contemporary Dance Company, which had the entire audience on their feet.
Mujib Lodhi
CAREER
Who’s the Leader? The CIO at Washington Suburban Sanitary Commission talks about the difference between leaders and managers and suggests some ways to bridge the gap.
I
ILLUST RATION BY T HINKSTOCK
n general terms, a manager controls and manages processes, projects and budgets and has a well-defined role and assigned group of subordinates within the organization. There may be little or no need for vision in order for a manager to succeed. The approach of a leader is the opposite. A leader conveys a vision of the future or an end state, sets boundaries and targets, knows his team and their capabilities well, and empowers them to perform by providing guidance as needed along the way. For this to work, the leader must have a strong team with the right skills that he or she can trust to do the job on time and on budget, without the day-to-day oversight a manager might be compelled to provide. The key difference is that the team you have assembled must follow your lead rather than await your directives. They must not only be skilled but sufficiently impassioned and self-motivated to succeed on your behalf out of respect for you, rather than fear for maintaining their jobs. An exceptional leader will also gain followers beyond the boundaries of the organizational hierarchy to support your vision, as long as it is a vision they can believe in. To do that, always remember that a leader cannot ‘buy’ followers through incentive programs. Followers must be earned through a process of mutual respect. Additionally, a leader is not generally defined by a job description and doesn't need to be in a defined leadership position to succeed. In reality, such positions are pretty rare outside of the executive suite. For this reason, your performance reviews will not normally reflect the somewhat intangible traits of great leadership, as most organizations base performance measures on the more finite, quantifiable 28
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
Mujib Lodhi
CAREER
attributes of management. I bring this up to warn that your initial efforts in becoming a well-respected leader will not necessarily be recognized at the time of your next performance review. But be assured that the journey is well worth the extra effort. While some people take to a leadership role more naturally than others, leadership can be learned, if you open your mind to it. The first step is to recognize that there is a difference between being a manager and being a leader. By simply asking the question above, you show that you have already begun to focus your efforts in the right direction. Relative to IT business environments, the following steps can act as a guide to transforming yourself from good manager to great leader: Open up to business. Move your thought processes away from hard-core technology fundamentals to understanding the business. Take off your IT hat and begin to wear the business hat instead. Learn what makes the business tick. While other departments may only carry knowledge of their own departmental activities, understand that IT has a role to play across all departmental functions. This one simple shift of focus can alone add substantial value and respect from your fellow business counterparts. Change your gauge of success. Don't measure your success based on the success of IT systems and support functions, but by how you directly contribute to the success of the organization itself. Ask yourself: How is IT contributing to the success of the business? A good manager may excel at ensuring that all fundamental IT activities are performing above expectations but will nonetheless only be recognized by the organization as a cost center in a supporting role. To become an IT leader, you must break from traditional roles and transform yourself and your team to add or create new value to the business. Also, never assume that the business sees your success as a leader in the same way as you might be measuring it. Always look at it in terms of how the business really sees you. Pass on this same approach to your team. Empower them, but never let your performance at the fundamental levels slip. Encourage your team to interact with the business side and become experts in how the organization operates. Develop partnerships between IT and the various business functions. How can a fifty-something IT professional best compete with youngsters? I love my career and don't want to get shunted aside because I am perceived as having outdated skills. First and foremost, never allow yourself to become discouraged over the issue of age as a factor in how you are perceived, since real value simply cannot be measured
by age alone. We do, however, live in a very dynamic era, especially as it relates to the growing role of technology as a strategic condition of business success. Customers are changing, the business is changing and technology is changing at a rapid pace, and it is imperative that you keep your skills up to date to keep up with these increasing demands. In this way, we are all on a continuous learning curve; we will always be students. The day you stop learning is the day you will have trouble competing, and this has nothing to do with age. There are a couple of methods you might employ to kick-start your learning habit to make updating your skills an ongoing practice. Traditional training classes are an obvious choice for staying up to date, but given how technology is converging, you might consider training in subjects that have been traditionally separated from your area of expertise. Second, change your thinking and break out of your comfort zone by crossing the boundaries of traditional IT management to non-conventional IT management approaches. IT is rapidly evolving from a straightforward support and service delivery organization to a strategic component of the business. Embrace this reality by
Don't measure your success based on the success of IT systems and support functions, but by how you directly contribute to the success of the organization itself.
VOL/9 | ISSUE/07
examining challenges from a business perspective rather than with a technology focus. Understanding the problems of the business enables you to better seek out solutions that add or create real business value. Also, remember, working within the confines of your certifications will tend to set your organizational value as that of a specialist who works well in a traditional IT environment focused solely on support and service delivery. In today's dynamic IT environment, however, this may not be sufficient. IT is evolving from those support roles and transforming itself into a strategic partner to the business, where we must now add or create real business value to be considered a success. CIO
Mujib Lodhi is CIO at Washington Suburban Sanitary Commission. Send feedback on this column to editor@cio.in
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
29
SMART SYNC
THE PRACTITIONER’S GUIDE
Savvy CIOs are increasingly aligning with business to get the most out of analytics, cloud computing, mobility, and outsourcing. Here’s how you can too. B y Te a m C I O
32 | Sourcing
N
Outsourcing can go a long way in helping organizations deal with SMAC and find greater agility. Here’s how to do it well.
Never believe hearsay, especially when it’s about the fading role of the CIO. The truth 43 | Mobility is that the CIO role has never been more Mobile technologies have excited important. Why? Simple. IT and business leaders across As long as there are new and industries. Here’s how mobility disruptive technologies, the is changing the dynamics chief of IT will always be in demand. of business. And some of these disruptive technologies that’ll have the most profound effect on a CIO’s role this year, according to CIO research, are analytics, cloud, mobile, and sourcing. The investments around these four trends are soaring and pushing businesses to 55 | Analytics pay attention and take advantage of the changing technology landscape. CIOs have realized that if they Move over intuition. It’s have to gain competitive advantage and drive revenue information that business wants. growth for their businesses, they have to latch on to How to get anaytics right. these technologies quickly. Gone are the days when IT leaders used to spend most of their time keeping the lights on, in fact, CIOs today are collaborating with lines of business and contributing to business strategy, which involves making these four emerging trends a core part of their company’s long-term and short-term business goals. 69 | Cloud Smart CIOs have already started to do that. And to guide CIOs to find better ways to achieve Cloud computing is here to business goals with new technologies, CIO magazine stay. It’s time to build a robust launched a series of four events—dedicated to analytics, cloud strategy. cloud computing, mobility and sourcing--titled CIO Executive Boards. The main focus of this event was to help CIOs learn what their peers were doing to revolutionize business using analytics, cloud, mobility and sourcing. Leading CIOs shared their experiences of how they are leveraging these four technologies in their organizations. Whether it is deploying private and public clouds, exploiting big data using analytics, augmenting traditional outsourcing methods or exploring the wide Reader ROI: spectrum of mobile technologies into the organizational fabric, the entire journey has How to leverage technology to been extremely rewarding for these CIOs. grow business Their inputs, along with insights from CIOs around the world, form the theme of our The four new cover story. We bring to you tales of CIOs and business leaders who have successfully technology trends fostered a culture of innovation by embracing these four trends and how they are Why it’s important to collaborate with business contributing to business growth.
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
31
Sourcing 33 Outstanding Outsourcing As technology trends like SMAC and increasing business demands create more pressure on IT organizations, more CIOs see outsourcing as a way forward.
38 10 Steps to Outsourcing Failure Even though the state of IT outsourcing has matured, mistakes in flawed deals are often repeated, and the most disappointing deals share common characteristics. Here are 10 things you shoud avoid.
41 Dealing With Multiple Outsourcers Multi-sourcing arrangements are complicated—if things go wrong there’s no single provider to blame. Here are eight steps you can take to manage liability in a multi-sourced environment.
Cover Story
Sourcing
Outstanding Outsourcing By Shubhra Rishi
As technology and business trends create more pressure on IT organizations, more CIOs see outsourcing as a way forward.
T
To
outsource, or not to: That’s no longer the question. For a majority of CIOs, the decision to outsource has pretty much been made for them by a mix of factors. These include a technology environment that’s gotten increasingly complex, an increase in business demands, and a lack of internal skill sets. From a technology perspective analytics, cloud computing and mobility have introduced new levels of complexity to the technology landscape, demanding CIOs to look outside their IT teams for help. At the same time, not all IT teams have been equal to the job of keeping pace with swift technology changes. And finally, the number of business projects Indian IT teams have had to undertake a year has risen dramatically, even as the turnaround time for each project has shrunk. For many CIOs, it feels like the walls are closing in,. The move to outsource is an evident way out. Yet it isn’t easy. Many CIOs are wary of providers that want to stick to the letter of a contract and not its spirit. Stories abound of IT teams unable to
VOL/9 | ISSUE/07
get help from their providers over a weekend because it was not stipulated in a contract. Then there’s the thorny issue of attrition within the ranks of providers. A number of CIOs have taken to outsourcing because their own IT organizations can’t hold on to talent— only to be surprised to find out that their providers have the same problem. CIOs also believe that providers are not always transparent. “Vendors have a tendency of deploying less qualified or skilled resources, which leads to delays or unsatisfactory jobs. In software delivery, vendors have a tendency to increase costs. They deploy 10 people for a task that requires only a single person. Project management and monitoring should to be done in-house. This will
increasingly impossible for CIOs not to outsource. Here are three of the most important drivers for outsourcing—and one thing to watch out for.
Taking Business Foward In March of 2008, faced with plateauing sales, Hero MotoCorp decided to make it easier for its dealers, its primary customers, to work with the twowheeler manufacturer. “We wanted to ensure our ability to track customer information, sales and service trends, defect analysis, etcetera, to enhance customer experience. Also, our dealership network had grown into a complex mammoth and we wanted to standardize it because it was only going to get more complex,” said Vijay Sethi, vice president-IS and HR and CIO, Hero MotoCorp in a story CIO ran in 2012. All of that could be accomplished with a dealer management system. So, in 2008, Hero MotoCorp started the rollout of the largest dealer management system in its industry. Today, its dealer management system
“All the decisions, including the decision to outsource the DMS, were jointly undertaken.” —Anil Dua, SVP, Sales, Marketing and Customer Care, Hero MotoCorp
help in a changeover of vendor if the need arises,” says S.C. Mittal, senior executive director, MS and IT, and group CTO, IFFCO. For all these challenges, there’s no getting around the fact that in the last few years, new trends have made it
connects over 1,900 partners and stakeholders on to a single system. Key to the success of the dealer management system were two facts: One, that Hero MotoCorp outsourced it, and, second, that the business was heavily involved in the project. High REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
33
Cover Story
SDx
Sourcing
levels of business involvement is not as common as it should be. For the most part, IT departments and different lines of businesses tend to work in silos. And in instances when they do collaborate, it often creates friction. For
years, we’ve heard stories of CMO-CIO relationships that have soured. Almost unkindly, a CMO is often referred to as a CIO’s bête noire. But at Hero MotoCorp, this is unheard of. “IT and the business work
very, very closely,” says Sethi. “The demand for the dealer management system was a pure pull from business and our channel partners. The business teams—mainly sales, marketing, customer care, and over 600 dealers
Outsourcing Success: A Joint Venture If you think outsourcing is an IT project, you’re wrong. Here’s how the CIO and the VP of sales and marketing joined hands to create one of the best outsourcing strategies in the Indian auto industry. As businesses folded around him during the great depression of 2008, Vijay Sethi, VP-IS and HR and CIO of Hero MotoCorp, was toying with the idea of creating what was going to be one of India’s first— and largest—dealer management system (DMS) in the two-wheeler industry. Sitting in his Vasant Vihar office at the heart of South Delhi, Sethi realized that the only way to stay ahead of competition and grow business in a down economy was to keep dealers happy. If the company could fulfil dealers’ needs faster—and in a less cumbersome manner—it would help them service end customers better and grow Hero MotoCorp’s business. But Sethi knew that its current mode of working—manual inventories and siloed and labored interaction with dealers—would throw a spanner in the works, hindering growth. The solution? A single DMS platform that makes processes uniform across dealers, and introduce a direct, real-time, and predictable information channel between the company and its dealers. It was a goal that thrilled business. It found resonance with the company’s SVP of Sales, Marketing, and Customer Care, Anil Dua. “The customer today is becoming more and more IT savvy and the DMS is a key step toward enhancing customer service,” says Dua.
It was also a goal that wouldn’t come cheap. But because Sethi had business’ backing, cash wasn’t a problem, internal IT skills were. In what was going
Vijay Sethi, VP-IS and HR and CIO, Hero MotoCorp, collaborated with business and got backing for a massive outsourcing project during the downturn.
Cover Story
at that time—fully realized the benefits an integrated system could bring to their entire ecosystem and customers,” says Sethi. The business case for the project was led by the business team, which
calculated the benefits that a dealer management system could introduce. This included the potential of improving customer experience at Hero MotoCorp’s dealers, enhancing the efficiency of channel partners,
to be one of the best business-IT joint ventures, Sethi and Dua together decided to turn to outsourcing. “The core team, which comprised business and IT, was involved right from the day the company started gathering requirements and evaluating partners. All the decisions were jointly taken,” says Dua.
Anil Dua, SVP, Sales, Marketing and Customer Care, Hero MotoCorp, joined hands with the IT team and created a smart insourcing strategy that reduced attrition.
improving the internal effectiveness of the organization, and sales. Anil Dua, SVP, sales, marketing and customer care at Hero MotoCorp, who was instrumental in key decisionmaking during the roll-out of the
The project helped Hero MotoCorp achieve competitive edge by standardizing the customer experience across dealerships. But three years into the partnership, the company realized that there were huge gaps between request for enhancements from its dealers and the response time of the vendor. That was partly because the outsourcer wasn’t able to understand the business process of Hero MotoCorp. A representative from Hero MotoCorp would then train outsourced IT personnel. But there was another stumbling block at the outsourcer’s end: Attrition. To fix that, Sethi and Dua decided to revisit the terms of the contract. They insourced project management which was being managed by the vendor. The duo moved the 60-strong support and development teams to its premises to improve the response time and resolution of the dealer requests. This, in turn, reduced attrition significantly. Sethi and Dua’s collaborative outsourcing strategy has worked like a charm. The business is so involved in the project that Dua personally discusses requirements with the insourced IT team. “The teams work closely with each other and with the core business team. This has helped us create an ecosystem with a much better understanding and response,” says Dua.
—By Shubhra
Sourcing
Cover Story
Sourcing
project, says, “The business was fully involved. Our core team comprised business and IT personnel and was involved right from the day we started gathering requirements and the evaluation of consultants and partners. All the decisions, including the decision to outsource the DMS, were jointly undertaken,” he says.
Vinit Thakur, CIO, Dalmia Bharat Group, says the speed at which an organization is growing can dictate the decision to outsource.
Enabling Scale, Speed and Access to Technology “For us, business agility was the single biggest factor in the in-house versus outsource decision. We realized that the time-to-market for a solution does impact the relevance of the solution and the corresponding business benefits,” says Dua.
Sethi agrees. “An organization can’t reap the benefits of the project if some of your users are getting to use the first version of the system—when the system is ready to go to next version with a new set of benefits,” he says. Speed is among the reasons that one of India’s most prominent conglomerates, Dalmia Bharat Group, is turning to the cloud for sourcing solutions. The Dalmia Bharat Group is expanding at a rapid pace. With business interests in cement, sugar, refractory, and power, the company is growing through a series of M&As with big names such as Kohlberg Kravis & Roberts, and Orissa Cement. The company has doubled its customer base in the last year. The group, led by CIO Vinit Thakur embarked on a hybrid cloud solution to achieve a massive consolidation plan of all its companies. “If an organization is in a rapid growth mode, it’s almost impossible to build IT capabilities at a rate proportional to the speed at which it’s expanding. It’s also difficult to make the infrastructure available for different projects quickly, and this can influence your decision to outsource,” he says. Another important driver for outsourcing is that it allows enterprises to get their hands on new technology and services. According to the State of the CIO (CIO magazine’s annual benchmark survey) 64 percent of Indian CIOs say that access to new technologies or services is what drives their organizations to open their doors to outsourcing. Another 46 percent of CIOs say they outsource because it gives their businesses access to world-class capabilities. Surprisingly, lowering IT costs is the second most important driver of outsourcing (55 percent of CIOs).
Bridging Skill Gaps A full 41 percent of Indian CIOs outsource because they say they have inadequate internal skill sets. This isn’t surprising given the pace of technology change, and of business demands. 36
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
Cover Story
“In the process of expansion, if CIOs were to create IT capabilities within their organizations (by hiring more talent), it would become a challenge to provide these professionals with a career plan (once expansion is over),” says Thakur. Dalmia Bharat leveraged a pool of highly-skilled IT talent by engaging with some of the best outsourcing partners in the industry to consolidate its business systems, says Thakur. “Had we chosen to build these capabilities in house, this would have been a very time-consuming, difficult, and high-risk journey,” he says. To gain competitive advantage, businesses are always on the lookout for new trends and technologies to create new tools and applications for their customers. The truth is that IT may not have skills at their disposal, and thus, suffer from severe skillset gap within IT departments. In the case of Hero MotoCorp’s dealer management system, Sethi knew that the scale and the speed at which the project had to be implemented would require a huge influx of manpower. Sethi knew that the company could not offer career paths to support engineers, rollout engineers, training and technical consultants, once the dealer management system was complete. “It wasn’t pragmatic for us to build those skills internally,” says Sethi. “We were looking for skilled people who possessed domain knowledge, experience, and knew the business processes required to manage, support and run the project successfully.” When deciding who to partner with, R.D. Malav, VP-IT at Jindal Poly Films, feels that the most important criteria is looking for vendors with proven track records in a given industry is important.
Revisit Contracts Atul Govil, head SAP and IT, Corporate, India Glycols, says CIOs must be extremely clear of the deliverables specified in a contract, otherwise the
VOL/9 | ISSUE/07
Sourcing
Analytics, cloud computing and mobility have introduced new levels of complexity. And then the number of business projects IT teams undertake a year has risen dramatically. For many CIOs, it feels like the walls are closing in.
whole partnership suffers. “Whether it’s a fresh contract or one up for renewal, it’s important for CIOs to delineate clear roles and responsibilities of both the service provider and their own organization. This must be documented in detail with exclusions, if any. In addition, outcome-based metrics to evaluate delivery performance should be firmed up with mutual agreement. Specify confidentiality measures, desired work quality thresholds, change request management, an escalation matrix and recourses in case expectations are not met. Ensure the partner has skin in the game, and have provisions and penalties for over and underperformance,” he says. At Hero MotoCorp, Sethi revisited the company’s contract with the implementation and support partner and decided to modify the terms and conditions of the contract a few years later in 2011. “As the dealer management system was still moving up the lifecycle curve and was still maturing, we started getting a lot of requests for enhancements and improvements from our dealers,” says Sethi. The company realized that the response time for making these changes was not very aggressive—owing to the geographical spread of the outsourced team. That’s when Sethi decided to shift the location of his external support team to Hero MotoCorp’s Gurgaon facility and ensure faster response and
resolution. “As we moved forward, support processes became more crucial to the business rather than agility in rollouts,” he says. It was a bold and unusual move. But it worked. By having the outsourced team sit alongside, Hero MotoCorp’s internal IT team, Dua and Sethi achieved multiple objectives. First, by sheer osmosis, the outsourced team picked up a deeper understanding of business processes. In addition, the move also motivated the outsourced team more, resulting in far lower attrition. Sethi made another change to the contract. He decided to insource project management so that timelines and resources could be managed more efficiently. These changes have done wonders for the organization and have also received a good response from the business as the benefits are clearly visible and attributable. “I must also appreciate that the partner also brought in lot of valueadded inputs to change the contract to make the overall project much more efficient and effective,” says Sethi. As more Indian organizations see the value in outsourcing, Sethi’s experiences will come in handy. CIO
Shubhra Rishi is principal correspondent. Send feedback on this feature to shubhra_rishi@ idgindia.com
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
37
Cover Story
SDx
Sourcing
10 Steps to Outsourcing Failure By Stephanie Overby
Even though the state of IT outsourcing has matured, mistakes in flawed deals are often repeated, and the most disappointing deals share common characteristics. Here are 10 things you shoud avoid.
H
“Happy families are all alike;” Leo Tolstoy wrote in Anna Karenina, “every unhappy family is unhappy in its own way.” One might be inclined to think the same is true for outsourcing—the successful relationships share the same best practices while the failed arrangements are uniquely flawed. But, in fact, the most disappointing deals do share common characteristics. Diane Carco, president of IT consultancy Swingtide, has been studying the facets of flawed deals for nearly two decades. Even as the state of IT outsourcing has matured, the same issues come up again and again in failing IT services relationships. “Mistakes are often repeated,” says Carco, who had to terminate a $2 billion (about Rs 12,000 crore) outsourcing deal when she was CIO of CNA Insurance in 1999. “Awareness of why things failed is not necessarily propagated into the next generation of management and the next deal.”
38
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
Carco, who now specializes in troubled deals and serves as an expert witness in outsourcing disputes, has identified the 10 sources of problems she sees repeatedly. These 10 steps to avoid also serve as guideposts in how to avert outsourcing catastrophe. “A forensics review of deals gone bad helps you figure out how to do better in the future,” she says. Don’t define transformation. The majority of companies enter into outsourcing arrangement to get better IT service at a lower cost. Of course they know that will require change, but they usually haven’t figured out how that change is going to happen. “It’s the cornerstone of most problems,” says Carco. The typical outsourcing contract contains a paragraph committing the parties to develop a plan for transformation— and that’s it. Better than a promise to make a plan is an actual plan developed pre-contract. “It extends the time of contracting but it gets you to the end state faster,” says Carco. Assume billing and SLAs begin on day one. Unsatisfied outsourcing
customers mistakenly assume that prices and SLAs written for the end state are effective in the first month, says Carco. “They don’t have transition service levels or billing. The relationship starts in a very big hole.” Ignore retained costs in the business case. Cost savings are a big outsourcing driver. But many customers fail to conduct a fully loaded economic analysis when making their business case—and end up disappointed when the deal fails to deliver financially. “People forget the cost of the retained organization—or they forget to have a retained organization,” Carco says. “There’s also a lot of confusion about who pays for things like connectivity or the cost of disposing certain assets.” Start governance two months after the deal is signed. Most outsourcing contracts have robust governance amendments today. But when it comes time for transition, there’s no one to fill the governance roles and executives required to participate don’t have the time. “There’s a lot of excitement and coffee cups and balloons. And they’re focused on moving people over,” says Carco. Setting up the governance process takes a few months and by then a deal can be in real trouble. “Those first few months are most fragile,” says Carco, who advises clients start governance meetings in the months before signing the contract. “Then you have an operational group of people who have gotten over those awkward first meetings and have some practice solving issues.” Sign a change order for an existing contract commitment. When a really unhappy outsourcing customer walks in the door chances are Carco will find thousands—or tens of thousands—of change orders have been signed. A customer should only sign a change
VOL/9 | ISSUE/07
Cover Story
order when adding a new service or making a material change. “What happens is a provider may be asked to do something that may not be explicit in the service commitment or that they may not be prepared to do yet. So they start writing change orders that say if you want us to do this we’ll charge you x,” says Carco. “And the client, who wants to get the work done, signs it.” Thus begins the “death by change order” process common in troubled deals. Don’t fund testing and change functions. In infrastructure deals, where the focus is on standardization and consolidation, the changes made by an outsourcing provider will require testing by applications folks and end users. There may be remediation done to applications. The service provider is prepared to make the changes in the environment, says Carco, but the client will suddenly put on the brakes because they don’t have the resources to handle the transformation or they don’t want to put projects on hold. That leads to delays and frustration for both parties. Rely solely on termination rights should things go wrong. Most outsourcing contracts adequately address small problems (customer gets a servicelevel credit) and huge problems (the customer can end the deal for cause). But there’s no middle ground. “Particularly nowadays when deals are smaller and shorter, there’s a huge cost to get out of them, and the service provider knows that,” says Carco. “It’s not the appropriate incentive to get the service provider to deliver.” There’s no best practice for figuring out those midrange solutions to growing conflict. But Carco encourages clients to map out their options during negotiations, like partial terminations by tower or additional mediation provisions. Confuse people transfer with knowledge transfer. When outsourcing customers are transferring staff to the provider, they assume that knowledge transfer is taken care of. But the
VOL/9 | ISSUE/07
Sourcing
5 Ways to Evaluate Your IT Outsourcing Maturity Wolfgang Benkel, principal analyst in Forrester’s IT sourcing and vendor management practice offers five levels of possible IT outsourcing maturity from one—the level at which a customer has a handle on the basics of outsourcing—to five—the level at which outsourcing can provide sustained value to the enterprise. Most IT services buyers are at level 2, says Benkel; they have defined the important elements of outsourcing and they measure the most of the key relationship, contract, service and process elements. Those companies that have been outsourcing for the longest time tend to be at level three and on their way to level 4. So how mature is your IT organization when it comes to outsourcing? We asked Benkel for some key questions to help determine your outsourcing maturity. Level 1: Fundamentals Are your services clearly described, in terms of both scope and service levels? Are terms and conditions and pricing clearly defined? Do you have formal processes for change management, incident management, configuration and problem management in place? Do you recognize the need for service credits and continuous improvement within outsourcing but have not addressed them in the contract? Level 2: Definitions Is your provider governance model defined (e.g. meeting structure, communication at different levels, escalation processes for issues like service level violations and so on.)? Are process and service responsibilities between client and provider clearly separated and defined? Are service levels defined and reported per service (e.g. traffic light report)? Is the outsourcing contract based on your contract framework (rather than the providers) including innovation and continuous improvement? Level 3: Measurements Do you measure and report the relationship and service management processes? Do your service levels cover provider performance? Does your service level management show the level of service level fulfilment? Do you measure and report continuous improvement, innovation initiatives and customer satisfaction? Level 4: Trust Are providers’ responsibilities sufficiently defined so that providers can determine improvements and optimization of in-scope service delivery without client interaction? Do your service levels cover your business needs? Do you employ alternative pricing models such as outcome-based pricing or gainsharing models in your outsourcing relationships? Level 5: Sustained Value Are your service levels defined in business terms? Do you discuss new ideas, innovative initiatives and opportunities with your vendors on a regular basis? Does your outsourcing relationships increase efficiency, quality, and time-to-market? —Stephanie Overby REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
39
Cover Story
Sourcing
SDx
provider has the right to move those employees to any client they choose. Instead, Carco says, outsourcing customers should approach knowledge transfer the way they do when there is no transfer of staff (as in offshoring), going through detailed questions and answers and documentation. Trust the vendor’s SLA reports. Around 80 percent of outsourcing bills are inaccurate, according to Carco. SLA reporting, while not quite as bad, is more likely to be wrong than right. That stems from some of the previous issues mentioned like delays in transformation or understanding of the agreement, says Carco. Early on in deals, an SLA may apply only to certain production servers or some types of trouble tickets. But provider data may not be that granular. “I did a renegotiation recently where, four years into the deal, the provider had no way to capture the information needed to report the SLAs, so they reported as close as they
Around 80 percent of outsourcing bills are inaccurate. SLA reporting, while not quite as bad, is more likely to be wrong than right. That stems from delays in transformation or understanding of an agreement. It’s important to watch out for this.
could get,” Carco says. “But that’s not what the client was paying for.” Assume technical managers will become vendor management professionals overnight. “IT values the hero—the guy that knows all the details that aren’t documented, works all night and can fix any problem,” says Carco. So when it comes time to outsource, the client wants to keeps those folks internal. But they’re not hardwired to take on the vendor management
role required. “These are not people that want to sit down and read a 300page contract,” says Carco. “What you need is someone who has a sourcing background in order to understand the contract, a financial background to figure out the details economics, and a technical understanding of the services levels to direct the work.” CIO
Send feedback on this feature to editor@cio.in
Where Opinions Come Alive!
WWW
V I D E O S
IN
Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! www.cio.in/videos
Cover Story
Sourcing
Dealing With Multiple Outsourcers By Stephanie Overby
Multi-sourcing arrangements are complicated—if things go wrong there’s no single provider to blame. Here are eight steps you can take to manage liability in a multisourced environment. There’s little question that multi-sourcing— parceling out the IT services portfolio among a number of vendors—is the new normal for IT outsourcing. But what happens when things go wrong and there’s no proverbial single throat to choke? “Multi-vendor outsourcing arrangements are more complicated because services can very rarely be performed in isolation from other services,” says Lois Coatney, partner with outsourcing consultancy Information Services Group (ISG). “Because of this risk, providers will use commercial language to ‘carve out’ where they will not be held accountable.” “There are no market norms for these liability issues,” says Shawn Helms, partner in the outsourcing and technology transactions practice of K&L Gates. “These are service providers that are fierce competitors and getting everyone to agree to the same exact terms is a herculean task that takes significant time and effort.” Even in the best circumstances, it can be a challenge to get companies
T
VOL/9 | ISSUE/07
who battle for business outside your four walls to work together within them. When there’s a service delivery problem, things can get even trickier. You’ve got one vendor running network operations, another maintaining servers and mid-range equipment, and a third maintaining applications. When your business users can’t access the tools they need to do their jobs, who’s to blame? “In theory, a multi-provider service delivery environment should not create additional complexities in terms of liability. The contracts— entered into separately between the customer and each supplier— should, if well constructed, clearly delineate the liabilities between the parties,” says Mario Dottori, leader of the global sourcing practice in Pillsbury’s Washington, D.C. office. “In practice, however—from an operational perspective—the lines of responsibility and, hence, liability are often blurred.” In addition, “investing in a more nuanced allocation of liabilities helps to align incentives and avoid conflict,” says Brad Peterson, partner with Mayer Brown. However, customers should take care not to nail their team of providers to the wall with onerous liability requirements. “If the customer insists on unreasonable
liability terms, there is a strong likelihood that nothing ever gets done,” Helms warns. It’s important that outsourcing customers think through the myriad multi-vendor issues that could arise— from legal actions between contractors to service integration issues to limits of liability—long before they happen. Following are steps clients can take to manage liability in multi-sourced environments.
Clearly Define Roles and Responsibilities “Liability arises from lack of clear lines of responsibility and accountability, particularly when one vendor’s performance is dependent on another’s,” says Paul Roy, partner in the business and technology sourcing practice at Mayer Brown. “The most important risk is non-performance— or cost or damage to the customer— without clear lines of responsibility.” Define the lines of demarcation between vendors and make those lines “clean and bright,” says Pillsbury’s Dottori. Some ambiguity is unavoidable, Roy adds, so require vendor coordination in root cause analysis and problem resolution, ideally with some shared risk.
Create Operating Level Agreements (OLAs)
70% Of Indian CIOs outsource to gain access to new technologies or services. Source: CIO Reseach
OLAs state how particular parties involved in the process of delivering IT services will interact with each other in order to maintain performance, and can help all parties “see the forest for the trees,” says Dottori. “These arrangements offer the opportunity for enhanced visibility of the service regime as a whole and REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
41
Cover Story
SDx
Sourcing
helps to reduce—or better arm the parties with solutions for—missed hand-offs and finger pointing.” One caveat: Most providers will not agree to take on additional liability in OLAs. But such an agreement can be an effective preventative measure.
Consider an Outsourcing Cooperation Agreement Outsourcing cooperation agreements contractually obligate service providers to work together at an operational level. They’re new, and there are no market standards for them. “We structure these agreements to place liability for service failures on the outsourcing providers as a group,” says Helms of K&L Gates. Such an agreement should address end-to-end service levels, credits provided by the entire group of providers based on default, governance mechanisms that allow
control, says Roy. Investing in service integration and management tools, including contract mechanisms and governance processes, is critical. “Carefully define the role of service integrator, and particularly who bears the risk of a managed third-party failing,” says Peterson. “This is not a traditional legal role, like subcontractor, and so you need to write your own law into the contract.” If you’re taking service integrator responsibility in-house, take care. “Multi-vendor sourced deals have the potential for reducing risk of failure by any individual vendor, but they increase the risk of integration failures,” says Roy. “The customer assumes a lot more responsibility for managing risk in multi-vendor deals which means the customer has to more carefully plan the coordination of its individual vendor deals and invest more in
Decide if you want to play mediator. There are pros and cons to being in the middle during conflict negotiations. Determine in advance what your role will be.
service providers to meet and allocate financial responsibility for credits, and limits of liability. “The most important aspect of these multiprovider cooperation agreements is to get a single, consistent contractual framework to govern the ecosystem,” Helms says.
Invest in Service Integration and Management The real risk for customers in multivendor arrangements is loss of 42
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
the integration and management of those deals.”
Make Sure Vendors Speak the Same Language When the CFO can’t close the books, she doesn’t care if it was because the network was unavailable, a server crashed, or the application wasn’t maintained properly. Reduce the likelihood of finger-pointing by creating a common framework for measuring performance. In addition to shared software tools that monitor
infrastructure components, require each provider prepare a root cause analysis for each issue, incident, or problem, Dottori advises.
Decide if You Want to Play Mediator There are pros and cons to being in the middle during conflict negotiations. Determine in advance what your role will be. “Being in an inter-vendor discussion can help to get the right operational result and avoid having the vendors decide that you’re the problem,” says Peterson of Mayer Brown. “However, requiring the vendors will work out liabilities among themselves without involving you saves you time and keeps you out of contentious discussions that might not involve you.”
Give Providers Seats at Your Table “In the case of multi-provider environments, customers are well served by integrating their governance regimes into an enterprise program management organization,” says Dottori. Give key providers seats at the table and enable them to participate in the overall service governance deliberations that may impact their responsibilities.
Create a Culture of Cooperation Multi-sourced environments are the norm. Service providers will accept new obligations, like end-to-end service levels that require interaction. But the onus is on the customer to make them work. “Clients must be prepared to establish an environment that enables and nurtures collaboration so that service providers can indeed interact effectively so that there is less risk of not meeting their obligations,” says ISG’s Coatney. “Otherwise, the walls between service providers will go up, and services will suffer.” CIO Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/07
Mobility 44 Mobility Matters When it comes to enterprise mobility there are opportunities galore, but cost, integration and security challenges must be surmounted.
48 Mobile Masters Mobility has the power to provide organizations with competitive edge, among other things. Four companies share how they made mobile enablement work wonders for their businesses.
52 Dose-tinted Lenses Emergency room doctors at Beth Israel hospital use Google Glass to connect with information and patients, enabling timely diagnosis and saving lives faster.
Cover Story
SDx
Mobility
Mobility Matters By Sneha Jha
When it comes to enterprise mobility there are opportunities galore, but cost, integration and security challenges must be surmounted. The term ‘enterprise mobility’ has leapt off the slides of CIO presentations into the everyday enterprise environment. And, in years to come, mobile applications will continue their relentless march towards the enterprises. Overlooking this trend is neither practical nor desirable— the benefits that come from untethering the enterprise with mobility solutions are too great to disregard. Research agency IDC says that the enterprise mobility market is expected to touch $1.8 billion by 2017 as an increasing number of companies turn towards mobility applications to enhance productivity at the workplace, and strengthen business processes. The enterprise mobility market in India is forecast to grow at 63 percent CAGR—from $394.3 million in 2012 to $ 1.8 billion by 2017. Not surprising then that enterprises are incorporating mobile technologies into their processes and workflows to make the most of their information infrastructure. And the transformative impact of mobility on different business functions has been pervasive. Enterprise mobility expands office functionality beyond the
T 44
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
brick-and-mortar boundaries of organizations by providing an increasingly mobile workforce with access to a company’s actionable information anytime, and from anywhere. Cementing enterprise engagement, enhancing customer satisfaction, compressing business processes, bolstering retention, and augmenting transparency are some of the goals of mobility.
App-solutely! Enterprise mobility is the new competitive imperative. It is changing the way in which customers want to connect with businesses. But the customers form only half of the value equation—employees are also driving mobility deployments to gain greater flexibility in the workplace. The three drivers accelerating mobility deployments are a demand to access a company’s information assets by on-the-move executives, an increasingly mobile millennial workforce, and customers’ demand for real-time actionable information. According to the State of the CIO 2014 survey 2014 (CIO magazine’s annual benchmark survey) mobility is perched on top of the IT agenda of CIOs this year. Mobility is on a roll. And it’s moving beyond rudimentary applications.
The mobility landscape is driven by consumer adoption and continuous innovation. The millennial generation is the cheerleader of the mobility revolution. They use mobility extensively in their personal lives and are demanding it in their professional lives as well. Their tech-savviness and propensity to collaborate are changing workplace dynamics as they become the vanguards of this disruptive technology.
Customer Delight CIOs from different industry verticals are putting their faith in enterprise mobility platforms. Take for example, Rajendra Deshpande, CIO, Serco Global Services, a business process outsourcing provider with over 60,000 employees in 100 delivery centers around the world. Traditionally, software services haven’t been on the bleeding-edge when it comes to mobility. But that established perception didn’t stop Deshpande from plunging deep into a client-facing mobility initiative. Undaunted, he approached mobility with a comprehensive strategy. With a meticulously planned mobile strategy, Deshpande proved that the advantages of providing mobile access to enterprise apps extend beyond employees to customers. When he started working with the customers based out of US and UK he realised that they wanted to see how they were performing. Traditionally, the performance was displayed on wall boards moved to operations PC. The information Serco shared with its customers was shared at an hourly, daily or weekly basis. There was still element
VOL/9 | ISSUE/07
Cover Story
Mobility
of staticness in the information provided to customers. The clients wanted to transcend the geographical boundaries by gaining real time reports on their business processes. “We have multi-location delivery centers and the client wanted to see how different parts of the world delivered their business processes. That motivated us to create a mobility solution. We built an app and allowed the clients a peek into the core processes that run and support their activities,” says Deshpande. Serco’s clients were enthused to gain real time insights into their core business processes. They are now kept apprised of the significant issues relating to their business processes in real time. The deployment has infused an air of transparency and accountability. Deshpande adopted a product approach rather than a tool approach. That did the trick for Serco.
Managing Mobility Mobility is changing at a whirlwind pace. Managing this complex beast is quite a daunting task. Integration issues with legacy systems are plentiful. But some CIOs see legacy as a great foundation to build on, not something to work around of. “Legacy can present some challenges initially, but a strong legacy is a good backbone to deploy mobility initiatives. Unless an organization has a backbone in place, and its backend system are well integrated, you cannot do anything with mobility. We are talking of real-time processing, giving information to customers or employees. Whether it’s B2E, B2C, B2S these cannot be sustained unless you have a robust backend in place,”
VOL/9 | ISSUE/07
Rajendra Deshpande, CIO, Serco Global Services, created plenty of client satisfaction by developing a mobile application that allowed the client to monitor the services they were getting in real time.
says Kalpana Maniar, President and CIO, Edelweiss Financial Services. Despite all the interest in mobility, for the most part, it’s still being used to fulfill fairly routine
business processes. So what’s impeding the wider enterprise deployment of mobility? The cost of deployment, security concerns, a lack of skills, and integration issues REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
45
Cover Story
SDx
Mobility
are constraints inherent to mobility. If an organization has to wring the benefits out of this technology it should adopt a tiered approach that focuses application investment on use cases that create the most value, say CIOs Maniar felt an increasing need to implement a collaboration suite. However, what came forth was
that a host of peripheral security solutions are required for secure enterprise usage. “It does not make economic sense because if the cost of collaboration suite is X, the cost of security around it is 2X. However, we thought that there are value-adds in collaboration and that’s the way to go. Enterprise collaboration and mobility is not evolved enough. You
Kalpana Maniar, President and CIO, Edelweiss Financial Services, says legacy IT infrastructure can present some challenges initially, but without it “you cannot do anything with mobility.”
should have a clear idea on how you secure your data,” she says. “Not many MDM solutions can boast of complete security across OSes and compatibility with collaboration suites. “We did many POCs with 8-10 products. It needs a lot of time, effort and research. There are no ready answers,” she says. While starting off enabling their application portfolio for mobility, CIOs should focus on areas that have the biggest bang. Edelweiss realized that low hanging fruit could be found in transactions. “We went about implementing mobility around transactions for our retail capital markets. The customer response has been good. We think this is where we want to invest in the near future,” she says. Pratap Gharge, EVP and CIO, Bajaj Electrical, echoes Maniar’s sentiments about mobile security and governance. “Though there are software available for MDM and MAM (mobile application management), investments in such software is an additional cost. Managing security over wide platforms for these mobile devices as per IT security policies is another major challenge,” he says. Manageability and cost are deterrents. The proliferation of lowcost smartphones with different OSes increases the complexity of managing and supporting corporate applications on those mobiles. “Entire business operations cannot be done on mobile devices, hence companies will anyway be required to provide laptop or desktops. Unless there is business case justification it becomes difficult for additional investment just to support all applications on mobile devices also,” he says.
Skill Drought Another speed bump that organizations hit while deploying mobility is the lack of skills to 46
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
Cover Story
develop mobile applications. At Serco Global Services, Deshpande chose not to create the client application in-house. “There are a lot of small supplier communities which are creating an ecosystem to supply such applications. They have skills. We decided to go with suppliers and gave them the framework. We built the strategy and the blueprint. But coding and development was done externally,” says Deshpande. Maniar says that partners can help enterprises by adopting a ‘solutions approach’ rather than a ‘product approach’. “The mobility enablers and service providers come to us to talk about their product and offerings. They should look at the landscape around their offerings and have collaborations that are ready. They should suggest an ecosystem and the partners that they have worked with. Such a consulting approach is better than a product
Mobility
“Entire business operations cannot be done on mobile devices, hence companies will anyway be required to provide laptop or desktops. Without a business case, it becomes difficult to justify the additional investment to support all applications on mobile devices also.” —Pratap Gharge, EVP and CIO, Bajaj Electrical
approach because it reduces the learning curve that each one of us has for such implementations. Otherwise you are reinventing the wheel every time,” she says. The game is on to fully reap the potential benefits of enterprise mobility. Vendor partners and CIOs need to address challenges and concerns that crop up in the road to deployment of a mobility strategy.
A well thought-through approach to implementing mobility as an enterprise-wide strategy will produce applications that users and customers like and want to use. By doing so mobility can directly translate into ROI for the business. CIO
Sneha Jha is special correspondent. Send feedback on this feature to sneha_jha@idgindia.com
Where Trends Come Alive!
WWW
V I D E O S
IN
Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
VOL/9 | ISSUE/07
www.cio.in/videos
35
Cover Story
SDx
Mobility
Mobile Masters By Bob Violino
Four companies share how they made mobile enablement work wonders for their businesses.
B
Building a successful mobile strategy includes making sure users are getting business applications that can help them do their jobs— whether it’s extensions of existing apps or newly developed ones for the mobile environment. Although many enterprises are just getting started using mobile technology for business gain, others are well on their way. The following organizations are devoting the time and resources needed to create an effective mobile app strategy.
Wells Fargo At banking and financial services company Wells Fargo, one out of every five employees uses a mobile device on the job. Many of the devices in use are company-issued, but Wells Fargo also has about 6,000 employees participating in a BYOD program. “As mobility has become more pervasive, our businesses are striving to enable our team members through the use of mobile devices,” says George Lovett, senior vice president for corporate technology and data. “There is a growing expectation that mobile devices should do everything we can do on our desktop or our laptop. Because of employees’ use of mobile devices in their personal lives, 48
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
they have insight into what they can do for them.” Employees who travel between locations, serve customers in dynamic settings, or need to stay connected during off hours are among those most benefiting from mobile technology. By delivering apps and information at the point of need, jobs can get done faster with fewer delays. Another plus is that a strong mobile strategy helps attract and retain talented workers, Lovett says. Wells Fargo is exploring a variety of approaches to mobile app development and distribution. The company has proof-of-concept and pilot programs underway to assess the effectiveness of HTML5 and native and hybrid approaches, Lovett says. “We recognize that in a company as big as ours there will be different situations that indicate different approaches to development,” Lovett says. “There will not be a narrow solution that fits Wells Fargo because we have diverse and dynamic needs across our businesses.” The company is working to establish a set of development approaches that satisfies its core needs around consistency, security, cost, performance, and user experience. “For us, security is always a top consideration, so this will remain
a critical factor in how we develop applications,” Lovett notes. Multiple business lines and functions are involved in the mobile app str ategy, to ensure cohesiveness. One example of mobile app development at the company is the People Search app that ties into its corporate systems to provide mobile users with information about other members of their teams: Phone numbers, locations, assistants, managers, and so on. “It sounds simple, but it is one of those things that delivers simple value to every team member using mobile,” Lovett says. Although Wells Fargo is not centralizing the development of mobile apps, it is centralizing the creation of standards, processes, and infrastructure to support that development. “App development will happen in each of the technology groups that are aligned with our businesses,” Lovett says. “These groups have the deep domain expertise and connection to ensure they are delivering relevant capabilities around the right priorities.” The company is selectively taking Web and PC apps and optimizing them for mobile. “At the highest level, we are taking a deeper look at how many of these Web-based apps support, or should support, browsers beyond Internet Explorer,” Lovett says. “For example, if a Web-based app is fully functional with Safari or the browser in our container solution, it may be perfectly usable without additional investment.” That doesn’t optimize the experience or take full advantage of the various mobile devices that employees use, so in some cases Wells Fargo is looking to deploy specific functions that are
VOL/9 | ISSUE/07
Cover Story
Mobility
optimized for the mobile device. To do that, it has to determine what specific features it wants on a mobile app and what that should look like. “We’re being selective here because we want to make sure our team members get the highest value,” Lovett says. “We’re trying to balance the additional investment in a mobile-optimized solution with the benefits delivered.” Among the main challenges of building of a mobile app strategy is ensuring that the IT infrastructure supports front-end apps, Lovett says. “There can be a perception that building a mobile app is just building out the mobile client, but the key is the integration to back-end services that enable you to have the right data and connectivity,” he says. “Establishing the necessary policies, standards, processes and management tools around mobile app development also requires effort and investment.”
Coca-Cola Enterprises Coca-Cola Enterprises (CCE), one of the world’s largest Coca-Cola bottlers, is making mobility a huge part of its IT strategy. The company uses a combination of laptops, smartphones, and tablets to mobilize its workforce, and it is considering replacing laptops with tablets. “By leveraging smartphones and tablets, we have had great success with our field sales, equipment service teams, and knowledge workers,” says CIO Esat Sezer. A majority of the mobile apps the company is using have been developed in-house, “but we are starting to see our software partners making mobile a must-have,” Sezer says. “A mature integration architecture and robust APIs have enabled us to apply our ‘any data, anywhere’ strategy.”
VOL/9 | ISSUE/07
“Our continued move to mobile has created a sense of excitement and increased productivity for everyone.” —Esat Sezer, CIO, Coca Cola Enterprises
CCE is not so much delivering existing business applications to the mobile environment as it is extending business processes to mobile
devices. “We are accomplishing this by building applications that are focused on the UI/UX functionality as much as business functionality.” REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
49
Cover Story
SDx
Mobility
The company’s ability to extend these processes is due to its efforts to build services and expose them to developers, Sezer says. The company’s main efforts have been focused on internal human resources processes, equipment service, and field sales execution and efficiency. As market conditions change and customers come to expect faster response from reps, CCE understands it needs to enable its workers to be as effective as possible, Sezer says, and mobility is key. The company has developed mobile apps across multiple business processes at the company.
distribution operations, which fulfilled all orders in a paperless process in the Olympic Park. The mobile app let CCE leverage its ERP platform without making significant changes to back-end systems, Sezer says. “Throughout the Coca-Cola Enterprises workforce, our continued move to mobile has created a sense of excitement and increased productivity for everyone,” Sezer says. “As our employees adopt our mobile strategy, they demand IT to provide more and more solutions.” The company has increased employee engagement in mobile
“There is a growing expectation that mobile devices should do everything we can do on our desktops or our laptops. Because of employees’ use of mobile devices in their personal lives, they have insight into what they can do for them.” —George Lovett, SVP, Corporate Technology & Data, Wells Fargo
One is e-commerce, with a tabletbased paperless ordering program that streamlines order capture and provides real-time customer and production information. Another is CRM, with a smartphone-based app that combines multiple account execution processes into a single application. The CRM app has stream- lined account execution processes and significantly reduced administrative time, Sezer says. The company took advantage of a golden opportunity to showcase its mobile capabilities at the 2012 London Olympics. It developed a mobile application for its 50
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
technology by moving many HR applications to a mobile platform. Employees have access to global and local company news as well as HR news and transactions. Managers can approve requests and employees can view important HR information.
Marist College Colleges and universities have been among the most aggressive organizations in supporting mobile environments and applications, in large part because students are big users of the latest mobile devices. Marist College is a good example. Its mobile strategy includes a custom-developed iOS app called
MaristMobile, which provides a suite of apps including a campus news feed, social media links, direct access to Marist’s YouTube channel, campus map and directory, and alerts about course cancellations. Marist operates a mobile website for the college and organizations for which it hosts apps. “The latest version of our portal is also using a responsive template to automatically adjust the site according to screen size,” says CIO Bill Thirsk. “Our external site is in the process of updating its template to also be responsive” to screen sizes, he says. Marist’s mobile strategy is based on best practices such as making the most out of its front- and back-end resources to provide an informationrich experience for users, Thirsk says. The college holds regular focus groups with students to determine what they want on their mobile devices. “We don’t believe our mobile framework will initially attract new customers [students]. But we do believe it will retain existing customers,” Thirsk says. “As an educational institution, we have severe regulatory accessibility requirements, so all our electronic promotional materials are responsive” to mobile users. The college’s IT department prefers to develop its information architecture once and then allow digital conversion tools and algorithms to interpret and publish data according to the specification of the device requesting the information, Thirsk says. “Some existing Web apps were extended onto the iOS app and mobile website,” he says. “This was done by enabling a feed from each Web app, whether it be in JSON or XML format, and requiring authentication as needed.” Among the key business drivers for Marist in developing its mobile
VOL/9 | ISSUE/07
Cover Story
strategy were improvements in student learning outcomes by providing richer or more direct information and in increased campus safety. The newest iOS app is the fire extinguishers app that the Office of Safety and Security uses to manage the inventory and inspection of fire extinguishers on campus. Overall, deployment of mobile apps makes information more broadly available to all campus users. “Faculty, staff, alumni, prospective students, campus visitors, and current students are able to conveniently access different information and functionality on the go,” Thirsk says. The biggest challenges of mobility are providing access to data securely and getting it into the appropriate format to be consumed by the mobile app or site, Thirsk says. “Our strategy for the multiple platform issue is to only have one native app (iOS) and to use an HTML5 mobile site for all other mobile devices,” he says. Although IT and the Admissions Department are the main participants in developing the mobile strategy, Thirsk says, “we like to include people with different viewpoints because a successful mobile project requires both a technical and a market-based approach.”
Careflite Careflite, a non-profit corporation that provides helicopter and fixedwing air medical transportation, 911 EMS (emergency medical services), ground ambulance transportation, and medical service bicycle teams and mounted equestrian teams for community events, is a natural fit for mobile technology. The company responds to requests from hospitals, fire departments, EMS agencies, and lawenforcement agencies in a service area of more than 100 counties in a 150-mile radius of the Dallas/Fort
VOL/9 | ISSUE/07
Mobility
“A successful mobile project requires both a technical and a market-based approach.” —Bill Thirsk, CIO, Marist College
Worth metroplex. “The nature of our business requires that our medical crew members are always on the go,” says CIO Mark Davis. “Our challenge is to find ways to keep them connected with our communications center and to enable the flow of patient data, dispatch information, location data, and other general business information in a safe, efficient, and secure manner”—and in compliance with HIPAA regulations. The company’s pilots use iPhones and iPads for their operations. They use iPads to file flight plans and access manuals, as well as for messaging, flight-record recording, and other operations. “These devices can only be used while the vehicle is on the ground, but it gives the pilot an enhanced ability for situational awareness while on a mission,” Davis says. The medical crews use iPads for documenting patient care and for medical protocol references. The tablets allow for encrypted communication to CareFlite Web services and allow for exchange of patient information with operations teams and other health care providers as needed. Management uses a choice of Android or iOS devices for communications and to monitor the location, mission data, and status of each of the company’s vehicles. CareFlite uses a mobile device management product to deliver apps to devices. “We can create profiles and profile groups that allow us to shotgun apps and documents to
devices and also to tailor individual devices based on the user’s role,” Davis says. “Our profiles allow us to use homogenous devices for heterogeneous user groups and still easily manage the required apps and services for each of the users.” The most important benefit of CareFlite’s move to mobile apps is that it enables crew members to see more precisely the details of their missions, Davis says. “They get better map data, more timely and detailed patient information, and more accurate location data—all of which are essential to minimizing the response times and care of our patients,” he says. The mobile app use also enhances the safety and efficiency of ambulance operations. “Our dispatchers can see where our vehicles are at any point in time,” Davis says. “If an event were to occur that prevents our crew members from communicating with our dispatchers, we can see where the vehicle is and send help.” Ultimately, major decisions for mobile technology are approved by CareFlite’s executive team. “The ideas, however, come from the ground up,” Davis says. “We really rely on our user departments to determine which apps can best solve their business challenges. IT provides guidance, infrastructure support, and security operations, but our experience is that user adoption works best when driven from the users.” CIO
51% Of Indian IT leaders say the biggest driver for investing in mobility is the demand from employees and customers for real-time information. Source: CIO Reseach
Send feedback on this feature to editor@cio.in
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
51
Cover Story
SDx
Mobility
Dose-tinted Lenses By Sharon Gaudin
Emergency room doctors at Beth Israel hospital use Google Glass to connect with information and patients, enabling timely diagnosis and saving lives faster.
A
As an emergency room physician rushes to a patient, he glances at a QR code by the door to the patient’s room and immediately can see the man’s medical history and the nurse’s notes. The information, which the doctor can see without ever looking away from the patient, may help save the patient’s life, and was accessed on Google Glass. This isn’t a dream scenario for doctors at Beth Israel Deaconess Medical Center in Boston. ER doctors there are four months into a pilot program where they are using Google’s computerized eyeglasses to help treat patients. Google’s wearable computer, which is still in beta testing, is helping these doctors connect with their patients while accessing the information they need to treat them quickly. “The grand challenge of health IT has always been about delivering the right information to the right person at the right time,” said Dr. Steven Horng, an emergency physician and assistant director of emergency informatics at Beth Israel. “A lot of our interaction is that connection and making patients
52
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
feel comfortable. The more we can maintain that eye contact and that conversation, the better the patient feels. Google Glass helps us do that.” Google Glass brings the data to the doctors, instead of the doctors going to the data. Patrick Moorhead, an analyst with Moor Insights & Strategy, said he sees a big future for wearable computers in the healthcare field. “Wearables, like Glass, in the ER, if done correctly, could be a breakthrough for patients and hospital staff,” Moorhead said. “It saves time and makes the attending doctor more focused on the patient than the computer.” Beth Israel, a teaching hospital that handles three quarters of a million patient visits every year, has been running a pilot program with Google Glass since December. The program started with two emergency room doctors sharing four pairs of the computerized eyeglasses. The hospital expanded the program to include 10 doctors. The program next will likely expand to cardiology and surgical groups. For the first six months or so, however, the focus is solely on the ER, said John Halamka, a physician and the CIO at Beth Israel.
Glassy Effect Halamka said 10 years ago he imagined a device that doctors could use to give them critical patient information— medical history, x-rays, medication lists, nurses’ notes, lab reports—while they’re interacting with the patient. Before they got Google Glass, which has a small screen that sits above the user’s right eye, doctors at the hospital were using iPads. The tablets have their own issues, though. Doctors would periodically forget them and since the devices were handhelds, the iPads had to be continually sanitized. To look at an iPad, doctors have to look down to get the medical information they need, breaking eye contact with the patient. “On a day-to-day basis, it’s not unusual for a patient to say they don’t remember the dosage of a medication or they can’t remember when they had a tetanus shot,” says Horng. “For us, it means we have to leave the room and look up the information when we’d really rather just keep talking to the patient and keep that conversation going. Even if there’s a computer in the room, you have to turn on the computer and log in. It takes time and you often have to turn away from the patient.” For Beth Israel, Google Glass is a way to better patient care, and physicians at other hospitals are interested in trying the digitized eyewear. Halamka said he receives about 20 requests a day from other healthcare organizations looking for information about his Google Glass program. Surgical teams at the UC Irvine Medical Center in Orange, California, for example, are using Google Glass and customized apps for live streaming audio and video that help doctors supervise surgical residents. Doctors there also are considering a program
VOL/9 | ISSUE/07
Cover Story
where visiting nurses could use Glass to enable doctors in the hospital to see patients and get the nurse’s real-time observations, according to a report in the Orange County Register. Ryan Junee, co-founder of San Francisco-based Wearable Intelligence, the company that built the Android apps for Beth Israel’s Glass program, said they are in talks with “many of the top hospitals in the US” about integrating their software for wearables. Junee wouldn’t specify how many hospitals or which ones have reached out to them. Wearable Intelligence was a key player in making Glass not only usable for the emergency room doctors at Beth Israel but also in making the device compliant with hospital and federal privacy and security rules, such as HIPAA.
For Your Eyes Only Halamka said most of the apps that come with Google Glass were removed from the device. For example, doctors are unable to use Glass to take photos or video because of concerns that the images would be shared in a way that violated the patient’s privacy. Physicians also can’t use Glass to tweet or read e-mail. Doctors primarily operate the device by voice command but retain the touch capability as a backup. Beth Israel also made sure that patient information, such as medical records or medication lists, aren’t stored locally on Glass. The doctors can access the information but it’s stored on the hospital’s secured servers. For tighter security, Halamka and his team set up Glass so only specific doctors can use the device, and they can only use it inside the emergency room. “I walk into the emergency room and put on my Glass and push the on button,” Halamka said. “It’s immediately context aware that it’s in the Beth Israel secure location because it has only one function—show
VOL/9 | ISSUE/07
Mobility
Virgin Atlantic Eyes Google Glass Apart from Beth Israel Hospital, Richard Branson’s Virgin Atlantic is also trialling Google Glass devices among its staff to see how the technology could be used to improve the experience of the airline’s highest-paying passengers. The Google Glass spectacles include a small screen that can be used to deliver apps, directions, social media streams and Web pages just above the right eye. The wearable computer also allows wearers to take a picture, record a video and read messages. Concierge staff working in Virgin Atlantic’s Upper Class Wing at London Heathrow’s Terminal 3 will aim to use Google Glass to check-in customers and provide them with flight information, weather and local events at their destination and translate any foreign language information. In order to make this possible, Virgin Atlantic has integrated Google Glass with a purpose-built dispatch app built by SITA and the Virgin Atlantic passenger service system. The dispatch app manages all task allocation and concierge availability. It also pushes individual passenger information directly to the assigned concierge’s smart glasses just as the passenger arrives at the Upper Class Wing. Virgin Atlantic said Google Glass also has the potential to tell staff their passengers’ dietary and refreshment preferences. “The fact that air travel has become so accessible has led to some of the sheen being lost for many passengers. By being the first in the industry to test how Google Glass and other wearable technology can improve customer experience we are...putting innovation at the heart of the flying experience,” said Dave Bulmad, Virgin Atlantic’s IT director. Google Glass and other wearables are being trialled by an increasing number of businesses, including the New York Police Department. —Sam Shead
emergency department information. If you take it outside Beth Israel, it won’t function. It has to bond with our enterprise network as a secure accepted device. Outside the doors, it won’t work.” He added that each doctor in the program has a specific user code. The doctor puts on Glass and looks at his own ID badge so the device recognizes that he’s an accepted user. Horng said there were some technical challenges adapting Glass for hospital use. The biggest problem was the battery limitations for a device that needs to have its screen on all the time. To solve this problem, an external battery pack was added that lasts more than 14 hours, which gets the doctors through a normal
ER shift. The battery pack connects with Glass via a micro USB cable. The pack is carried in the doctor’s pocket. When a patient is admitted to the emergency room, he is assigned to a specific room. Each room has a QR code near the door, so when the doctor approaches the room with a new patient, the doctor simply looks at the QR code and Glass will recognize that patient and retrieve his medical information. With the room codes, Glass also knows where the doctor is. “If you lose Google Glass, there’s no data on them,” Halamka noted. “Without being in the emergency department with a badge and in a room, you could not use the device to retrieve information.” REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
53
Cover Story
Mobility
SDx
Playing Doctor Both Halamka and Horng noted that not one patient has asked the doctors not to use Glass with them. “We thought some patients might [be adverse to it], so we wanted to give them an opportunity to not have the device used with them. But they’re curious about it and grateful that we have better access to their medical information,” Horng said. “Once we had a conversation about disabling the camera and other features, people were very receptive to it.” Horng also credits Glass with helping him save at least one patient’s life. In January—a month into the Glass pilot program—a patient arrived at the Beth Israel emergency room with a massive brain bleed. “That’s very critical and requires immediate treatment,” says Horng. “The patient’s blood pressure was sky high and I needed to lower it to slow the bleed,
Google Glass brings the data to the doctors, instead of the doctors going to the data. That’s why Google Glass is a way to better patient care.
but the patient said he was allergic to some blood pressure medicines. To access that information would normally mean leaving the room, but without stopping, I was able to access that information [on Glass] and start him on the appropriate medicine.” Checking the patient’s list of medications on Glass also showed Horng that the patient was taking a blood thinner, which was making the brain bleed even worse. “Administering an antidote to blood thinners is something you have seconds to do,” says Horng. “And it
could mean the difference between [the patient] walking out of the hospital and not walking out of the hospital or being able to talk or being completely non-verbal.” Because the doctor could quickly access the records without pausing from working with the patient, he says the patient not only survived but “did remarkably well.” CIO
Send feedback on this feature to editor@cio.in
Where Insights Come Alive!
WWW
V I D E O S 38
IN
Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now!
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
www.cio.in/videos
Analytics 56 The Right Stuff Word from CIOs with real experience in business intelligence is that delivering analytics projects takes more than perfecting the technology. It requires creating ownership rules, bridging skill gaps, and ensuring user buy in.
60 Employable Insights McKee Foods, an old family-run business, turned to a cloud-based HR management and payroll software. The switch helped it analyze data, save money and better survive a snack industry shakeup.
62 Ahead with Analytics Western Union has survived dramatic business upheavals before. Today, it’s CIO is helping this venerable company survive using analytics with a mix of mobile and social technologies.
Cover Story
SDx
Analytics
The Right Stuff By Shubhra Rishi
Word from CIOs with real experience in business intelligence is that delivering analytics projects takes more than perfecting the technology. It requires creating ownership rules, bridging skill gaps, and ensuring user buy in. Data matters. It always has. Take if from Sir Conan Doyle’s famous fictional detective, Sherlock Holmes, who once said, “Data! Data! Data! I can’t make bricks without clay.” Today, CIOs are partnering with their businesses, just like Holmes and Watson, they try to solve the mysteries of data—using analytics—and achieve better business outcomes. They are using analytics to change the way their organizations build brands, manufacture products, and interact and manage their relationships with customers. They are using analytics to enhance innovation, achieve higher productivity, lower the cost of operations and ensure faster growth. For technology providers that means big business. According to Gartner, in 2013, the worldwide business intelligence and business analytics market closed out at $14.4 billion, an 8 percent increase from 2012. Gartner predicts that business intelligence and analytics will remain top focus for CIOs until 2017. In India,
D 56
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
the stakes are high when it comes to analytics. Indian CIOs say analytics is one of the top three most important technology trends—along with cloud computing and mobility—and will have a profound effect on their roles in the near future. Going by the numbers from the State of the CIO 2014 (CIO magazine’s annual benchmark survey), a full 41 percent of Indian IT leaders have made significant investments in business intelligence and analytics, a clear 15 percent increase from 2013. There are a number of leading-edge business intelligence technologies such as predictive and in-memory analytics, as well as data visualization, available in the market to help CIOs and their businesses make sense of the large volumes of data within their organizations. But technology is only part of the challenge. Here are the three things CIOs have to nail down if they want to help their organizations find success deploying analytics.
The Ownership Clause In the past, business intelligence initiatives were led by IT and were really little more than MIS reports. That’s likely to change. Gartner predicts that going forward,
companies will shift their investments away from IT-developed reporting solutions toward business-user-led analysis solutions. That’s going to mean more business involvement, which, according to CIOs, is a good thing. “For any IT project to be successful, ownership has to be with the business sponsor and in case of business analytics, marketing is a key user and sponsor, and hence the rightful owner,” says Rajeev Batra, CIO, MTS. Batra should know. Two years ago, MTS India, the mobile telecom service brand of SSTL, launched a platform called MBonus, which is driven heavily by analytics. MBonus is the framework for marketing campaigns. It’s what allows MTS to micro-target its customers with offers (like free talk time) based on a mix of data, some of which is real-time. MTS India’s IT team created a multi-dimensional customer grid based on multiple factors including a customer’s profile, their location, and usage patterns. MBonus helps create targeted marketing campaigns that offer MTS customers additional benefits such as free talk-time, discounted calls, and SMS schemes, based on their usage, location, and other parameters. The efficiency and success ratio of these marketing campaigns were closely monitored by the business. “The analytics platform has empowered business teams to create campaigns with minimal or no IT intervention, ensuring significantly lower turnaround time and market differentiation,” says Batra. Today, the MBonus platform renders approximately 600 voice and data marketing campaigns a day. MBonus utilizes strands of analytics
VOL/9 | ISSUE/07
Cover Story
from a massively parallel columnar analytical database so that MTS could target promotions to customers in near real-time—while they were conversing on phone or performing data transactions. The parallel processing of 200GB of online data, in few minutes, gave meaningful output and suggested targeted campaigns for marketing teams. “Analytics has helped us increase our customer conversion rate from the industry standard of 3 percent to approximately 6.5 percent, while enabling opex savings of about 20 percent,” says Batra. Batra isn’t the only CIO who believes that analytics projects shouldn’t be owned by IT. “Technology should be the custodian of an analytics project, and not the owner,” says Hitesh Arora, CIO, Yum! Brands, which owns brands such as Taco Bell, Pizza Hut, and KFC. Business complexity, Arora believes, plays an important role in deciding who owns a project. He feels that business should define key parameters of an analytics platform and IT can ease complexity by choosing the best possible way to deliver it. In the past, Arora created a team constituting business and IT teams to deploy a BI project which was sponsored by the CEO of the organization and owned by the business.
Analytics
“For any IT project to be successful, ownership has to be with the business sponsor,” says Rajeev Batra, CIO, MTS.
Overcoming the Skill Crunch Once it’s clear whether IT or the business owns an analytics project, the next step is to select the right mix of people to drive such an initiative. Today, one of the largest skill gaps that exist within organizations is the shortage of people who possess the ability to combine analytical skills with business knowledge. Batra feels that this skill shortage is
VOL/9 | ISSUE/07
prevalent in both IT and business teams. “Skills around business analytics are scarce and much sought after and hence, at MTS, we have employed several long-term incentive plans
to retain analytical talent,” he says. Although it still remains a challenge, it’s an important issue to address since the value of personnel grows multi-fold as they gain key analytics skills through REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
57
Cover Story
SDx
Analytics
hands-on experience or organizationalimparted training. Ramandeep Singh Virdi, VP Group IT at InterGlobe Enterprises, feels that organizations must create very clear strategies to hire skilled people who possess the perfect blend of business acumen and analytics skills. “This team must understand that the ultimate goal is to build an analytics
tool for the business so that they can make quick decisions in real-time, and they must deliver on that,” he says. It’s tough to hire data scientists directly from the market or train IT in analytics. Veer found a middle path to overcome this dilemma. The company identified a few business leaders from finance and sales who were IT-savvy, and were also comfortable with key Deepak Solanki, VP-IS, South East Asia, Reckitt Benckiser, says organizations should set up their own competency centers that will churn out analytical insights.
business processes. “We got a huge advantage by putting these businessfunction executives in analytics and they were able to bring in the financial expertise that we needed,” he says. According to CIO India research, 34 percent Indian organizations believe that analytical skills are too expensive to hire. Deepak Solanki, VP-information systems, South East Asia, Reckitt Benckiser, feels that instead of hiring people from outside, a long-term goal of organizations must be to set up their own competency centers that will churn out analytical insights. “It’s not the technical skills required to build an analytics platform that’s needed, but it’s the people who can make sense out of data and use it to make good decisions. It’s that competency that’s missing,” says Solanki.
Ease of Use The success of an analytics project depends largely on user acceptance. You might find the perfect technology, and the right skill sets, but it all comes to naught if end users refuse to adopt a tool you create. Data from CIO India research illustrates this point. According to our data, 74 percent of organizations in India still share insights using spreadsheets-based reports. Part of the reason that’s true is because staffers are fairly comfortable with Excel. This is something CIOs on the path to creating business intelligence and analytics tools need to watch out for. Staffers steeped in their ways, and who have used Excel for years, are unlikely to take kindly to new tools. “The transition from spreadsheet style reporting to using dashboards is a huge change management process. Hence, it’s important for CIOs to get support from CEOs or CFOs to influence the business users,” says Anil Veer, VP-IT, Aricent Group. 58
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
Cover Story
Analytics
CIO India research indicates that 36 percent of Indian organizations have started using dashboards to represent data in real-time. The BYOD trend has also influenced business intelligence reporting and about 9 percent of organizations are experimenting with leveraging BI dashboards for mobile users in their organizations. “The success of an analytics project depends largely on the ease with which real-time data can be represented in the simplest possible way so that end users can make quick business decisions and maximize operational efficiency,” says Virdi who delivered 300 operating dashboards for different departments at Indigo— in a span of just nine months.
The Future is Now Analytics has come a long way. From the time when terms such as big data were largely unknown to IT or the business, to a place where organizations and their CIOs have been able to hit a level of maturity. According to CIO India research, about 43 percent of Indian CIOs are interested in tackling big data in the course of 2014—compared to 5 percent in 2013. This is a colossal shift and clearly indicates that the uncertainty around big data is slowly diminishing. As big data matures in the coming years, analytics will become more and more mainstream and will help businesses make more real-time, data-driven decisions. Virdi feels that the time is right for organizations to use analytics-based outcomes to deliver ROI for business. “The use of business intelligence and analytics to improve operational efficiency and productivity in an organization will ultimately help deliver customer satisfaction,” says Virdi. In other cases, analytical projects will also help businesses reach out to the right customers and forecast
VOL/9 | ISSUE/07
“The transition from spreadsheet style reporting to using dashboards is a huge change management process,” says Anil Veer, VP-IT, Aricent Group.
business gains more accurately. “Analytics can be used to build the right products for customers, predict and collect their responses, and anticipate realistic business outcomes,” says Yum! Brands’ Arora. Organizations must keep in mind that it’s easy to get caught up collecting and storing new data, integrating different
data sets or building new reports and dashboards for end-users. But, in the end, analytics must be a means to an end. Companies must be able to derive actionable insights for business and act upon them to deliver ROI. CIO Send feedback on this feature to shubhra_rishi@ idgindia.com
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
59
Cover Story
SDx
Analytics
Employable Insights By Stephanie Overby
McKee Foods, an old family-run business, turned to a cloud-based HR management and payroll software. The switch helped it analyze data for decision-making, save money and better survive a snack industry shakeup. McKee Foods, best-known for its Little Debbie snacks, might not be the picture of a technology early adopter. The company, which traces its beginnings back 80 years to founder O.D. McKee selling snack cakes out of the back of his car, is on its third generation of family leadership. But don’t let its longevity fool you. The Tennessee company was one of the first customers of cloud-based human capital management and payroll software, making the decision to move from its onpremises system more than seven years ago. The company was on the verge of yet another expensive upgrade to its 14-year old system—a process that was going to cost it two-and-a-half times its most recent upgrade costs and take a year to rollout—when the McKee family said enough was enough. “Everyone was worn out,” says Mark Newsome, McKee’s senior corporate HR manager.
M
From Back-Office HR to Workforce Self-Service The legacy system was not only 60
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
costly but cumbersome. No one outside of HR wanted to touch the system, creating paper-based workarounds for everything from W2s changes to job applications to performance reviews. Managers submitted that paperwork to the folks in HR, who then had to key the information into the system. “People only touched it when they had to,” explains Newsome. “It stayed—very heavily—a back-office product.” Newsome was eager to implement more employee and manager selfservice and free up his team to focus on more strategic work than data entry, and the cloud solution seemed the only to fit the bill. Newsome’s team, working with IT, spent 10 weeks reviewing the product, the majority of which was devoted to exploring the data security issues. Once McKee’s vice president of IT was convinced that the vendor provided better protection for McKee’s data at its facilities than the company could provide behind its own firewall, Newsome was sold on release one and the product roadmap. The biggest risk beyond security was lack of functionality. The cloud solution had no recruiting or payroll
capabilities at the time. Newsome found another provider of recruiting support in the meantime, but payroll was a must-have. “In the middle of reaching our agreement, they asked us if we’d be willing to be design partners on US payroll,” said Newsome. “So we’d not only get to participate in a designing a product that would be useful for other companies, we could make sure we’d get all the pieces we would need.” Still, leaving a stable payroll product for something brand new could put employee’s paychecks in danger. That wasn’t a risk Newsome was willing to take. McKee Foods has 100 percent of its employees on direct deposit, distributing more than 350,000 paychecks per year through weekly payroll cycles. So Newsome delayed the rollout a total of two years until he could ensure the payroll functionality was sufficiently robust. The delay, however, proved beneficial. It gave McKee’s 800 pilot users time to “play in the sandbox” developing new business processes, said Newsome. “By the time we went to implementation, it was already second nature.” Ultimately the new system saved McKee $1.5 million in costs and reduced HR headcount by two-and-a-half full-time employees.
HR Analytics Guide Tough Decisions The timing of the cloud solution rollout proved especially advantageous as McKee Foods faced hard times. “We’re a very mature company that’s been around for many decades, and it was easy for us for a long time,” says Newsome. “But as the marketplace tightened up, things got tough. And
VOL/9 | ISSUE/07
Cover Story
we recognized that to stay ahead of our competitors, we’d have to tighten up in a lot of places.” Like others in the snack industry, the company was getting squeezed by the push toward healthier eating combined with a weak economy. Company leaders knew that layoffs would be necessary but wanted to be smart about the staffing cuts. They “asked us to help them identify, based on the reduction that needed to take place, where we could make those cuts without impacting the output of the organization,” Newsome says. “As they were dealing with a reduction in force, our managers had that real-time data at their fingertips to help them figure out what they needed to do and where they were in meeting their goals,” Newsome says. With the old HR system, the company had made what Newsome calls a “strategic error” by allowing multiple users to build their own reports, which lead to various versions of HR truths. Not so with the cloud system. Now company leaders and managers have full confidence in the accuracy of HR data and reports. When Hostess (a rival in the same space) went out of business, the new system enabled McKee Foods to ramp up hiring to meet the increased demand resulting from a key competitor exiting the market. Hiring times have decreased from 90 to 45 days, depending on the level of the position.
Predicting Future Workforce Needs Newsome and his team are now in the early stages of evaluating predictive HR analytics capabilities. They spent a year surveying company leaders about what would be most useful in their day-to-day decision-making and created a workforce analytics team. It’s the real fun part, says Newsome, because it will have a
VOL/9 | ISSUE/07
Analytics
Been There, Done That If you want to learn how to succeed with predictive analytics at your business, take a page out of this CIO’s playbook. Takeaway: Expect Culture Shock Who: Chris Coye, SVP and CIO, Disney ABC Television Group What: We’ve implemented three predictive analytics tools last year: One analyzes what-if ad sales scenarios, another is a promotional media-optimization tool, and a third will help our executives decide which pilots to pick up. We created a small data analytics team in IT, but the models are built by Disney’s revenue sciences group. The biggest technical challenge was getting the right source data. We have multiple divisions, and that data had to be standardized. We built our own extract, transform and load tool, but we’re migrating to a commercial tool to speed the process. Culturally, these tools have caused a lot of angst. Research doesn’t want sales to see its data too early; sales doesn’t want finance to see its data too early. Information is now available earlier than people are comfortable with; everyone wants to maintain control over the narrative describing their results. It’s a big change driven by our CFO and CTO, with the expectation that these tools will enable better decisions. Determining whether to sell an ad or use that time slot for a show promo used to be based on gut feel; now the tool predicts what will drive more revenue— selling that ad or getting more viewers to watch tomorrow night’s episode of Revenge. —Stephanie Overby
much more strategic impact on the organization that backward-looking reporting. The only difficult part is figuring out where to start. “It’s the same struggle I ’ve had for the past 30 years in HR,” Newsome says. “There’s so much stuff out there, but you want to focus on the things that managers will embrace,” Newsome says. The team is currently building predictive analytics and dashboards in the areas of performance reviews, goals management and succession planning. Then managers will get early access to the tools to provide feedback for further development. “We have a lot of baby boomers who are now five to 10 years away from retirement, and we have to be prepared for that,” Newsome says. “They will give us a real picture into what we need to do.”
Analyzing data for strategic decision-making has always been a goal for HR, says Newsome. They just didn’t know where to start. The efficiencies gained from automating several business processes has allowed McKee to invest in strategic human capital initiatives. HR now leads the organization in a goal alignment process, for example. The new tools provide the capabilities. But, Newsome points out, “we still have to do the hard work. No piece of software will do that for you. And it’s proven to be very difficult work. But we’re starting to see the benefits.” CIO
Send feedback on this feature to editor@cio.in
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
61
Cover Story
SDx
Analytics
Ahead with Analytics By Kim S. Nash
How Western Union is using analytics with a mix of mobile and social technologies to beat its competition. When Western Union sent its first telegrams across the frontiers of America in 1851, it struggled against companies with competing, incompatible technologies. Years of fierce wheeling and dealing helped Western Union acquire and neutralize rivals. Then a prestigious 1860 contract to build the first coast-to-coast telegram system—which critics incorrectly said would never work— solidified the company’s dominance. Even the eventual spread of the telephone and radio didn’t derail the company, partly because by that time, Western Union had diversified from simply moving words to moving money, too. In 2006, Western Union sent its last telegram. Today the $5.7 billion (about Rs 37,800 crore) company makes most of its money from the fees it charges when people transfer funds and pay bills—and by hedging exchange rates for currencies in over 200 countries. But a history of scrappy transformation doesn’t guarantee the future. Western Union’s business is conducted mainly in person, and in cash, in a world where money cards,
W 62
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
digital currency and mobile payments are proliferating. A friend can pay you back for his bar tab with a text message. Bitcoins can buy you a spot on a Virgin Galactic rocket. Big banks, meanwhile, are horning in on Western Union’s market: The estimated 2 billion people worldwide who don’t have checking, savings or credit accounts. To anticipate where new, profitable niches will emerge and to keep costs in line, Western Union must transform itself into a digital company. But it also wants to preserve the core business that has provided so much for so long. CEO Hikmet Ersek says he searched for months to find the right CIO to lead the effort. And two years into the job, that man, David Thompson, says Web and mobile technologies, along with a few irreplaceable proprietary systems, will be critical. But, Thompson says, big data may matter most of all. Analytics could help Western Union sidestep the mistakes of familiar failures like Blockbuster and Borders. Understanding how people react to global migration pressures, geopolitical struggles, economic changes and natural disasters will shape Western Union’s products and pricing, says Thompson, who is also executive vice president of global operations. “My team is starting
to wake up to the fact that they’re a partner in something that’s really changing our company.” CEO is pleased with progress so far, but says, “We have a long way to go.”
Creative Destruction Upheaval in the financial services industry is being created by established players and entrepreneurs alike. Market-leading banks and credit unions offer mobile apps and on-the-spot loans. Startups are devising new ways to buy and sell with mobile phone swipes, scans and text messages. Bitcoins and other virtual currencies are now taken seriously by federal officials; Congress held fact-finding hearings on the topic in November last year. These changes portend a “moment of creative destruction,” says Lisa Servon, a professor at The New School who focuses on economic development and urban poverty. “Western Union sees the writing on the wall and, like everyone, is trying to figure out how to leverage new technology to improve their own services.” The question is whether Western Union will be fast and bold enough to emerge as a winner in the game of digital disruption. A slew of startups are clamoring to topple Western Union in the money-transfer business. “Establishing an infrastructure to operate legally and efficiently in a variety of countries will take some doing for startups,” says Denee Carrington, a senior analyst at Forrester. “But Western Union can’t just count on the fact that it’s hard to insulate them forever.” Western Union’s Ersek contends the company is already digital internally, conducting an average of 28 transactions per second. The real change the CEO wants is in extending
VOL/9 | ISSUE/07
Cover Story
digital capabilities to customers directly. But timing is everything. If Western Union overhauls basic customer interactions by throwing a lot of new technology at consumers, it risks alienating and losing them. If the company moves too slowly, competitors will steal customers. Analyzing customer behavior will help Western Union find the right pace, he says, reeling off a series of ITbased ideas, such as analyzing what customers do in social media and measuring the results of online and mobile marketing campaigns. Details, details, details are important to him, to hone strategy. “We want to know when a Filipino customer in the UK goes to church on Sunday,” he says, by way of example. That way, Western Union can create customized products based on those life details. The Philippines is one of the most popular destinations for money transfers. Maybe a customer is in a family mood after church and will send money back home if offered a Sunday discount. “Not many companies have such global data.” Western Union’s customers are both an asset and a risk. They don’t have bank accounts for a variety of reasons. Maybe they’re unemployed or they’ve abused accounts in the past. Maybe they have too little money to open an account. Maybe they can’t or don’t want to provide Social Security numbers. Eight percent, or more than 25 million, of the 317 million people in the US don’t have bank accounts. In low-income areas, that number is much higher: In the south Bronx in New York City, it’s 50 percent. The unbanked market in the US alone is worth $78 billion (about Rs 491,400 crore) , estimates the Center for Financial Services Innovation, a nonprofit group that promotes public policies to help the underserved. If Western Union is right in estimating that 2 billion people
VOL/9 | ISSUE/07
Analytics
Understanding how people react to global migration pressures, geopolitical struggles, economic changes and natural disasters will shape Western Union’s products and pricing, says David Thompson, CIO, Western Union.
are unbanked and under-banked worldwide, that’s 28 percent of the Earth’s population who, by definition, even global behemoths like JPMorgan Chase and Deutsche Bank don’t reach. Western Union’s customer database, therefore, is of “enormous value,” Ersek says. “You can’t imagine.” For example, analyzing the behavior of so many under-the-radar consumers tipped Western Union off to the developing financial crisis in 2008, he says. Customers were sending less
money in the average transaction and conducting fewer transactions, the data showed. This prompted Western Union executives to revise their financial expectations and warn Wall Street six months before others in the financial industry caught on, he says. “These customers are totally different than customers that typical financial companies serve,” he says. It’s hard to say whether Western Union and competitors like MoneyGram unfairly exploit the REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
63
Cover Story
SDx
Analytics
unbanked, according to Servon. The company also charges fees for many popular transactions. For example, it costs a customer $10 (Rs 630) or $12 (Rs 756) to send $100 (about Rs 6,300) from New York to Slovenia, or $5 (Rs 315) to send $100 from Boston to Manila using a credit card. Some transfers are free to the sender and receiver (for example, during a promotion), but Western Union still makes money from the currency exchange rate. “If you look at cost relative to
income, [these customers] spend much more on financial services than you and I,” Servon says. “But I don’t know that there’s any way else to send $100 to Philippines every two weeks.” Actually, there are many ways, if Western Union’s patent portfolio is any indication.
IT for Better Business As with its “magic eye” high-speed fax machine in the 1950s, the company is trying to stay ahead of customers, to offer them more choices when
they’re ready. In just the past two years, Western Union has obtained 52 patents for inventions, including various kinds of mobile transactions, refundable prepaid transaction cards, and a system that lets you transfer money using the wireless technology in your car. Last year, the company got a patent for technology that transmits fingerprints, facial geometry and other biometric data during a financial transaction. Sometimes, birth certificates, identity cards
Startups Plot to Dethrone Western Union There a number of small companies nipping at Western Union’s heels in the money transfers or bill payments business. Here are some. Plenty of companies, big and small, want to steal Western Union’s business using advances in electronic money and digital payments. Some startups are partnering with established players in telecommunications and other industries to reach consumers who usually don’t have bank accounts, but who nonetheless pay bills and send money to family and friends. Others are working feverishly alone. Since 2011, venture capitalists have invested at least $104 million in money-transfer startups, according to researcher CB Insights, which characterizes these 39 deals as attempts at “disrupting Western Union.” “The money-transfer market is ripe for disruption because it’s not a very satisfying experience for a customer right now,” says Denee Carrington, a senior analyst at Forrester. For example, senders wait at a customer-service desk, fill out paperwork and then have to wait again while the transaction is processed. Customers also can’t usually track their transactions along the way, like they would with a FedEx package, and sometimes receivers don’t get the funds, Carrington says. Plus, customers must pay fees and currency exchange rates set by Western Union and MoneyGram, the dominant players. Smart competitors have examined the customer experience and are trying to capitalize on its faults, she says. Xoom, for example, offers text and e-mail tracking
64
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
of transactions. The company, which went public a year ago, operates in 30 countries and claims 997,000 active customers. Here’s a sampling of other companies nipping at Western Union’s heels in money transfers or bill payments: TransferWise uses peer-to-peer networks to let users send money to each other internationally. The London company, started in 2011 by two Estonian entrepreneurs with experience at PricewaterhouseCoopers, Skype and other tech companies, targets students, expatriates and travelers. But anyone can use it. TransferWise bills itself as a cheaper, faster alternative to banks. Dwolla is a startup that built a proprietary payment network that allows customers to move money from their bank accounts for 25 cents per transaction, or for free on transfers of $10 or less. Customers can use their cellphones, email addresses or accounts on Facebook, LinkedIn or Twitter. Barclays Pingit is a mobile money-transfer app launched by the banking giant in 2012. It lets people 16 and older use their cellphones to send money to other users in the U.K. Pingit is instant and free. Several companies, including most of the big banks, are issuing pre-paid or other forms of debit cards to move money internationally. Payoneer does this too, plus offers e-wallets that are localized to various countries. Metabank’s AiAdvance prepaid cards, meanwhile, carry the Visa and MasterCard brands. —Kim S. Nash
VOL/9 | ISSUE/07
Cover Story
SDx
Analytics
and other documents for verifying identification are scarce, as in remote areas of the Philippines. There, Western Union won permission from regulators to use fingerprints instead. The idea came from a local Western Union team, including an IT staff member, CIO Thompson says. Having technologists stationed in various global locations helps the IT group tune into cultural norms and nuances, he says. “I don’t want us to be a big monolith in corporate that doesn’t understand.” Since he arrived, Thompson has been trying to make IT more responsive to business needs. He has built up analytics muscle with a Hadoop cluster and Tableau reporting tools. He also put six data scientists in strategic locations— two in the US, two in India, and two in China. Instead of having to wait until the analytics guys in Denver headquarters wake up and get to work, the marketing, sales and operiopations staff can send queries to the data scientists on call. Follow-the-sun analytics keeps the momentum going, he says. “Our business is 24/7. We get questions throughout the day and night.”
By identifying who’s who as soon as someone arrives at the website, the site can change the flow of screens and promotional offers. This can increase loyalty and yield higher revenues. It is improving collaboration between IT and sales.
66
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
Plus, each team specializes in different areas. In the United States, the data scientists are experts in e-commerce and mobile analytics, for example. In India, it’s analyzing customer trends and doing segmentation. In China, modeling risk and demographic analysis. Copying moves from the retail industry, Western Union’s Thompson talks about offering special deals for frequent buyers. Analytics makes it possible to sift out, say, customers who send $50 to Thailand every week. That kind of regular customer could get a personalized offer—maybe a package of five transfers per month for a discounted fee, he suggests. “We use your usage pattern to customize your experience,” he says. “That’s just for you.” IT and marketing are working together to understand larger societal and behavioral trends that can affect business. For example, analyzing internal and external demographic data can predict migration patterns and help determine where to open a new retail location. And tracking the “migrant diaspora” that Western Union’s CMO talks about would let the company create special online promotions for customers who are culturally similar but geographically dispersed. Thompson wants his IT team to help business colleagues anticipate such trends, to “get ahead of the business with our data,” he says. One recent insight Western Union found is that when customers who usually do business in person come to the website, they act differently from newer customers whose main interaction with the company has been online, he says. By identifying who’s who as soon as someone arrives at the website, the site can present options in a different order, he says, so an individual gets the experience that makes the most sense to him. Changing the flow of screens and promotional offers can
increase loyalty and yield higher revenues, he says. This kind of analysis is improving collaboration between IT and sales. “The business says, ‘I got a half-point uptick because of [those changes].’ We say, ‘That’s great.’” Of course, the CEO also wants all the IT work to deliver significant financial payback, and fast. “We don’t pour money into anything without returns,” he says.
Marrying Analytics and E-commerce Improving e-commerce is a top priority for the company this year, something Wall Street investors frequently question executives about. Compared to regular retailers, Western Union does little business online, and it aims to change that. Electronic channels accounted for 2 percent of revenue in 2010. Now that number is 5 percent. By 2015, Ersek hopes it will be $500 million (about Rs 3,150 crore), or about 10 percent. Aside from attracting customers who want to send funds and pay bills online, the website offers the company other financial benefits. Namely, Western Union doesn’t have to pay commissions to a sending agent online, though it does have to pay credit card fees. Right now, while Ersek and Thompson spend money to enhance the site, transactions there carry lower margins than those conducted in physical stores. But by 2015, the margins should be up to par, CFO Scott Scheirman recently told investors. The company is also working on ways to advance its regulatory compliance system, which is a proprietary system developed over decades and which is considered a competitive advantage. The compliance engine ensures—in a split second—that transactions adhere to the many layers of federal, state and local regulations that apply where
VOL/9 | ISSUE/07
Cover Story
Western Union does business. It also generates a risk profile for transactions and individuals. The system can’t be duplicated by would-be rivals, at least not easily or without considerable expense. “That is a significant barrier to entry to our industry,” Thompson says. In a recent patent, Western Union describes technology it created to mask customer data from a phone operator but pass it on to remote servers for verification. With a smartphone, users could also scan and transmit codes imprinted on paychecks, for example, or the magnetic strip of a card, but the data would remain private except to the software verifying it. As good as its compliance systems are, however, they’re not perfect. And regulations around the world are changing all the time. State and federal agencies, as well as government agencies from other countries, have increased requests for data in recent years as they investigate money laundering and terrorist financing activities. And some provisions in the 2010 DoddFrank Act are affecting Western Union’s money transfers to Mexico and Latin America. Compliance costs money. To meet regulatory deadlines, Western Union has to add staff to manually carry out verifications while IT works on building the new checks into the compliance engine, Thompson says. In all, Western Union spent $100 million in 2012 on anti-moneylaundering compliance efforts alone, and Ersek is committed to building “best-in-class” programs in this area. Meanwhile, the company is still dealing with a 2010 settlement it reached with Arizona and three other states that claimed the company didn’t effectively monitor compliance of money transfers in and out of Mexico. The agreement calls for Western Union to improve
VOL/9 | ISSUE/07
Analytics
Analyzing the behavior of its consumers tipped Western Union off to the developing financial crisis in 2008, says Hikmet Ersek, CEO, Western Union.
its compliance programs along the US border, which the company is still working on. Western Union must heed rulings from a court-appointed monitor overseeing the programs and has spent $71 million on the settlement so far. The company is also the target of an ongoing money-laundering investigation related to the activities of current and former Western Union agents. The company “continues to cooperate fully,” according to
financial documents. A spokesman declines to comment further.
Relentless Competitors It’s one thing to slice and dice data. But it’s another to apply findings in a way that doesn’t cannibalize current business but rather moves at the customer’s pace, or perhaps just a touch faster, while keeping competitors at bay. For Western Union to thrive, executives have to be careful not to REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
67
Cover Story
SDx
Analytics
over-rely on any one asset, says Dave Aron, a Gartner analyst who has studied business model disruption. Like ants at a picnic, competitors are constantly looking for ways to work around obstacles to get to the pie. For example, banks are trying to win over some of Western Union’s customer base of unbanked and under-banked consumers by offering reloadable, prepaid cards that work like debit cards. JPMorgan Chase launched one in 2012. It doesn’t help that competitors have some powerful allies. The Federal Reserve and the World Economic
on the phone, so everything’s ready to go when they get there. One future enhancement developers are working on is prescheduling regular transactions and pre-populating data fields, to save time. Such personalization is good, but Western Union doesn’t want to lose the genuine interpersonal relationships between customers and agents that feed trust in the brand. That’s a key difference between a bank and a company like Western Union, Servon says. Customers who come in regularly to conduct the same transactions develop rapport
Instead of having to wait until the analytics guys in Denver headquarters wake up and get to work, the marketing, sales and operations staff can send queries to the data scientists on call. Follow-the-sun analytics keeps the momentum going.
Forum, among other entities, want to find ways to draw the unbanked into the mainstream financial system for many reasons. They want to encourage saving, while a money-transfer company like Western Union doesn’t have regulatory approval to offer savings accounts. They also want consumers to have recourse if funds are lost or stolen; with cash, you’re out of luck. These organizations see mobile banking as the key. A recent survey by the Fed finds that 63 percent of unbanked and 91 percent of underbanked consumers in the US have a cell phone. Ersek and Thompson agree about mobile’s potential. Western Union’s mobile app helps customers find local agents and stage transactions 68
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
with agents. “For the companies that sell the products, their business depends on those relationships,” she says. Technology like compliance systems and patented inventions is indeed an advantage, Aron says. But truly innovative companies also try to capitalize on broader concepts. That might include ideas such as trust and customers “as whole people,” he says. For example, at 7-Eleven Japan, senior executives realized that the company’s fundamental asset was its knowledge of the small communities where its convenience stores have stood for so many years. The company expanded into adjacent businesses lines, adding dry cleaning, postal services and other ways to do chores inside 7-Eleven stores.
“Big data led them to say, ‘We understand the community better than anyone else,’” Aron says. “They realized they know how to solve daily problems.” Western Union has no plans for a dry-cleaning business. But it is stretching its thinking about what a money-transfer company can be.
ROI on the CIO One big investment Western Union’s CEO has made is swapping out one CIO for a new, more expensive one from outside the industry. John Dick, who was CIO from 2008 to 2012, was reportedly asked to leave, telling an audience at a Forrester conference that Ersek sought someone with different skills. A Western Union spokesman confirms that the company rethought the CIO position. “The role and priorities of the position were realigned around our technology and operations needs to better drive our customer-centric strategy,” he says, declining to comment further. Dick, who is now CIO at staffing firm Towers Watson, didn’t respond to a request for comment. While Dick had spent nearly all of his 32-year career in financial services, Thompson hadn’t ever worked in financial services before. His most recent CIO jobs were at Symantec, Oracle and PeopleSoft. When Western Union’s board of directors discussed what to pay Thompson, they considered not only the going rate for CIOs but also the magnitude of what they were asking him to do, according to the company’s latest proxy statement. Earning $3.4 million, he is the second-highest-paid officer at the company, behind Ersek. So far, the CEO calls Thompson “one of my best hires.” CIO
Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/07
Cloud Computing 70 Cloud Build Up With maturing cloud models, Indian IT leaders need to prepare themselves for unforeseen challenges—along with a slew of brand new opportunities.
74 5 Tips to Keep Data Secure on the Cloud How can you be sure the information you store on the cloud is safe? The short answer is you can’t. However, you can take some protective measures. Here are five data privacy protection tips.
77 8 Ways to Screw Up a Cloud Contract Cloud computing’s become too big a wave to ignore. With business users and management ratcheting up the pressure on IT to go cloud, you need to be prepared. Read these tips before you sign anything.
Cover Story
SDx
Cloud Computing
Cloud Build Up
Why Move at All?
By Radhika Nallayam
With maturing cloud models, CIOs need to prepare themselves for unforeseen challenges along with new opportunities. With every passing day, moving to the public cloud seems increasingly inescapable for CIOs. It can be scary, what with everyone’s eyes fixed on you—your management, your business peers and, even users. As the custodian of IT strategy, a public cloud initiative gives you the opportunity to either earn your spurs—or open the door to flak. Indian CIOs started their cloud journey years ago. Cloud discussions are no longer around ‘should I move to the public cloud or not’; but instead hover around more cloudmature questions like what type of cloud, and which application should move first. According to CIO research, today, private clouds continue to remain a priority. But in the last six month a number of factors—including increasing datacenter complexity, fewer IT hands, and shrinking business deadlines—has encouraged Indian IT leaders to move to more public and hybrid cloud models. Plenty of factors indicate that enterprises are increasingly embracing a hybrid cloud model to fill in the gaps related to skill sets
W 70
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
agility, vendor lock-in, security, and audit issues remain unaddressed.
and timeliness. The most telling one is perhaps how the gap between opex IT budgets and capex ones is widening. According to CIO research, the opex-capex divide should be 57 percent to 43 percent this year. That’s compared to 51 percent and 49 percent about two years ago. More interestingly, a number of industries that were once outsourcing-friendly do not really seem to be increasing their outsourcing budgets. This could indicate that opex budgets are going towards the cloud. According to State of the CIO 2014, 33 percent of Indian CIOs say they will take on some sort of a hybrid cloud project in this fiscal— compared to only 13 percent last
Cloud computing has certainly become an inevitable growth path, both for IT as well as the business. The reason to move to cloud are different for different enterprises, but a majority no longer need to be convinced of the move anymore. At pharma firm Cipla, for instance, the business relies on a hybrid cloud to support its large base of remote workers. “The increase in the number of users outside connected offices or on the field demands high availability and Internet bandwidth to cater to peak load. With the cloud, this is not an issue. Besides, the public cloud provides scalability that can be delivered faster compared to an on-premise system. These are my prime reasons for moving to the cloud,” says Arun Gupta, CIO at Cipla. He adds that cost was certainly not a parameter. For Vikram Dhanda, SVP, Aegis and head IT shared services for the Essar Group, agility was the goal. “Cloud
Exiting from the cloud could require heavy investments in infrastructure, which would play havoc with the business’ capex/opex calculations. year. While many organizations have taken a step toward the public cloud, a pure public cloud scenario is still a rarity among Indian enterprises. Why? Because while public clouds do introduce cost variability and
gives us the ability to quickly lay our hands on compute resources and the ability to harness more compute resources as demands spike,” he says. For Syntel, an IT services provider with over 24,000 employees, the top
VOL/9 | ISSUE/07
Cover Story
two drivers for adopting a hybrid cloud model was increased business agility and scalability. The company manages a ‘two cloud model’—one built on a proprietary platform, and the other on OpenStack. The ‘two cloud’ strategy was put in place because company took a conscious decision to move away from being locked in with a single vendor. “We wanted to focus on a heterogeneous strategy. With the continuously changing trend in technology and the cloud, we wanted to experiment on different platforms and build capabilities across heterogeneous technologies,” says Muralidharan Ramachandran, CIO of Syntel. A pragmatic approach, says Ramachandran, helped minimize risks. Though ‘two clouds’ might sound like significant capex investment, Ramachandran didn’t really have to spend incremental capex on building the cloud platform. And, the cloud brought additional benefits. Ramachandran was able to leverage the company’s internal skills sets more efficiently. Both the clouds are tested, he says, and proven to have the ability to burst into a public cloud. The success of a hybrid cloud initiative depends largely on what CIOs decide to put on a public cloud platform. At this stage, many organizations are testing the waters by moving non-critical applications to a public or hybrid cloud. What they move first varies from industry to industry. Governance, regulatory policies, IT laws and privacy laws have a large say on what kind of data can be moved outside the boundaries of an organization. As the cloud expert David Linthicum rightly said, “Moving to
VOL/9 | ISSUE/07
Cloud Computing
Muralidharan Ramachandran, CIO of Syntel, has created a two-cloud model to avoid being locked-in by a single vendor.
public cloud platforms can actually make poorly-designed apps run worse than before.” Ravish Jhala, corporate head IT, Leela Palaces Hotels and Resorts,
started by moving small processes and applications on to a public cloud. He later moved six of the hotel’s services onto a hybrid model. The savings in terms of cost REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
71
Cover Story
SDx
Cloud Computing
and manpower that he has seen is substantial, he says.
Chargeback: Good or bad? Whether it’s private, public or hybrid, cloud computing re-opens the discussion on chargebacks. Some Indian companies have made effective use of this model and have IT departments that have been converted into profit centers
V. Krishnan, SVP-IT, L&T Financial Services, thinks it’s extremely risky to put mission-critical processes on a public cloud platform because “accountability is a big question mark.”
72
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
with the help of chargebacks. Whether the strategy generates profits or not, cloud computing and chargebacks certainly allow IT departments to track and measure IT usage. Some CIOs have adopted a chargeback model based on actual usage by LoBs, while others follow a method wherein chargebacks are based on the estimated usage of IT.
A CIO from the finance sector, who requests anonymity, says chargebacks are an effective mechanism to monitor and reallocate services based on use. Though his IT department is not a profit center, it sends out invoices to LoBs on a quarterly basis. The beauty of this is that once an IT budget is allocated and fixed, he is able to track who is using what within the organization. Besides, allocation and usage is tracked on a monthly basis. This allows him to call back a service if it’s not being used effectively by a particular department and reallocate it to another business or department that might need it more. Shashi Kumar Ravulapaty, SVP and CTO of Reliance Commercial Finance, follows what’s called a ‘showback’ method. “Chargebacks are a good benchmark to track usage patterns. If a service comes free, people generally tend to take it for granted. We follow a notional pricing method, so I am able to track usage. One can find out the impact of IT on the business, how it improves P&L, and helps rendering services,” he says. Dhanda from Essar Aegis, on the other hand, raises invoices on which he pays service tax. He has different contracts signed with each LoB for services delivered. From a highly ignored concept in 2012 (49 percent of respondents to CIO magazine’s Cloud Computing Survey in 2012 said they don’t have a process for chargebacks), chargebacks has come a long way. It is not a profit-making mechanism yet, but it helps improve an IT department’s efficiency. At the same time, there are CIOs who believe that chargebacks often create a sense of tension between the business and IT. Sudhir Kanvinde, CIO of IL&FS Transportation Networks, says, “Chargebacks will create unnecessary conflict between business and IT. CIOs should focus more on technology and what business needs, rather than focusing on chargebacks.”
VOL/9 | ISSUE/07
Cover Story
Cloud Computing
Audit Gaps How do you audit your cloud provider? That’s a million dollar question. In markets like India, the concept is yet to find the attention it deserves. “We have seen that such procedures are a lot more stringent in matured markets like the US. Regulations similar to HIPAA or PCI need to be mandated on cloud providers in India to build industry confidence. Unfortunately, the overall awareness is quite low in India about compliance requirements for cloud service providers. For instance, many auditors here are clueless about requirements for auditing cloud hosted applications and infrastructure,” says the CIO of an ITeS company. “Guidelines similar to HIPAA or PCI need to evolve in India, with compliance to the local law. SLA management of public cloud services is more or less like going with the herd, believes V. Krishnan, SVP-IT, L&T Financial Services. As a result, he feels less confident about moving critical data on to the public cloud. “The provider should have a critical mass of people so that he can ensure that nothing fails. I think it’s extremely risky to put mission-critical processes on a public cloud platform. Accountability is a big question mark. Functionality shifts across locations based on the load, if it’s a large global cloud provider. That applies to auditability too. The audit model for a cloud provider, who holds your data and security, is a multi-dimensional factor. We are not always in control of what technology is used by the provider. I think it is much safer to be in control of your data,” he says.
The Way Out What if you want to break up with your cloud provider? That’s an important strategy question. And a tough one. Neeraj Vetkar, head IT infrastructure, Tata AIG General
VOL/9 | ISSUE/07
“The public cloud provides scalability that can be delivered faster compared to an on-premise system,” says Arun Gupta, CIO at Cipla.
Insurance says, “Once you move to the cloud, users get used to certain SLAs. If you decide to move away from the cloud for some reason, the first thing users will have to accept are delays in getting things done. It would also call for very heavy investments in infrastructure, which in turn plays havoc with the overall
capex/opex calculations of the organization,” he says. A move to a more hybrid model cloud, it seems, requires thinking about an exit. CIO
Radhika Nallayam is assistant editor. Send feedback on this feature to radhika_n@idgindia.com
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
73
Cover Story
SDx
Cloud Computing
5 Tips to Keep Your Data Secure in the Cloud By Victoria Ivey
How can you be sure the information you store on the cloud is safe? The short answer is you can’t. However, you can take some protective measures. Here are five data privacy protection tips to help you tackle the issue of cloud privacy. The number of personal cloud users increases every year and is not about to slow down. Back in 2012 Gartner predicted the complete shift from offline PC work to mostly oncloud by 2014. And it’s happening. Today, we rarely choose to send a bunch of photos by e-mail, we no longer use USB flash drives to carry docs. The cloud has become a place where everyone meets and exchanges information. Moreover, it has become a place where data is being kept permanently. We trust the cloud more and more. Now even our documents from the bank, ID scans and confidential business papers work find their new residence on the cloud. But can you be sure your information is safe and secure out there? Actually, for the time being you cannot. Data privacy legislation
T 74
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
proceeds in a tempo that is unable to keep up with the speed of technology progress. Just take a look on how countries or regions deal with legal issues concerning data privacy on the cloud. You’ll hardly find any universal rules or laws that could be applicable to any user and any cloud service irrespective of geographical boundaries or residence. Today’s legislature in the area of information privacy consists of plenty of declarations, proposals and roadmaps most of which are not legally binding.
Cloud Security Issues Span the Globe Information privacy on the Internet presents a problem for law makers all over the world. All legislative process stumbles over several issues. First, there’s trans-border data flow. Some countries are successful in regulating privacy issues of the data stored on the servers within
the country, but they usually avoid trans-border data flow regulation. The most popular data storage servers are in the United States, but people who use them come from different countries all over the world, and so does their data. It remains unclear which laws of which country regulate that data privacy while it flows from the sender to the server. Another problem is defining who, and under which circumstances, can gain legal permission to access data stored on the cloud. Users believe that their information is confidential and protected from everyone just because it belongs to them and is their property. But they often forget that the space where they store it (namely the Internet) is not actually theirs and it functions by its own rules (or no rules). Therefore, you may still have to give up your data if one day state authorities ask for it. But even if the law happens to be applicable to your situation and is on your side you still don’t want to spend your time and effort later in the court proving how right you are, do you? So with all that legal uncertainty you simply have no choice but to take control and be responsible for your own data. Here are five data privacy protection tips to help you tackle the issue of cloud privacy: Avoid storing sensitive information in the cloud. Many recommendations across the ‘Net sound like this: “Don’t keep your information on the cloud.” Fair enough, but it’s the same as if you asked, “How not to get my house burned down?” and the answer would be, “Do not have a house.” The logic is solid, but a better way to translate such advice is, “avoid storing sensitive information on the cloud.” So if you
VOL/9 | ISSUE/07
Cover Story
Safety Net for Cloud-Based Data A real-estate brokerage opts to back up critical documents stored in Google Drive. With about 1,000 employees and more than $8 billion (Rs 48,000 crore) in home sales since 2006, online real-estate brokerage Redfin has a lot to lose if its cloud-based applications fail. So Eric Hollenbeck, senior manager of IT and business services, decided not to rely solely on the redundancies touted by cloud providers. Instead, he deployed Spanning Backup early last year to ensure that critical documents on Google Drive could always be accessed and re-created. “Whether you provide services to your organization via the cloud or on-site services, you should always have a robust, reliable backup service. You don’t want to be that guy who doesn’t have the data when someone comes asking for it,” he says. Holger Mueller, an analyst with Constellation Research, says Hollenbeck’s approach is at the forefront of emerging best practices. He says IT leaders should pay attention to the fine print in agreements with cloud providers, which often don’t provide timely or complete data backup. “It’s all in its infancy, so many enterprises aren’t getting this backup,” he says. Redfin in 2009 moved its e-mail, contacts and calendaring from Microsoft Exchange to Google to reduce costs and management tasks. Hollenbeck says the move to Gmail also allowed Redfin to react more nimbly and scale more easily to handle its growing business volume and expanding, distributed workforce. After the success with Gmail, Hollenbeck implemented Google Drive for document management in 2012. He says the move to Google Drive creates a leaner infrastructure and more collaborative environment for the company’s employees. However, while proponents often tout the built-in redundancies and security that cloud vendors can provide, Hollenbeck says he saw the need for a dedicated backup service. Redfin uses Spanning to back up Google Drive. Hollenbeck says he chose Spanning Backup for its scalability, ease of deployment and use, and competitive price. (Hollenbeck uses another backup service for email and calendar, but says he’s considering switching to Spanning for those as well.) Hollenbeck says Spanning doesn’t just guarantee the documents survive in case of a catastrophe; it also ensures that Redfin can quickly access or re-create files as they were at specific times. That protects against not only technical problems but also human factors, such as a disgruntled employee who tries to doctor or delete documents. —By Mary K. Pratt
VOL/9 | ISSUE/07
Cloud Computing
have a choice you should opt for keeping your crucial information away from virtual world or use appropriate solutions. Read the user agreement to find out how your cloud service storage works. If you are not sure what cloud storage to choose or if you have any questions as for how that or another cloud service works you can read the user agreement of the service you are planning to sign up for. There is no doubt it’s hard and boring but you really need to face those text volumes. The document which traditionally suffers from insufficient attention may contain essential information you are looking for. Be serious about passwords. You must have heard this warning a hundred times already, but yet most people do not follow it. Did you know that 90 percent of all passwords can be cracked within seconds? Indeed, a great part of all the sad stories about someone’s account getting broken is caused by an easy-to-create-andremember password. Moreover, doubling your e-mail password for other services you use (your Facebook account, your cloud storage account) is a real trap as all your login information and forgotten passwords always arrive to your e-mail. Here is an efficient method of creating a secure password. First, choose a random word (preferably a long one), for example, “communication.” Now let’s say you are signing up for Gmail. What you should do is add a “Gmail” word to the word you have chosen. Thus your password for Gmail will be “communicationGmail.” If you sign up for Skype, your password will be “communicationSkype”, for example. Therefore, you need to remember only your “core” word and the structure of your password. To strengthen it even more you can add a certain number before the name of the service, for example your birth date. In REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
75
Cover Story
SDx
Cloud Computing
that case your password will look like “communication12111975Skype”, etc. You can invent any other way of memorizing your passwords, the one that appeals to you. But the main point doesn’t change—such a method is really simple and effective. Encrypt. Encryption is, so far, the best way you can protect your data. Generally encryption works as follows: You have a file you want to move to a cloud, you use certain
archive, even one that isn’t passwordprotected, without this utility. B1 encrypted archives appear to be more safe and secure than the usual zip files. In case you have more time and energy or want to provide an even higher level of protection for your files you can use TrueCrypt encryption software. It’s an open source encryption program with which you can create an encrypted file (the so
When choosing the best way of protecting your information keep in mind how valuable that information is to you and to what extent it is reasonable to protect it. Therefore, the first thing you should do is to define the level of privacy you need and thus a level of protection for it. software with which you create a password for that file, you move that password-protected file to the cloud and no one is ever able to see the content of the file not knowing the password. The most easy and handy way is to zip files and encrypt them with a password. To that end you can use B1 Free Archiver—a free multiplatform compression tool. When creating the archive check the “Protect with a password” option, type in the password (keeping in mind rule number three) and only after that you can move it to the cloud. If you want to share it with someone just give the password to that person. Note that B1 Free Archiver zips files only in B1 format which makes the overall protection of your info more reliable. The only software that opens B1 files is B1 Free Archiver, therefore you won’t be able to open any B1 76
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
called “virtual disk”) and keep all of your private files protected with a password. TrueCrypt is a bit harder to use than B1 Free Archiver, but it gives you the choice of encryption algorithms (in addition to AES it also offers Serpent, Twofish, among others) some of which deliver a higher level of reliability. But at the same time it also has its drawback as compared to encrypted zip files. In TrueCrypt you preset a precise volume of your encrypted file from the very beginning so a lot of space may be wasted before you fill it with data. The size of an encrypted zip file depends only on the data volume contained in it. Use an encrypted cloud service. There are some cloud services that provide local encryption and decryption of your files in addition to storage and backup. It means
that the service takes care of both encrypting your files on your own computer and storing them safely on the cloud. Therefore, there is a bigger chance that this time no one— including service providers or server administrators—will have access to your files (the so called “zeroknowledge” privacy). When choosing the best way of protecting your information keep in mind how valuable that information is to you and to what extent it is reasonable to protect it. Therefore, the first thing you should do is to define the level of privacy you need and thus a level of protection for it. If you do not actively use the Internet to work, even a two-step verification involving SMS with a code sent to your mobile phone may seem cumbersome, though most people who use email for sending business data appreciate this option. Not everyone is ready to pay for data to be stored, but if you use cloud storage for keeping corporate data, you’ll find paying for safe and secure data storage reasonable. So try to strike that delicate balance between the required level of protection and the time/effort/money spent on it. CIO
Victoria Ivey is a tech enthusiast and writer. Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/07
Cover Story
Cloud Computing
8 Sure-fire Ways to Screw Up a Cloud Contract By Robert L. Mitchell
Cloud computing’s become too big a wave to ignore. With business users and management ratcheting up the pressure on IT to go cloud, you need to be prepared. Read these tips before you sign anything. Something happened on the way to the cloud: Too many business customers got burned by bad contracts. It’s not that cloud services can’t deliver value. But in the rush to the cloud, enterprises often end up stuck with contracts that don’t fully meet the business’ needs, lack accountability, and cost considerably more than anticipated. There are several reasons for that, say people who make their living studying licensing issues and advising businesses on contract negotiations. Among other things, seasoned veterans of on-premise software licensing may mistakenly assume that cloud services contracts are just another variation on the same theme. But as enterprise software vendors move to the cloud, software licensing has become so complex—Microsoft’s licensing strategy alone has ballooned from fewer than 50 options to more than 170—that even consultants and resellers are struggling to fully understand it. And even when expertise is available in house, businesses aren’t always aware, or don’t take advantage of it for political or other reasons.
S
VOL/9 | ISSUE/07
For all their differences, cloud and on-premises contracts share at least one major trait: Once you sign on the line, you’re stuck with the terms. And if you’ve committed to enterprise software such as ERP or CRM as a service, moving to another provider can be just as difficult as switching out on-premises software. We asked four experts to talk about the most common mistakes that never should have happened, the consequences and what enterprises did to resolve them. If you really want to screw up a cloud service contract, they say, here are eight good ways to go about it. Pay for all of your cloud services up front. You don’t have to work in a small company to make this mistake. Frank Scavo, president of management consulting firm Strativa, recalls how a $100 million business that signed on with a cloud ERP provider got burned. The ERP contract included the monthly subscription fee plus implementation support and ongoing support. The problem came about during the integration work required to connect the ERP system to the business’s front-end e-commerce application. When that integration project got bogged down, the customer found that it wasn’t getting the level of support it needed.
“But they prepaid, so the customer had no leverage over the vendor. It’s a mistake to prepay for implementation services,” Scavo says. Eventually the matter had to be escalated to the vendor’s chief executive officer before the situation was rectified. “It shouldn’t take a call to the CEO to resolve a routine implementation problem,” Scavo says. Sign a long-term contract without negotiating SLAs and penalties for noncompliance. In the early days of SaaS, businesses often paid for cloud services on a month-to-month basis. If the contract didn’t work out you could walk away. But now it’s common for SaaS providers to pitch contracts that last three to five years, says Ray Wang, principal at Constellation Research. Unfortunately, most long-term cloud contracts don’t state what happens if the service becomes unavailable for a day, a week or even longer. When do vendors notify you of what’s going on behind the scenes? How will they work with you and other parties to diagnose the problem? To what type of compensation are you entitled if the system goes offline for an extended period of time? If it’s not in the fine print, there are no guarantees, and if you’re locked into a long-term contract you can’t just cancel. You’re stuck. That’s what got one Constellation client, a Fortune 2000 manufacturer, in trouble. In the wake of Superstorm Sandy in 2012, the business’s billing system went offline for five days. The company put revenue losses for the week at between $3 million and $4 million. Unfortunately, says Wang, “They didn’t have any kind of recourse for that in the service level agreement.”
58% Of Indian CIOs say that when it comes to cloud computing, they are aware of their organizations’ legal obligations.
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
77
Cover Story
SDx
Cloud Computing
While the provider did offer one month of billing credit to make up for the five-day outage, that didn’t come close to making up for the monetary damages resulting from the outage. That contract is now coming up for renewal, and the client is looking for very different terms, Wang says. While most vendors won’t agree to conditions that require full compensation for business losses resulting from an outage, you can do much better than what’s in the boilerplate. “In some cases we have
78
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
been able to get the client access to new features, six months’ worth of credit or a reduction in the renewal rate,” Wang says. That was after the fact. You’re better off, however, negotiating these terms up front. If you can’t get an SLA for loss of business, negotiate credit for months of service, new features and lower per-user, per-month pricing for the future. “All are possible,” Wang says. A related issue: Cloud vendors often try to bring their “low-touch” model—of deemphasizing personal
customer interactions—to enterprise support and services offerings. But that just doesn’t work for large-scale systems that provide ERP, CRM and supply chain SaaS. “A lot of that implementation requires higher touch, and many times the cloud vendors aren’t set up to do that,” Scavo says. So it’s important to vet the capabilities of the provider, and book enough implementation time to get the job done. And if the cloud service provider’s resources aren’t up to your standards, consider using one of its channel partners—or go elsewhere with your business. Don’t vet the contract for hidden charges that might come back to bite you. Even people used to scrutinizing contracts for on-premises software can be tripped up by cloud service contracts, Scavo says. “Someone on your team needs to know what to look for, particularly when it comes to hidden charges such as exceeding a certain storage or bandwidth threshold. I’ve had a few customers get burned by that.” Scavo consulted with a seasonal business that saw its monthly bills soar by as much as 20 percent when daily transaction counts exceeded the contractual threshold. “Vendors aren’t typically going to call your attention to things like that during the contract phase,” so it’s up to you to think it through and push back, he says. Sign off on the contract before shopping around for better terms. Cloud vendors take different approaches to licensing, and one plan may fit your needs far more cost effectively than another, says Scavo. While many vendors base monthly subscription fees on the number of users or seats, some offer variations on that model. For example, with one cloud ERP vendor the price you pay depends on the amount of system resources you use, such as projected transaction counts, “so a growing business can add users without
VOL/9 | ISSUE/07
Cover Story
buying additional seats,” Scavo says. This is especially important with large-scale CRM or ERP systems because moving off those isn’t easy. “There’s a certain amount of vendor lock-in with SaaS providers that goes beyond what you have on premises,” Scavo says, so get the right contract terms in place before you start down that road. Don’t worry about how multiple SLAs will affect the end-to-end performance of your business processes. When businesses use a combination of cloud services within the context of a single business process, end-to-end performance is only as good as the weakest service level agreement. “We’re just starting to see the proliferation of cloud serviceoriented architectures where you’re piecing together numerous cloud capabilities to deliver a business process. If your SLAs are not aligned across that, you may have a weak link in the chain,” says Mike Pearl, principal at PwC’s advisory practice. This has been a particularly painful problem for PwC clients that have allowed individual business units to sign contracts. One client, a CIO of a multibillion dollar corporation, received a copy of a SaaS contract, signed by someone at one of the business units, that contained no language pertaining to backup, storage or access to data stored by the provider. “The biggest failure I see is organizations with a technology buying pattern that doesn’t go through IT,” Pearl says. “People think they have the background to negotiate these kinds of contracts, but often times they don’t know what they don’t know.” Pearl thinks that IT will eventually see the rise of a new breed of external integration brokers that can stitch together the cloud services that make up an end-to-end business process and make sure the SLAs are aligned. “They will act as resellers, and overlay their
VOL/9 | ISSUE/07
Cloud Computing
“The biggest failure I see is [in] organizations with a technology buying pattern that doesn’t go through IT. People think they have the background to negotiate these kinds of contracts, but often times they don’t know what they don’t know.” —Mike Pearl, Principal, PwC’s Advisory Practice
SLA over the SLAs they’re getting from various cloud providers,” he says, adding that he’s had conversations with some vendors that have expressed an interest in entering that business. Today, however, it’s up to IT and its procurement partners within the business to do all of the contract spadework. Let the salesperson talk you into adding services that you’re not ready to use. If you’re thinking of deploying a new service next year, buy it when you’re ready to implement rather than allowing it to roll into a renewal contract. Microsoft’s Office 365—a SaaS suite that includes back-office components for Exchange, SharePoint and Lync as well as the familiar desktop apps—is a prime example, says Paul DeGroot, principal at Pica Communications, which specializes in helping his clients navigate the Microsoft licensing maze. “Many customers have bought Office 365, but when I ask how they use it they say they don’t,” DeGroot says. There’s no price benefit to buying the service early, and if it’s rolled into a three-year renewal contract you’re stuck paying for it for the entire contract term. “If you’re going to use it next year, buy it next year,” he says. In DeGroot’s experience, only about 40 percent of businesses try to
negotiate on new contract proposals from Microsoft. One reason may be the confusion businesses face when contemplating Microsoft’s myriad licensing options. Three years ago Microsoft offered 46 choices for enterprise agreements. Since then that number has ballooned to more than 178, and most of the increase is cloud related. “It’s insanely complex,” he says. But pushing back has another benefit: Microsoft has been willing to cut deals. One Pica client demanded that Microsoft remove a Yammer component worth $50,000 (about Rs 30 lakh) from a proposal, but later relented when the salesperson offered a $78,000 (about Rs 47 lakh) discount on something else. “The customer has no intention of using Yammer, but the Microsoft rep got credit for selling it to him, and the client knocked $28,000 (about Rs 17 lakh) off his licensing bill,” he says. In another case a global Fortune 500 client refused a seven-figure proposal that included Office 365, but accepted the deal after Microsoft offered a discount on the rest of the contract that added up to three times what the vendor would charge him to add Office 365. “Microsoft is buying some of these agreements,” especially for large firms that can serve as marquee REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
79
Cover Story
37% Of Indian CIOs believe the risks are greater with cloud providers when compared to traditional outsourcers and third-party suppliers.
80
SDx
Cloud Computing
customers, DeGroot says. “We have customers paying $1 a seat for Office 365 Enterprise E3, which is normally $20 a seat.” Microsoft licenses may not be the most expensive thing in the IT budget, so some large businesses may not give them as much scrutiny as they deserve. “Even if it’s only 1 percent of the IT budget, that could be $1 million,” DeGroot says. “Isn’t it worth taking a closer look to save $1 million?” Keep your on-premises systems running in parallel with the new cloud service. One of the biggest benefits of moving to the cloud comes from the reduction in on-premises management costs. For example, if you move to Office 365 you no longer need an Exchange administrator. But many organizations are slow to shut down the on-premises systems, or choose to migrate only a small subset of users, such as those in a remote office, to the cloud. That’s usually a mistake, says DeGroot. “I see a lot of companies with small amounts of Office 365, but it doesn’t work in a small way.” Setting up just 25 people with Office 365 and then configuring those users to use Exchange e-mail is quite a bit of work. And if you use SharePoint and Office 365, will you synch the Office 365 version of SharePoint with the on-premises SharePoint server? “That is not a trivial project,” he says. If you choose to do the syncing, at that point you’re duplicating costs and then some. “You’re paying a premium to Microsoft to manage the servers and you haven’t reduced your on-premises management costs at all.” If you’re planning a transition to the cloud, scrutinize the licensing for the on-premises servers you’ll be phasing out while negotiating on the cloud service. Do you really need Software Assurance for your on-premises software, which gives you access to the next upgrade, if you’ll be off the
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
platform within three years? Cancelling can save a lot of money, DeGroot says. One client on its way to the cloud, a business with 10,000 employees, saved over $1 million (about Rs 6 crore) by cancelling its Software Assurance contract. Another client went even further. A global investment firm with 200 offices decided to run Office 365 in its smaller offices, and then refused to continue to pay Microsoft for maintenance on the on-premises servers that were supporting those users. “They said, ‘We’re not going to pay for the perpetual licenses and pay
have to pay for empty seats and you could even end up paying more to add a new user if the provider’s offerings change. For example, Salesforce.com discontinued its unlimited edition, which gave the user full access to all features and services. Now you may have to pay extra to give that user access to some features, such as Premier Support or mobile access. In other cases the subscription pricing models of cloud vendors, most of which got started with small and mid-sized businesses, may not scale to the needs of very large enterprises. “When you expand from
“Someone on your team needs to know what to look for, particularly when it comes to hidden charges such as exceeding a certain storage or bandwidth threshold. I’ve had a few customers get burned by that.” —Frank Scavo, President, Strativa
maintenance on those products when we’re moving the whole thing to the cloud.’” If you’re going big on cloud, cutting back on on-premises support makes good business sense. Don’t negotiate a volume pricing agreement that accommodates the best- and worst-case changes in your seat count. You may have 50 users on that CRM platform today, but what happens if you grow—or suffer substantial layoffs? How much does each incremental user add—or subtract—from what you’ll pay? Chances are, if you haven’t negotiated that into the contract, you will end up paying far more than you should. You may not enjoy volume discounts as you grow, you might
100 users to 10,000 users globally, the [cloud] cost model just falls apart,” Pearl says. In those situations, the relative total cost of ownership implications between cloud and on-premises options may be clear only when analyzed over a long period of time— say, seven years. The more established players do tend to offer enterprise-scale tiers. But that brings up another issue. “As you add licenses you should be able to add them to volume discount or user count tiers,” says Wang. Rather than straight volume discounts, contracts can be constructed so that the business pays one rate for the first 99 users, for example, with a discounted
VOL/9 | ISSUE/07
Cover Story
rate for the second tier starting at the 100th user and so on. The contract should be negotiated such that it will flex both ways, with per-seat charges changing accordingly as you peel away users from a given tier. “Get the tiering right because you need to be able to flex down as well as up,” Wang says. It’s also important to negotiate on the ability to turn unused licenses into future credit, Wang says. “Typical approaches are to park licenses or return them for credit without impacting your discount levels.” Mergers and acquisitions create yet another set of issues. Consider the case of a professional services firm that started out with a 50-seat contract for its CRM service before acquiring another company and quadrupling the number of seats it needed.
The business then had two contracts with two different rates, and the vendor demanded that the customer pay at the substantially higher rate after the merger. The vendor wouldn’t merge the contracts because the acquired business operated in another country, nor would it let the business renegotiate. “So they cancelled,” Wang says, approached a new provider and negotiated terms that allow it to scale to as many as 1,000 users during the five-year contract.
Parting Wisdom Cloud-based services solve many problems, but contract complexity isn’t one of them. As cloud services continue to proliferate, veteran negotiators say, businesses must build out or bring in the expertise required to avoid costly contract mistakes. Contract language is
Cloud Computing
very different when you’re leasing rather than owning the software, Wang says. One great way to get up to speed: Attend workshops or bring in an expert to work alongside your own contract experts. Keep in mind that as the number of cloud contracts continues to rise, so too will the cost of failure. Cloud contracts represent an opportunity for a fresh start, says Wang. Perpetuating the mistakes enterprises have made with their onpremises enterprise software should not be an option. CIO
Robert L. Mitchell is a national correspondent for Computerworld. Send feedback on this feature to editor@cio.in
Where Research Comes Alive!
WWW
IN ASK A QUESTION
WEBINARS
Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
VOL/9 | ISSUE/07
www.cio.in/videos
35
VIEW
from the TOP
Ashish Chauhan, CEO, BSE, shares how he plans to grow BSE using technology.
Technology
Equity BY SNEHA JHA
Ashish Chauhan is a man of many talents. In his 22-year career, he has been the CIO of Reliance Industries, run the same company’s corporate communications department, started his own entrepreneurial venture, and even managed an Indian Premier League team. Today, he is the CEO of BSE, one of the largest exchanges in the world. Chauhan’s motto in life is to be humble and nimble. It’s a philosophy that’s served him well. It also helps that he reads 35 magazines a week and 18 newspapers a day. Now, as the CEO of Asia’s oldest stock exchange, Chauhan is faced with the task of reviving the bourse. To meet the challenge head on, Chauhan has gone back to the drawing board and created a strategy to rewrite BSE’s growth story. In this interview, he talks about his game plan for BSE’s revival, a plan that includes healthy doses of IT and a bunch of new business initiatives.
Can you share your vision for BSE?
What do CEOs and other C-level executives expect from you? Read all about it in VIEW FROM THE TOP. Visit www.cio.in/ceointerviews
82
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
Ashish Chauhan: BSE is an Indian exchange. Our motive is to help India create wealth. Our motive is to help people who want to save, invest in ‘productive capital’—by investing in companies that require these funds. These companies will then create new jobs. India needs to create 2.5 crore jobs every year for the next 20 years. Jobs cannot be created without investment. They cannot be created by
investments in real estate, gold, silver or other unproductive assets. If you invest in the stock market you are investing in the nation’s economic growth, while benefitting yourself. BSE is a catalyst in capital formation and job creation in India. That is our vision for BSE. We want to create profitable returns for Indians and foreigners who invest in creating new jobs in India. It’s a vision for India, Indian investors, and companies investing in India.
VOL/9 | ISSUE/07
ASHISH CHAUHAN EXPECTS I.T. TO Lower turnaround time Increase the number of transactions a day Innovate and ensure BSE is an industry leader
PHOTOS BY FOTOCO RP
What have you done to make the exchange global? We are a local exchange, but, in a sense, we are global because one in every six humans stays in India. That’s a large number, so in a sense, we have a very important international role to play. BSE is one of the largest exchanges in the world by the number of companies listed. It’s the fourth largest by number of index options laid, and the fifth largest by number of trades. We are among the top exchanges
VOL/9 | ISSUE/07
in the world. In that sense we are a global exchange with a vision for India. Since its inception, BSE has helped India create a wealth to the tune of $1.2 trillion. But the idea is to help India create $12 trillion of wealth. Today, we have 2.5 crore investors. Can we have 25 crore investors by 2030? Can we have a market cap of $12 trillion by 2030? How can we help promote longterm economic growth? How can we allow foreigners to invest in India in a way that is conducive to their investment horizons
and objective? These are the questions we ask ourselves. When we are able to create an investment culture which will take the number of investors from 2.5 crore to 25 crore then our vision and objective for BSE will be met.
BSE’s legacy is something to be proud of, but it can also cause inertia. We try to reconcile the past with the present and then move forward. There are
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
83
View from the Top
huge benefits of having a legacy but there are also pestering issues that come with it. Being a 139-year-old institution, BSE was a low tech, floor-based bourse. It set up BOLT, its national trading platform, only in 1997. In contrast, NSE, which was established in the mid-90’s was armed with superior, screen-based technology. NSE became the first exchange in the world with fully, electronic screen-based training. It generated good traction with investors because it created a transparent trading platform. In less than a decade, NSE entered the ranks of largest exchanges globally in terms of volumes. Its technological prowess challenged the might of BSE and weaned away trade. NSE got this advantage because it was a new institution, a blank canvas, and because it was open to experimentation and risk taking. It could afford to adopt new systems without disrupting routine trades.
How is technology changing the way BSE works? Worldwide, exchanges want to shorten turnaround or response time (the time from when an order is placed to when it’s executed). In this business, speed is of the essence. The runner-up doesn’t get anything in the stock market. Going forward, speed and the cost of doing business will be important as automated trading may account for as much as 90-95 percent of volumes. With this end in view, we now have the fastest trading platform in the country. The system, called BOLT Plus, has made BSE the fastest domestic equity-trading venue by slashing trade time for its members by 98 percent, from 10 milliseconds to an astounding 200 microseconds. This is 50 times faster than we used to be. In the next three years, we want to reduce it further to 20 microseconds. Then we will be 500 times faster than we were. NSE’s response time is in the range of milliseconds. A better response time could help us attract a sophisticated class of traders involved in high frequency trade. We now have a technology that is significantly superior and has never been 84
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
In which other areas are you making changes?
“When we take the number of investors from 2.5 crore to 25 crore then our vision and objective for BSE will be met.” — Ashish Chauhan
seen in India. It’s 50 times larger in terms of throughput, and costs only one-third. Transactions through algorithms require larger throughput. Today, 90 percent of transactions come from algorithms. We are well-equipped to handle this. Three to four years ago, the largest number of orders in a day was a crore. Today, we get 17-18 crore orders a day. In two years, we will get 200 crore orders a day. That kind of scalability and throughput—with speeds of less than 200 microseconds—has not been seen in India. We can handle 5 lakh orders in one second with a response time of 200 microseconds. We have also changed the network. That’s a fact that many of my own customers are not aware of because it’s taken place seamlessly. Not a single minute has been lost in trade. These are the tectonic shifts on BSE’s technology front. This transformation is reflected in our new tag line: Experience the New.
There were three areas that needed transformation: The network, products, and distribution. Our network was largely Bombay-centric, the products were old-style, and the distribution network was limited. In three years, we have a significantly large number of members trading from outside Mumbai. On the product front, we were only an equities market. Today, we have a significant market share in equity derivatives. We are trying to shore up our product range. In the currencies market, which we launched three years ago, we have over 25 percent market share. In the SME exchange, we have over 95 percent market share. We are now a full-service exchange with a breadth of products including interest rate futures, debt trading, currency futures, SMEs, E-IPO, debt distribution, mutual fund distribution, and interest rate derivatives. In new product categories, we are able to grab more market share because of our technological superiority. And, in categories where there are entrenched players, we are able to conquer the market fast because of our technology. Our distribution network was weak. Today, we are present in 2,000 cities.
A challenge for Indian bourses is getting more people to invest in stocks. How are you tackling that? Reach or distribution was indeed a challenge. But today, we are present in 2,000 cities. The second challenge was the cost of investment, which used to be large. But now that’s been optimized because of automation, mobile, and real-time information through TV and the Internet. That’s another issue resolved. The third challenge are competing products in insurance, banks deposits and chitfunds. Some bad products like chitfunds are better marketed in mofussil areas where we don’t have a reach. Even banks are not doing very well in those areas. In the last
VOL/9 | ISSUE/07
View from the Top
SNAPSHOT
BSE few years, we've learnt that we need to be proactive about showing people the benefits of investing in financial markets. Each asset class like gold, silver, or real estate has a cycle. First the prices go up, then they plateau or they go down. In the last 5-6 years, gold, silver and real estate have given good returns but the stock market hasn’t. So people are not investing in the stock markets. But even if gold went up five times in the last few years, it won’t always be the case. As stock markets pick up, they will woo more investors.
What is your ask of Kersi Tavadia, the CIO at BSE? Our business is IT enabled. Technology helps us manage a hugely complex business framework. We do not have any physical product. We don’t produce anything except trust and we do that through IT. We have to ensure that our technology frameworks keep the entire trade going. I want Kersi to ensure that the markets never stop. That is the most critical part of our business because we offer a time-critical service to our users. Second, is to continue to innovate in a way that BSE is considered a leader in the industry.
Given you're a former CIO, is it easier for Kersi to justify technology investments? Kersi and I have known each other for a long time. Both of us have been a part of the same industry for quite some time. We understand the nuances of the financial markets and the levers of business growth. We know how to achieve technological superiority at a low cost. Both of us know how to derive value from a low-cost technology framework. Kersi knows how fast our business moves and how fast the margins are getting squeezed. Our chairman, S. Ramadorai himself, is a technology wizard. He set up TCS. All three of us have worked in technology for practically whole of our lives. We know where the shoe pinches and how to take care of it.
VOL/9 | ISSUE/07
What career advice do you have for CIOs?
ESTABLISHED:
to understand the ‘moving’ reality. In business, there is EMPLOYEES:: no static reality. The stock 490 exchange illustrates this truth. In today’s day and age, career There was a time when floortracks are changing rapidly. HEADQUARTERS: Mumbai based trading used to be the There is no single career path king of stock markets. Floorthat is going to be available in IT TEAM: 61 based trading was a 400-year the future. If you stay in a single technology and quite stable at role for long, your career will that. But within a few years of stagnate. You have to be ready automation coming into play, IT just took to accept new challenges. And you have to be over and the floors became redundant. Even humble and nimble. A CIO should not think in the NYSE, where the floor still exists, it’s that because they have breadth in experience only cosmetic. Everything is automated. in IT, they should remain in IT. You can’t You might have been a great trader in 1992 afford to think that way. Grab opportunities but in 1996 you would have found yourself that come your way. You have to understand out of place because in four years things the levers of your business and understand changed drastically. what makes the business tick. Similarly, cricket used to be a game which was run by associations. And once in two or What about for CIOs looking three years, a cricket match would come to a to move to a business role? city. It was always sold out because demand They should start the process by taking exceeded supply. But we created a business steps to reinvent themselves within their that could sell 10 matches in 35 days—three business. They should equip themselves hour matches at that. with cross-functional expertise, and refresh Every business has its own nuances. And outdated perspectives that their business it changes continually. You have to adapt to peers hold about their role. the change in reality. You have to be willing They need to expose themselves to myriad to experiment and learn from others. And areas of business. They have to wear the hat of continue to evolve. A style that makes you a CEO, sales head, marketing specialist, and successful once may not work for you all the finance head. time and in all industries. Usually, CIOs have a tendency to think very technology specific. They think like technicians. They should try to add value You’re an avid cricketer. Do to themselves everyday. They need to shore you really get time to play up their business and communication skills. cricket these days? They need to break out of their comfort zones Last year, I played a couple of matches and be relevant partners to the business. but travel and work weekends generally take They need to have a strong understanding of away a lot of enthusiasm for sports. finance. In order to stay relevant in a rapidly evolving technological landscape, CIOs You also love books. What should try to acquire a management degree to are you reading at present? boost their prospects of occupying the C suite. Currently, I am reading a very fascinating book called Bad Ideas by Robert Winston. It’s an arresting history of our inventions. Has your management It gives a broad education in the history of philosophy changed over science and discovery. CIO the span of your career? Times change. And you also evolve with each role. Each industry has its own ethos Sneha Jha is principal correspondent. Send feedback on and its own success and failures. You need this interview to sneha_jha@idgindia.com 1875
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
85
Security
SECURITY IN THE BRAVE NEW WORLD Not all the proven practices of the past work in today’s interconnected, heterogeneous world. Here’s what you need to do differently. By Bud Mathaisel, Terry Retter, and Galen Gruman
86
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
Security
W
e shall fight on the beaches. We shall fight on the landing grounds. We shall fight in the fields and in the streets. We shall fight in the hills. We shall never surrender,” said Winston Churchill in his famous June 1940 speech in the face of Nazi attacks on England. His earlier commitment to the goal of victory, “however long and hard the road may be,” is an apt analogy to the security battles that enterprises face. The bad guys are persistent and sophisticated, and they’re making inroads. It is hard to be optimistic when customers, investors, and regulators expect us to totally protect precious assets and preserve privacy, while some governments and vendors on whom we depend are themselves compromising our data, software, and networks. The fight for security is harder than ever. Most organizations are fighting today’s war with yesterday’s tools and approaches— such as protecting perimeters with passwords and firewalls—and losing. There is too much emphasis on walling off our data and systems, and a misplaced belief that the secured-perimeter approach is adequate. We’ve talked to dozens of security experts, industry experts, and business executives to come up with a better framework for security today. What follows is that framework.
F
ocus on Risks and People
A much better defensive approach is built around a risk mindset. Yes, a key risk is the loss of critical or sensitive data, so you must adequately protect data. However, there are other Reader ROI: risks, such as disruption of What’s changing in the business operations, damaged security landscape reputations, regulatory non The new rules of security compliance, investment risks, What Indian CISOs feel and intellectual-property loss. about security Which of these dangers could most hurt you? How do you
VOL/9 | ISSUE/07
assess threats? How would you protect against those threats, from greatest to least impact? Perimeter protections often don’t address these concerns. For example, credit card processor Visa International undertakes a full risk assessment of all its processes, including— but not only—where technology supports those business processes. “Risk is where a vulnerability meets a threat, and taking a holistic view of risks is the basis of a solid approach to security,” says George Totev, former VP of information security, governance, risk, and compliance at Visa. In essence, assessing risks is what you do when you buy insurance. When you buy insurance, you (or at least your insurer) are thinking about vulnerabilities that lead to bad consequences. Risk assessment and risk protection vary by industry and enterprise. Some require the use of technology, some require process change, and others require changes in people’s behavior. Other organizations are forced to address some forms of security risk because of regulation, regardless of their own risk analysis. Their focus becomes about meeting the requirement effectively and without an undue burden on their operations, finances, or strategy. Whatever a company’s risk philosophy and its outside requirements, being selective and focusing on the highest risks is the practical approach. But how to focus on those risks? Most companies—as well as the security vendor industry—treat security as a technical challenge. They seek to have software, hardware, and services identify and reduce the risks. Few involve their people—the very folks who create and use the information that is being protected. Many organizations actively exclude their people from their security approaches because they do not trust people. There is no technology silver bullet for security, and automating people out of the REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
87
Security
security equation has the perverse result of making people lazy or uncaring about security. After all, IT will take care of it, and take the blame when there’s a leak or breach. That’s why a security strategy for today must change the primary defense emphasis from devices to people. The key successful attacks today involve people, whether those using social engineering methods such as phishing to physically putting interception hardware on automated sales terminals. Security is a dynamic game of risk relativity—namely, are your defenses better than the current level of threats? The words “dynamic” and “game” are both relevant. Security follows the laws of entropy: The energy levels will run down if not renewed. Constant vigilance is required. And a gaming mindset is crucial to keep the vigilance both active and adaptive. After all, each new defense is challenged by a new trick. People are naturally good at this, and you should be engaging your people to tap into that human ability, not automating them out of your defenses. You need to get into the mindset of the people who create the threats. They’re gaming your employees; you need to game them—and your employees need to be active participants as your eyes and ears, not blinded users. In other words, stop treating your people as a problem to contain and instead begin making them part of the solution.
F
ive Dimensions of the New Security Model
Although you’re years away from perfection, enough plausible patterns have emerged to let businesses begin the necessary adjustment. The new model is additive. You must continue the best practices you have employed in the highest areas of risk, while incorporating the risk and people orientation of an improved defense. The new model has five dimensions: Narrow the information security focus to core, critical assets; protect key assets with multi-layered defense systems; engage the people who use information to protect 88
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
the assets they work with; team with business partners to boost their (and your) immune systems; make security a business problem—not just IT’s problem.
N
arrow the IS Focus
Perfect security is impossible. Yet protecting everything equally has been the unsustainable security objective at many organizations. A “best efforts” risk-based approach is more rational. Apply your best efforts to what is most valuable and what has the most impact on your business. In doing so, you prioritize levels of risk, which should be familiar ground to CIOs and other IT leaders from their work in business continuity and disaster recovery. Determining what the organization’s most precious assets are is hugely important but is often controversial. Some organizations believe that data is the most valuable asset needing protection. However, if risk attributes are assigned
Exclusive Attention Which of the following elements are included in your organization’s security policy? 26% Cloud computing 25% Procedures partners must comply with 21% Use of mobile devices 20% Use of social networking media 19% Use of consumer devices on the enterprise network 19% Classifying business value of data 14% Use of consumer cloud services
to an array of assets—data, software, networks, and personnel—it becomes evident that there is much more that needs consideration about penetration of and attacks on enterprise assets. The notion of classifying business information assets to determine criticality is the least common factor in enterprise information security today, as shown by the Global State of Information Security Survey 2014. This risk-based approach is not easy, and it requires a large mental shift for many organizations. But there’s a good reason to make the effort: The bigger the stash of assets and the more complex the rules, the harder it is to protect them. A more focused and less complex approach could better balance the risk with the benefits and let you actually achieve your desired protection.
P
rotect Key Assets with Multi-Layered Defense Systems
Any approach that requires 100 percent prevention is guaranteed to fail. There’s no way to ensure that something is perfectly protected, so seek resilience rather than absolute prevention. Recognize that defenses have to be built from multiple components. A better model for security is a biological one, where you can recover from and function despite infections or injuries. The biological system seeks to confine an intrusion to the system first infected, so there’s not a broader penetration. The biological system assumes there will be ever-evolving risks, and one may be attacking now. All of these principles should be applied to the technologies and business practices you use to secure your business. You should assume you’re compromised and develop a strategy around that assumption. (It’s now clear that most companies are already compromised, whether by cyber criminals, competitors, or governments.) Understand that there are many sources of infection, not just the datacenter, PC, or mobile device.
VOL/9 | ISSUE/07
Security
Most biological systems also use redundancy. Do the same for your security approaches. Intel CIO Kim Stevenson has described a three-tier approach that her company has effectively used that is based on this principle. A tiered approach to access makes sense, using read-only or otherwise tiered containers—the equivalent of keeping your precious jewels in a safe in the house or locking your car even in the garage. You should couple such an approach with basic protection against accidents, such as requiring encryption and password signin to gain access to information in the first place—the equivalent of locking the house door and setting the alarm before you leave. Multi-layered defense systems for software rely heavily on a combination of human scans and scans by software designed to identify vulnerabilities. You embed security into the software development lifecycle with techniques such as risk analysis and peer review of code (sometimes by a QA organization), and you use commercial software that can check for vulnerabilities. There is currently no single software package that can scan for all potential vulnerabilities, so combine manual reviews with multiple scans by different threat identification packages. “Deal with vulnerabilities in the design rather than after the fact,” says former Visa security exec Totev. A good resource for understanding what to look for is the Open Web Application Security Project (OWASP), a non-profit organization that provides insight into vulnerabilities and suggests mitigations. A critical layer is identity management. Several technologies are available to do that, with differing hurdles for users and systems to jump. How many identity checkpoints you impose should relate directly to your risk analysis, and of course you should also use isolation to limit a compromise’s reach. Biological systems typically do both. An example of the combination of identity-based authentication and isolation is Salesforce.com. It uses twofactor authentication twice to allow access
VOL/9 | ISSUE/07
Shielding Key Assets in the Organization
52% Of Indian CISOs say
identity management strategy is a security safeguard they currently have in place. People Security Safeguards
56% Of Indian CISOs say they currently have employee security awareness training programs as a security safeguard.
to its production environments, where the damage from an intrusion could be very high: A user must satisfy twofactor authentication to get into a trusted environment, then satisfy a different two-factor authentication to get into an operational environment that is delivered through a dumb terminal from which no data can be moved or copied. A different standard is applied to e-mail access, where the risk profile is different. Identity management would be more effective if it could be applied to the data itself. DRM (digital rights management) at the information level would take such technology to a new level of assurance—but
only if it could be deployed in a standard way. Reliable identification matched with consistent and portable permissions would reduce inappropriate access to information, even if devices and networks are breached.
E
ngage People to Protect Assets
Until machines totally take over the universe, people are really the ultimate source of threats, and frequently the entry point for vulnerabilities. They’re also a source of prevention. Some of the most sophisticated threats arise through social engineering, where the bad guys worm their way in through social media and e-mail contacts with unsuspecting users—particularly targeting executives and key operational staff. From there, deliberately and stealthily, the bad guys can assess the enterprise security provisions in place and work around them. Put yourself in the shoes and mind-set of both the bad guys and your own staff and business partners. Because people are often the conduit for the intrusion, include them in the prevention. Stop automating them out of the process, as has been the standard IT mode for the past two decades. The “loose lips sink ships” management style from the pre-PC era was effective, making security everyone’s responsibility, not something that employees could slough onto someone else. Today, it again needs to be a core component of modern information security. Not only will it help those individuals avoid risky behavior, but there will be a lot more eyes to observe whether something may be amiss. When you bring people back into the security equation, don’t neglect workforce and partner training and awareness. Yes, people can learn and apply what they’re taught. That was the case at Long Island University, which several years ago began a security awareness initiative coincident with a shift away from PCs to iPads, mobile apps, and cloud services. The university is subject to HIPAA (Health Insurance Portability and Accountabillity Act) and REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
89
Security
FRCP (Federal Rules of Civil Procedure) regulations due to its medical school and status as a federal loan dispenser, yet found it could straightforwardly handle such regulations, CIO George Baroudi has reported. What differed was how IT engaged with the students and faculty, as a compliance-aware participant in the process, not an “in the basement” developer of technological constraints, he told. Some industries have figured out how to make employees active participants in achieving key behaviors. People are natural gamers, and creating game incentives for employees to avoid or detect threats can be a powerful antidote. Taking a quality-improvement management approach, some firms have used gamification techniques such as publicizing the number of incident-free days, creating both awareness and active participation in favor of safer behavior. Happily, if employees are screened, trained, and monitored to be trustworthy, the risk around the other, known-to-be-lower-risk information becomes even lower. The good news is that a significant percentage of companies have many people-oriented security methods in place, as the CIO/CSO/PwC survey shows, even if not necessarily handled in a holistic, panenterprise way. However, that big-picture approach is critical to success, because only then can you architect and deploy a system that works.
T
eam with Business Partners
You now live in a big digital information and process world that encompasses the enterprise sources of raw material, production, distribution, after-sale service, and support. This is true whether you are in a business that produces tangibles (such as cars and electronics products) or services (such as schools and hospitals). In the last decade or so, companies have become highly virtualized thanks to outsourcing (to providers, contractors, and cloud services), distributed workforces
90
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
Business Partners: Keep them Close Estimated Likely Source of Incidents Current employees Former employees Current service providers/ consultants/ contractors Former service providers/ consultants/ contractors
41%
Customers
33%
24%
Suppliers/ business partners
16% 16%
14%
Any approach that requires 100 percent prevention is guaranteed to fail. There’s no way to ensure that something is perfectly protected, so seek resilience rather than absolute prevention. (also a mix of staff and contract), distributed workplaces (satellite and home-based offices), outsourced workplaces ( call centers), and work-anywhere/digital-nomad staff. There’s no way to build a wall around this modern digital ecosystem. You see
this futility in the loss of effectiveness of traditional defenses, such as passwords, virus protection, intrusion detection, and other signature-based detection methods. Threats change too dynamically, and indeed can now self-adapt. Sophisticated bad guys go directly to servers or networks and bypass user devices’ password protections. Recent massive customer data thefts at major retailers and the revelations by former NSA contractor Edward Snowden should make this situation evident to all. While many companies fret over whether iCloud or Google Drive is a threat, their core systems are already deeply compromised more directly. The notions of inside and outside the company rarely apply so cleanly any more. As a consequence, a top issue for CIOs is cascading risk. Customers may trust the enterprise with which they interface, but can that trust extend to every other entity that may be part of the supply chain? There are likely more connections to exploit than anyone realizes, and having a common security framework is more likely to work than having multiple frameworks in place. (Of course, the implementation will need to vary based on the core risk analysis for each entity.) Sharing best practices with business partners is synergistic. And active partnering is a far better approach than merely using contractual threats. You can expect more demands from your customers, regulators, investors and others to demonstrate your security prowess and perhaps to demand to independently test those defenses. As part of this assurance, a “statement of applicability” will be requested, wherein the specifics must be provided of how broadly security measures are applied. This ties into the “you can’t protect everything equally” points raised earlier. The costs of security are rising. Although they are an inevitable part of doing business, the costs can be managed at reasonable levels if you focus on the things that truly matter. Some companies take a “checklist security” approach where they can enumerate the tactics they’ve followed to
VOL/9 | ISSUE/07
Security
explain away the inevitable information losses to regulators and customers. They knowingly implement this checklist approach not because it works but because it minimizes the risk of lawsuits or fines. The checklist approach is an indictment of the status quo—a strategy that tacitly acknowledges the current perimeter approach is failing but doesn’t offer a better alternative. The checklist pretense is no longer adequate.
M
ake Security a Business Problem
Use Graph 5 from excel Information security isn’t just an IT or technology problem—it’s fundamentally a management problem that few organizations treat as such. Yes, the enterprise will look to the CIO and CISO for leadership on information security, but accountability has to be more broadly shared. Technology and security organizations can’t be held accountable if the actions of individuals outside IT are the basis for compromises. It’s time to think of this evolving information security model as holistic security, using multiple technology and management techniques, with broad buyin and accountability, layered and tailored to the estimated risk and value. Broad governance is key, requiring actions and responsibilities across the entire organization, engaging employees, customers, suppliers, the C-suite, and the board as active participants. It requires management to assess, actively manage, and hold accountable managers, employees, and business partners—not deflect responsibility as a technology failure by the IT or security organization. For example, is the marketing department using CIO-approved cloud or business analytics providers, which have demonstrated security capabilities? Do suppliers who routinely access critical data use compliant security processes? Does the board communicate through protected channels or does it distribute financial and sales data as attachments via openenvironment e-mails? (E-mails are never
VOL/9 | ISSUE/07
If you tie up your staff in knots in the name of security, you won’t gain security, and in fact, you are likely to be less secure, as people struggle to comply or, worse, stop trying and instead actively work around the barriers you’ve created. Security Budget What Business Factors Drive Your Company’s Information Security Spending? 43% Economic conditions 41% Business continuity / disaster recovery 37% Change and business transformation 35% Company reputation 33% Internal policy compliance
secure, and legal disclaimers at the end of the message are a false palliative.) You need a pan-enterprise security governance similar to how HR or legal operate in leading companies, with engagement from the board of directors down to the individual employees. Notice the phrase “operate in leading companies”—that’s key, because too many companies confuse lots of rules and
procedures with effective governance. If you tie up your staff in knots in the name of security, you won’t gain security, and in fact, you are likely to be less secure, as people struggle to comply or, worse, stop trying and instead actively work around the barriers you’ve created. Effective governance means enabling and encouraging people to do the right thing as the path of least resistance wherever possible. Monitor their performance, educate and retrain them when necessary, and apply both incentives and penalties for a pattern of non-compliance. For example, if you have many employees who work in the field or at home, provide a secured cloud storage option that works with popular devices, so they’re not tempted to use their own or, worse, resort to thumb drives, recordable CDs, and personal e-mails to maintain access to data when not at their desk. Do some internal phishing to identify employees who need further training or perhaps impose penalties such as loss of bonus or even loss of position for repeat or egregious lapses. Reward individuals and business units that are proactive in their safe practices and that act on suspicious behaviors. Getting a flu shot does not assure you won’t catch the flu, but it is a powerful tool that works best when combined with good hygiene and other defenses. Some enterprises perform self-assessments or routinely hire ethical hackers. Various industry groups have assessments you can do yourself or hire a professional to do. Use them. Government agencies also can help. Monitoring and pattern analysis technologies, such as DLP (data loss prevention), database logging, security event tracking, and information-forensics tools, can help, too. They’re not that useful as a preventive real-time shield, but they can deliver the benefit you really need: Identifying data theft, fingerprinting it, and gaining the very useful understanding of how data is moving, who’s doing what with it, and when it’s trying to leave your systems. CIO Send feedback to editor@cio.in
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
91
VISION
Vision. Action. Direction. The Dynamic CIO sees business and IT trends few others see, takes the lead by setting direction, and executes effectively. We’re looking to felicitate the most Dynamic CIOs in the country. Do you think you have these qualities?
2
0
1
4
Are you Dynamic?
4 - 5 September, 2014 | JW Marriott, Pune
www.cio100.in
Nominations open! Write to rupesh_sreedharan@idgindia.com
EDITION 1: MUMBAI, DELHI, GURGAON
EXECUTIVE
BOARDS
an
Imagineering Business A pictorial presentation
Once upon a time, CIOs and business folks suffered from the 'us and them' syndrome. They just didn't get along. The business people were the privileged lot passing on orders to IT personnel, sitting on the cost-center side of the fence. Soon, IT began to turn down business' requests. Then it all changed. Technologies like cloud computing, mobility, analytics, and outsourcing brought the fence down. They forced IT and business to align. And this brought back-end IT boys to the boardroom. To help CIOs work better with business and leverage the power of these technologies, CIO magazine launched a new series of events titled CIO
Executive Boards. The three-city event series—Mumbai, Delhi and Gurgaon—brought together an elite group of top CIOs to discuss the challenges and benefits of cloud computing, mobility, analytics, and outsourcing. Here are the highlights. VOL/9 | ISSUE/07
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
93
MOBILITY APRIL 15, 2014 TRIDENT HOTEL, MUMBAI
What's not to like about mobility? It bridges borders, it seals deals in a click, and it makes perfect business sense. Today, not many technologies hold as much promise as mobility. And that's why CIO magazine decided to launch the CIO Executive Boards (CEB) event series with mobility. The event, held in Mumbai, saw CIOs and solution providers exchanging notes on how they are leveraging mobility to transform businesses and what organizations need to do to extract maximum benefit from it.
The CIO Executive Boards is a very interesting format. It had a large panel and included case studies. It was interactive and was a good experience.
INDUSTRY EXPERTS
Seamless, Secure, Synergistic Mobility
Rajendra Deshpande CIO, Serco Global Services
Sudhir Rao Chief Technologist, Enterprise Services, HP
Veneeth Purushotaman Sr. VP Tech & Supply Chain, HyperCity
CIO CASE FILES
Business Transformer:
Sameer Garde SVP & Country Head-Enterprise Biz, Samsung PRESENTED BY
Chaitanya Wagh, Group Head-IT, JM Financial Institutional Services
38 9 4
DME A CYE M 1 5B, E2R0 1 5 4 , |2 REAL 0 0 7 |CIO REAL WORLD CIO WORLD
VOL/3 VOL/9 | ISSUE/03 ISSUE/07
CLOUD APRIL 16, 2014 SOFITEL, MUMBAI
Today’s Cloud Dilemma
The event gave me the opportunity to understand the cloud computing experiences— and the problems—faced by others in different industries.
INDUSTRY
If you'd mentioned cloud computing in a conversation, a few years back, you'd have sparked off a debate. But today, it's a technology that has turned its skeptics into believers. The cloud has garnered trust by strengthening its security posture and by offering tangible business benefits. To carve out the best route to move to the cloud, leading CIOs and industry experts went over the pros and cons of private, public, and hybrid cloud at the CEB cloud event in Mumbai.
Muralidharan Ramachandran CIO, Syntel
Sudhir Rao Chief Technologist, Enterprise Services, HP
EXPERT
CIO CASE FILES
Buy, Build or Rent:
Tarun Pandey SVP-IT, Financial Services, Aditya Birla Group
Top CIOs and solution providers discuss, debate and share their experiences with cloud computing and how they can leverage the power of the technology. PRESENTED BY
K. Ramachandran, CGM (CTO), State Bank of India
VOL/9 | ISSUE/07
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
95
SOURCING APRIL 23, 2014
Getting Source Agnostic:
What Does it Really Take?
The CIO Executive Boards discussion on sourcing was an excellent program. It's always a pleasure to be a part of such discussions.
INDUSTRY EXPERTS
There’s no doubt that outsourcing is the best way to save costs and free-up resources for innovation. The case for outsourcing is getting stronger, thanks to increasing complexity in IT environments and a shortage of skilled talent. That made outsourcing an important topic at the CEB event held in Delhi. CIOs across sectors, and industry experts came together to understand how to get around the challenges of outsourcing and how to benefit from it.
Vijay Sethi VP & CIO, Hero MotoCorp
CIO CASEFILE
EROS HOTELS, DELHI
Asit Sinha Head-Enterprise Services India,HP
K.Bhaskar Sr. Director, Office Imaging Solutions,Canon
Vijay Ramachandran, Editor-in-Chief, IDG Media, talks about the changing landscape of outsourcing and the trends that are redefining the need for outsourcing.
PRESENTED BY
Rajesh Chopra, Senior Vice President-IT, EIH (The Oberoi Group)
9460
M 5 ,B2E0R1 41 5|, REAL WORLD | REAL D AE YC E1 M 2 0 0 7 CIO CIO WORLD
VOL/9 VOL/3| |ISSUE/07 ISSUE/03
ANALYTICS APRIL 24, 2014 CROWNE PLAZA, GURGAON
For years, analytics has been at the top of a CIO's priority list but it never really found takers. That’s changing now. CIOs and Indian organizations are waking up to the power of analytics and how it can transform businesses. The increasing interest of IT leaders was evident at the CEB event on analytics in Gurgaon. A close group of top CIOs shared their experiences with analytics and how it is helping improve customer service and, at the same time, providing competitive edge.
The discussion around analytics was excellent. It was good to learn how other CIOs are using analytics in their organizations.
INDUSTRY EXPERTS
Changing Customer Connects
Ramandeep Singh Virdi VP Group IT, InterGlobe Enterprises
Asit Sinha Head-Enterprise Services India,HP
Rajeev Batra CIO, MTS
CIO CASE FILES
Intelligence:
Varun Babbar Pre-sales & Consulting Head, India & SAARC, Qlikview PRESENTED BY
Anil Veer, VP-IT, Aricent
VOL/9 | ISSUE/07
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
97
EXECUTIVE VIEWPOINT
SOURCING
SIMPLIFYING ENTERPRISE MANAGED SERVICES K. Bhaskhar, Senior Director, Office Imaging Solutions Division, Canon India, sheds light on the document management and digitization challenges in Indian organizations. K. Bhaskhar Senior Director, Office Imaging Solutions Division, Canon India
How must organizations approach managed document services on the whole? There are two things important to an organization: people and paper; managed document services (MDS) is the holistic management of the second. Every year, we produce approximately 4.4 lakh tons of e-waste and this is growing at 20 percent YoY. Less than five percent of this gets recycled. Moreover, about half of the IT escalations in an organization are printing-related. By centralizing this process with network printers, print volumes can be controlled efficiently. MDS is the answer to the challenge of making IT document infrastructure future-ready. How can complete document lifecycle management aim to help enterprise IT? While discussing the importance of MDS about five years ago, we found that about 1-3 percent of an organization’s turnover is spent on managing documents. Reports of research conducted by Gartner indicate this. Most organizations are now looking at outsourcing document management to focus on their core competencies. When CIOs started looking for complete MDS, they evaluated models such as cost-per-click to closely examine the outsourcing process, but all in all, they needed a trusted vendor. A trusted partner that can keep users happy and also monitor and reject document access to unauthorized users. Canon Business Solutions (CBS), a 360 degree document solution that manages documents
By Shweta Rao
right from creating and maintaining to destroying them, is on top of this with a critical value addition of significant cost reduction. How can organizations successfully commit to digitization efforts? Digitization is an excellent way to reengineer all document-based processes. Sticking to old process cycles, even after replacing paperbased workflows, only results in more spends.
CBS, a 360-degree document management solution, leads the market with a critical value addition of significant cost reduction. A digitization prospect has to be estimated from the perspectives of time, volume, and process improvement to maximize efficiency. Digitization greatly improves employee efficiency, thanks to the emphasis on document indexing. Ideally, documents must be indexed with up to 12 or more index fields and converted to full-text searchable PDF files. But most CIOs resist this effort, because of limited awareness, IT access, and resources. That’s where Canon can help you. To begin with, CIOs must interact with vendors and experts who know document management in an out. Canon
Business Process Services helps assess your current situation, create a plan, and implement processes that can drive an effective transition from paper to electronic environments. We also assist in complete records management, especially for the purpose of maintaining documents for the regulated five or six years' period for auditing purposes. Finally, maintaining confidentiality of information is fundamental to Canon’s print strategy and policies—all of which enable companies to make immediate savings and monitor and control their budgets. How can CIOs forge a strong relationship with their MDS and digitization partners? Relationships bolster every business transaction. An SLA is basically an agreement to keep both the parties in the deal happy. Does your technology partner understand your core business? Does it have the systems and processes to incorporate that understanding to strengthen your relationship? CIOs must look at it as a symbiotic relationship where the vendor is not considered an external entity. This interview is brought to you by IDG Services in association with Canon
EXECUTIVE VIEWPOINT
CLOUD
LEVERAGING THE BETTER CLOUD Built on OpenStack, HP’s Cloud solutions offer enterprises new paths to transition to better ways of getting business value.
Sudhir Rao Chief Technologist, Enterprise Services, HP India
There seems to be several flavors of cloud in the market presently. What’s the HP view? Most of our customers wanted their traditional ecosystems to be replicated in a model that they could seamlessly leverage. And that too with pretty clear requirements such as root access, ability to see where data is, ringfencing one’s environment, allowing multiple access into secured setup, and having the ability to run multiple OSes. So, our prime objective was to create a leverage model. We decided to articulate our definition of the variety of flavors of cloud. Typically, you have traditional computing environments at one end and public cloud at the other. It’s right in between the two ends where you would want your compute to be. That’s why we further classified the cloud here, and came up with private cloud, virtual private cloud, and managed cloud. These are the areas where we have invested a lot to develop abilities to orchestrate, manage, and self-service both at the IaaS and the platform layers. In fact, both enterprises and service providers alike are opting to come to us and put their applications on these layers. In the virtual private cloud space, we have created a mesh of interconnected datacenters across the world. We have one in Bangalore as well, where a lot of our enterprise customers are hosting their application environments. Organizations mostly run on heterogeneous IT environments. How can HP help them
By Gunjan Trivedi
manage the transition with its cloud models? If the traditional model is heterogeneous, we have to upgrade it to the private cloud, with a catalog of services running on highly virtualized and automated environments. From there, we can extend it to the virtual private cloud or managed private cloud, or to the public cloud if the need be.
You have traditional computing environments at one end and public cloud at the other. It’s right in between the two ends where you would want your compute to be. We have to first figure the way to get to a private cloud, which is an orchestrated, automated, and standardized environment. From there, we need to see what applications can move to the hybrid environments over a period of time. Depending on the way processes and services are rendered, we can help define the roadmap, consult on the transformation, and address various concerns along the way. Businesses are not only keen to know what’s the path of transition to cloud, but if required, what’s the path out of it as well. Your take?
Well, transitioning to cloud is fast evolving as business-led projects, where processes, systems, and outcomes are increasingly getting tightly coupled. Moreover, businesses and CIOs are more concerned with exit strategies more than ever before. As our solutions and approaches are built on OpenStack, it’s fairly easy to exit and move onto any provider that supports open standards, if the need be. I believe that if you are defining a roadmap, you need to look at an environment that is open in nature, which will offer freedom to either move from one provider to another or bring the workload completely back into your own setup. This ability to have a template that can seamlessly move out and back in is paramount for organizations to consider. Earlier, enterprises used to take their disaster recovery (DR) out to the cloud. Now, we are in fact suggesting they do it the other way. Systems and applications can run on a hybrid or private cloud, whether virtual or managed, and the DR can reside on an internal setup. This is one sure way to strengthen the exit strategy, if required. This interview is brought to you by IDG Services in association with HP
EXECUTIVE VIEWPOINT
ANALYTICS
Jaydeep Deshpande Regional Marketing Manager India, Qlik
How is Qlik enabling democratization of decision-making in the BI space? BI is at an inflection point from where the growth is only northwards. Today, we are drowning in information, while starving for wisdom. Data is redundant unless it can be analyzed and converted into intelligence to drive factbased decisions. In today’s enterprises, insight creation as well as decision-making is not just dependent on an individual or a department. Every member is an integral part of this process. With this shift in the organizational landscape, it becomes pertinent that everybody is able to not only get the data, but also analyze, slice & dice, and collaborate with that information. With this trend of democratization of data, you need tools that are easy to understand and use. Business users want BI tools that empower them, letting them get what they need rapidly and precisely. QlikView enables all users to gain business insights by understanding how data is associated, enabling users to conduct direct and indirect searches across all data, anywhere. This is what is driving the trend for adoption of user-driven BI or what we call Business Discovery. What steps has Qlik taken to ensure collaborative decision-making? There’s a new generation of users coming into enterprises—those who are empowered and are using technology in a more cohesive way in their professional and personal lives. They’re using apps to solve each and every small
EMPOWERING INTELLIGENT BUSINESS DECISIONS Jaydeep Deshpande, Regional Marketing Manager - India, Qlik, speaks about how the company is making great strides in creating the most effective BI and analytics solution for enterprises. By Vinay Kumaar
problem they face; they use search engines to find answers; they’re using social media to collaborate with people. And they want to do all these on their mobile devices. Very soon, they’ll start asking for mission-critical business data on these devices. Organizations are realizing that each and every user is taking a decision in one way or the other. Giving them an easyto-use solution allows them to make better decisions—which is also what organizations want. If you go back to the initial days of BI, it only involved static PDF reports going to everyone. Later came the era of dashboards for management. Now, it has reached the level of insights for all. The user experience of dealing with a BI system or the ability to crunch through a whole ton of data? Which is more important? We believe one complements the other. While it is essential for organizations to have lot of data, we believe it is more pertinent to be able to analyze the data and glean intelligence and insights out of that humongous data volume. Further, data won’t be relevant if you don’t have good visualization capabilities. Moreover, data, no matter how big, is all about relevance and context. The rise of technologies like NoSQL databases means that we can now store a much larger, richer, faster-changing data resource than we could before, drawing from all types of sources, many of them outside our organizations. However, that’s only useful to businesses if they can get
value from it. And organizations are wellpositioned to lead the democratization of big data analytics so that decision-makers get access to big data, discover insights, make better decisions, and act on them. Business Discovery, therefore, is critical for companies that want to thrive, not just survive, in today’s rapidly-changing economy. At one level, BI solutions are majorly usercentric. On another, it’s all about finding insights. How do those two things match? A solution becomes relevant and important to users when it gives them the ability to discover something out of the data. Moreover, the solution should also give them the capability to decide on something with that discovery they have made and then translate the same into action. There needs to be a systematic and comprehensive cycle of decision-making here. It is not about getting some insights and not knowing what to do with it. It is about finding why something is happening and how it is happening. Qlik Business Discovery platform, with its Natural Analytics approach, provides these capabilities to users in a robust and simplistic manner. This interview is brought to you by IDG Services in association with QlikView
ACTION
Vision. Action. Direction. The Dynamic CIO sees business and IT trends few others see, takes the lead by setting direction, and executes effectively. We’re looking to felicitate the most Dynamic CIOs in the country. Do you think you have these qualities?
2
0
1
4
Are you Dynamic?
4 - 5 September, 2014 | JW Marriott, Pune
www.cio100.in
Nominations open! Write to rupesh_sreedharan@idgindia.com
EXECUTIVE VIEWPOINT
MOBILITY
GOING THE MOBILE WAY FORWARD Mobility will significantly impact the way organizations interact and collaborate. CIOs need to revisit their strategies to integrate security at the core and effectively manage its iterative lifecycle. Sudhir Rao Chief Technologist, Enterprise Services, HP India
What’s your holistic view on what mobility means to an enterprise and how it connects with the legacy? Interestingly, the adoption of mobile 3G in India has surpassed the usage of landline Internet. In fact, it has doubled in the last six months. Businesses are increasingly turning to mobility for their prime solutions rather than using it as a secondary medium to connect with their users and customers. For example, a leading auto manufacturing enterprise intended to enable mechanics at the other end of the dealer management system (DMS) to be more effective than before. Mobility was efficiently leveraged to integrate the two ends of such a DMS to improve service and after-sales customer experience. A process was introduced where the mechanic can use a device to take a photograph or a video of a damaged component of a vehicle and upload it to the system. At this end, an expert, either on the shop-floor or organization’s competency center, would identify the defect and figure how to repair it. From the DMS environment, the information was relayed back to the mechanic within an hour. This improved the efficiency and service enablement of the brand significantly. Hence, in my opinion, mobility in enterprises is increasingly becoming how to interact and collaborate with end-users and customers. There is no one specific way to go about it as it depends on how business defines the strategy and executes it. We do get a lot of requests
By Gunjan Trivedi
on how HP can help them take their mobility initiatives forward.
I strongly believe that you should have a single security platform to address both Web and mobility strategies. Both of these cannot be viewed in isolation. You have been stressing on cost containment while suggesting mobility strategy. Is it about TCO or the entire lifecycle of developing such strategies? It’s actually on both. Mobility's uniqueness is that it is an iterative process. It doesn’t end with an app development and deployment. It’s an entire process of understanding the problem, creating a business case, developing a solution, testing it, deploying it and figuring how users use it, and then looping the feedback in. It is a lifecycle in itself, which you need to continually optimize. Hence, you need to have a development team that is constantly focused on this iterative process of creating its newer versions and forms. The other aspect is that in India, different mobility solution providers work with
disparate latency times. Apps being developed for an overall mobility strategy by different providers behave inconsistently. Here, the bigger question then is: Do you test such flavors and versions one after another or all at one go? Considering several of such factors, we talk about cost containment both from the TCO and lifecycle perspectives. How should security be coupled with the mobility strategy? It is pertinent to have a comprehensive security framework within your organization. I strongly believe that you should have a single security platform to address both Web and mobility strategies. Both of these cannot be viewed in isolation. It needs to secure the entire chain right from the capture of data, how is it stored on devices, how is it transmitted, how it comes back in your datacenter, and how it transacts with core applications. Checks and balances need to be there and you need to look at it holistically as an Internet solution and not just a standalone mobility strategy. This interview is brought to you by IDG Services in association with HP
ESSENTIAL
technology IMAGE BY MASTERFILE.COM
A CLOSER LOOK AT OPEN SOURCE
Open source isn't just about saving money-enterprises are adopting it to develop applications faster, with higher quality components.
Open Source Rules BY HOWARD BALDWIN
OPEN SOURCE | When individual developers think of open source, they think "free." And with good cause: Who in their right minds wouldn't be interested in technology that they can get at no cost and use with few licensing restrictions? When companies think of open source, these days they think "business agility," a quality they increasingly value above all others in the fast-changing marketplace. The ability to create new applications quickly, reliably and economically is drawing businesses big and small to open source and emboldening them to use it for ever-larger projects, IT practitioners say. Which is likely why open source's popularity is booming (with a few holdouts). According to the Forrester Research report Development Landscape: 2013, 76 percent of developers have used open-source technology "at some level," says Jeffrey Hammond, a Forrester analyst specializing in application development and delivery. Here are four key reasons why organizations of all sizes are taking open source seriously.
Open Source Keeps Costs Down Cost savings may be only part of open source's allure, but it's still a big part, no matter what size the organization. "How can Netflix charge as little as $8 (about Rs 500) per month
VOL/9 | ISSUE/07
REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
103
ESSENTIAL technology
for its service?" Hammond asks. "Because everything is built on open-source software. They focused on content, not building an operating system or a testing framework." "It's like using Spring, JBoss or Drupal for content management," Hammond says. "Companies get the 'Lego blocks' for free, so they can spend their time and resources building what they want in particular." Enterprises have always customized packaged software such as ERP applications, except now, with open source, that customization is less expensive.
Open Source Holdouts Though many developers--and an increasing number of enterprises--are bullish on open source these days, not everyone is on board. A Forrester survey from the fourth quarter of 2011 found that developers who declined to use open-source tools-specifically, integration tools--primarily shied away because they worried about
and medical imaging systems with 8,000 employees, New York-based Carestream wanted to consolidate the data from its worldwide manufacturing facilities into a single product life-cycle management (PLM) application to reduce new product development and manufacturing time by routing information more efficiently. "We wanted consistent management of product-related information across our global company footprint," says David G. Sherburne, director of global R&D effectiveness and engineering IT at Carestream. "With a modern platform in place that could be built upon into the future, we were expecting a 5 percent productivity gain through the integration of existing point solutions and the elimination of manual process steps." Carestream chose Aras, a PLM vendor that uses an open-source model to encourage its customers to develop and share new components with one another. "It didn't have some of the functionality we needed, so we knew we'd have to do some
Open source fans have long contended that the methodology produces better software.Their reasoning: If code is flawed,the developer community can identify and address the problem quickly. support (a concern cited by 71 percent of the respondents) and the lack of technical skills to manage open-source efforts (an issue for 42 percent of the respondents). Respondents also mentioned concerns about security and licensing to a lesser extent. Indeed, in some cases, open source is helping to bring back custom development of applications, an option that has decreased in popularity in the past 10 years or so as the use of commercial applications and softwareas-a-service offerings gained ground. Taking on some custom development work in order to save money appealed to Carestream Health. A provider of dental 104
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
extra development, but when we completed that, we knew we could deploy it globally from a fixed-cost perspective." There were no upfront capital licenses costs, which allowed Carestream to move forward without having to purchase and inventory licenses. "The subscription model allowed us to enter into the PLM project and focus on proper implementation," says Sherburne. "It provided a fixed-cost platform that can be enhanced over time and scaled to allow more collaborative access without continued cost outlays." As projected, Carestream came out ahead: Its ongoing costs for approximately
62%
Of CIOs said they used openAPIs to innovate in their organizations. SOURCE:2013 THE FUTURE OF OPEN SOURCE
1,500 users (1,000 internal, 500 suppliers) when the software is fully deployed are at "the low end of six figures," says Sherburne, as opposed to "millions of dollars upfront" for a packaged application, not including ongoing maintenance, he says. Big businesses aren't the only organizations that benefit from open source's cost structure. The economics mean that smaller entities with niche software requirements can get what they need in a cost-effective package. Teri Wiss, owner of Development Is Child's Play, a children's occupational therapy practice, had been looking for several years for an application that would handle scheduling and billing for her staff of 16 fulland part-time employees. Over the course of several years, Wiss evaluated a variety of healthcare-oriented software packages, but none offered the specific functionality she was after. Few SaaS applications met her needs because of the uniqueness of her specialty, and those that might have were too expensive, she says. Wiss finally decided to grow her own, turning to an open-source developer whose one-time fee was about the same as the cost of one year of access to some of the SaaS offerings she'd looked at. "I was concerned because I didn't speak 'computer' well enough to tell someone what I wanted. But [the consultant] said to forget what he did, and just tell him the way I work," Wiss relates.
Open Source Improves Quality Open source fans have long contended that the methodology produces better software.
VOL/9 | ISSUE/07
ESSENTIAL technology
Their reasoning: If code is flawed, the developer community can identify and address the problem quickly, where a single coder might plod on unawares, at least for a while. That quality appeals to Bank of America. "We have a broader range of choice when it comes to high-quality software," says Peter Richards, the bank's managing director of global banking in New York. "There is a consequential benefit from both a reliability and a financial perspective." The bank integrates open-source components into custom-developed applications on a regular basis, Richards says--but only after they're certified. "We go through a process of ensuring that they're appropriate for use within the bank's development environment," he says. Asked if it's surprising for such a large company to use open source, Richards cites Linux's path to widespread acceptance in commercial organizations. In the beginning, he explains, enterprises worried that Linux was a hobbyist's operating system, not one that a big
[open source's] big advantages: Quality at a reasonable cost."
Open Source Delivers Business Agility Not to be confused with agile development, business agility is the ability to react to marketplace demands quickly. Open source provides this to developers and businesses alike by speeding up the pace of software development. Ron Pitt, the developer who worked with Development Is Child's Play's Wiss, is a partner with software consultancy LevelHead Solutions. If he needs new code for a project, he downloads it in minutes rather than developing it himself. "Sure, some of it's buggy, but I'd rather spend 15 minutes debugging it than writing it from scratch in 15 hours," Pitt says. Businesses likewise benefit from open source's ability to let them react quickly. For one thing, companies that use open software code aren't tied to vendors' timelines for commercial application upgrades. "If you have to wait for vendors
Open source is helping to bring back custom development of applications, an option that has decreased in popularity in the past 10 years as the use of SaaS gained ground. corporation could depend on. But over the years, "the number of people who support Linux through peer review have made it into one of the better operating systems for corporations," Richards says. "The quality of open-source code for development comes because of the number of people who are able to contribute, review and test it," he asserts. "That means it's a solid piece of code." That development structure also ties back into cost: "If you had to pay for that yourself, you'd end up with enormous costs because you'd have to do testing and code review yourself," Richards adds. "That's one of
VOL/9 | ISSUE/07
to make the changes you want, it affects the pace at which your company can innovate," says Mike Milinkovich, executive director of Ottawa-based Eclipse, an opensource community for individuals and organizations focused on tools originally launched by IBM for Java. Madhu Nutakki, vice president of digital presence at healthcare provider Kaiser Permanente, concurs that open source brings value in the form of flexibility. Kaiser Permanente has been using the GitHub source code control system since 2011. "It was built by developers for releasing code in an expedited way. It gives
76%
Of software developers— globally—say they have used open-source technology at some level. SOURCE: FORRESTER RESEARCH
us more flexibility when we release updates more frequently," says Nutakki. (Note that while GitHub also works with proprietary development tools, Kaiser uses it primarily for open source deployment.) "We started using GitHub because our paradigm changed to a faster release model," Nutakki explains. The healthcare provider's increasing push into mobile means that it's now serving customers who have higher expectations for frequent updates. "We used to build large applications with a release cycle of every six months. Over the last two years, we do releases more quickly -- monthly, quarterly and even faster," he says. "With other products we were using, it took much longer to do a build. With GitHub, it takes an hour." Forrester analyst Hammond confirms that open source's speed advantage is making it more popular in enterprise IT development. "If you ask a developer how they're going to handle a specific project, they can respond that they don't have to buy specialized hardware, because they can run it on Linux. They can use an open-source development framework, and they can develop what someone needs specifically." Open source also brings a lot of "elasticity" to the process of spinning up new resources, Hammond says. "You don't have to ask 'Do I have a license?' or REAL CIO WORLD | M A Y 1 5 , 2 0 1 4
105
ESSENTIAL technology
OPEN SOURCE CODE
'Do I have to buy more software?'" he says. That's why there's a high correlation between cloud-based and open-source software, he points out -- both provide a scalability and flexibility that companies haven't had in the past.
Open Source Mitigates Business Risk
Open Up the Old SOFTWARE | The Document Foundation is looking for developers who want to help make documents locked in old, outdated and inaccessible file formats readable again. The Document Liberation Project aims to attract open source developers to help provide tools for the conversion of proprietary file formats to the corresponding ODF ISO standard document format, The Document Foundation (TDF) said. The Germany-based independent, self-governing organization mainly focuses on the development of open source office suite LibreOffice. While LibreOffice community members have been busy improving format interoperability since 2010, help from outside the community is needed to push the effort forward, the foundation said. So far, LibreOffice developers have provided read support for a variety of proprietary file formats and its import libraries are currently used by a number of vendors, it said. Being unable to open old files is a common problem encountered by computer users today and caused primarily by proprietary file formats, the foundation said. The inability to open old files could be especially problematic in government agencies, affecting the ability of government employees, citizens and businesses to access essential public sector information. The way to prevent or solve this problem is to use true open standards that are fully documented, they said. "But as things stand today, we must face a daunting reality: A significant amount of our legacy digital content is encoded in proprietary, undocumented formats," the project website reads. While the project asked for help, it lacks a schedule or plan for formats to convert next, said David Tardon, one of the conversion project's founding members. Depending on the format involved, it typically takes a couple of weeks to create a format translator that is usable, and after that it takes more time to iron out the details, he said. If a format is undocumented, the project tries to uncover the structure of the file format themselves, said Tardon. — By Loek Essers
Send feedback to editor@cio.in
106
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
IMAGE BY T HINISTOCK
Another, perhaps unsung, benefit to using open-source tools, and thereby reducing dependence on a single or multiple vendors, is that the open-source option may reduce business risk. Milinkovich notes that Eclipse came into being when the company that made TOPCASED, a development tool for embedded systems, was acquired. "The developer was acquired and stopped working on it," he says, so the companies that used it and loved it, notably Airbus, banded together to create Eclipse to continue supporting it. Vendors come and go, and commercial priorities change, whereas a community's focus is more constant. "The openness and transparency of open source mitigates a lot of risk," says Milinkovich. "Whether a company is big or small, it'll stop developing code if it's no longer commercially viable, and you no longer have access to the source code and repositories. If you can actually get a vibrant community built up around your code, it's much more resilient than a strictly commercial enterprise." Gerald Pfeiffer, director of product management for Nuremberg-based SUSE, which offers enterprise Linux, believes that open source is thriving for all these reasons. "People are reaping cost benefits by using open source, but that's not the No. 1 priority. It's also the avoidance of lock-in, the ability to customize, the ability to have a better feel of what you're paying for. It's the combination of all that," Pfeiffer says. "You're sharing development costs with other people, so you get more diversity and more independence than from a single vendor." CIO
DIRECTION
Vision. Action. Direction. The Dynamic CIO sees business and IT trends few others see, takes the lead by setting direction, and executes effectively. We’re looking to felicitate the most Dynamic CIOs in the country. Do you think you have these qualities?
2
0
1
4
Are you Dynamic?
4 - 5 September, 2014 | JW Marriott, Pune
www.cio100.in
Nominations open! Write to rupesh_sreedharan@idgindia.com
endlines TECHNOLOGY
* BY LAUREN BROUSELL
Fake medications are dangerous for the person consuming them and create major headaches for pharmaceutical companies. TruTag Technologies is trying to prevent counterfeiting with an invisible tag that marks individual pills with such data as manufacturing location and product number. “Counterfeiting is the biggest dirty secret that manufacturers don’t want to talk about,” says Kent Mansfield, president of TruTag. "We’re giving the basic ability to glean product genealogy.” The TruTag marker, which is similar to a barcode, is applied using a special coating during the manufacturing process. The tag isn’t visible to the naked eye, but a TruTag scanner can read the encoded information. Companies that manufacture consumer goods, pharmaceuticals, defense equipment and automotive parts are using the tags and readers to verify the authenticity of products. Mansfield says he wants to extend the technology to consumers so they can authenticate products for themselves.
108
M A Y 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/07
IMAGE BY T HIN KSTO CKP HOTOS.IN
Fighting Fakery