August 1 2006 by Sreekanth Sastry

Alert_DEC2011.indd 18

11/16/2011 4:32:28 PM

From The Editor

For close to two hundred years, Macedonian military strategy revolved around

Renounce the Rigid A radical reshaping of the organizational behavior may lead to greater flexibility.

the phalanx. Each unit was a square formation formed by 256 infantrymen armed with sharpened wooden pikes nearly 18 feet in length. Used to devastating effect by Alexander the Great, the phalanx kept the enemy pinned while heavy cavalry broke through their frontline. In battle after battle, Alexander’s rivals found themselves at the mercy of the formidable and nearly indestructible phalanx. That’s the reason why the Macedonian emperor’s successors continued to employ it. That is till the Battle of Pydna on June 22, 168 B.C. Faced by the more maneuverable Roman legions, the slow-moving phalanx gave way in less than an hour, with the Romans turning the Macedonian infantry’s very rigidity against itself. The battle was decisive for other reasons as well — it marked the beginning of the rise of Rome. Why this lesson in ancient history? Simple. In the war between rigid, hardwired systems and more flexible approaches, the latter will triumph. As management expert and author John Hagel points out, conventional business strategy approaches emphasize the need to develop a detailed strategic blueprint and then tightly couple operational initiatives to Putting in place looselyexecute the blueprint. coupled systems goes The rationale for this is understandable: beyond the ambit of the the need to drive more efficiency in business CIO and his team. and the desire to cut costs. With business practices evolving around available technology, enterprise applications have emerged as some of the most hardwired and tightlycoupled software known to mankind, observes Hagel. But faced with the growth of uncertainty in business environments, systems start to develop cracks and become less viable. What some CIOs are beginning to push for are modular systems with greater flexibility, which allow for experimentation while reducing the risk element. Flexibility not only also enhances the ability to react to new market demands, but also creates the opportunity to anticipate new market forces and help shape the changes that will challenge others. However, putting in place such loosely-coupled systems goes beyond the ambit of the CIO and his team. Indeed, it calls for a radical reshaping of organizational behavior. Hagel, in fact, doesn’t see this as a technology issue, but rather a business management one. Where do you stand on this? Write in and let me know.

Vijay Ramachandran, Editor vijay_r@cio.in

Vol/1 | ISSUE/18

Content,Editorial,Colophone.indd3 3

REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

7/28/2006 7:45:27 PM

content AUGUST 1 2006‑ | ‑Vol/1‑ | ‑iSSUe/18

S.O.A.

Executive Expectations

COVER sTORy | ThE TRuTh AbOuT s.O.A. | 28

VIEW FROm ThE TOp | 38 Deepak Puri, MD of Moser Baer, spells out why he attributes the global success of his company to its technology backbone.

In which we, and some of your peers, shed light on the SOA hype and answer your questions about why, how and when you should (or should not) start thinking about implementing a service-oriented architecture. CoVE r: IllUStrAtIon by b In ESh SrEEdh A rAn

Feature by Christopher Koch

Interview by Rahul Neel mani

Peer to Peer GIFTs ThAT KEEp ON GIVING | 20 Investment banks discover the use of gifting software tools to customers and suppliers. Column by michael schrage

Wireless Security ThE sECuRITy pLAN FOR yOuR WIRELEss LAN | 42 Take advantage of the latest security tools and keep your users informed if you want to achieve wire-free bliss. Feature by Thomas Wailgum

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Vol/1 | ISSUE/18

content

Gartner

Essential Technology | 56 Innovation | Moving the Sidewalks

By Mark Cooper Strategy | Notes from the Catalyst Conference

By Bernard Golden

From the Editor | 3 Renounce the Rigid| A radical reshaping of

the organizational behavior may lead to greater flexibility. By Vijay Ramachandran

Inbox | 14

4 8

NOW ONLINE For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. Go to www.cio.in

c o.in

Govern jobs e-Guaranteed| 48 Andhra Pradesh is no stranger to a technology-enabled approach in its government offices. This time around, the state has extended an IT solution to the poor — for transparency, and to ensure that all sections of the poor benefit from the 100-day rural employment guarantee scheme.

2 3

Feature by Harichandan Arakali

why projects fly into stone walls | 52 Dr. Srinivas Bhogle, head, information management division, National Aerospace Laboratories (NAL), looks at the reasons behind the organization's success and why many Indian e-governance projects don’t achieve lift-off. Interview by Balaji Narasimhan 10

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Content,Editorial,Colophone.indd10 10

7/28/2006 7:45:39 PM

marketing & sales

Manage ment

President N. Bringi Dev

COO Louis D’Mello Editorial Editor Vijay Ramachandran

Bangalore

7th Floor, Vayudooth Chambers

Assistant EditorS Ravi Menon;

15 – 16, Mahatma Gandhi Road

Senior Correspondent Gunjan Trivedi Chief COPY EDITOR Kunal N. Talgeri

COPY EDITOR Sunil Shah www.C IO.IN

Editorial Director-Online R. Giridhar D esign & Production

Avocent

26, 27

IDG Media Pvt. Ltd.

Special Correspondent Balaji Narasimhan

4,5

Tel : +919342578822 mahantesh_godi@idgindia.com

Bureau Head-North Rahul Neel Mani

Avaya

Mahantesh Godi

Harichandan Arakali

Advertiser Index

Epson

IBM

Interface

Microsoft

Mercury

Banglore — 560 001

Delhi Nitin Walia Tel : +919811772466 nitin_walia@idgindia.com IDG Media Pvt. Ltd. 1202, Chirinjeev Towers 43, Nehru Place

Creative Director Jayan K Narayanan

Designers Binesh Sreedharan

Vikas Kapoor Anil V.K. Jinan K. Vijayan Unnikrishnan A.V. Sasi Bhaskar Vishwanath Vanjire Sani Mani MM Shanith Anil T PC Anoop

Photography Srivatsa Shandilya

Production T.K. Karunakaran

T.K. Jayadeep Marketing and Sales

General Manager, Sales Naveen Chand Singh brand Manager Alok Anand Marketing Siddharth Singh Bangalore Mahantesh Godi Santosh Malleswara Ashish Kumar Delhi Nitin Walia; Aveek Bhose Mumbai Rupesh Sreedharan Nagesh Pai; Swatantra Tiwari Japan Tomoko Fujikawa USA Larry Arthur; Jo Ben-Atar

Singapore Michael Mullaney UK Shane Hannam

New Delhi — 110 019

Mumbai Swatantra Tiwari

Netmagic

Novell

RIM

SAS

Toshiba

Tel : +919819804659 swatantra_tiwari@idgindia.com IDG Media Pvt. Ltd. 208, 2nd Floor “Madhava” Bandra – Kurla Complex Bandra (E) Mumbai – 400 051

Japan Tomoko Fujikawa Tel : +81 3 5800 4851 tfujikawa@idg.co.jp

USA

Tyco

Larry Arthur Tel : +1 4 15 243 4141 larry_arthur@idg.com

Wipro

6, 7

Singapore Michael Mullaney Tel : +65 6345 8383 michael_mullaney@idg.com UK Shane Hannam Tel : +44 1784 210210 shane_hannam@idg.com

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by N Bringi Dev on behalf of IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. Editor: Vijay Ramachandran. Printed at Rajhans Enterprises, No. 134, 4th Main Road, Industrial Town, Rajajinagar, Bangalore 560 044, India

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Content,Editorial,Colophone.indd12 12

Vol/1 | ISSUE/18

7/28/2006 7:45:39 PM

reader feedback

Bridging Some Gaps Your magazine is a great asset in the hands of executives faced with daily, IT-related decisions. CIOs have traditionally learned over time through sales pitches made to them by multiple vendors. Until that level of maturity was reached, they were typically strapped for real, unbiased decision-making information. Your magazine fills this gap, and the one issue I have read so far has left me thoroughly impressed. There is still a gap when it comes to the SME and also government. Everyone knows they need centralised IT infrastructure along the lines implemented by the large enterprises, but find that they cannot afford the prices that the traditional vendors charge. I believe enterprise software that are commercial adaptations of open source projects can deliver to India quality business applications at reasonable, affordable prices. I loved the ‘Pundit’ column where Bernard Golden (July July 1, 2006 2006) touches upon the effect open-source software is having in the virtualisation market. Once industry moves away from the myth that open-source software is not ‘real’ software, we will realise the fact that open-source can bring greater value to the market at significantly lower costs.

(Infoseeding the Farm, July 1, 2006) and its network of 2006 community information centers was excellent. The article highlighted how technologies can be leveraged for socioeconomic benefits. It also brought out the importance of the government and technology vendors looking at policies or products that can effect drastic change in the nation. The article threw up a spectrum of issues that are important for our agro-economy. Jethin ChAndrA Head-IT Infrastructure Planning & PMO, Wipro

Focus on innovation

cIO IO India provides great inputs to all chief information officers and IT heads — existing and potential. I make it a point to have my team read some of its articles. The presence of this title on my desk brings a change in attitude among business heads who visit my office. I would like you to enhance the magazine by adding a section on innovation. More of CIO's readers are moving to create grand changes in their IT applications. For this, they are interfacing with stakeholders — right from partners to customers. An example of this is a consumer service application that can bring about a change in the customer’s mind about the brand he buys. MAniSh h Gupt GuptA GM-IT, Whirlpool India

What Do You Think?

Anup pAi CEO, i-Create Software

powering an Agro-economy The Govern feature on Assam Small Farmers’ Agri-business Consortium 14

Inbox.indd 14

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

We welcome your feedback on our articles, apart from your thoughts and suggestions. Write in to editor@cio.in. Letters may be edited for length or clarity.

“The IT sector itself should strive to be business-oriented today — not just centered on technology.” An issue t to Store I have been receiving CIO for sometime now, and wanted to say that I find your coverage of IT implementations in the country — and the learnings from them — very informative. Most recently, I found your special coverage of ‘storage’ to be of eminent interest — both in the magazine (Benefits In Store, June 15, 2006 2006) and at the CIO event held recently, which focused on managing unstructured data. As a medium-sized IT player, I found the storage alternatives discussed to be relevant and informative. Keep it up. MohAn Shenoy VP, Unilog Content Solutions

priorities Are right

cIO delves deeper into issues than most other magazines I read. In terms of production quality, it’s very good. In fact, when I recently picked up an issue, I couldn’t make out whether it had come out of the US or from India. In response to the feedback that the magazine is overly managementoriented with too little technology, I’d say that the IT sector itself should strive to be business-oriented today — not just centered on technology. Atul VAShiSthA CEO, neoIT

editor@c o.in Vol/1 | ISSUE/18

new

hot

unexpected

One for the Road

FLEET MANAGEMENT A vexing problem at call centers is employee security. High attrition rates, different vehicle types, odd working hours, re-routes and social activities of the employees — all exacerbate the complexity of call centers planning their pick-ups and drops. Tracking them and their vehicles becomes an important daily task which, if automated,

can make their commute to call centers and back safer, say GPS-GIS software vendors. One such vendor, Bangalore-based Proficio Geotechnologies, believes automation can also make the logistics of picking up and dropping off call center agents cheaper. The automated solution involves using in tandem, a Geographic Information System, the Geostationary Positioning Satellites (GPS), and computer-generated SMS, says Proficio. Vehicles are tracked and monitored, and the route is designed by the software. Employees get a system-automated SMS, which informs them of their pick-up time, vehicle number and the driver’s name. The information is confidential and tamper-proof.

The fleet management tool has made a difference to BPO firms like Transworks Information Services that once used a manual system to allocate place for 2,700 agents among 130 cabs. The system was cumbersome, timeconsuming and depended on the knowledge of a few individuals. “Proficio gave us the exact reporting tool we required," says Venugopal N, a GM heading administration and facilities at Transworks. "Its GPS-GIS tool is a cost-effective and comprehensive product.” With this ‘improved information visibility’, the automated system also ensures quick and

ILLUSTRATION By ANIL T

A GPS-GIS-SMS combination can make moving call center agents safer and free up logistics managers for more useful work.

Continued on Page 16

2010

IT Sweet Spots Researchers at the IT Leadership Academy recently undertook a unique examination of what will be important for jobs and careers in 2010. Based on a ‘work-centric planning’ method, they sought to predict how the world of work will evolve, and identified three competencies guaranteed to be important in 2010. Leadership: The No.1 issue on the minds of great CIOs is leadership. The major IT shops of 2010 will be those that have transformed themselves into human capital development factories. Just as GE is able to create great business leaders, great IT organizations will generate great IT leaders. At the bottom will be those folks who get inadequate leadership training — or none. Information management: The ‘sounds of the drums’ point to information management as the next source of competitive advantage, value creation and public relations disasters. Within STAFFING

VOL/1 | ISSUE/18

Trendlines.indd 15

the information management bucket, the researchers included records management and retention, compliance, privacy, business intelligence and business analytics. Each of these previously unloved and unintegrated specialties is going to be big. In 2010, there will be a whole lot more information floating around. Customers and regulators will expect IT to know what is known, protect what is private and generate bordering-onclairvoyant levels of service. The whole issue of IT and the law is going to be very big in the future, according to the Academy. Change management: High-end observers of executive behavior John Gardner and Warren Bennis agree that they (and most other gurus) chronically underestimate the capacity of large-scale systems such as the government's to resist change.

— By Thornton A. May REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

7/28/2006 5:54:21 PM

TrENDLINES

How to Make a

TouGh DEcISIoN Sometimes, there can be more than one right answer to a problem. The option you choose can say a lot about the values of your company — and your leadership. Joseph Badaracco, the John Shad Professor of Business Ethics at Harvard Business School, offers three simple (and quick) tests to help you make a tough decision.

LEADErShIP

The newspaper test. Which plan of action for dealing with a problem is going to work best if it’s going to appear on the front page of your local paper tomorrow? “That’s a way of picking up on all the consequences of your act,” says Badaracco.

The golden rule test. “There are a lot of different groups who believe that they have the right to have corporate officers and companies obey the law. There are the vast majority of people in most organizations who believe they have the right to be treated fairly and honestly by the people they’re working for. And there are the owners of a business who have a right to stable, growing, risk-adjusted, legal returns,” says Badaracco. “The Native American advice is to walk a mile in another person’s shoes. That’s a way of picking up on other people’s rights that you may be overlooking, because you’re under pressure to get a decision done.”

The best-friend test. “Ask yourself how you would like somebody who knows you well, and whose respect matters to you, to think about your decision,” he says. “That’s a way of putting a spotlight on your character [and] the character of the organization you’re trying to shape.”

—By David Rosebaum 16

Trendlines.indd 16

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Secure Positioning Continued from Page 15 accurate data and report for management review. Call center firms can also optimize the use of their vehicles. It works well for firms today, many of which have over a 100 vehicles — of different capacities. Automation can also help ensure optimally-designed routes, minimum employee travel time and maximum vehicle ‘fill-factor’. Better Accountability: With the GIS-GPS-SMS solution in place, transportation managers can merely ask the driver to follow the route designed by the system; the company has the mileage of each route designed and calculated by the system. This can save a lot of time for logistic managers who scrutinize every trip sheet generated by a vehicle. For example, a company that has 100 vehicles will generate a minimum of 200-225 trip-sheets a day. To key in this data and approve the information, logistic managers spend a minimum of four-to-five hours, says Proficio. On an average, this process alone will consume 120-150 hours per month. Bear in mind that the approval of the tripsheet is based purely on the instincts of the logistic manager. With system automation, this activity is reduced to less than two hours a month, freeing up more time to improve employee relation management and driver management. Zero non-inclusion and duplications: Manual operations of transports are often faced with instances when employees are marked to travel on multiple vehicles or the opposite where an employee is overlooked and misses his ride. This can be minimized almost to zero with the GIS-GPS-SMS system. BPO firms experience high attrition and induction rate, thus requiring suitable allocation of vehicles. The procedure currently being followed requires continuous re-routing of vehicles, which is complicated if done manually. The GIS solution effectively handles this issue, and the number of cycle times can be increased as a routing schedule can be done on a daily basis. Further, the software executes the complete task in 45-60 minutes. —By Harichandan Arakali

VOL /1 | ISSUE/18

TrENDLINES

Poor Communication Is Killing Projects

Failing to initiate ‘crucial conversations’ may be the single biggest cause of project failure, according to preliminary findings of a study on project management. The study, being conducted by training firm Vital Smarts has found that the inability of project managers to talk to people about five often-occurring negative situations frequently leads to failure. According to David Maxfield, director of research at Vital Smarts, the five situations are:

MANAGEMENT

Setting arbitrary deadlines and inadequate resources that “set up a project to fail”.

Failing to provide the necessary leadership, political clout or energy for a project. Skirting or manipulating the project priority-setting process. An unwillingness by team members to support projects as required. Failing to acknowledge project problems until it’s too late for remedial action. Maxfield reported that surveys and interviews of more than 800 project managers, as well as 150 hours of observations of corporate project activities, indicated that 80 percent

of project managers routinely face arbitrary deadlines and inadequate resources that have no relationship to reality. Only 18 percent feel they can confront that situation effectively. He pointed to the key difference between those who don’t confront arbitrary deadlines and those who do. Those who don’t “think of all the bad things that will happen if they stand up to their boss,” he said. Those who do talk about their concerns, “think of all the bad things that will happen if they don’t stand up.” A comprehensive report on the data will be released in September. — Kathleen Melymuka

University Creates Poker-phased Robot Computer scientists have moved beyond figuring out how to beat computerized chess systems and are now tackling automated Texas Hold’Em programs. Carnegie Mellon University researchers have created a robot that uses knowledge of game theory, not poker smarts, to beat online Texas Hold’Em programs. The GS1 poker robot, which makes decisions after analyzing poker rules, was created by Tuomas Sandholm, director of Carnegie Mellon’s Agent-Mediated Electronic Marketplaces Lab, and graduate student Andrew Gilpin. Sandholm says the challenge of developing a poker robot is greater than that of trying to beat a computerized chess program because unlike chess, poker involves making decisions with incomplete information. (You know what pieces an opposing chess player has, but don’t know the hand of a competing poker player). An algorithm used to accommodate such uncertainties to play poker might have applications in e-commerce, such as in auctions, says Sandholm, who has done significant amounts of research on

VOL/1 | ISSUE/18

e - c o m m e r c e. He is chairman and chief scientist of CombineNet, a company that helps large organizations save money and time on procurement. A new version of Sandholm’s poker robot, dubbed GS2, has been featured in the Computer Poker Competition during the US National Conference on Artificial Intelligence in Boston. — Network World

REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

ILLUST RATION By MM S HANITH

roBoTIcS

BY DIANN DANIEL

TrENDLINES

Failing to Heed

VoIP’s Call Many companies are missing voice over IP’s cost savings.

more than 50 percent of 132 companies surveyed are considering, or are in the process of deploying, voice over IP (VoIP) technology, according to the Cutter Consortium, which conducted the survey. But 44 percent of the companies reported that it wasn’t even on their radar. The findings are unexpected, says Lou Mazzucchelli, a fellow of the Cutter Business Technology Council. Mazzucchelli thinks many companies are being shortsighted. The major telecommunications companies are going to start offering VoIP services, and eventually, it will replace traditional phone service, he predicts. So why are companies turning a deaf ear to VoIP? Of those who said they were not considering the technology, 53 percent cited no business need for it. Another 22 percent said they had no business sponsor for a VoIP project. There are costs to VoIP, Mazzucchelli acknowledges, but traditional telephone service isn’t free either. In the long run, he notes, VoIP offers substantial cost savings over existing technology. VoIP skeptics often cite security as a reason for avoiding the technology, but Mazzucchelli believes the lack of an adequate network infrastructure is a bigger technical barrier to adoption. Twenty-one percent of respondents said they weren’t looking at VoIP because their current infrastructure would not support it. VoIP can be unreliable (it’s vulnerable to problems such as dropped calls), so IT shops need sufficient staff to keep an in-house VoIP system running. Also, traditional telephony providers supply backup power during power outages, but VoIP users must provide their own. Mazzucchelli says the seriousness of these barriers depends on the relative importance of security and reliability to a company. For example, some parts of an organization could easily tolerate a power outage. “If you’re a utility, you want your customer service line open during a disaster,” Mazzucchelli observes. “But many others in the company probably have cell phones they could use.” You have to ask where it’s OK to take a risk on a new technology.

Best Practices

IL LUST RAT ION By MM S H AN IT H

S L I G h T Ly

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Learn about VoIP. Even if you’re not planning to deploy VoIP soon, you should still stay up to speed on the technology and adoption trends, advises Mazzucchelli. That way, you won’t fall behind as competitors deploy VoIP systems.

Evaluate the pros and cons. The decisions of whether to use VoIP and how to use it are unique for every company. Consider the impact VoIP would have on network security and reliability, infrastructure, staffing and telecommunications costs. “VoIP is in its infancy,” Mazzucchelli notes; right now, more has been written about how to deploy it than is known from experience.

Go slowly. Don’t convert your entire voice network to VoIP at once. Consider a mix of traditional voice services and VoIP to lower the risk of rolling out the new technology.

VOL /1 | ISSUE/18

7/28/2006 5:54:34 PM

Business Burdened with

LEGAcIES: Gartner

M A N A G E M E N T It isn’t just legacy systems that can stifle an organization, but legacy thinking. People resistant to change will not survive changes to the industry, according to Gartner analyst Steve Prentice. Gartner estimates IT jobs will be cut in half by 2010, thereby removing stagnant-minded staff. “The skills of the past are not those required in the future, and organizations will find it increasingly difficult to retain necessary expertise in an aging workforce,” says Prentice. The research firm says legacy thinking occurs “when attempts to retire or replace systems are undermined by entrenched attitudes towards change, fear of the issues and risks involved, and budgetary constraints”. Gartner says examples of legacy psyche are “it’s always been done that way”, “our application is unique”, and “this is core to our business — we cannot change it”. While Prentice says legacy systems impede business progress, he emphasizes that legacy thinking should be the catalyst for improvement. “The primary issue is not hardware or software, but individual and corporate attitudes towards change. Skills will change and older staff will struggle... we anticipate significant changes in the skills required in IT in the future [by 2010], as the emphasis moves away from pure technology towards a focus on business, process, information and relationship management,” he says. Another Gartner analyst, Brian Gammage, says the goal is to replace a legacy business with a real-time enterprise, which detects and responds to opportunities and problems faster. The company must then implement real time IT infrastructure (RTI), which is more automated and less heterogeneous. “To achieve RTI, reduce the complexity of architectures through standardization, which removes inhibiting policybased adjustment of infrastructure technology. “[Consider] automation as it promotes RTI by improving efficiency, quality, cost-structure and agility; it will extend across entire domains over time as people-intensive functions become automated.”

The issue is 'legacy psyche' or the individual attitude towards change.

— By Darren Pauli

V OL/1 | ISSUE/18

Trendlines.indd 19

Michael Schrage

It’s All About the Execution

Gifts that Keep on Giving As top investment banks have discovered, giving away software tools to key customers and suppliers can save everyone lots of time and money.

rustrated by schedule slips and confused questions, a developer at one of the world’s largest telecom companies did something he really wasn’t supposed to do: he gave away his code to a key circuit chip supplier. His motivation wasn’t generosity; it was self-interest. His company’s supplier had to consistently run through two or three complex iterations to meet the software’s evolving specifications. That prompted persistent delays in release dates, sometimes by weeks, and threatened other software development and manufacturing schedules. To accelerate the process, the developer had written a little personal tool that tested critical functionality of the supplier’s embedded software. It worked. In a blinding epiphany of the obvious, the developer realized everyone would benefit if he just gave away the code. So he spent 20 minutes writing documentation and another few minutes slapping on an interface he thought the supplier would find easy to use. It did. His under-ahundred-lines software giveaway probably saved both companies well over Rs 2.25 crore in time and testing. Not only did the supplier’s development team gobble up his code, they came back with ideas to make their module better. That previously personal tool had given the developer’s company keener insight into its customer’s software design sensibility. It produced better software faster, based on that simple freeware ‘gift’. That’s the kind of gift that more CIOs should insist their IT organizations give. After all, they have an untapped and under-utilized asset that has strategic implications for customer and supplier relationships. The odds are excellent

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Coloumn Gifts that Keep.indd 20

Vol/1 | ISSUE/18

7/29/2006 11:32:07 AM

Michael Schrage that their IT organizations are filled with portfolios of personal tools that, with just a bit of thought and polish, could be externalized to save time, effort and resources for key customers and suppliers. Digital designers, developers, programmers and testers create these kinds of informal toolkits all the time. The catch is that they’re almost always too personal; they’re built for the express use of the individual and no one else. But, unsurprisingly, the potential value of these personal innovations can go far beyond the individual. Most of the time, people have no interest in how you solve a particular IT problem. But for those aspects of a problem (or opportunity) that they might like some control or influence over, they’re very interested in whatever insights and shortcuts you might have to offer. If it’s in code they’re confident already works, so much the better. These tools have particular credibility and authenticity because your people are already using them to make their lives easier. All it takes is a smidgen of ingenuity and investment to turn the tools into platforms that make the business lives of your customers and suppliers easier. Leveraging an existing investment cost-effectively is smart business.

Mission Critical Application Hosting

Investment Bank Giveaways The world’s top investment banks are familiar with this idea. Goldman Sachs, Credit Lyonais and Merrill Lynch profitably peddle billions of dollars’ worth of synthetic securities and derivative instruments to Fortune 1000 firms and hedge funds. For obvious reasons, many prospective customers for these ‘exotics’ don’t hesitate to use these complex instruments for risk management and speculation. So what did the banks gradually realize? Listening to their customers and trying to sell to them wasn’t good enough. They began to give away their own tools. They gave their prospects the same software ‘wind tunnel’ and stress testing algorithms that they themselves used to design the instruments in the first place. They essentially told potential clients: here, you can use the same tools we use to design and test our products to test them for yourselves. Go ahead and play until you’re comfortable. If any questions or problems crop up, we’ll be happy to address them. In this growing era of open-source software tools and development, the economics of externalizing the tools your systems designers, developers and testers use become far more attractive. They make it easier and safer for your customers and suppliers to take a chance on your innovations and change-management initiatives. CIOs should treat this as the enormous opportunity it is. It’s easy to imagine a store chain sharing some of its supply chain and inventory management tools with its key suppliers. Similarly, many companies reliant on CRM might benefit if their best customers could serve

Vol/1 | ISSUE/18

Coloumn Gifts that Keep.indd 21

ERP, Online Trading, Online Billing, Custom Business Applications...

Your Search Ends Here Today, NetMagic Provides mission-critical IT services to large and medium enterprises across the globe, saving them millions of dollars in managing their IT infrastructure. Our customers depend on us for managed Hosting, critical Mail services, Network and Server Security, Bandwidth and Connectivity, Network Monitoring and Management, and Data Storage and Backup solutions, among other things So give us a call, drop us a line or come by and talk to us about your requirements. Hosting Services | Managed Services | Remote Management Professional Services | Disaster Recovery and Business Continuity Remote Management | Bandwidth & Connectivity

Netmagic Solutions Pvt. Ltd. 22, Nirlon Complex, Western Express Highway, Goregaon (E), Mumbai - 400063 Phone: 91-22-26850001. Fax: 91-22-26850002 Email: marketing@netmagicsolutions.com

Michael Schrage What tools are you using inside the organization that might have a big impact on clients, business partners or suppliers if you gave them away?

Initiative and senior advisor to MIT’s Security Studies Program. Send feedback on this column to editor@cio.in

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Coloumn Gifts that Keep.indd 22

RESOURCES | ESSENTIAL TECHNOLOGY |

Whipping IT Data Into Shape Enterprises are tackling the ugly problem of reconciling widelydistributed data, driven in part by the move to service-oriented architecture. Read more of such web exclusive features at www.cio.in/features

Columns Hitting to All Fields How do you move into a new industry without taking a backward step?

www.cio.in/columns Resources

COLUMNS

Complete Data Protection Strategy Building a robust data protection strategy is now a business requirement. IT Consolidation Drivers and Benefits Organizations are finding themselves in a position where consolidation does not necessarily

Radical Reform The IT promise: sustainable competitive advantage.

TOP VIEW

GOVERN

Recruitment Rethink for IT Are companies investing enough in business training of recruits in IT teams?

Download more web exclusive whitepapers from www.cio.in/resource

FEATURES

Institute of Technology’s (MIT) Media Lab’s eMarkets

The Web Lights up Your World Internet users say the Web has improved their efficiency at the workplace -- and beyond

Read more of such web exclusive features at

NEWS |

Michael Schrage is a co-director of the Massachusetts

Features

WebExclusive

themselves with the help of the informal tools they’re already using to customize the system. While this approach most naturally lends itself to B2B interactions, little creativity is required to come up with scenarios where consumers can benefit from tool-sharing. For example, if Amazon or Apple iTunes programmers shared some of the tools they use to tweak and fine-tune the algorithms of their popular recommendation engines, it’s likely that many customers would love to use them to better personalize book and song selections. The CIO challenge is straightforward: what are the fastest, easiest and most cost-effective ways to learn what kinds of informal digital toolsets exist within the enterprise? The next step is more challenging but far more fun: what are the 10 or 15 tools that you’re productively using inside the organization that might have a big impact on a customer, client, business partner or supplier if you gave them away? Needless to say, this question creates the opportunity for all kinds of interesting conversations with marketing, sales and procurement personnel within the company. The third step is the trickiest: what kind of marginal investments must you make to turn these informal tools into user-friendly, accessible and economically valuable tools for your target market? If the investment is more than marginal, it may ruin the economics of your initiative. And if the tools are simply too cumbersome or complex to be used by a desired constituency, they won’t work. But if you are a CIO who cares about innovation and who wants to cultivate a reputation for turning underutilized assets into new business value, deciding which tools to give away merits pride of place on your priority list. To be sure, this requires that you broaden and deepen your understanding of both your customer and your own organization. But really, shouldn’t you be doing that anyway? CIO

REAL WORLD 7/29/2006 11:32:08 AM

Paul Ingevaldson

Total Leadership

Getting in Sync Your reputation for performance depends on your ability to align with end users.

started my career in IT in 1965, when I worked as assistant to the production manager for a company called Data Processing Consultants. I retired in December 2004 as the CIO and senior vice president, international and technology, with Ace Hardware. During those 40 years, I’ve witnessed the seminal events of the information age, from the introduction of the IBM 360 computer (the first family of mainframes with compatible operating systems) to the emergence of the Internet and wireless technology. We all know how IT has revolutionized business. In a speech last year, Alan Greenspan, the legendary chairman of the Federal Reserve, credited IT in part for the resilience of the US economy in the face of “stock market crashes, credit crunches, terrorism and hurricanes — blows that would have almost certainly precipitated deep recessions in decades past.” Given IT’s impact, it would be natural to conclude that IT departments and the CIOs who run them are heroes. You would be wrong. Despite the dramatic and revolutionary changes implemented by IT, the IT department is still treated like a necessary evil in many companies. We still have the reputation of taking too long, not delivering exactly what is needed and not being sensitive to the needs of the corporation. CIOs’ job tenures are still relatively short, averaging just under five years. Business writer Nicholas Carr has convinced many non-IT executives that ‘IT doesn’t matter’. Lacking a fundamental understanding of the value of IT, companies outsource some or all of the IT department. Many CFOs still look at IT as a cost rather than an investment. I’ve even heard comments by IT professionals suggesting that this is not a good career for their kids to pursue.

Vol/1 | ISSUE/18

Coloumn Getting in Sync.indd 23

REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

7/28/2006 4:38:34 PM

Paul Ingevaldson

Total Leadership

Painful as it is to admit, this is our fault because we fail to exercise leadership among our senior executive peers. We don’t demand a strict adherence to the basic rules of project management, we’re too willing to accept the blame, we’re not always sensitive to the needs of the business and we fail to communicate our achievements.

Stop Taking the Blame IT departments are staffed by people who thrive on getting systems to run. To many of them, time and budget is less important than getting it right. But business executives expect performance. When CIOs aren’t skilled at setting expectations or are not at the table when decisions are made, IT often bears the blame if something goes wrong with the technology. It’s up to CIOs to change this mindset by making sure business users and IT collaborate on systems development. CIOs should not allow development to go forward without clear specifications from users who tend to hope that IT can figure out what they want. CIOs must also insist that when users make major changes during development, these are documented and that user management signs off on new costs and time lines. Several years ago Ace implemented an incentive program for developers that paid off only if they achieved the agreedupon budget and time line for a project. Immediately, they took their collaboration with user departments more seriously. Both users and developers realized that there was a strong incentive to maintain the original schedule and put requests for additional functionality into future phases of a project. IT also documented any modifications in monthly project reports, which we provided to everyone in the company. As a result, no one could say that they were not informed of and involved with project changes. This took pressure off of IT and assigned business users some of the responsibility for cost increases and delays.

Use Business Smarts CIOs should speak like businesspeople. We should talk about trade-offs, backup plans and business strategy. We mustn’t think that the toughest problems reside in the IT department. We must understand the cost structure of user departments and the pressures that users are under to achieve their goals. IT must serve all of its masters in a company, not just the most powerful ones or the ones who shout the loudest. We must be aligned with corporate business needs, not with IT’s needs. CIOs must play an active role here by making senior management aware of new technologies and how those advancements can save the company money or increase productivity. I learned this lesson back in the early 1980s, when Ace was using a very costly cut-and-paste process for producing our dealer catalog. We investigated what were then new laser printing technologies that could print both text and pictures. The system saved the company millions of dollars a year. 24

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Coloumn Getting in Sync.indd 24

C I O s s h o u l d n o t a l l ow development to go forward without clear specifications from users who would tend to hope that IT can figure out what they want. Demonstrate Results It’s hard to get recognition for your contributions when no one knows what they are. The post-implementation audit is one way to identify whether a system has achieved its promised results, but these reviews are seldom done in any formal way. As a result, advantages of the system become embedded in the cost structure of the user department and IT is never identified as the source of the improvements. Most IT departments don’t care about this because they are on to the next project. Meanwhile, the user department is more than happy to take full credit for the benefits. I found it difficult to get my company to conduct postimplementation audits. A major reason is that these can’t be done just by IT. They depend on a collaboration between IT and the user department; the cost savings can be identified only by the users. The best way to achieve this is to make postimplementation audits a best practice within your company (and ensure that top management requires them). Making post-implementation reviews a function of a third-party organization such as internal audit helps to encourage all parties to participate. When I have been able to do it, it has achieved the desired effect of proving the business case. For example, when Ace implemented a data warehousing system, our CEO demanded that the user departments quantify the long-term benefits before he approved the project. Once the system was implemented, he required the major users to report quarterly to the executive officers what benefits they were realizing from the system. By holding users accountable for the results, this approach ensures that future cost/benefit analyses will be more accurate. If we can get users to understand that they must engage in pre-system development and post-implementation audits, we will ensure a higher degree of successful system delivery and accountability for results. Only when our colleagues know what to expect from us, when they understand what we do, and when they trust we understand their needs, will we begin to change many of the stereotypes that have followed us from the early days of computing. CIO Paul Ingevaldson was CIO of Ace Hardware until his retirement in 2004. Send your feedback about this column to editor@cio.in

Vol/1 | ISSUE/18

7/28/2006 4:38:34 PM

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

I llustration by b inesh sreed haran

Cover Story - Page 1 - 2.indd 28

7/28/2006 6:31:30 PM

BY CHRISTOPHER KOCH Reader ROI:

Why service-oriented architecture demands a long-term commitment How to ensure that a service gets re-used Why business process complexity is a prerequisite for SOA

Vol/1 | ISSUE/18

Cover Story - Page 1 - 2.indd 29

In which we shed some light on the hype and answer your questions about why, how and when you should (or should not) start thinking about implementing a service-oriented architecture. REAL CIO WORLD | AU G UST 1 , 2 0 0 6

7/28/2006 6:31:32 PM

Cover Story | SOA

CIOs are chasing a distant dot on the

chunks of business processes (‘credit check’ for example), SOA promises to give companies a portfolio of services that can be mixed quickly and matched expeditiously to create automated business processes, thereby reducing application development Fast. time and costs by as much as 50 percent. A recent survey by the Business Performance Management From its humble origins in object-oriented design and Institute found that only 11 percent of executives say they’re component-based software development methodologies, SOA able to keep up with business demand to change technologyhas moved into a rarefied realm of expectations. SOA, the story enabled processes — 40 percent of which are currently in need goes, isn’t merely designed to remake IT; it’s going to be a magic of IT attention. Worse, 36 percent report that their company’s bullet to transform the businesses that IT serves too. IT departments are having either “significant difficulties” (27 CIOs are helping drive these expectations. According percent) or “can’t keep up at all” (9 percent). to a recent Forrester Research survey, 46 percent of largeService-oriented architecture (SOA) is the latest in a long line enterprise SOA users (and about 27 percent of SOA users at of highly hyped strategies designed to bring that disappearing midsize and smaller enterprises) said they’re using SOA to dot back into view. By mirroring in technology important “achieve strategic business transformation.” Surveys from other research companies report the same enthusiasm, with “competitive advantage” being the most popular expectation in a Summit Strategies survey, and the ability to “develop new capabilities and products” topping the list for If it isn’t broke, SOA isn't going to fix it. Sometimes you Aberdeen Group’s respondents. In a recent don’t really need SOA. CIO/Computerworld survey, 77 percent of respondents said SOA would result in greater business flexibility. SOA doesn’t always make sense, says Vinod Sadavarte, CIO, Patni Computers. And it may do all that and more. He points to an example of a company in a stable business environment that Just not yet. sits on a single platform and has a fairly integrated and robust technology that already meets its business needs. Another indicator, he says, of when not to indulge in SOA is if performance is an issue of the highest order for a company. SOA definitely introduces a performance drag, he says, and if your IT organization SOA is far from being a proven concept (only lives by a performance-metric code, it’s best to avoid SOA. 16 percent of companies in the Aberdeen Another example of when it’s a bad idea to establish SOA is when there is survey have more than 24 months of a very high degree of inter-connectivity within your company and with your experience with SOA technologies), and the external entities. The cost of migration to SOA, he says, will be huge and it may companies that have had the most success not provide the perceived levels of value-add. with it so far are those that always have success Another question, he says, which needs to be with technology: big companies with big IT answered is: which processes should be servicebudgets whose business is technology-based enabled? Your guiding star is to select processes (think telecom and financial services). They based on these parameters: level of value-add, also tend to have supportive, technologically affordability and ease-of-implementation. He sophisticated business leaders. For companies advises his peers to categorize these objectives without these advantages, SOA may not be in a matrix or a square of quadrants. One side what's it’s being made out to be. charts value-add and the other affordability. His That’s because SOA demands a first choice would be the processes that fall in bigger investment and a longer strategic the first quadrant of high value-add with commitment than CIOs may think. The high ease-of-implementation. tactical part — service-oriented development The rest, he says, take up in phases — is a surmountable technical challenge. But and keep business stakeholders in creating architecture based on a portfolio of the loop. services asks that CIOs make a compelling case for enterprise architecture, a centralized — Gunjan Trivedi development methodology and a centralized staff of project managers, architects and developers. It also requires a willing CEO and Vinod Sadavarte executive staff to pave the way for IT to dive CIO, Patni Computers

horizon called agility (the ability to change IT quickly to fit business needs) and the dot is receding.

When not to do it

Harder Than You Think

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Cover Story - Page 3 - 9.indd 30

VO l/1 | ISSUE/18

Cover Story | SOA into the core business processes of the company. Understanding those processes and getting buy-in on enterprise sharing are the real sine qua nons of SOA-based business transformation. For companies without technology products, big budgets or business leaders who chant the CIO’s name every time he comes into the room, SOA is neither a guaranteed path to business transformation nor, in some cases, even desirable. For smaller companies, for companies that have made big bets on integrated application suites and for companies that already have solid application integration strategies in place, SOA isn’t a ‘when’, it’s an ‘if’. CIOs need to pursue an SOA strategy carefully because the service development and architecture planning pieces of SOA are distinct but not independent — they need to be considered and executed in parallel. Services built in isolation, without taking into account the architectural and business goals of the company, may have little potential for reuse (one of SOA’s most important benefits) or may fail outright. Grand architectural planning exercises may drag on endlessly, without providing any real business benefit. And that dot on the horizon, agility, is difficult to quantify. “We can’t say, ‘Do SOA because it will give you a more flexible set of systems’,” says Daniel Sholler, Gartner’s vice president of research. “There’s no metric that says if I’m more agile I will save X percent. ” Indeed, a survey by integration software maker WebMethods found that the top two inhibitors to SOA were respectively a lack of general knowledge and the difficulty of quantifying its ROI. Indeed, there’s no inherent ROI in any technology strategy, cautions David Johns, senior vice president, CIO and chief supply chain officer for Owens Corning, a building materials manufacturer. Therefore, he says, “Driving productivity and driving waste out of the supply chain are the goals, not developing a service-oriented architecture.” Some are even more dubious. “Companies are creating a complex bureaucracy around something that 90 percent of the time is overkill,” says Thomas Gagné, CTO of InStream Financial, a software and financial services vendor. “Why are we replacing technology and obsolescing our employees’ skills faster than we’re realizing the benefits of the previous, now supposedly inadequate technologies?” That’s a difficult question CIOs need to ask themselves before entering SOA’s business transformation revival tent. Here are a few more:

The Questions, The Answers Q: SOA is a technology architecture. How do

you make a business case for a new technology architecture?

A: You don’t. “Don’t talk to the business about SOA because the business doesn’t care,” says Forrester Research analyst Randy Heffner. The business’s interest in SOA extends only

Vol/1 | ISSUE/18

Cover Story - Page 3 - 9.indd 31

Complexity is an SOA prerequisite. Companies without complex application integration requirements are not SOA candidates.

as far as it cuts the cost of applications and gets them running faster. But simply rewriting code in the form of a service doesn’t deliver those kinds of benefits. To start down the road to building an SOA, there needs to be multiple redundant IT applications that can be consolidated into a single service, or the possibility for multiple areas of the business to use a single service. To speak to the business, quantifying the redundancy helps. “I know for a fact that the same data is being extracted by at least 26 different applications in our environment for different purposes,” says Jeff Gleason, director of IT strategies for Transamerica Life Insurance, annuity products and services division. “We’re extracting it and paying to store it in all those different places. Just getting rid of those support costs is a big deal.” But there is also a flexibility quotient to SOA that can add value — if it is focused on a critical business process. At ProFlowers.com, for example, there are no redundant applications or multiple business units clamoring for services. But splitting the flower ordering process into discrete services means each component can be isolated and changed as needed to handle the spikes in demand that occur around holidays, according to ProFlowers CIO Kevin Hall. When ProFlowers had a single, monolithic application handling the process, a single change in the process or a growth in transaction volume (on, say, Valentine’s Day) meant tearing apart the entire system and rebuilding it. In the new system, a server farm responds to spikes in activity during each phase of the ordering process by transferring storage capacity to the specific service that needs it most. The system is much more predictable now, and there have been no outages since the service-enabled process was rolled out beginning in 2002, according to Hall. “Because we can scale horizontally [more servers] and vertically [splitting up services], I don’t have to buy all the hardware to serve every service at its peak load,” he says. “You don’t have to be able to eat the elephant in one bite anymore.” REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

7/28/2006 8:33:25 PM

Cover Story | SOA

companies that are consolidated on a single infrastructure (like Microsoft) and don’t have complex application integration requirements are not candidates for SOA. Larger companies whose application infrastructure comes mostly from a single vendor (60 percent or more, according to the experts we spoke to) will want to think carefully about whether building their own SOA is necessary or wise. Then comes speed, and the need for it. If processes don’t need to change quickly, then transforming IT in order to be able to change them more quickly is pointless. At Owens Corning, 75 percent of its software applications come from SAP. Owens Corning’s products are manufactured and sold in similar ways around the globe, which means CIO Johns has long driven a strategy of business process integration through SAP’s applications. His goal is to unify all of the company’s worldwide divisions on a single version, or ‘instance’, of SAP running on a single database. He is also monitoring SAP’s strategy of service-enabling its applications to create a ready-made SOA for its customers. Global manufacturer Whirlpool has also bet big on SAP and global process integration, which, to Esat Sezer, the company’s

corporate VP and CIO, makes more sense than application integration. “I’m not dealing with that anymore,” he says. “I have outsourced that to SAP.”

Q: Creating a service requires more planning and design than traditional application development and integration. How much extra does serviceenablement cost?

A: Forrester’s Heffner estimates that the extra work involved in service-oriented development can range from 30 percent to 100 percent more at the design stage, which makes up 10 percent or less of the overall cost of an application project. The extra effort is necessary to create a service that can be used in many areas, each with their own particular needs. Transamerica’s Gleason says that, for example, services that deal with insurance premium payments from customers generally need to accommodate multiple delivery channels — say, a website, a bank wire transfer or a call center — depending on the process for each business unit. Understanding the ways each unit wants to consume the services is part of design work and is critical to getting units to agree to use the same service. But businesspeople are often aware of the extra effort required for services and may not want to pay for them. “I’ve

Find Your Balance How do you know when you can pull off an SOA? “SOA will only see adoption where there is a genuine need,” says S.R. Balasubramanian, executive VP, ISG NovaSoft. A large telecom service provider, he says, would

certainly benefit from SOA because it has a great number of applications that need to talk to each other and simultaneously integrate. SOA provides two kinds of integration — within an organization and with its outside partners. According to Balasubramanian, SOA works best when a company has several legacy applications that need to be integrated with the core application — normally an ERP. In such cases, SOA works like a broad highway where data can travel on a common platform without too many bumps. The typical benefit in similar cases is that SOA brings efficiency to service delivery. Take the example of an enterprise that wants to take absolute control of its

Business Process Management (BPM) and Master Data Management, and wants these two processes to be integrated seamlessly. SOA will work wonders. Integrating the two processes means taking data generated from the workflow apps and incorporating it with an ERP-based payroll system in order to be able to process salaries and record employee absenteeism. In such a case where you require a common master to connect all the applications from various vendors, SOA-type architecture will be of great use, says Balasubramanian, because, as a CIO, you won’t have to bother too much about the integration of applications.

— Rahul Neel Mani

S.R. Balasubramanian 32

Cover Story - Page 3 - 9.indd 32

executive vice president, ISG NovaSoft

PHOTO BY PRAVEEN KU M A R

Q: When is SOA not a good idea? A: Complexity is the prime prerequisite for SOA. Small

heard this a hundred times,” says Gleason. “A business sponsor says, ‘Well, if you’re going to make me pay for creating this service the first time, you just blew away the cost benefit of my project, and it’s not going to get sponsored. And so I want you to go ahead and hard-code the integration because I need that functionality.’ But then my job is to help them see how creating that service is not really a project artifact; it is a business architecture artifact. We’re creating a piece of our business infrastructure that can be reused and changed. Once you get people to understand the requirement for doing that, then they stop worrying about whether it costs more to create it initially than it would to hardcode the thing.”

Q: How much reuse can I expect from services? And what does that mean in money terms?

SOA Business Case The organization's’ client is yours too. Your way to SOA. When Kuldip Singh Bajwa, GM (operations, payment & settlement division), Punjab National Bank (PNB), decided it was time for one-point banking, SOA was the natural answer — but Bajwa started with the end-consumer. SOA should revolve around the customer when your central business process is tweaked in his favor. With a 450-strong IT staff, PNB knew that putting a core banking system in place was central to its business process. Today, the bank’s consolidated database provides single-point access to multiple customer accounts. It’s a handy tool when some customers have 50 accounts at 50 locations. Singlepoint access enables the bank to consolidate various savings accounts and even demat account information. The customer gets multiple services, including letters of credit, out of a single account. Bajwa says this is the best business case for a banker’s SOA. The question that arises, says Bajwa, is: since CIOs can’t afford to buy a million services, how do I know which ones will provide the most value? The right RoI inflection point for a good SOA is when you are able to provide customer services from a single access point and location, preferably out of the customer's office. A single point of contact makes for a convincing argument for SOA since it creates long-term value for the bank. PNB is now taking this openended architecture a step further by encouraging corporate customers to connect their internal accounting systems to the bank’s core banking systems through secure Internet corridors, says Bajwa. “This helps them to auto-update their corporate and salary accounts, letters of credit, and various outstandings with the bank.” — Ravi Menon

A: Reuse of services can vary widely and depends on the rigor of the design, which in turn depends on the abilities and experience of the developers and project managers, says Heffner. Reuse also depends on the level of architectural planning that surrounds the specific service. For example, a service has more chance for reuse if it is developed as part of a broad SOA strategy that includes uniform development methodologies, a centralized architecture planning staff and business analysts who can examine processes across the company and incorporate the unique needs of the business units into the design of the service. “If a service isn’t designed with knowledge of how other parts of the organization may want to use it, it’s unlikely that those groups will adopt it,” says Gleason. Worse, designing a one-off service could lead to duplication of effort down the road. “You may need to create a second service to complement it because you don’t have time to modify the first, or perhaps you’re going to have to rebuild the thing because now it doesn’t meet your requirements,” says Gleason. “In the long run, there’s no hope for business process integration, or business process management, if I don’t look at services from an architecture perspective.” But if a service can be reused even once, it can have an exponential effect on savings, according to Heffner. Even though services require more up-front design work, reuse means there will be no costs for design, coding or unit testing the next time around. Together, these steps account for about 40 percent of a software project cost. VOl/1 | ISSUE/18

Cover Story - Page 3 - 9.indd 33

Kuldip Singh Bajwa GM (operations, payment & settlement division) Punjab National Bank

Veterans caution that it’s difficult to predict the reusability of services. Sizing the services properly (known as granularity) so they don’t try to do too much or too little is an art. “We have challenges with granularity,” says Howie Miller, VP of integration architecture for IBM’s internal IT group. “I’d say 30 percent of our assets drive 90 percent of the return because they are sized better,” says Miller. Heffner agrees: “At one auto company I’ve talked to, they had some services that were used 20 times and others that were used only once.” REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

7/28/2006 8:33:41 PM

Cover Story | SOA Q: I need to show value to the business for

everything I do. How do I balance the architecture planning with the need to prove value to the business quickly?

A: Architectural planning is time-consuming. Serviceoriented development, drawing upon well-known programming principles and widely available technology standards (such as SOAP, HTTP and so on), can happen a lot faster. But the two need to happen in parallel, say experts. “We do development projects as needed and then on the side we have a longer multiyear project of mapping out the processes and building enterprise-level services,” says Kurt Wissner, managing director of enterprise architecture and development for American Electric Power (AEP). “People need to see the benefit of SOA pretty quickly. That’s why I like the project route, because otherwise you don’t have anything tangible to sell to anyone about why you’re doing this.” While it would help to have the architectural plan and the process mapping in place before building the services (to improve the chances for reuse), architecture planning has no short-term payback, which can be devastating. “I tried to boil the ocean at another company and I failed,” recalls Wissner. “We did a big multimillion-dollar architecture plan that duplicated what we already had. It didn’t provide much value over traditional pointto-point

integration, and we had nothing to show for our efforts. If you start with the entire enterprise, there are too many risks.” By taking the enterprise planning in smaller chunks at AEP, Wissner can more easily recover from setbacks. “We’ve had hiccups but could take corrective action because the issue wasn’t that big,” he says. “If you break it into simpler pieces, it’s more easily digestible.” “Business processes change all the time,” adds Praveen Sharabu, director of enterprise architecture and infrastructure for transportation company Con-Way. “Nobody can wait for two years while you document everything, and it will be obsolete by the time you finish.”

Q: I can’t afford to build a million different services. How do I know which services will provide the most value for my investment?

A: When in doubt, start with processes that involve customers, directly affect revenue and address a specific pain point in the business. A 2006 survey by the Business Performance Management Institute found evolving customer needs and preferences to be the top driver in business process change or the introduction of new applications, followed by competitive threats and new revenue opportunities. (Cost savings was a distant fourth.) “Externally facing applications are the ones that provide the most business value, and they have a good set of change requirements that come up very often,” says Gartner’s Sholler. “If you can improve those applications by 10 percent, it’s better than improving lower-level applications by 50 percent.” Of course, adds Sholler, SOA may not provide

Services on Track By bringing ‘service oriented-ness’ to its freight management, the Indian Railways is making its freight business profitable and customer-friendly For the remainder of this year, the Indian Railways will complete the rollout of an IT project that began nearly seven years ago, aimed to both make the carrier’s operations more efficient and accessible to freight customers. Indian Railways, Asia’s largest rail network, derives about two-thirds of its revenues from freight customers — PSUs and a host of private firms — moving a mindboggling number of commodities several thousands of kilometers criss-crossing the subcontinent. Keeping these valuable customers informed of where their goods are at any given time, and giving them an accurate expected time of arrival (ETA) was one of several important tasks to be streamlined. 34

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Another was to ensure that locomotives, wagons and rakes were used optimally. A third important objective was to make payment transactions painless and fast. In each case, manual intervention was cut down drastically using computer applications; customers went from making phone calls to the Railways office to getting timely e-mails; and physical demand drafts made way for electronic fund transfers, facilitated through a browser. Envisaged for the future is scheduling trains in realtime, supported by an automated system of gathering information about train whereabouts and their ETA. (Freight and passenger trains are separate, but move on the same tracks and often to same destinations.)

VO l/1 | ISSUE/18

7/28/2006 8:33:47 PM

Cover Story | SOA more value than, say, a good packaged application. “But if it’s something you would have to build yourself anyway, you need to do it service-oriented,” he says.

Q: How will SOA affect my IT group? A: If you have a decentralized company, be prepared for a struggle. SOA drives centralization. Indeed, it demands it. “You have to have someone heading it up, and you have to have one individual or small team manage the architecture,” says Eric Falls, senior system engineer for Fastenal, an industrial and construction supply company. “If each team is left to itself, they may each come up with different ways of building services. You need one group, one set of research and someone to make sure the development groups are sticking to the service development methodology.” As the service portfolio grows, the development process may begin to look like an assembly line. “It becomes a factory,” says AEP’s Wissner. “You have different project teams that you funnel work through, which grow and shrink as required.” Once the SOA factory gets ramped up, expect to add more project managers, business analysts and architects as the productivity of the developers increases, says ProFlowers’ Hall. “Two developers can now do the work of six,” he says. “That means the architects and project managers are running to keep up with the output of the engineers. We are probably doing 50 percent more work than we did three years ago.” Those programmers need to understand object-oriented programming and distributed applications — and that means an investment in training. According to the CIO/Computerworld

Sounds simple, and therein lies its beauty: much of this project was built in such a way that the Railways’ existing computer infrastructure could be used more efficiently — ‘service oriented-ness’ was brought in. Disparate parts now talk to each other. In 2000, the Center for Railways Information Systems started rolling out the Freight Operations Information System (FOIS), using two SOA products from BEA. R.B. Das, group general manager of CRIS, says, “The integration and compatibility of BEA Tuxedo with other operating systems and the client servers of the other companies was important to us.” Using SOA and WebLogic Server opened new ways to keep the customers informed, says Dhruv Singhal, head of professional services at BEA Systems India.

Vol/1 | ISSUE/18

Cover Story - Page 3 - 9.indd 35

survey, only 25 percent of respondents have the staffs they need for SOA — 49 percent said they are planning or have training programs in place for current staff to bring them up to speed.

If You Can’t Beat ‘Em, Integrate ‘Em In the new SOA world, enterprise vendors suddenly are eager to ensure their application suites can play well with others. In the ‘90s, your integration strategy was simple: buy as many pre-integrated applications from a single vendor as possible. That worked for you, and very well for the vendor; integrated application suites fetched a high price and required long-term maintenance and support contracts that promised a steady, predictable stream of revenue from customers. Even better, CIOs’ fear of integration pain gave vendors a built-in sales advantage whenever a company wanted to add a new application to its stack. It was easier for the CIO to pick a pre-integrated application from the dominant vendor than to take a risk on a best-of-breed newcomer — even if its application had better functionality — because expensive integration disasters had become the much-publicized bane of the industry. Better to have disappointed users, CIOs reasoned, than headlines in The Wall Street Journal. But service-oriented architecture produced a shift in integration strategy. SOA makes the radical assertion that the enterprise application infrastructure is irrelevant. Technology is constructed according to services specified by the business,

It also allowed CRIS to give customers more controlled access to the Railways’ systems. The browser-based access to different applications that CRIS was running meant everyone had quicker access to just the information they needed. The Railways got management information system reports in half a day — something that used to take up to a week. Customers too got restricted access to MIS reports for their cargo shipments. A phased integration of payment gateways is happening and high-end users involved in business-to-business transactions will get consignment information — loading, unloading, transit and delivery reports. They can pay online at any of the nodal customer centers once FOIS is completely rolled out. FOIS has a Rake Management System, which has been rolled out completely and

a Terminal Management System that has covered between 40 and 50 per cent of terminals so far, says Singhal. FOIS uses a hub-and-spoke model — information is stored at a central site with the other points being given access rights. Customers can get information from nodal centers. Already, wagon turnaround time has reduced from eight days to six days and it is expected to go down further, riding on the ready-made reports with the divisional offices and loading-unloading points, according to Singhal. It won’t be long before the wagons are tagged with RFID chips, with which manual intervention in tracking the rakes will be eliminated completely and real time reports will be generated, he says.

— Harichandan Arakali REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

7/28/2006 8:33:52 PM

Cover Story | SOA not by processes contained within a vendor’s software box. In this scenario, packaged software is a piece of the service, just another component in a larger business process — such as an insurance claims process that links a jumble of functions and data inside ERP, CRM and old mainframe legacy systems. The application’s vendor doesn’t matter anymore; the linkages between the applications is the important thing. As a result, the vendors’ integration strategies have become more important than the features of their software. (Both dominant enterprise software vendors, Oracle and SAP, have begun offering integration middleware to go along with their software suites, although both are sticking with the big, integrated software suite vision.) In the brave new world of SOA, the big software vendors have decided to take a page from Microsoft’s playbook and duplicate the Windows strategy. With the Windows operating system running on 95 percent of PCs, software developers are

If you have a decentralized company, be ready to struggle. SOA not only drives centralization, it demands it. eager to create software that works with Windows because it means they can reach the most customers and make the most money. As a result, the thousands of applications available for Windows today ensure its dominance in the operating system market tomorrow. Similarly, the big enterprise software vendors are trying to ensure their futures in an SOA world by assembling ecosystems around their core applications. For example, the most startling change in strategy comes from SAP, long the dominant player in ERP. For years, SAP resisted alliances with other software vendors and insisted on building its own applications. But post-SOA, SAP is busy service-enabling its applications and using its new middleware software, NetWeaver, to entice companies to build software to run on the NetWeaver platform (which incorporates Web services standards). Online CRM software provider Salesforce.com has created AppExchange, where developers can download free software to integrate their software add-ons with Salesforce’s core software. Oracle, meanwhile, has been 36

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Cover Story - Page 3 - 9.indd 36

busy building its platform through acquisitions, including middleware software that is the linchpin for its SOA pitch. With CIOs reluctant to upgrade to new versions of enterprise software, the big vendors are saying, “Look, we can’t sell with our old value proposition anymore,” says Gartner’s Sholler. “So they’re trying to make [their software] the foundation for other solutions in markets they haven’t been able to reach.” But this strategy has put the enterprise application companies on a collision course with traditional middleware providers such as BEA, IBM and WebMethods, which are coming to the SOA party from the bottom up, through the integration infrastructure layer. “Everybody is winding up tangled up in the same space,” says Sholler. Although the integration infrastructure companies have much more experience with the foundational elements of SOA, all vendors are looking to build long-term relationships with customers. Consequently, despite the abundance of Web services standards embedded in their products to ease integration headaches, everybody has a proprietary hook somewhere. Oracle’s Fusion applications will work only with Oracle’s database. SAP’s new applications require NetWeaver middleware, according to Gartner and Forrester Research. Even the integration infrastructure companies have enough proprietary elements to make it difficult to swap out their integration software. The bottom line for CIOs? Beware vendors pledging to build your SOA for you. Unless, like Whirlpool’s Sezer, you’re not worried about dependence on your vendor, which in Sezer’s case happens to be SAP. “What’s wrong with being dependent on a vendor as long as I’m providing value to my company with the solution?” he asks. But CIOs on the whole fear dependency, especially in the current wave of consolidation, according to a 2005 Accenture survey of CIOs. While 65 percent of CIOs said vendor consolidation makes for a more integrated software infrastructure, and 61 percent believe it will reduce their vendor management burden. Eighty-seven percent said vendor consolidation will lead to lock-in, 61 percent believe it will decrease price competition, and 57 percent believe it will reduce pressures for vendors to innovate. Only 35 percent saw vendor consolidation as a good thing. For SOA believers like Transamerica’s Gleason, annuity products and services division, an independent SOA controlled by the CIO is one of the best protections against lock-in. “No one vendor can be all things to everyone,” he says. “There’s always going to be somebody out there who will be able to do a piece of your process better than anybody else can. And the first company to adopt that is going to have competitive advantage.” CIO

Send your feedback about this feature to editor@cio.in

Vo l/1 | ISSUE/18

7/28/2006 8:33:52 PM

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

VIEW

from the TOP

Deepak Puri, managing director of Moser Baer, asserts that while finance and IT are disparate functions, there is a strong case for them being two sides of the same coin.

Figuring out the

IT-Finance

Blend

by Rahul Neel Mani The world we see today wouldn’t have been possible but for the coming of age of IT, believes Deepak Puri, managing director of the Rs 1,700crore Moser Baer. His vision is to use technology to achieve remarkable levels of precision and operational efficiency. Information technology, says Puri, has been the DNA of the Indian company ranked among the top three optical media storage manufacturers in the world. And he’s put his money where his mouth is, using IT-enabled processes to supply 200 product variants to over 80 countries. In this interview, Puri spells out how it’s all been possible — and the role of the information superhighway in Moser Baer’s success.

CIO: How important is IT to Moser Baer today? Deepak Puri: View from the top is a series of interviews with CEOs and other C-level executives about the role of IT in their companies and what they expect from their CIOs.

AU G U S T 1 , 2 0 0 6 | REAL CIO WORLD

View from the Top - Deepak Puri38 38

There was a time when the only source of information was Encyclopedia Britannica. Today, if I require information, I just hook onto the Internet. IT is about the power of information, which we use in enterprise

everyday. We export thousands of SKUs (stock-keeping units), apart from which we have customers all over the world. Don’t forget, ours is a business in which people who are averse to risk can’t survive. We don’t get orders for six months in advance — we get monthly orders. Further, this is a nasty market which can ruin my reputation anytime. If

Vol/1 | ISSUE/18

7/28/2006 7:26:24 PM

Deepak Puri expects I.T. to Bring total transparency to the supply chain Enable Moser Baer to reach high levels of efficiency

PhotoS by praveen kumar

Keep people ready with information anytime, anywhere

you buy a Moser Baer product and, say, it doesn’t work or if data gets lost, you will tell the entire community around you not to buy the product. Moser Baer sells optical media products all over the world, and still keeps track of them instantaneously. The customer sends us orders using the information superhighway and expects to know in 24 hours what the status of his order is. It’s all been made possible by our IT deployments. Because our customers’ businesses are largely

Vol/1 | ISSUE/18

View from the Top - Deepak Puri39 39

dependent on our production and output, the transparency and speedy exchange of information is vital. And that is provided by the innovative use of IT.

What are the synergies in producing IT products using IT? This is an interesting feature of any technology manufacturing industry. The speed at which the technology space

is evolving globally is both fascinating and challenging. It’s fascinating because technology is making life simpler for consumers, while the challenge lies in giving the technology to consumers at the right price point. As the lowest-cost producer of optical media in the world today, a large part of this advantage can be attributed to information technology or modern-day electronics embedded in our manufacturing processes and R&D. Moser Baer has developed a unique software for logistics and production

REAL CIO WORLD | AU G U S T 1 , 2 0 0 6

7/28/2006 7:26:27 PM

View from the Top

planning, which sits on the ERP, and also talks to the entire supply chain on a real time basis — wherever you may be in the world. We pride ourselves in having over 99 percent on-time deliveries to our customers. This would not have been possible without strong systems and our technology backbone. I do agree that the usable technology is created by excellent minds, and feel that it is most practical for us to have the right people in the right place. I personally take care of this right blend in this company.

To what extent is IT aligned with Moser Baer’s business goals? This is a constantly evolving exercise. Some of the important business goals of an organization would be: Customer delight Increasing profitability Employee engagement A robust technology infrastructure can provide critical information to people to assist them in taking right actions at the right time to meet the business goals. At Moser Baer, we have been able to align this to a large extent, borne out by the fact that we have not lost a single customer since our inception. This has been facilitated by a strong information technology system enabling seamless working of different functions towards strong customer orientation.

How can a CIO contribute to the enterprise attaining its business goals? We realized the importance of IT to business a long time ago, and we have ensured that the IT function is well aligned with other business functions. This is the reason our group CFO takes the responsibility of the CIO for the group. I agree that the technology function should be kept separate from that of finance. 40

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

View from the Top - Deepak Puri40 40

“Customers’ businesses are largely dependent on our production. So the speedy exchange of information and transparency is vital. That is provided by the innovative use of IT.” — Deepak Puri

But if you have a finance person who has enough knowledge of systems, that would be the perfect example of attaining the ITbusiness alignment. Most of IT is targeted towards accounts and general finance, be it HR or payroll. Someone who has a blend of finance and technology would easily understand what kind of systems is required to achieve the desired results.

On the other hand, a pure IT person — however strong his knowledge base may be — wouldn’t really be able to achieve the cost effectiveness if he has little or no knowledge of finance. As a result, I would say the CIO has to have a blend of the two areas mentioned above. The CIO has to think through business and has to have decent knowledge of how crucial it is to have effective control over inflow and outflow of money used for business.

Has IT had a direct impact in keeping control over bottom lines? Our internal cost sheets are precise to the fourth decimal place, which signifies our extent of focus on costs and efficiencies. This is again possible only if we have a strong IT backbone that provides management with a real-time dashboard to take critical decisions at the right time. Today, if my supply chain is not connected to me on a 24/7 basis, I can’t think of doing business at this pace. When I say that we supply products to over 80 countries, it’s not physically possible to go to each location and conduct buying and selling. But yes, it’s possible by using IT, and that’s where the bottom lines are under control and efficiency is at an alltime high.

What would you attribute Moser Baer’s success to? We compete in a market that is one of the fastest evolving marketplaces, and we compete with the best. Globally, we supply products to top-tier technology brands. To achieve superlative results, there is a need for a strong technology backbone running throughout the company and one that integrates with customers — both buyers and suppliers. Today, Moser Baer has complete automation from order placement to production planning, efficiency mapping

Vol/1 | ISSUE/18

7/28/2006 7:26:31 PM

View from the Top

and quality control, packaging and logistics management, and finally product delivery. Such automation becomes more complicated when you talk about 3 billion discs and 200 product variants supplied to all major technology brands across 81 countries with very tight delivery schedules. Can we even think of this kind of movement without heavily embedded information technology in our systems and the way we operate? As I said earlier, IT has brought transparency to the whole supply chain. On the very next day of placing an order, the customer has knowledge of the production cycle and post-production activity, including the dispatch. It is no less than tracking a parcel of DHL or Blue Dart. That’s what we need from IT and that’s what we are getting.

Do you think IT has played an effective role in Moser Baer’s quest to innovate and market newer products? In any R&D-driven manufacturing organization, IT is a key facilitator that binds the entire product development cycle. One example specific to us is the utilization of high-end hardware to support the design of groove geometry for manufacturing better and efficient optical storage media discs. Until now Moser Baer was just manufacturing optical media. Tomorrow when we have four more products to launch, nothing else but information technology will enable us to do so.

How do you link the scalability of business with information technology deployment? It is impossible to efficiently run and scale up any business without

Vol/1 | ISSUE/18

View from the Top - Deepak Puri41 41

technology. Today, IT is a DNA around which successful transnational corporations are being created. A company’s entire business model can be dramatically altered by the manner in which it leverages information technology. One of the critical differentiators between an average company and a good company is the quality of systems and IT infrastructure. IT can significantly add value to an organization. For instance, cost effectiveness is a given for any IT deployment.

SNAPSHOT

MOSER BAER Product offering:

Optical Storage Media

How would you rate the success of enterprise visà-vis the work of the CIO in your own company?

It’s a timely question. Even before coming for Turnover: this interview, I spent 5(March 2006) Rs 1,700 crore 10 minutes with my CIO. I wanted to know whether I.T. BUDGET 0.7% of turnover I really know the role of a CIO of a company before Sales & Marketing Offices commenting upon it. We 6 just want to use IT whenever Manufacturing we need it. We are not at all Locations concerned about what goes 5 in the backend to create Employees that kind of information What are the 7,000 (including contractual staff) superhighway. Today, I often key performance have video-conferences IT Staff indicators that 20 with my business partners. you have marked Without having a good CFO and CIO for your CIO? Yogesh Mathur IT leader and his team in place, it would not have One of the key been possible to talk with performance indicators for a CIO could be the level of cost savings and see the people sitting thousands enabled by IT over a period of time. IT of miles away. The success of an enterprise reflects can also increase capacity effectiveness and efficiency. Another indicator on the the efficiency of its IT systems and, intangible side for the CIO is how IT can hence, its operations. And a CIO acts as improve the capacity of each individual the facilitator for efficient operations and in the organization and, hence, its overall growth of an enterprise. I believe both go productivity. I think a CIO is a critical link hand in hand. CIO between the company and its progress. For me, the most important indicator of successful technology deployment is about getting information on time. If my CIO is capable of delivering a platform that enables each Moser Baer employee to access the right information at the time of requirement, I think he has proved his competency. A CIO is just like an excellent cook in a kitchen who is catering to the demands of different types of users who have different Bureau Head North Rahul Neel Mani can be reached tastes and need different dishes. at rahul_m@cio.in

REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

7/28/2006 7:26:31 PM

The Security Plan For Your

BY THOMAS WAILGUM

Take advantage of the latest security tools and keep your users informed if you want to achieve wire-free bliss.

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

Vol/1 | ISSUE/18

Wireless Security

liver Tsai sees it every quarter. Fresh-faced medical students, new to Sunnybrook and Women’s College Health Sciences Centre and armed with the latest Wi-Fi-enabled laptops, see no reason why they shouldn’t be able to hop right onto Sunnybrook’s wireless network with those shiny new laptops they just bought. The same scenario plays out with doctors and office managers and anyone else whose new gadget automatically sniffs the airwaves and picks up signals from Tsai’s wireless LAN, or WLAN. “They can see what’s available, but because of the security, they can’t access the network until the device is properly configured,” says Tsai, the director of IT at the academic health sciences center in Toronto. It’s a lookbut-don’t-touch situation that can frustrate users — but, Tsai says, it’s a necessary, if temporary, frustration. Whether they’re medical students, CEOs or cube dwellers, today’s mobile phone and BlackBerry-equipped workers are clamoring for even greater wireless access while on the job. It’s nearly certain that their company-issued laptop has a Wi-Fi chip built-in, and they see no reason to be shackled to their desks anymore. Yet IT executives are still distrustful of wireless LANs because of perceived security nightmares such as wireless denial-ofservice attacks and network breaches. “They are scared,” says Nick Selby, an enterprise security analyst at The 451 Group. A

Vol/1 | ISSUE/18

December 2005 Forrester Research report echoes Selby’s take: security is the numberone obstacle when acquiring wireless technologies, regardless of industry. But some of those fears may be based on old news. “Most of the security problems that have scared away early adopters have been solved,” says Selby. New authentication and encryption schemes (such as 802.1x for user access and 802.11i advanced encryption standard, or AES) are more vigorous. And vendors now offer intrusion-detection products and architectural schemes that make enterprise wireless networks just as safe as wired ones. “Most of the things you’ll need to do [for security] will come from the vendor. It’s just a question of turning it on,” adds Selby. Last year, Gartner went so far as to say that Wi-Fi was one of the most overhyped IT security threats. So for 2006 and beyond, here are the five security areas that will help you and your users get the most from a wireless LAN — without all the nightmares.

Start Planning First questions first: why do you need a WLAN? Who’s going to use it and for what purpose? And what are the necessary internal and external safeguards? By

Reader ROI:

How to develop a secure and user-friendly wireless network How to weave a wireless policy within your existing wired one

answering those questions early, CIOs can also determine just how much security their WLAN will need. IS Director Bill Tomcsanyi’s initial plan last year was to implement a wireless network beginning in the emergency department at Torrance Memorial Medical Center. The more he looked at then-current security safeguards, the efficiencies his clinicians and administrators could realize, and the relatively low cost to install the network, the more he thought of enveloping the entire hospital and other buildings on campus, which is what he did. “[Wireless] is absolutely an integral part of our fiveyear information technology plan,” says Tomcsanyi. “In the end, we’re providing faster patient care and eliminating all of the things that could lead to errors.” Once CIOs have an idea of what they want, the next challenge is to quantify the capital outlay and the expected benefits — but don’t expect to produce hard numbers. “We haven’t been able to quantify why these networks are worth making the investment,” says Joel Conover, a research director with research firm Current Analysis. Instead, the benefits are mostly soft, such as increased productivity and efficiency because users can go anywhere (conference rooms, outdoor patios, the cafeteria) and tap into the network if there’s a wireless access point (AP) in range. And even without hard ROI, some CIOs find adequate value. “[Our users] can stay connected to Lotus Notes and the CRM and ERP packages, and can cleanly and easily move and stay connected consistently,” says Steve McDonald, VP of REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

Wireless Security IT of Optimus Solutions, a Rs 414-crore integrator and reseller of software and hardware. McDonald has covered some 25,000 square feet of space with nine APs using 802.11b/g networking capabilities. But Ellen Daley, principal analyst with Forrester Research, sums up the consensus of today’s WLAN deployments: “For primary data access to every network in the enterprise, [Wi-Fi] is really an additive — not a replacement [for the wired network]. And it’s an additive cost.” Payback figures from WLAN vendors are a bit rosier. On a typical installation using 802.11a, b or g, for example, Nortel claims that organizations can realize a 2 percent to 3 percent productivity improvement for users and a payback on the WLAN investment in a year’s time.

Write the Book The industrious cube dweller or visiting contractor who plugs his wireless router into an Ethernet port probably doesn’t have evil intentions. But it’s up to you to make it clear to every user how bad such behavior can be: this rogue access point now sits behind the outwardfacing protection of the firewall and can’t be detected by most intrusion-detection systems. So, somebody sniffing the air with a simple, inexpensive handheld device or wireless-enabled notebook could lock onto the signal and have full access to the corporate network. “You have to define the policy for your wireless LAN: when people can use it, the restrictions on use, or guest-access use for consultants and partners,” says Daley. CIOs cannot overestimate the amount of user education needed for a wireless LAN policy. Users don’t need to know how to tell a media access control (MAC) address from an service set identifier (SSID), but they do need to know right from wrong. For example, they need to know about being tricked into accessing a wrong (and potentially malicious) access point that doesn’t belong to their organization. “It really requires that awareness of a new set of risks that this freedom permits,” Selby says. Next, CIOs agree that a new wireless policy must dovetail with the existing wired policy. “You have to follow the same rules of the road for wireless that you follow in the 44

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

wired environment,” says Bryon Fessler, CIO and VP of IS for the University of Portland. Since last year, Fessler has rolled out 50 access points in three buildings on campus, with plans for at least 25 more in the future. He takes every opportunity (face-to-face discussions, e-mails and

other get-togethers) to ensure that the 4,500 students, faculty and university members understand the reasons behind his wireless LAN policies. For instance, student laptops have to be quarantined, inspected for viruses and credentialed before they can connect to the WLAN.

Your Guide to

Standards 802.11 is a group of wireless networking standards, also known as Wi-Fi, set by the Institute of Electrical and Electronics Engineers (IEEE). A guide to the major flavors:

802.11a 802.11b 802.11d 802.11e 802.11g 802.11h

802.11i

802.11 802.11j

802.11n 802.11x

Standard for a wireless network that operates at 5GHz with rates up to 54Mbps. Standard for a wireless network that operates at 2.4GHz with rates up to 11Mbps. Specification that allows for configuration changes at the media access control, or MAC, layer to comply with the rules of the country in which the network is to be used. Standard that adds quality-of-service features and multimedia support to existing 802.11b, 802.11g and 802.11a wireless networks. Standard for a wireless network that operates at 2.4GHz Wi-Fi with rates up to 54Mbps. Standard that supports Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) requirements to ensure coexistence between Wi-Fi and other types of radio frequency devices in the 5GHz band. Standard specifying security mechanisms for 802.11 networks. 802.11i makes use of the advanced encryption standard, or AES, block cipher. The standard also includes improvements in key management, user authentication through 802.1x and data integrity of headers. Specification for wireless networks that incorporates Japanese regulatory requirements concerning wireless transmitter output power, operational modes, channel arrangements and spurious emission levels. A task group of the IEEE 802.11 committee whose goal is to define a standard for high-throughput speeds of at least 100Mbps on wireless networks. (The standard is expected to be ratified by 2007.) A standard for port-based authentication, first used in wired networks, that was adapted for use in enterprise WlANs to address security flaws in WEP, the original security specification for 802.11 networks. Source: Wi-Fi Alliance

Vol/1 | ISSUE/18

Wireless Security Where wireless education ends, authentication and encryption technologies step in as the enforcers of policy — they’re the teeth when all the talking stops.

Always Authenticate Authentication is one of CIOs’ first lines of defense. Boiled down, it is the ability to ensure that the client (laptop or other device) asking to latch on to the network signal is both what it claims to be and has been given permission to use the WLAN. Right now, the 802.1x standard for portbased authentication, which originated in the wired networking world and has been retrofitted for WLANs because of the deficiencies of the wired equivalency protocol (WEP), is one of the top tools for credentialing users. The protocol behind 802.1x is called EAP, for extensible

corporate wireless data network. Since he has a Microsoft shop on the systems side, Tsai is able to take advantage of the controls in Windows XP, which supports EAP. Another authentication scheme that bridges the wired and wireless worlds is called NAC, or network admission control. This Cisco-led initiative is a network-based policy, which ensures that devices looking to hop onto a WLAN are both trusted and free of worms, viruses and spyware. At the University of Portland, Fessler uses NAC to quarantine new devices, run diagnostics and then allow users onto both the wired and wireless LAN; his system also uses an Active Directory database to verify users in the system and grant them access to an ERP system or student database, for example. “It applies the trust-and-verify” line of thinking, he says, which works very

A significant security mindshift during the past several years

has been the change from a defensive

WLAN posture to one that is more offensive. CIOs shouldn’t sit back and wait to be attacked. authentication protocol, and it uses encrypted tunnels to exchange information (user names and passwords) between device and network. According to WLAN vendor Aruba, although an intruder can monitor the exchange over the air, data inside the encrypted tunnel cannot be intercepted. Because EAP is used on wired networks, it’s attractive to CIOs pushing a unified network strategy. Its mutual authentication ability gives users the added protection that the network they’re seeing is actually legit — and not a hacker’s fake access point (referred to as an ‘evil twin’). Client-based software from vendors such as AirDefense and AirMagnet can help as well. Tsai of Sunnybrook and Women’s College Health Sciences Centre uses protected EAP for his authentication to access the 46

Feature.indd 46

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

well in an open university environment, where students have a notion of many technological freedoms.

Encrypt Well Authentication and encryption go handin-hand, and both received a much-needed boost, in March, when the Wi-Fi Alliance announced that WPA2 — the strongest encryption specification for 802.11 — was now mandatory on all Wi-Fi products. WPA2 stands for Wi-Fi Protected Access 2 and is the long-awaited successor to WPA (which itself supplanted the earlier WEP standard). “WPA has some questions, but WPA2 is pretty darn good,” says The 451 Group’s Selby. While authentication is about ensuring mutual trust between device and network,

encryption is ensuring that the connection and data transfer is safe, “so that someone with malice can’t start looking at the packets,” says Tomcsanyi. Laptops and access points with WPA2 inside use the advanced encryption standard to provide the top level of security. If CIOs want to dive deep into the technical schematics of WLANs and access points, they certainly can. But thanks to the maturing vendor technologies, the encryption plan is fairly straightforward: just turn WPA2 on. “It sounds like a very complex situation, but it’s not,” says Optimus Solutions’ McDonald. Of course, the base elements of authentication and encryption require industrial-strength user names and passwords — ones where attackers cannot easily guess them (such as eight or more characters and a mix of alphanumeric and other characters). That concept should “almost go without saying” in this day and age, but according to Daley, “you’d be surprised at how many companies don’t do that.” That sentiment is backed up by security vendor Kaspersky Labs, which estimates that about 70 percent of Wi-Fi networks do not use any type of data encryption.

Sniff out the Bad Guys A significant security mindshift during the past several years has been the change from a defensive WLAN posture to one that is more offensive. CIOs shouldn’t sit back and wait to be attacked; new technologies can detect, locate and shut down attacks before they do damage. “It’s critical that enterprise environments have the tools that allow them to police their own networks,” says Tsai. And for those CIOs who still say no to WLANs, they’d better make certain that’s really the case by monitoring their airwaves. “It’s strange: let’s deploy Wi-Fi sensors in an environment where you have not deployed Wi-Fi,” says The 451 Group’s Selby. “But having a way to search for rogue networks is a must.” Sunnybrook and Women’s Tsai has spread out 300 APs over three distinct campus environments in the Toronto area — two urban and one suburban campus. He uses an AP detection-scanning technology that’s built into Symbol’s WLAN products, and his experience verifies the notion

Vol/1 | ISSUE/18

The that dense, urban areas are much more dangerous than suburban locales. “There’s a significant number of rogue detections in the hospitals downtown surrounded by offices and apartments,” Tsai says. At the suburban campus, “we pick up very few”. While intrusion-detection systems (IDS) aren’t all that new, it’s the new prevention part of the IDS equation that is helping to cut off threats before they can manifest. At Torrance Memorial Medical Center, Tomcsanyi has a detection system in place and is rolling out a new prevention element by the third quarter of this year. “This takes more of a proactive approach,” he says. Using new technology from vendors such as Aruba, the access points act as both radio frequency connectors and wireless sensors for intrusion prevention, which can save on costs from having to install both the APs and a separate IDS. (Tomcsanyi, however, says he plans to continue using multiple security systems — such as a new intrusionprevention system from Cisco to be installed later this year — in concert with each other.) “Anyone who doesn’t monitor their WLAN is looking for future problems,” says Fessler, who uses a detection and prevention product from AirSpace (which was recently acquired by Cisco) inside his Cisco infrastructure. “At a centralized level, we can see the rogues and shut them off.”

Playing Field Don’t be scared. Here’s a look at some of the leading WLAN vendors and their encryption, authentication and intrusion-monitoring products.

AirDefense Its Enterprise suite offers automated, wireless intrusion prevention, scalability, policy enforcement and troubleshooting for enterprise wireless networks. www.airdefense.net

Aruba Networks Its Mobile Edge System has controlled access points that are able to tunnel wireless user traffic to controllers over the lAN. Aruba recently integrated AirMagnet’s WlAN analyzer applications into its WlAN platform. www.arubanetworks.com

Cisco Systems The company bolstered its security offerings by acquiring WlAN security vendor Airespace, whose Unified Wireless Network offers a centralized management system, intelligent network access controls and real-time location services. www.cisco.com

Network Chemistry Its RFprotect product suite offers wireless monitoring and intrusion prevention, security policy enforcement and automated remediation. It also signed a licensing deal with Xirrus, which will integrate RFprotect’s Distributed product into Xirrus’s WlAN Array system. www.networkchemistry.com

Segregate Traffic

Trapeze Networks

Though it may seem like an insane idea to security-minded CIOs, many IT execs are opening their wireless networks to the public: guests and business partners who want to surf the Web and check e-mail while in the buildings. Tomcsanyi says that his ability to give patients and other visitors wireless access is a valuable asset in the field of health-care. Torrance Memorial Medical Center has 211 APs throughout its five-building campus that provide 100 percent wireless coverage, says Tomcsanyi. He is able to offer public Wi-Fi because he has the ability to segregate traffic within the architecture. There’s an open network just for patients and guests, and a secure corporate network that gives the encrypted connections for employees. The two networks stay separate.

Its Mobility System automatically detects, identifies and locates rogue access points and ad hoc users, and can launch countermeasures. www.trapezenetworks.com

Vol/1 | ISSUE/18

According to Cisco, a wireless guest network is an easy way to allow access while eliminating the need for IT personnel to authorize each user. Guest networks use an open security method segregated on a specific SSID (a unique name for each WLAN) that routes traffic to a network that accesses the public Internet only. Tomcsanyi cites increased patient satisfaction levels because of the WLAN access. While wireless networking has come far in a short time, CIOs now need to realize that the security mechanisms have

finally caught up with much of wireless’s blistering hype. “It used to be that you’re going to have to sacrifice some security policies and procedures because you want to have that wireless connectivity,” Fessler says. “Now I’m not having to sacrifice that.” CIO

Send feedback on this column to editor@cio.in

REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

Il lustratio n by PC Ano op

Rural Reform ****************

Jobs e-Guaranteed BY H a r i c H a n da n a ra k a l i

Andhra Pradesh has taken a significant step in its efforts to curtail corruption by implementing the National Rural Employment Guarantee Scheme. Its deployment of a Web-based software solution has made the chain of tasks more difficult for elements with vested interests to break.

Modern computers, which no longer need dust-free and

Flagged off in June this year, the solution has gone live in 657 mandals across 13 districts in the state, according to implementation partner air conditioned cabins, might still turn to junk on the unforgiving TCS. The firm says that one of the ways in which accountability stretches of land in rural Andhra Pradesh. But, housed in concrete has been built into the solution — from the point a rural household buildings in district, taluk and mandal centers, they might just offer approaches its gram panchayat for a job to the point of payment for a glimmer of hope to lakhs of rural households for whom the the job done — is to track the cash flow. At least one critical transaction National Rural Employment Guarantee Scheme has been started. at every stage passes through the computers, making it difficult (but Andhra Pradesh has become the first to use a combination of not impossible) to steal from the poor. computers and an e-governance software application that promises “The new system has been adopted to ensure that contractors and to reduce, if not do away with, corruption in getting jobs to people vested interests do not hijack the employment scheme — every rupee who most desperately need it. It has also thereby facilitated spent and the status of the work done, or in progress, will be effectively payment of fair wages — to one person in every household in the tracked,” said K. Raju, a principal secretary to the state for at least 100 days a year. state government, attached to the department The Andhra Pradesh Rural Employment Reader ROI: of rural development, at a press conference to Guarantee Scheme (APREG), which is the How to introduce accountability in announce the launch of the software solution. state’s implementation of the project backed a rural welfare scheme Raju also announced a website that will by the central government, is using a Web Distributing costs between give ‘complete information’, including details enabled information and communication government and private partners of job-card holders, household employment, technology solution developed by IT services The challenges thrown up by IT-enabling such a scheme status of work, and payments made, which firm Tata Consultancy Services (TCS).

Vol/1 | I ssu E/18

REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

Rural Reform **************** includes the bank or post office account number to which the payment has been made. Some 35 lakh rural households will register for wage employment under the scheme in Andhra Pradesh. The scheme is to be implemented in every state, with bulk of the financial support coming from the central government.

The end-to-end ICT solution will help in simplifying tasks such as issue of job cards to rural households, identification of work to be undertaken, generation of work estimates, work execution and wage payment. Using the solution, the time taken to generate work estimates has been reduced from 15-20 days to minutes, says TCS. Because the solution is Web-enabled, irrespective of location, beneficiaries can browse information about their villages, work status and wage payments. By making data available for public scrutiny, the Web version facilitates social auditing of the NREGA implementation, as per the Right to Information Act. “Next month, some NGOs are doing exactly that, starting with Ananthpur district. They will download the data from the website and check it against what is happening in the villages,” Rao says. Other state governments have approached TCS for information on the software solution and the firm too has made proposals to them, says Rao. The states include Maharashtra, Gujarat, Rajasthan, Assam, Meghalaya, Bihar, Uttar Pradesh, Madhya Pradesh, Jharkhand, Chhattisgarh and Kerala. The software will be free of cost, while TCS will charge a fee for services such as implementation and training.

SNAPSHOT

APREGS

DISTRICTS COvERED

Public Information

HOuSEHOLDS WITH

jOb CARDS Research done prior to building the software solution 41,46,142 included a study of the employment guarantee WAGE SEEKERS scheme in Maharashtra. It helped identify loopholes, 95,09,135 such as inflated estimates, bonus registration, proxy NO. OF WAGE SEEKERS attendance, fraudulent requisition of funds and EMPLOYED fraudulent wage payment. 6,12,267 TCS’s research, which included talking to everyone HOuSEHOLDS THAT — wage seekers, NGOs, government officials, bank and COMPLETED 100 DAYS postal department officials and politicians — resulted in 716 a user-friendly system at the mandals and a Web-based AvERAGE WAGE system at district and state headquarters. “While the AP rs 90.37 per day government officials invested time and effort in helping WORK ESTIMATED us get information, TCS spent about Rs 2.5 crore in number: 1,73,869 Value: rs 1.2 lakh developing the software that has been installed at every mandal center,” says S.S. Rao, a consultant with TCS and AMOuNT PAID Persons: 5,548 director of the NREGA (National Rural Employment Material: >rs 27 lakh Guarantee Act) software project. The state will, however, pay TCS about Rs 1 crore for training the government officials and the MCC (mandal mandal control centre) operators, A three-stage architecture has been used, which and for the ‘initial hand-holding’, says Rao. includes a nodal agency for front-ending all the The state has also borne the cost of equipping each of the 657 computer related processes of the employment guarantee scheme MCCs with two computers, a UPS, a printer, and manning it with two (EGS). This is called an MCC, where the APREGS software is operators, he says. Computer Maintenance Corporation, a Tata group installed. With a few villages being serviced by one system in one company, has deployed about 80 staff members to train the operators. mandal, effective and faster service will be provided.

How It Works

WAGE SEEKERS N N TIO TIO ICA ICA PL AP

IDENTITY CARD Household ID No. Name Age

GRAM PANCHAYAT

Sex

In fograPh ICs: VIkas kaPoo r

Wage-seekers apply for a job card at the gram panchayat that forwards the application to a mandal control centre (MCC) in the district. The MCC processes the application and then sends a house card/ job card ID to the gram panchayat. The latter affixes the household photo, attests the same, and hands it over to the household.

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

MANDAL ANDAL CONTROL CENTRE ENTRE N

N N TIO N TIO ICA TIO ICA PL ICA AP PL AP

IO AT

TR GIS RE

Vol/1 | I ssuE/18

Rural Reform **************** WAGE SEEKERS

Based on data from field assistants, the mandal control centre (MCC) prepares a wage list and sends it to the gram panchayat and paying agency (as a pay order). Paying agencies include post offices, banks, village organizations and the gram panchayat itself. t e Lis Wag r Orde Pay

GRAM PANCHAYAT

MANDAL ANDAL CONTROL NTROL CENTRE

PAYING AGENCY

Wage seeker registration, work estimations, work execution, payments and other related tasks are carried out from here. From the actual execution site (villages/habitations) there will be a physical link using a courier once a week. For the first time, the computer system will be using templates for each type of work for arriving at the manpower, material requirement estimates and complete engineering calculation for the works. Data from the mandals will be uploaded to a district/state server through a data network, dial-up connection or even physical media. A Web application presents the information on the Internet for public viewing and scrutiny. The solution has many modules that include wage seeker, work estimates, work execution and payments, material management, reports, analysis, and administration. The wage seeker is the first step, where a rural household registers itself for work (see ‘Wage Seekers Module’). According to a user manual available on the APREGS website, the wage seeker module is used for registration of the households. The respective gram panchayat, under the supervision of the Sarpanch (village head) or the village secretary, carries out registration of the households at the village level. A wage seeker and his family members can register under this Act by submitting an application at the gram panchayat. A register maintained at the gram panchayat will be sent to the MCC for entry of the wage seeking household information (see ‘The Payment Module‘). In the work execution & payment module, the work sanctioned is intimated to the village panchayat. A field assistant and the wage seekers congregate at the work site, and carry out the work as per standards and guidelines. Once a week, the field assistant prepares the summary of the Work Progress Report, and submits the report along with the muster roll to the MCC. The field assistant also gives an acknowledgement slip to each wage seeker duly mentioning the weekly work details for the week.

Vol /1 | I ssuE/18

Dis bur sem ent Not e

Registered wage seekers approach a paying agency convenient to them and collect their dues. Simultaneously, the paying agencies send a disbursement note to the MCC that keeps a record of the payments made.

At the MCC, attendance is captured from the submitted muster roll. The data is validated and stored in database. Based on the reported progress of work and the number of person-days spent, payment to the workers is computed and a wage list is generated. This list is sent to the village panchayat and the paying agency. If the work is completed, the field assistant reports the same to the executing department, which sends an official who prepares the Work Closure Report and submits the same to the MCC. The village panchayat also endorses their remarks in the work closure report on the quality of work. In addition to the modules, a ‘dash board’ provides information that is readily required by the program control officer on a single screen. The software system analyses various aspects of the implementation of the program and updates the dashboard periodically. Users can access related information directly by clicking on the hyper links provided on the dashboard, the manual says. An important question is: what happens to people who don’t get jobs? The NREGS mandates that they be paid compensation; the software solution helps identify such people in the registry and channel funds from the payment agencies to them. The MCC is the first point of approach for any wage seeker looking to register a grievance. The software application has been built in such a way that the wage-seeker can directly register a complaint using the website, Rao says, but “in reality, because most of them won’t know how to use computers, they will have to take someone’s help.” Finally, local language support is being built into the project that will allow wage seekers to get first-hand information on jobs, the status of their application, payments due to them, and so on. “We now plan to launch a Telugu version of the website,” says Rao. CIO

Assistant Editor Harichandan Arakali can be reached at hari_a@cio.in

REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

Dr. Srinivas Bhogle, head of the information management division at NAL, believes financial auditors should focus more on project deadlines.

Interview - Dr.indd 52

7/29/2006 11:47:50 AM

National Aerospace Laboratories (NAL) was established to give India a firm footing in the international aerospace market. It has come a long way from being housed in the stables of the former maharaja’s palace in Bangalore. Dr. Srinivas Bhogle, head, information management division, NAL, discusses the organization’s success, its projects and why Indian e-governance projects don’t always take off.

I magIng by bInesh sreedharan

Photo by srIvatsa shand Ilya

Why

Projects

FlyInto stone

Walls Vol/1 | ISSUE/18

ByBalaji NarasimhaN

REAL CIO WORLD | A U G U S t 1 , 2 0 0 6

Interview | Dr. Srinivas Bhogle CIO: What role does information management play at NAL?

Dr. Srinivas Bhogle At NAL, we have something called the information management division, which I head. Essentially, we build information systems, create content for the Web and write about the R&D activities of NAL.

making them invest a lot on the hardware front which, at the end of the day, is not very productive. Very few people have seen e-governance from the workflow point of view. To get things right, you have to first create conditions where it is possible to reengineer business processes. How much did IT contribute to the SARAS project, which is regarded among NAL’s greatest technologies?

If you take an aircraft, three things are important — the structure, the engine and avionics, which decides how the plane will fly. The SARAS avionics suite was If you look at the texts on database design, they say created here. We could have bought it from another that your databases need to be normalized, should have country, but it would have been ten times as expensive no redundancy, etcetera. But, in practice, a compromise is and would have made us vulnerable to embargoes. We

One of NAL’s core areas is related to database design. What is the importance of databases in NAL’s e-governance initiatives?

A big problem with PSUs is that we love signatures too much. Sometimes, ERP systems run parallel with the manual system to placate people.

needed because every time you choose that kind of excessive normalization, you run into difficulties. More complexities are introduced and these slow down the system. From an e-governance perspective, if your software is efficient and your computing power is adequate, this is not a primary concern. As long as you are assured that there is no inconsistency in your data, you don’t have to worry. I think that the real issue is implementation. One big problem with e-governance implementations in India is that they are limited to mere computerization in many cases. The real benefit of e-governance only comes with business process reengineering (BPR). Mere computerization doesn’t include BPR. In fact, people say that hardware vendors have taken everybody for a ride by 54

Interview - Dr.indd 54

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

bought hundreds of line replacement units (LRUs), and put them all together to create an integrated avionics suite to drive the SARAS project. IT also helped us to design the display panel within the aircraft. This ensured that pilots are not bogged down by unnecessary data. For instance, at take-off, the critical thing for a pilot is the altimeter. On the side, he also gets second-rung information. While planning such things, IT played a key role. We used a lot of C and C++. How would you rate the recently installed IndiGRP, which NAL uses to manage workflow?

I think that this product has the potential to perform extremely well. One of the problems that is grossly

Vol/1 | ISSUE/18

7/29/2006 11:47:52 AM

Interview | Dr. Srinivas Bhogle underestimated while doing a government ERP is data preparation. One of the concerns we have had with the IndiGRP effort is that we are not getting complete data, and we are not getting it on time. This was despite of the detailed business process analysis that was conducted before we embarked on the project. The vendors did a comprehensive study of all our processes and workflows before coding, and I believe this approach is going to work well. But unless we have basic data in place, there is no way of figuring out how it will ultimately deliver. What is your advice for people on the verge of implementing an ERP solution in the government?

SNAPSHOT

NAL FOUNDED

1959

PRIMARY OBJECTIVE

Development of aerospace technologies

OTHER ACHIEVEMENTS

Weather forecasting INTERNATIONAL R&D CONTRACTS

The issue, therefore, is not money. The issue is: how do we manage it? Even now, our auditor only asks us whether we spent money according to the allocation. Nobody is going to ask me: ‘why was your project delayed by six to 12 months?’ If I can quantify this in terms of cost, what does it mean to the project? The big problem is not money itself, but drawing up procedures to spend money to the satisfaction of the auditor. That is a problem because our auditors are more worried about somebody siphoning off 5 percent of the project costs, as opposed to losses of 50 percent caused by project delays and overshooting budgets. This is where IT helps: using the right IT solution, we can track these delays and bring projects on track.

Boeing, USA To ensure that an e-governance project Myasishchev Design succeeds, you need to ensure that the will Bureau, Russia INSA de Lyon, France to implement it comes straight from the What are the biggest issues that assail Hitachi, Japan top. The management should aggressively e-governance projects? MAJOR PROJECTS push e-governance. You need this because I strongly feel that some people don’t SARAS there are a lot of people sitting on the fence. want e-governance projects to work because Flosolver Once the threshold is crossed and the they bring in too much transparency. One STAFF STRENGTH project is a success, they are all going to of the big problems with public sector 1,300 join the bandwagon. But till then, they are entities is that we love signatures too much. R&D STAFF going to be very critical. Everybody wants to put their signatures on 350 We have to push e-governance the a document because they feel that it’s a way way we push ISO certification. We went to make their power apparent. So, in some through it about five years ago, and the cases, ERP systems are run in parallel process is full of hype. I personally feel that an ERP with the manual system in order to placate people! This solution for a government organization is many times defeats the very purpose of ERP. more valuable than an ISO implementation. After all, the Another problem is that, even now, the common only thing that ISO does is ensure that your bottom levels philosophy is ‘I gain power by withholding information’. are not too low. ISO gives you the pass mark; it doesn’t Government personnel like to claim that the procedures get you a rank. They talk about enforcing quality, but are complicated, but this is not true. Government essentially they enforce quality by insisting on minimum procedures are actually rather well-defined — tedious standards — and they hope to achieve these minimum perhaps, but well-defined. standards with the aid of excessive documentation! We have to realize that we actually gain power by The potential of ERP technologies, however, is vastly providing quality information in real time. Tomorrow’s greater. Now, to ensure success, our implementation officers must reward organizations who do that. And strategies have to be improved. This is where we can such organizations cannot win unless they have a robust learn from ISO. If we can bring in ISO discipline while ERP system at their disposal. CIO implementing an ERP system, then the organization stands to benefit a great deal. What is the procedure to introduce new technology at NAL? Do you have an annual budget for this?

In the last five years, funds for technology projects is no longer scarce. National labs like NAL and DRDO (Defence Research and Development Organisation) have a lot of money. It’s the same with CSIR (Council of Scientific and Industrial Research) labs.

Vol/1 | ISSUE/18

Interview - Dr.indd 55

Special Correspondent Balaji Narasimhan can be reached at balaji_n@cio.in

REAL CIO WORLD | A U G U S T 1 , 2 0 0 6

7/29/2006 11:47:54 AM

Essential

technology Business process management not only makes processes work better; it makes them more malleable too.

Essentisl Tec.indd 56

A U G U ST 1 , 2 0 0 6 | REAL CIO WORLD

From Inception to Implementation — I.T. That Matters

Moving the Sidewalks BY MARK COOPER INNOVATION | Down in the dusty, dry streets of Laredo, Texas, a truckload of furniture

arrives at a Lacks Valley Store. Unnoticed by the dock workers as they scan each product are the myriad exceptions typical in a large-ticket retail business: missing items, special customer orders and items that were never ordered but that showed up anyway. However, behind the scenes, a business process management (BPM) application is monitoring the warehouse and receiving systems, identifying each exception as it occurs. The BPM application then goes beyond monitoring, and actually prioritizes the exceptions and launches tasks for various employees (for example, walking an employee through the steps to review and address an expected order that did not arrive). The exceptions persist as tasks, or “in flight” processes, in the system and are monitored until they are resolved. The business analysts who actually deal with the problems are able to tweak the resolution processes in real-time as they learn more efficient ways to improve operations. In Extreme Competition: Innovation And The Great 21st Century Business Reformation, author Peter Fingar describes the rise of intense competitors from around the globe who “innovate by how they operate” and who are attacking markets both large and small — including small Texas border towns. To respond to these new competitors, companies like Lacks Valley

Vol/1 | ISSUE/18

7/28/2006 8:36:25 PM

essential technology

Stores must transform and evolve their operations faster than ever before. BPM helps them do that. “The biggest impact has been catching exceptions early enough to actually do something about them,” says Lee Aaronson, CEO of Lacks Valley Stores. “Before, we had to rely on a customer complaining about an issue or accidentally discovering that something was wrong.” Now Lacks employees receive e-mails alerting them to take action, or log in to a portal to manage exception tasks and resolve them before customers even notice. BPM can transform customer contact operations as well. American National Insurance (Anico) was one of the early adopters of BPM, and has used it to streamline customer service processes across four business groups, resulting in a CSR workload capacity increase of 192 percent. “Our BPM initiatives have paid huge dividends,” says Gary Kirkham, VP and director, planning and support division, Anico. “We eliminated the need for CSRs to ‘dive bomb’ into multiple mainframe applications to handle customer and agent requests, and built rules into our process to guide them through a single view of the customer’s information across multiple systems. BPM allowed us to both keep up with huge growth in our customer base and improve on all of our customer service metrics at the same time.” Of course, seasoned CIOs understand that no single new technology will be a cure-all for complex process issues. It takes significant effort just to define who owns a process and how it works. If a process is bad, automation may only get bad results faster. Like Lacks Valley Stores and Anico, however, a diverse group of companies has achieved real results by leveraging BPM technology in their process improvement efforts.

ANewWay to Build and Manage Processes There is an old story about a clever university planner who waited to pour concrete sidewalks on the new campus until students had worn paths between the buildings. Traditional IT infrastructure has evolved in much the same way: 58

Essentisl Tec.indd 58

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

experienced practitioners now try to thoroughly understand user requirements before deploying automation that can be as intractable as concrete. Conventional approaches to reengineering and application development, however, can no longer meet stakeholder demands for rapid and ongoing process change. BPM emerged as a response to this “move the sidewalks now” requirement once easier integration technologies finally caught up with management’s ongoing push for operational improvement. Although hundreds of vendors may each define it differently, most agree that BPM gives an organization the ability to define, execute and manage processes that: a) span multiple applications and involve human interactions, and b) handle dynamic process rules and changes, not just simple, static flows. Software vendors eventually caught on and started providing platforms that integrated process modeling, execution and management reporting of processspecific metrics. Organizations now have the tools to automate and change processes across previously isolated applications, databases and people. Gartner defines BPM as a structured approach to managing an organization’s process environment and employing methods, policies, metrics, management practices and software tools, which today are known as business process management suites (BPMSs). These integrated platforms pave the way for an organization to continually improve a process that was previously inefficient and difficult to manage. They do this by leveraging integration technologies with visual process modeling, real-time monitoring, Web-based applications and management reporting—all working together to support rapid process innovation. BPMS adoption has spread quickly, in part because of the speed of deployment. Forrester Research estimates that the market for BPMS software is growing at a compounded annual growth rate of more than 20 percent. Between 2005 and 2009,

BPM Resources on CIO.in www.cio.in

‘ A New Glue or the Old Soft Shoe’, feature article by Ben Worthen ‘Business Process Management: Taking All the Right Steps’, by Greg Sarafin, managing director, BearingPoint H uman-Centric Business Process Management Suites, a Forrester report by Connie Moore Quote to Cash BPM graphic by XPlane

Forrester expects annual sales of BPMS to grow to $2.7 billion.

A Diverse Product Space Because the promise of BPM is so enticing and the target business problems are so diverse, software vendors have charged into the BPMS market from a variety of backgrounds. Each frames the problem a little differently to present its solution in the most appealing light. For example, workflow vendors tend to emphasize the human-to-human aspects of BPM. Middleware and infrastructure vendors focus on the importance of underlying systems integration. Enterprise content management vendors focus on the document-centric nature of processes found in financial services and other backoffice operations. BPMS pureplay vendors often highlight their architectural elegance and independence from legacy product and infrastructure constraints. The truth is that BPM will typically require elements of all of these approaches, so CIOs must thoroughly understand the types of processes they want to transform and how the BPMS will fit into their unique enterprise architecture.

Vol/1 | ISSUE/18

7/28/2006 8:36:25 PM

essential technology

The category is maturing: 2006 has seen continued growth in the number of formal BPMS RFPs issued by corporations. Because most of the leading BPMSs can easily address the requirements found in a typical package selection or pilot project, CIOs must expand on typical due diligence to include real-world scalability testing, hands-on involvement of business users, and careful evaluation of similar customer implementations. Many vendors will be able to meet the functional checklists; the goal is to ensure a good fit with the organization’s approach to operational innovation.

Integration Is Key BPMS solutions should be integrated for reasons of both speed and innovation. Be wary of BPMSs that require the process definition to be exported from one module

Microsoft Office apps into its quote-tocash process. The new process reduced deal cycle time by 65 percent and finance labor time by 75 percent by eliminating manual activity related to the interaction between sales and finance on the viability and pricing of custom orders. In part of the new process, financial analysts receive prepopulated spreadsheets via e-mail. They conduct the necessary analysis and then e-mail the spreadsheet back so that it can go on to the next step in the process. The Bluespring software orchestrates this process and provides the necessary linkage to financial data and other systems. “The benefit is that you don’t change the way people work, you just eliminate the administrative tasks and let them focus on the parts of their job that add value,” says Chip Burke, VP of IT for Cincinnati Bell.

Be wary of suites that require the process definition to be exported from one module and then imported into the next. This approach increases development time and discourages process innovation. and then imported into the next (such as between definition, simulation, execution and reporting modules). This “bucket brigade” approach increases development time and discourages process innovation. According to Anico’s Kirkham, every BPM solution must go through multiple iterations both to discover the right process and to change with the needs of the business. This requires tight coupling between the process models and the actual execution and management of those processes. As important as the BPMS feature set is how well the platform brings people and other applications into the new process. Cincinnati Bell leveraged the ability of Bluespring Software’s BPMS to bring 60

Essentisl Tec.indd 60

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

BPM and SOA A good first step to implementing a BPMS is to “develop a simple and flexible integration architecture, especially if the BPM application will be used as a monitoring or orchestration layer placed on top of existing transactional applications,” says Dennis Korevitski, former director of supply chain systems for T-Mobile. If a service-oriented architecture (SOA) or middleware layer already exists, BPM platforms can leverage this investment by rapidly orchestrating available services into a business process. For example, TMobile implemented Lombardi Software’s TeamWorks BPMS to recover lost revenue from a complex returns process. The process involves customers and OEMs as well as

internal financial and customer care groups. TeamWorks was able to take advantage of some existing integration points in T-Mobile’s Tibco infrastructure, allowing the BPM team to focus on improving the process. Although the emergence of improved integration technologies and SOA have made legacy integration easier, “you need to have respect for the hard-core challenges of integrating to legacy systems,” says Phil Gilbert, CTO of Lombardi Software. “It is hard work, and it takes more time than most businesspeople would like.” Gilbert recommends that IT should manage the underlying systems integration while the business analysts are working on process design. This approach gets functionality into the hands of end users faster, even if additional systems integration shows up in later releases and further streamlines the process. Process management challenges can arise as BPM spreads throughout an organization. Changing process flows or data sources can cause unintended side effects. But the potential to measurably improve overall organizational performance makes it well worth the effort to manage those risks. Gilbert says that the industry has only begun to scratch the surface. “The strategic value of BPM technology is process governance and providing a holistic view into all of a company’s running processes—whether [the BPM platform] executes them or not.” “The ideal BPMS will be a database management system for your business processes,” says author Fingar. “The real breakthrough is in creating a definition of your process as abstract data.” To remain competitive, organizations will have to build capabilities to manage processes as quickly and effectively as they manage data. CIO Mark Cooper is a managing partner with Athens Group, a consultancy in Austin, Texas. Send feedback on this feature to editor@cio.in

EDITOR’S NOTE: Athens Group clients include two of the companies mentioned in this article: Lacks Valley Stores and Lombardi Software.

Vol/1 | ISSUE/18

7/28/2006 8:36:25 PM

Pundit

essential technology

Notes from the Catalyst Conference Suppliers seem to have the upper hand in the IT market. It doesn't augur too well for enterprises. BY BERNARD GOLDEN

STRATEGY | I was invited to speak on “Open Source ROI” at the Burton Group’s Catalyst Conference recently. It was a terrific conference with lots of good information. I drew some interesting conclusions about the progress of open source in enterprises, which I will address in the next few columns. Here, I want to make some general observations about the conference, and the top-of-list concerns of the attendees.

on the back of a revenue-generating opportunity rather than trying to sell it as a long-term architectural improvement. One company (Rockwell-Collins) got their SOA up and running in six weeks, using an XML appliance to shave time off the implementation. Another trend I observed is that collaboration has moved out of the centralized knowledge management

stuff. There’s so much cruft hanging around that anything new takes years to roll out (unless, of course, there’s revenue on the line, as evinced by the Rockwell-Collins example above). Finally, it’s clear that many IT organizations rely on vendors to set their direction. Several attendees mentioned to me that they look to their incumbent vendors to tell them what they should

Many IT organizations rely on vendors to set their direction. Some even look to their incumbent vendors to tell them what they should do regarding some technological trend. SOA is a big deal. The conference had many sessions devoted to SOA, all well-attended. Burton Group focuses a lot on governance in their SOA work — governance being how you design, develop, and manage SOA services, how you make them available to service consumers, and how you ensure security, service levels, and contract enforcement with consumers. Several end users presented sessions on their SOA experiences — and they were all large, well-funded IT shops. However, the reason they moved to SOA was driven not by internal application integration; instead, they needed a loosely-coupled service mechanism to enable outside organizations to do business with their companies. The IT organizations implemented SOA 62

ET-Pundit.indd 62

A U G U S T 1 , 2 0 0 6 | REAL CIO WORLD

sphere and into the new world of blogs and wikis. The rap against KM was always that it required extra work — you did the task and then had to spend a bunch of time formatting the document, filling out the document metadata information, and then inserting the document into the KM system. The new style of collaboration uses the collaboration tool as the framework to actually do the work, so that when the task is completed, the final document is already in the KM system. Something that really hit home for me during the conference is how complex IT is in large companies. They all have the accretion of 30 years of projects and applications: any new initiative has to be able to integrate with all of the existing

do regarding some technological trend. A couple even shared with me that they are reluctant to make technology decisions that their incumbent vendors would disapprove of, since they don’t want to get in trouble with them. I can’t think of another market where suppliers have the upper hand to such an extent; in most, the customer is king. I’m not sure what makes IT different, but it can’t be healthy. That’s a brief look at the general trends on display at the Catalyst Conference. Next up: open source at the conference. CIO Bernard Golden is CEO of Navica, an open-source consultancy, and is the author of Succeeding

with Open Source (Addision-Wesley, 2004). Send feedback to this column to editor@cio.in

Vol/1 | ISSU E/18

7/29/2006 11:51:42 AM