CIO November 15 2005 Issue by Sreekanth Sastry

From the publisher

One day Alice came to a fork in the road and saw a Cheshire cat in a tree. Which road do I take? she asked. Where do you want to go? was his response. I don’t know, Alice answered. Then, said the cat, it doesn’t matter. –Lewis Carroll

It is tough being a CIO. Anywhere. My guess is that you probably have one of the

Waking Up To a New Reality CIO Magazine is committed to building a participative community of IT leaders

most stressful positions on an executive board. Stretching beyond the numerous, and largely convergent set of work-related challenges listed by surveys and polls by magazines such as this one, into the personal realms of concerns and worries of the unique breed of technocrats who are charged with the task of aligning and integrating information technology strategy and deployment in the achievement of their organizational goals. For over seventeen years now, CIO Magazine has worked with CIOs across the globe to help them confront, understand and manage the very same problem that you and Alice have. I realize, however, that the analogy is limited by the fact that a CIO does not have the luxury of waking up to realize that it was all a dream. Our mission at CIO India is therefore to We are chartered to understand the very basic issues that con- provide a platform for front CIOs (and those of people with similar peer group experience functions, if not designations), and to help sharing, debate, mutual them connect with other real people who support and assistance. grapple with the same issues. We are also acutely aware of the fact that CIOs from different industry segments and organizations have different needs. CIO India is therefore chartered to provide a platform for peer group experience sharing, discussion, mutual support and assistance. CIOs of Indian (and Asian) companies often complain that their jobs are made all the more difficult on account of lower risk taking by managements, as well as more volatile working environments. This calls for realistic solutions that will work reliably, given the conditions that exist. Such solutions to evolve through the building of a robust, vibrant and participative community of CIOs. This magazine is committed to helping build such an ethos. CIO communities across the world share many common issues. Realizing this, CIO Magazine, published as a stand-alone title in 14 countries at last count, is working towards creating a much wider scope of coverage—giving you access to CIO contacts and best practices from across the world. In addition to the magazine, CIO will come to you in many forms; the CIO India web site (www.cio.in) is readying for launch, and a host of CIO activities are in the offing. I look forward to the editorial team and myself meeting with you as we move forward. Your inputs are crucial to the success of CIO; please feel free to drop a line to CIO Editor Vijay Ramachandran (vijay_r@cio.in) or me (bringi_dev@idgindia.com).

Bringi Dev President - IDG India bringi_dev@idgindia.com

publisher_note.indd 4

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:49:57 PM

Vol/01 | No/01

Maruti's Uppal, Infosys' Gopalakrishnan and Titan's Kailasnathan have each come up with a distinct approach to managing and motivating their teams.

Staff Management

COVER STORy | A few good men | 40 Man nequins courtesy Bangalore Central cover Im aging by Ashwin boric ha; cove r Photo by Srivatsa Shan dilya

Systems and processes, leadership by example and a personal touch can help bring in fresh talent, nurture successors, keep staff keen, control attrition and help you build a unique formula for managing your team. Feature by Vijay Ramachandran and Rahul Neel Mani Indian IT STAFFING SURVEY 2005 | 56 Key findings on staff retention, training and attrition from the largest study ever conducted among senior IT executives in the country—From the reason why most IT staffers quit to the most indemand non-technical skill.

4 0

Information Security Dial VOIP for VUlnerability | 64 Extensive safeguards are a critical element in keeping your IP telephony implementation shielded from malicious attacks. Feature by Susannah Patton

Executive Expectations View From The Top | 58 Anand Mahindra Vice Chairman and MD, Mahindra & Mahindra on ROI, outsourcing and using IT to increase customer delight. Interview by Rahul Neel Mani

Work-Life Balance The "off" switch | 36 Leaders need to think, and you can't do that if you're always on—on call, on duty and on guard. Column by Patricia Wallington

publisher_note.indd 8

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:50:01 PM

content

Essential Technology | 82 Application Development | Making It On Their Own Under Development | Betting on Broken Chips Pundit | The ROI of Open Source By Bernard Golden

From the Editor | 14 Starts With Why, Ends With You | The most

important ingredient that goes into making this magazine unique is your experience. By Vijay Ramachandran Rajeev Chawla, Karnataka's Secretary for e-Governance, speaks about getting his groundwork right.

Govern FOundation, Reputation & negotiation | 78 Rajeev Chawla, Secretary—e-Governance, Karnataka, elaborates on how he convinced cynical bureaucrats to back IT projects and the art of dealing with vendors.

7 8

From the Publisher | 4 Waking Up To a New Reality | CIO magazine is committed to building a participative community of IT leaders. By Bringi Dev

NOW ONLINE For more opinions, features, analyses and case-studies log on to our companion website and discover content designed to help you and your organisation deploy IT strategically. Go to www.cio.in

c o.in

Interview by T. Radhakrishna

nO MORE QUEUES | 72 Four years on, Andhra Pradesh's e-Seva shared service has turned into a model for other states to emulate. Feature by T. Radhakrishna

Project Management

3 0

No crystal ball for it | 30 Because information technology changes so rapidly and many users don't understand its capabilities, it's hard to envision what the system will look like until you build it. Column by Rob Austin

publisher_note.indd 10

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:50:08 PM

From The Editor

Starts with why, ends with you! The most important ingredient that goes into making this magazine unique is your experience

Real people; real problems; real solutions. Those three short phrases define this publication. I could abbreviate our editorial focus a little further—You. What this means is that the most important ingredient that goes into making CIO Magazine unique is the experience that you and your peers have gained through formulating and executing IT strategies. One of our first acts was to assemble an Editorial Advisory Board comprising current and former CIOs and academics (Pages 20-21) to serve as our primary sounding board. Their feedback has determined topics and articles for this issue— from international content relevant to an Indian IT leader to the subjects of our features. That is how we decided to examine the vulnerabilities of VoIP implementations or the need for change in the way IT projects are managed. That is the reason for a feature like “View From The Top”, where we try to understand the IT vision of CEOs and convey what they expect from their CIOs. We hope this will particularly interest those CIOs who are trying to get their boards to view IT as a critical piece of their business strategy. M&M Vice Chairman and MD, Anand Mahindra, recommends that CIOs adopt the Gandhian tactic of peaceful agitation to ensure that they are included in the top decision making body of an enterprise. A suggestion The emphasis on learning that some CIOs might well follow. Our fundamental focus on peer learning from persons at the helm of also forms the basis for “Govern”—a section IT war rooms across India that highlights the unique information needs also influences our treatof senior IT executives in Local, State and Cenment of articles tral Government agencies. Their challenges are quite distinct from CIOs in the private sector or even in Public Sector Undertakings, as we learn in this issue from bureaucrats in Andhra Pradesh, Karnataka and Kerala. The emphasis on learnings from persons at the helm of IT war rooms across India also influences our treatment of articles. Check out this fortnight’s cover story on staff management—it communicates three unique points of view and does not disperse into a mélange of quotes on a host of issues. Moving forward, what you will find in CIO is content that will be solutions-oriented, which will give you insights into how your peers across verticals approach and solve issues and help you remain on the ball. Please help us to stay relevant to your requirements—let us know what we are doing right and more importantly how we can improve.

Vijay Ramachandran, Editor vijay_r@cio.in

publisher_note.indd 14

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:50:10 PM

The Resource for Information Executives

Manage ment

How to reach us

Advertiser Index

E ditoria l & Sa l es Co n tacts

ADC Krone

President N Bringi Dev

Bangalore

COO Louis D’Mello

IDG Media Private Limited

AMD Far East

12,13

10th Floor Vayudooth Chambers Ed itorial

15-16 Mahatma Gandhi Road

Editor Vijay Ramachandran

Bureau Head-North Rahul Neel Mani

Special Correspondent T Radhakrishna

Senior Correspondent Gunjan Trivedi

Borland Software

Canon

Bangalore – 560 001, Ph : +91 80 3058 6060 Fax : +91 80 3058 6065 Editorial: vijay_r@cio.in Sales: mahantesh_godi@idgindia.com

Computer Associates

27,29,31

Mumbai www.CIO.IN

IDG Media Private Limited Bandra-Kurla Complex, Bandra (East) Mumbai 400 051, Phone: +91 22 3068 5000

D esig n & Pro ductio n

Editorial: Ph: +91 98 203 98165

MANAGER - CREATIVE DESIGN Ashwin Ramesh Boricha

Sales: Ph: +91 93 242 20513

rupesh_sreedharan@idgindia.com

Binesh Sreedharan Sanil Kumar

Delhi

Vikas Kapoor Photography Srivatsa Shandilya

1202 Chiranjiv Towers, 43 Nehru Place

Production TK Karunakaran

New Delhi 110 019, Phone: +91 11 5167 4230 Fax: +91 11 5167 4233 Editorial: Ph: +91 93 139 72618

Ma rketi ng and Sales

Sales: Ph: +91 98 991 98980

brand Manager Alok Anand Marketing Siddharth Singh

Hewlett Packard (I) Sales Pvt Ltd. IBM India Ltd.

2, 3

16,17,37,39,88

Intel Semiconductor (US) Ltd.

34,35

Interface Connectronics Pvt. Ltd.

Microsoft

sudhir_argula@idgindia.com Japan Sales: Ph: +81 3 5800 3111, Fax: +81 3 5800 3590

Santosh Malleswara

HCL Infinet Ltd. (Toshiba)

rahul_m@cio.in

BUSINESS Manager Naveen Chand Singh

Bangalore Mahantesh Godi

IDG Media Private Limited

Epson India

gunjan_t@cio.in

Designers Shyam S Deshpande

6, 7

Fax: +91 22 2659 2708

Creative Director Jayan K Narayanan

Dell Computer India Pvt. Ltd.

No. 208, 2nd floor, “Madhava”,

Editorial Director-Online R Giridhar

tfujikawa@idg.co.jp

Molex Premise Networks

Oracle

Delhi Sudhir Argula

Harkirat Sandhu

USA

Nagesh Pai

Japan Tomoko Fujikawa

USA Larry Arthur

Jo Ben-Atar

larry_arthur@idg.com

UK Sean O’Hara

45,67,81

SAP India

Seagate Technology

Select Technologies Pvt. Ltd.

Sonata Software

Sun Microsystems

Singapore Sales: Ph: +65 6345 8383, Fax: +65 6345 1581 michael_mullaney@idg.com

Singapore Michael Mullaney

Polycom

Sales: Ph: +1 415 243 4141, Fax : +1 415 974 7368

Mumbai Rupesh Sreedharan

UK Sales: Ph: +44 1784 210 210, Fax: +44 1784 210 200

sean_ohara@idg.com Circul ation a n d R e a d er S e rv ices 10th Floor Vayudooth Chambers All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by N Bringi Dev on behalf of IDG Media Private Limited, 10th

Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. Printed at Rajhans Enterprises, No. 134, 4th Main Road, Industrial Town, Rajajinagar, Bangalore 560 044, India

15-16 Mahatma Gandhi Road Bangalore – 560 001, Ph : +91 80 3058 6060,

Wipro Infotech

50,51

Fax : +91 80 3058 6065

reader-service@cio.in M ark e ti n g S erv ices Ph : +91 80 3058 6060, Fax : +91 80 3058 6065

alok_anand@idgindia.com

publisher_note.indd 18

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:50:10 PM

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

Advisory Board 2005 CIO acknowledges the 2005 Editorial Advisory Board members consenting to guide the magazine’s direction and provide reality checks on content and focus. We thank them for their generosity in sharing both time and insight as we begin our journey in India. Anil Nadkarni

Arvind Tawde

a_nadkarni@cio.in Taking over as IT head of Thomas Cook in 1997, Nadkarni virtually had to introduce IT into the company. From building its first LAN to deploying complex SAP and CRM tools, he is credited with Thomas Cook’s IT facelift.

a_tawde@cio.in Arvind Tawde took on the role of the CIO a fter having served Mahindra & Mahindra (M&M) for 25 years in various capacities . In this position, he brings to the table his considerable business experience and knowledge.

Arindam Bose

Ashish Kumar Chauhan

a_bose@cio.in Heading IT planning and deployment at India’s fastest growing consumer electronics company, Bose is responsible for enabling LG’s 600 nationwide dealers reconcile their accounts electronically every month.

a_chauhan@cio.in Ranked amongst the top 100 CIOs in 2005 by CIO, USA, Ashish is responsible for the systems and automation of all Reliance group businesses in India and abroad. Prior to his current assignment, Ashish was the CIO of Reliance Infocomm Wireless business and is also known as one of the five founders of India’s largest automated exchange : the National Stock Exchange (NSE).

Head IT, Thomas Cook

Head IT, LG Electronics India

Arun Gupta

Sr. Dir – Business Technology Pfizer India a_gupta@cio.in He is the man behind Pfizer’s unconventional IT revamp. After Pfizer’s spate of acquisitions, Gupta and his team have done a commendable task, consolidating the network, hardware and software frameworks. 20

advisory board02.indd 20

VP & CIO Mahindra & Mahindra

CIO, Reliance Industries Ltd.

MD Agarwal

Chief Manager – IT, BPCL md_agarwal@cio.in Bharat Petroleum is a successful operator in the Indian e-commerce scenario and Agarwal has played a pivotal role in deploying

its state-of-the-art supply chain backbone. He is also president of the CIO Club of Mumbai.

Information Security Task Force in creating an IS Assurance framework in India.

Mani Mulki

Rajesh Uppal

m_mulki@cio.in Instrumental in driving Godrej Industries’ ERP rollout, Mulki has championed various initiatives including e-business solutions to connect customers, suppliers and distributors with the organization.

r_uppal@cio.in A mechanical engineer, Uppal joined Maruti in 1985. During his tenure, he has been instrumental in building a robust infrastructure that facilitates 60 percent of the company’s business being conducted online and linking 260 dealers to their WAN.

Vice President–IS Godrej Consumer Products Ltd

Manish Choksi Vice President – IT Asian Paints

m_choksi@cio.in Technology has always been an important tool for Asian Paints and it’s been Choksi’s charter to adopt and deploy the best of breed technologies to maintain Asian Paint’s leadership position.

Neel Ratan

Executive Director – Business Solutions, Pricewaterhouse Coopers n_ratan@cio.in Heading PWC’s Business Solutions Practice in North India, Ratan has advised the Government’s

General Manager – IT Maruti Udyog

Prof. R.T.Krishnan Associate Professor IIM-Bangalore

r_krishnan@cio.in Prof. Krishnan’s areas of research are strategy, innovation and competitiveness. His work has been published in leading newspapers and journals. He has presented his research at seminars at reputed institutions such as Stanford University and London Business School.

S B Patankar

Director–IS Bombay Stock Exchange sb_patankar@cio.in He has headed the country’s largest stock exchange since

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 10:48:47 AM

1996. He has been instrumental in implementing the BSE On-Line Trading (BOLT) System which covers 400 cities, 2,500 VSATs and over 9,000 trader workstations.

S Gopalakrishnan

COO & Head Technology Infosys Technologies s_gopalakrishnan @cio.in Co-founder of India’s leading consulting and IT services group, Gopalakishnan has served Infosys in various capacities ranging from Technical VP to Head of Client Delivery and Technology to head of Technical Support Services.

S R Balasubramanian Vice President – IS Hero Honda Motors

sr_balasubra manian@cio.in The man behind turning IT cynics into IT believers within Hero Honda, Bala joined them in 1990 and was instrumental in installing structured LAN systems and WAN links, connecting 21 locations and manufacturing plants.

Prof. S Sadagopan Director, IIIT - Bangalore

s_sadagopan@cio.in Founder Director of the International Institute of Information Technology, Bangalore, he has taught for more than two decades at IIT Kanpur and IIM Bangalore. After a brief stint at the Consultancy firm Engineers India Ltd., he moved

to Purdue University, USA for his Master’s and Doctoral degree sbefore returning to India. Since 1997, Prof. Sadagopan has been very active in Enterprise Computing, and teaches and consults in the area of ERP extensively. He is also a Certified SAP Consultant.

Sanjay Sharma

Corporate Head Technology Officer, IDBI s_sharma@cio.in Sharma is credited for laying HDFC’s IT foundation by setting up the technology infrastructure and implementing a core banking system. He has been involved in various IT initiatives including Y2K and technology conversion projects for core and treasury systems.

Dr. Sridhar Mitta

Managing Director & CTO e4e Labs s_mitta@cio.in For over 30 years, Mitta has been an internationally recognized expert in the management of Research and Development in Information Technology. Prior to joining e4e, he was involved with Wipro as its Chief Technology Officer and the head of Wipro’s Global R&D where he spearheaded strategies which transformed a captive business unit into a profit center. He is also President of The IndUs Entrepreneurs (TiE), Bangalore Chapter and serves on several boards of companies located in the US and India.

Sunil Gujral

FormerV P–Technologies Wipro Spectramind s_gujral@cio.in Till recently heading technology implementation at one of the leading offshore BPO vendors in the world, Sunil is paranoid about information security. He is a certified ethical hacker and has been involved in various IT initiatives at Spectramind amongst which the overhauling of Wipro’s telecom backbone stands out.

Unni Krishnan T.M Chief Technology Officer Shopper’s Stop Ltd

u_krishnan@cio.in Unni has extensive experience in management consulting, design, deployment and project management of large mission critical enterprise applications for Fortune 100 companies. In his earlier assignments he has served as the CEO of VueHelp Technologies, a startup based in California and as the Vice President for Global Freight Exchange.

V Balakrishnan

CIO, Polaris Software Ltd. v_balakrishnan@cio.in In his capacity as the CIO, Polaris Software Laboratory, Balakrishnan is responsible for business processes integration and transformation. With over 28 years of experience, he joined Polaris in 1997 as Chief Technology Officer before moving into his present role as CIO.

We Seek Their Advice Now So Can You Write to Advisory@CIO.in The CIO Advisory Board invites you to share your questions and concerns in confidence. If you have a specific query for one of the panelists use their CIO email IDs. For questions that are generic in nature write to us at advisory@cio.in and the advisory board will try and provide you with solutions to issues that you face as an IT leader. We look forward to hearing from you.

www.cio.in | N o v e m b e r www.cio.in 15, 2005 | 2 1

advisory board02.indd 21

11/27/2005 10:49:08 AM

hand Lend us a

It was the support and inputs from CIOs across India that helped shape this first issue. Now it’s your turn to lend a hand and make it even better.

Write to us about what you liked or disliked in this issue. Share your views on any of the articles or columns and we will be glad to feature them in our reader’s letters next issue. Tell us about implementations that you are proud to have spear-headed and allow us to share it with other readers. Or, simply suggest topics that you would like to see covered in future issues. CIO is your magazine. Help us make it most relevant to you.

Write to Editor at editor@cio.in

Bangalore, October 3 Hotel Leela Palace

“On the onset I would like to congratulate you and your team for organising a fine networking evening. It formed an excellent platform for knowledge sharing.” Col. Arvind Saxena, CIO, Air Deccan

Mumbai, October 4 JW Marriott Hotel

“Personally I feel that such informal gatherings would be catalytic, if held once in a while. The rare sit-in dinner was the icing on the cake” MSV Rao, Consulting Advisor – IDM, Tata Consultancy Services

New Delhi, October 6 Hotel Hyatt Regency

“We had an exciting kickoff to our relationship. We had nice discussions on the sidelines of the meeting and will look forward to a mix of formal and informal gathering next time which could be followed by some more palm printing!” Rajesh Uppal, GM - IT, Maruti Udyog

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

CIO DINNER-final.indd 22

11/27/2005 10:58:38 AM

trendlines IllustratI on shyam s. DeshpanDe

new

Dual Core: Dual Cost? I.T. SPENDING CIOs may be tempted to save on hardware costs through capacity on demand and dual-core processing, but there may be a catch. Because vendors price software according to the

CPU, the savings could be erased by increases in software costs, according to Gartner. To save money using capacity on demand, CIOs may buy a server with eight CPUs

hot

unexpected

yet use only six of them, configuring them to take on maximum workloads only when needed. However, many vendors—including IBM, Oracle and Sybase—determine what they charge for software based on the number of processors, whether or not they are used. Meanwhile, some CIOs are turning toward dual-core processors for savings— a dual-core chip is faster, consumes less power and generates less heat than two single-core chips—thus making dual-core systems less costly to operate. However, many software vendors plan to charge double for dual-core systems, even though the performance remains the same. Gartner predicts that the combined effect will mean software price increases during the

next two years, although the higher fees may not hit every IT department immediately. In a recent CIO survey, 80 percent of IT executives who responded haven’t committed to replacing their single-core systems, even though single-core chips will no longer be manufactured by 2007. Alexa Bona, a vice president of research at Gartner, believes that software vendors will have to change their policies. Until they do, he says, CIOs can protect their organizations against price increases by following safeguards like auditing current software agreements to find out which are based on CPUs and getting software vendors to clarify their pricing intentions for dualcore processors. –Lorraine Cosgrove Ware

Guess who’s going off paper E-GovErNmENT The venerable Ministry of Company Affairs (MCA), is planning a major transformation, and among other things digitizing six crore documents! As part of the MCA-21 project, the Ministry is adopting IT with a vengeance in a bid to get more service-oriented, states Koman Anand, Secretary, MCA. Under the project, all offices of the MCA (including its Secretariat at Delhi, the four regional directors, and 20 Registrars of Companies (RoCs) across the country) will be computerized and networked within a total of 60 weeks. In the first phase, the pilot projects, currently underway at Delhi, Coimbatore, Chennai and Kanpur will be operational by December this year. The rest of the locations will be in place by April 2006. It is envisaged that corporates will be able to interact with the ministry online over the next three years.

It isn’t difficult to figure out the reason for digitizing the documents—the MCA deals with over 6.5 lakh companies, their six crore files and 3.5 lakh representatives. File sorting, storage and retrieval is thus a cumbersome, time consuming and error-prone process. At present, the physical presence of company representative is required forall transactions at RoC offices. Under the new syssys tem, representatives of companies will be able to register, access their records and file various returns online, with the MCA offering multiple payment options. TCS, as the BOOT (Build-Own-Operate-Transfer) operator, is responsible for designing and implementing the project for a period of six years after successful roll out at all sites. National Institute for Smart Government and UTITSL are playing the role of lead consultants and program managers for the project. For its efforts, TCS will earn Rs 314 crore over the tenure of the project. –T. Radhakrishna www.cio.in | N o v e m b e r 1 5 , 2 0 0 5

t r endlines

Get Them on Your Side: Convert Skeptics, Get Results By Samuel B. Bacharach Adams Media; Rs 1,097.50 (Fabmall.com)

Small Book, Big Ideas If you’re playing corporate tug-of-war, get political know-how on your team Many CIOs already recognize the importance of political savvy. For everyone else, a single line from Samuel Bacharach’s Get Them on Your Side says it all: “A good idea is not enough—you need political competence.” Although the author is a professor of organizational behavior at Cornell University’s School of Industrial and Labor Relations, this how-to

b o o k r e v ie w

guide is anything but academic. In it, he lays out an 11step process for achieving a goal, grouping the steps into three sections: map the political terrain, get others on your side and make things happen. The discussion of each step mingles anecdotes from business, government and nonprofit organizations (as well as a few family-life scenarios), with rubrics for understanding human interaction.

For instance, Bacharach says that regardless of a proposal’s specifics, the person championing it can expect to be met with at least one of six objections, a list that includes “It will make things worse, not better,” and “You don’t know the issues well enough.” Other lists are the four types of agendas and the four sources of personal credibility. Although they’re all fairly obvious, together they form a comprehensive framework for political competence that holds up in many different contexts. Its broad applicability is one of the book’s strengths. Bacharach has been pub-

lished widely in academic journals on management and organizational behavior, and he has written several textbooks on organizations and negotiation. Get Them on Your Side reflects the breadth of his knowledge. Yet he has also conducted numerous workshops with real executives, giving the book’s examples a genuine feel. Bacharach sometimes softpedals his arguments, but at other points he shows a Machiavellian streak, thereby exemplifying in his own writing the variety of techniques for getting people on your side and getting things done. –Edward Prewitt

Bluetooth’s Ghost MOB I L E T E C H N O L O G Y If you happen to hear a disembodied computer voice telling you to drive carefully next time you’re behind the wheel, you’ve probably met the Car Whisperer. Car Whisperer is software that can trick the Bluetooth systems installed in some cars into connecting with a Linux computer. It was developedby Trifinite.group, a nonprofit organization of European wireless security experts, as a way of illustrating the security shortcomings of some Bluetooth systems, says Martin Herfurt, one of Trifinite’s founders. Car Whisperer takes advantage of the fact that many Bluetooth systems require only a four-digit security key—often a number such as 1234 or 0000—in order to grant system access to mobile devices such as atelephone. Using Car Whisperer and a directional antenna that allowed him to extend the range of his Bluetooth connections to about a mile, Herfurt was able to use his Linux laptop to listen in on two out of five cars he was able to connect to. “If I had been following the car, I would have been able to eaves-

Trendlines.indd 24

drop for a longer time,” he says. Herfurt says a hacker couldn’t do something really serious such as disable airbags or brakes. But Trifinite is studying whether an attacker could do anything more than listen or talk to a driver (access a telephone address book, for instance). The best solution may be to simply teach these systems some manners. Herfurt says that if the system simply asked for the driver’s permission before connecting with anything, the Car Whisperer would do a lot less whispering. —Robert Macmillan

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 11:10:32 AM

Watch for Pitfalls When Applying IT Infrastructure Library the It Infrastructure library (ItIl)—a collection of best practices for It operations—is gaining notice among CIos because the ROUGH ROUGH ROADROUGH guidelines it offers can ROAD ROAD improve their It department’s quality of service, including increased system uptime, faster problem resolution and better security. But using ITIL isn’t easy, because it demands major changes in how IT organizations are run. Consultant Malcolm Fry offers some reasons why ITIL projects fail: IT mANAGEmENT

Lack of management commitment ITIL takes time and a lot of process change. Employees won’t commit to either without top-level support from both IT and the business. Complexity IT staff will get overwhelmed if you break each ITIL process into 40 or 50 steps. Ideally, limit the number of steps to five or six. Poor work instructions ITIL gives you guidance, but it doesn’t tell you how to actually do anything. You need to spend time figuring out how ITIL’s best practices apply to your organization. Misdirected metrics You need to measure quality, not just performance. For instance, often the top metric for service desks is number of incidents resolved in the first call. Customers, however, will define success as not having to make the call in the first place. Diminished momentum ITIL can be a five-year project, and long projects are hard to keep going. You need to develop achievable goals that keep this in mind.

—Ben Worthen

TrENDLINES

by the numbers b y L o r r A I N E C o S G r o v E wA ArE

People Watching Employee e-mail and Web use monitoring is a common practice to protect against misbehavior more ore than three-quarters of respondents to a survey by Cso (a sister publication to CIo)) said their companies permit monitoring employees’ Web use, while 61 percent said their companies allow e-mail content monitoring. Chris Christiansen, vice prespres ident of IDC’s security products and services program (IDC is a sister company to CIo’s publisher), says that originally, companies monitored Web

activity and e-mail to avoid harassment suits that resulted from employee misbehavior, such as sending threatening or suggestive e-mails, accessing and distributing inappropriate information, or abusing coworkers’ e-mail privileges. But now, Christiansen says, regulatory compliance and protection of confidential information are the motivating forces. also, inappropriate use of the Internet can soak up the

company’s bandwidth, slowing or crippling communications, says Christiansen. and a leak of negative financial information prior to a company issuing its earnings reports can send stock prices plummeting. monitoring and even blocking prohibited content and company confidential information can minimize and prevent these problems. additionally, monitoring provides a log of employee behavior that can

ng w lo Ho

Best Practices 1. Review your existing employee moni-

serve as evidence if the company has to defend itself in court or provide grounds for firing an employee. While monitoring e-mail and Internet use comes with costs to buy monitoring software and to administer and review logs, Christiansen believes it’s worth the investment. the additional expenses outweigh the risks of failing an external audit, releasing confidential information or facing litigation.

retain central ar chiv do you es o f Less than 6 months

toring policies. Understand how your company’s policies for monitoring workers’ computer use are being enforced, and how often

Do not retain messages centrally

29% 6 months to 1 year

they receive information and training. Ensure that employee handbooks and manuals are up-to-date. Compare your company with peer companies and

24%

strengthen your policies if necessary.

15%

e-m ail me ss a

9% 9% 13%

ge s?

More than 7 years

4-7 years

2. Select appropriate technology. Determine the level and type of monitor-

1-3 years

ing you need before you decide which IT products to buy. You’ll need different tools depending on whether you’re monitoring all employees or just select departments, whether you’re monitoring their activity or blocking incoming or outgoing information. 3. Keep employees in the loop. Inform employees that they are being moni-

tored. Make sure your communication covers the following points: explains what monitoring entails; defines violations of Web, e-mail and IM policies; outlines how employees will be notified of policy violations; and defines the consequences of specific violations. Then reminding employees frequently that they are being monitored. “Surprisingly few employees are aware they’re being watched,” says IDC’s Chris Christiansen. If employees are aware they will be more conscious of their Web and e-mail behavior.

Source: "Surveillance and Monitoring Survey," May 2005. Based on 166 responses

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

ployee data monito ring s of em e p doe y ht s yo c i h ur W co mp an ya Real-time e-mail content monitoring llo (such as scanning Real-time content Hard disk w? for key words) monitoring of IM forensics 78%

Real-time Web usage tracking (for pornography or sports sites)

61%

46% Examination of archived e-mail/IM only

45%

40%

Real-time packet monitoring (for file types such as MP3s)

36%

11% Keystroke logging

Invest For Better Performance m A N A G E m E N T r E P o r T If your IT department’s performance isn’t up to snuff, it may be because you spend too much time maintaining and repairing your existing systems, and not enough time investing in new technologies. A global study by Accenture, “IT Investing for High Performance,” finds that among top IT organizations, 62 percent have a strategy for pioneering new techtech nologies. In contrast, most average and low-performing IT shops prefer to “fol“fol low, not lead” in technology adoption. The study says that failure to invest in IT compromises business productivity. Accenture surveyed more than 300 senior IT executives from Fortune 1000 or comparably sized companies, and categorized respondents as high-performing, average or low-performing according to how the respondents ranked themselves on a five-point scale. Those surveyed were asked to rate their current perforBetter Performance, mance versus their goals on five dimensions: Newer Tech innovation, data management, integration, infrastructure and IT operations. The highPercentage of IT departperformers (around 10 percent of responments that want to be early adopters of new tech dents) were those currently achieving at the levels sought by the entire group surveyed. High-performers distinguish themselves in how little time they spend maintaining and fixing applications. The top performperform ers dedicate just 35 percent of their time to maintenance and repair; they spend 40 percent more time integrating and building systems than their lower-performing competitors. Respondents from the lowest-perlowest-performing organizations report that almost half of their time is spent maintaining and Low-performing IT organizations fixing systems. High-performing IT organizations Bob Suh, Accenture’s chief technology strategist, believes that some problems of Source: Bain & co low-performing IT organizations are of their own making. For instance, if an IT group doesn’t spend enough time helping users define their requirements for a system, they will be stuck having to fix problems that could have been avoided if they had done more work up front. In addition, says Suh, average and low-performing IT organizations may be caught in an “austerity trap,” in which companies attempt to sustain IT service levels while maintaining or cutting IT budgets. As CIOs focus on keeping IT costs down, they are inhibited from investing in new technologies. To focus more on IT investment, rather than maintenance, Suh recommends establishing performance metrics to boost business confidence in IT and persuade executives to invest in new projects. “If [companies] choose to save money in the short term,” warns Suh, “they will face higher maintenance costs and have fewer dollars remaining to reinvest” for the long term. And then they will be unable to outperform their peers. — Cassidy Healzer

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

Movements SHARAD SAXENA Head, Corporate Technology Group, ICICI Bank Sharad Saxena has recently joined ICICI bank. Prior to this, Saxena, 43, was with Konkan railways as Chief manager – IT, where he played a vital role in streamlining its erP rollout. He helped the railways save rs 1.2 crore annually by maintaining the systems in-house. Saxena was also instrumental in upgrading its decade-old IT infrastructure to progressive systems and applications running on J2ee. Ashish Apte, previously Deputy Gm has replaced Saxena as the IT head at Konkan railways.

S NARSING RAO Secretary, IT department, Andhra Pradesh Narsing rao will now drive ICT initiatives in Andhra Pradesh. rao was earlier on deputation with UNoPS Asia, Kuala Lampur and the UNDP/UNoPS Community Development for remote Townships Project, myanmar between 1999 and 2005. He has close to 20 years of experience in development administration. rao succeeds Ajay P Sahwney, who has joined the Department of Administrative reforms and Public Grievances at the Centre.

SUNIL GUJRAL Head - Technology, Annik Technologies Formerly vP IT at Spectramind (now Wipro bPo), Gujral moves on to Annik Technologies. Sunil, in his previous avatar, was instrumental in making IT happen at Wipro bPo and was part of the core team as well. In his new role, he has taken charge of the IT infrastructure at Annik Technologies - a company competing in the Indian bPo business arena.

TrENDLINES

EXECUTIvE E EXECUTI XECUTIv vE E

Rob Austin

KEYNOTE

No Crystal Ball For IT Because information technology changes so rapidly and many users don’t understand its capabilities, it’s hard to envision what the system will look like until you build it.

Illust ration Shyam S. Deshpande

he CEO of an IT consultancy once recounted to me the blow-by-blow of a difficult conversation he’d had with a client CEO, the head of an auto parts company. It was at the midpoint of a traumatic IT project, an experience all too familiar to many of us in the industry. The remarks of the frustrated client CEO proceeded along the following lines (this paraphrasing omits many colorful “colloquialisms”): “When I build a new parts plant, I’m told how much it’s going to cost, how long it’s going to take and what it will do when it’s done. Sometimes we have problems, but the people in charge come pretty close to doing what they say they will. Even if they don’t, it’s for a good reason that I can see and understand. Why can’t I buy a new computer system that way? Why can’t I get you IT people to work like that?” It’s a good question. Why can’t IT people—whether they are developing custom software, installing an off-the-shelf package or upgrading infrastructure—work like that? As IT executives, you must have heard many variations on this theme. Maybe you’ve trumpeted the theme yourself. Shouldn’t IT involve less art and more science? Shouldn’t it be more like real engineering? Why aren’t IT processes repeatable? Why are they so immature? If a car worked the way a computer system does, goes the oft-forwarded Internet joke, you’d have a major accident three times a day and have to fix the car by switching it off and then back on. Absurd. So will IT “grow up” someday so that implementations involve the orderly, disciplined and predictable sorts of processes that we achieve in engineering and factory settings? Let me go on record here and now: It won’t happen. At least not in the way these

column rob austin.indd 30

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:44:56 PM

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

Rob Austin

KEYNOTE

The difference between a great, IT system and one that isn't, is often felt as users get a more tangible sense of how it will work. comparisons—between building a parts plant and building a computer system—suggest. It’s not as simple as that, and the idea that it is prevents us from making much-needed progress. IT is different in important ways from many other familiar domains, and it needs to be managed differently. Until we make adjustments to our management processes and explain them satisfactorily to our customers, we’ll continue on a treadmill of high failure rates and frustrated clients.

You Can’t Always Know WhatYou Want Ask an experienced manufacturing engineer from the above mentioned auto parts company what he wants a new parts plant to do, and he will likely be able to provide hours of detailed description. He’ll have a tangible, physical sense of the specifics. But ask the same engineer what he wants from a new IT system, and you’ll get a different reaction: You’ll get ideas, but they won’t be as specific or as extensive. This is not the engineer’s fault. It’s a consequence of the essential characteristics of IT systems. Because IT systems and technologies change rapidly, often even as the systems are implemented, it’s harder for the engineer to stay versed in the possibilities that a new IT system represents. But this isn’t the most serious challenge the engineer faces. Even more formidable is the uncertainty that arises from the engineer’s inability to envision the new system or the new business process that might result from its installation. He knows the existing system well and may have general ideas about directions of improvement. But asking him questions about the specifics of a hypothetical, intangible, future system that may be radically different from the current system—well, it would be surprising if this were not a difficult, even deeply troubled, process. In classic IT terms, important “requirements” are often not discernible in advance. If this statement sounds wrong to you, try on the alternative—that it’s always possible to discern all the important requirements in advance, regardless of the size and complexity of the system and the rate of technological and business change. When Cisco successfully implemented an ERP system in the early ‘90s, no one realized it would also need to add a sales support system, until the sales force began to get a tangible sense of what the ERP system didn’t include. The resulting midcourse adjustment, which greatly expanded project scope, was crucial to success. Go ahead and argue, if you like, the largely theoretical point that Cisco could have foreseen this difficulty. The fact is, unanticipated problems (and opportunities) will arise during a project. Any management approach that assumes otherwise is unrealistic. Indeed, what makes a system great in the end, usually, is not just that it satisfies requirements that were known in advance. The difference between a great, value-adding IT system and a clunky dog that 32

column rob austin.indd 32

everyone hates is often in the details that are discovered along the way, as the system is implemented and users begin to have a more tangible sense of how it will work. Most of the machinery of modern management is directed toward making sure that we build the system right. Our processes for defining requirements, assigning resources, estimating completion timing and managing compliance with milestones are all aimed at building the thing right. All these processes presume that we already know what the right thing is. But, of course, we don’t in IT. In IT, we are almost always figuring out what the right thing is while we are building it. This is a direct consequence of the nature of the final product—changeable and rapidly changing, intangible and difficult to foresee, presenting problems and opportunities that can be discovered only as the product nears actual use. The problem in IT is not just building the system right but also building the right system. And the latter problem is harder than the first. Building an already well-understood product is a matter of complying with a plan. Figuring out what that right thing is—well, that’s a matter of problem-finding, diagnosis, creative problem-solving and experimentation, all in real-time. Cisco knew the project would require midcourse decisions and changes, and that this would involve far more than just following directions. Because IT products have special characteristics, we won’t get it right the first time. We can’t. Enforcing a “get it right the first time” ethos will primarily cause people to hide the important problems discovered on the front lines. Instead, these problems will be encountered when they become so severe that they cannot remain hidden. This is where the most spectacular project failures come from. Even if you avoid spectacular failure, you may succeed only in implementing the system you initially thought you wanted rather than one that you’ve since discovered would be much better. So where does this leave us? More important, what can be done about it?

Managing a New Kind of Work There’s a company called Despair.com that sells parodies of those inspirational posters that line walls at many companies. You know the posters I mean (a beautiful photograph of, say, a mountain climber, with an inspirational word such as “Achievement”). One of my favorite Despair parodies shows a close-up of a boxer taking a brutal punch, with a message that says, “Agony: Not all pain is gain.” I refer participants in my executive classes to this poster because I think it conveys a message: When requirements are uncertain, some expenditure of time and money buys you only learning, not progress toward milestones. If you’re not sure about what will ultimately work, you have to learn simply by doing. Like the boxer taking a punch, we may find this learning painful. But the pain is not an indictment of the process (unless it happens so late that there is little you can do about it). Pain in an uncertain process is inevitable, and if there’s going to be pain, you want it to happen sooner

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:44:56 PM

rather than later. If we adopt this philosophy, the changes we need to make in how we manage IT projects fall into two broad categories: financing and project management. Financing: You can’t finance an IT project the way you do a parts plant. Buying a plant or a piece of equipment that you understand well is not the right model. A better model comes from venture capitalists (VCs). Wisdom from that industry suggests that you need to budget for uncertain activities (such as IT projects or new business ventures) incrementally. If an entrepreneur wants Rs 43.5 crore (US $10 million), the VC says, “How about Rs 1.3 crore (US $300,000) to get you started, then come back and talk to me when that runs out. Bring something to show me, and we’ll discuss further investment then.” By allocating funds this way, a VC preserves the right to invest further or abandon, and controls risk. If all goes well, the next investment might be Rs 3.48 crore (US $800,000), the one after that Rs 13.06 crore (US $3 million). The eventual total may even add up to more than the initial Rs 43.5 crore (US $10 million), but it will entail much less risk than a single, upfront investment. Project management: This part will seem more familiar to IT managers. To match the structure of incremental investment, projects need to be structured iteratively, divided into discrete chunks (preferably prototypes with increasing amounts of functionality) that can be showcased in discussions about additional investment. This doesn’t necessarily mean working systems at every stage. When Cisco implemented its ERP system, using what it called “rapid iterative prototyping,” it created detailed paper accounts of how the system would work early in the project, before the system could be up and running. Because these paper prototypes were very detailed, the company experienced pain sooner rather than later. Cisco took its punches early and learned enough from them to bring the project home successfully.

How to Avoid a Knockout Punch My recent conversations with CIOs tell me that people are coming around to this approach, even if we lack vocabulary and frameworks to make this way of working seem as rigorous as traditional project approaches. But it is rigorous, or can be, and customers can learn to like working this way. That doesn’t mean embracing a new way of working will be easy. There are institutional problems and traditional expectations that get in the way. But the alternative to moving in this direction is to continue perpetuating the fiction that every dollar will provide progress toward the finish line. Managers who won’t allocate a cent to learning, who insist that IT ought to “know what they are doing”—they’ll learn, but in the most expensive way possible. They might even experience a knockout punch. CIO

Rob Austin is a professor at Harvard Business School and chair of the school’s CIO Executive Education program. He’s coauthor of Artful Making: What Managers Need to Know About How Artists Work. You can reach him at raustin@hbs.edu. Please send your comments to editor @cio.in.

column rob austin.indd 33

11/27/2005 12:44:59 PM

Patricia Wallington

Total Leadership

The Off Switch Leaders need to think, and you can’t do that if you’re always on—on call, on duty and on guard

Illust ration s Shyam S. Deshpande

enjoy exercising on a treadmill, even though I know that no matter how fast I go or how long I run, I will end up in the same place. At least I have the consolation of being more fit and healthy after my exercise. If only the same were true of the leadership treadmill. We run from the break of dawn until the stroke of midnight, instantly available to one and all. We are exhausted physically and mentally. We have taken no time to think strategically about the future, or even to reflect on the short term. As a result, we are depleted—that is, less focused, less energetic, less decisive—as leaders. We have to get off the treadmill, or else we’ll be unable to see our priorities, facilitate results and enable the development of our people. There are a variety of phenomena that have driven us to this state. Economic pressures, once cyclical, have been an ever-present part of business for at least the past decade. Meanwhile, technology has had an impact on the pace of our days. Cell phones and BlackBerrys have increased our mobility, but they also pressure us to respond to every little thing. I once heard a presentation about a phone system that can get a message to you by any device. I thought, Great, now we can have a corporate version of hide-and-seek! Whether we gain productivity or lose it depends on whether we use technology to enhance our lives or allow ourselves to be abused by it.

Stop Running You know you’re stuck on the treadmill when “irritated” defines your attitude. Your work suffers. You rush through budget preparation, and must do it over when it doesn’t 36

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

column Total Leadership.indd 36

11/27/2005 11:01:08 AM

Patricia Wallington

Total Leadership

meet corporate guidelines. You have systems that never met business needs because requirements planning was given short shrift. Eventually, your people lose any sense of when a task is urgent, and they discount the importance of activities that never seem to be completed. Time-pressured decisions (and the behavior that accompanies them) will erode your effectiveness and your sustainability as a leader. Yes, the world seems to demand a short-term focus, but at the same time, we are expected to deliver the results of long-term thinking.

Start Getting Somewhere Your health, your peace of mind, maybe even your job are at stake—unless you get control of your life. When children are young, we discipline them with “time-outs” in the hope that they will reflect on their behavior and change their ways. We may need executive “time-outs” to gain the distance needed to rediscover or reevaluate what is important in our lives. We rarely take time off for good behavior. But taking a long vacation, as much as it rejuvenates you, won’t keep you off the treadmill once you get back to the office. You need to give yourself regular breathers during the workweek to remain an effective leader. For instance: I remember a time when my job required me to lead my organization through a major change. The effort to keep everyone focused on getting results in this environment was intense. And I needed to be in the office to do it. But as a member of the executive team, I was expected to attend events that required travel or out-of-office time. After a fair amount of agonizing, I finally told my boss that I was going to limit the number of executive events I attended until the organizational change secured its own momentum. I missed out on some enjoyable events and on relationship-building opportunities, but visibly leading the organization through a difficult transition was the top priority. Establish quiet times. You should have one day a week without meetings, and you should ban cell phone calls or instant messaging during certain hours. Delegate. Figure out which decisions really need your personal engagement. Let someone else handle things that do not absolutely require your participation. One way I was able to enjoy vacations was by appointing someone to sit in for me while I was gone. They had the authority to make decisions—and my commitment to live with those decisions. Not only was this great for an uninterrupted vacation, it was also a wonderful developmental tool for my staff. Telecommute. Try to work at home one day a week. You will be amazed by how much you can get accomplished without constant interruption, whether you’re clean-

Give your people the time off that you are trying to wrest for yourself. Don’t demand that they be always on or reward them on that basis ing up the stuff you never get to or preparing a difficult presentation. Obviously, you have to set rules about interruptions. (My assistant knew to call me if a customer wanted to reach me.) If there are no such rules, you may as well be in the office. Set an example. Close the 24-hour emergency room that instant communication enables. Tell your direct reports to use your cell phone number only for true emergencies. You may have to redefine what constitutes an emergency. Once, I pressed my boss for a quick approval because I hadn’t built into my plan sufficient time for him to evaluate my proposal. He told me, “Your lack of planning does not constitute an emergency for me.” I never forgot this. Then, give your people the time off that you are trying to wrest for yourself. Don’t demand that they be always on or reward them on that basis. Your staff will emulate your behavior, because they will assume that what you do is what you value. Coach them in creating a similar environment among their own teams. Soon, everyone in your IT organization will be more productive, more responsive to business needs and enjoy a more balanced life.

Stay the Course The next challenge will be to avoid going back to the behavior that caused the burnout. There will be the saboteurs—a customer, a boss or someone under you who likes to delegate decisions upward—who will want the Type A person back. When you’re tempted to revert to your fire-fighting ways, listen to these lines from Clint Black’s song “Haywire”: “Downloaded, overloaded—my computer knows where I am. World’s gone haywire, and the wire is getting long. Hanging on to nothing.com.” This will inspire you to stay the course. CIO

Before retiring in 1999, Patricia Wallington was corporate vice president and CIO at Xerox. She is now president of CIO Associates. Send feedback on this column to editor@cio.in.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

column Total Leadership.indd 38

11/27/2005 11:01:09 AM

A FEW GOOD M

Recruit. Groom. Retain. Three words that haunt many sleepless CIOs. Discover how systems and processes, leadership by example and a personal touch can help bring in fresh talent, nurture successors and keep staff motivated.

BY Vijay Ramachandran & Rahul Neel Mani

A black SUV grinds to a screeching halt and four hoodlums jump off. They drag a screaming lad in broad daylight and dump him into the back of the vehicle. The camera follows the disappearing SUV as the message from one of India’s largest IT education institutions flashes across the TV screen: 6,00,000 IT jobs – not enough… aptly summarizing the shortage of good IT professionals in the country. For most CIOs, it’s tough enough hiring good people for internal IT teams- forget keeping them charged to go beyond normal limits. So, how does an IT leader build a second line, when it is such a struggle to retain current team members? How can one prevent staff burnout in the midst of demanding workloads? Which is more important—management or motivation? To find answers to some of these questions, we spoke to a trio of IT leaders and obtained their perspectives on staff management. As you will see in the following pages, each of them offered a unique approach. Apart from this in-depth view, we also decided to undertake the largest ever, onground, survey of IT leaders and explore a critical domain—the staffing scenario in the country. The CIO Indian IT Staffing Survey 2005 administered by CIO magazine, cov40

cover story.indd 40

ered 480 senior IT executives across India, through the research agency IMRS. We reveal the key findings in a graphical summary on Page 50. Many CIOs responding to the CIO Indian IT Staffing Survey 2005 said that staff attrition does weigh on the minds, though they feel that their teams do not experience high levels of stress. Forty-seven percent of the respondents said that retaining needed skill sets was their topmost concern, and followed that up by stating that hiring new talent was another major focus area. In addition, almost 60 percent were clear about the reason they feel that their staff moved on to other organizations – better remuneration. Though financial incentives like ‘rewards’ or ‘stock options’ to motivate or retain staff

are backed by many CIOs, it’s a non-financial motivator — IT training – that emerges as one of the more popular ways to keep staff happy and full of beans. As IT leaders seek to better align the IT function with the business goals of their organizations and foster a secondline of leadership, they are looking for people with a variety of business-oriented skills. Twenty-four percent told us that project management is the most desired non-technical skill, while 15 percent think that finding good communicators is just as important. We hope the perspectives of veteran IT leaders and the results of the CIO Indian IT Staffing Survey 2005 will help you build your unique winning formula to managing your staff.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:48:06 PM

D MEN

KEY FIndings from the CIO Indian IT Staffing survey 2005 Page 56

The Process Approach Page 42

The Championing Approach Page 46

The People Approach Page 52

www.cio.in | N o v e m b e r 1 5 , 2 0 0 5

cover story.indd 41

11/27/2005 12:48:09 PM

s. Gopalakrishnan deputy md, Coo and head â&#x20AC;&#x201C; Customer services & Technology of Infosys uses systems and processes to manage IT staff and marry their priorities with the companyâ&#x20AC;&#x2122;s strategic objectives.

Staff Management

The Process Approach

ImagIn g by b Inesh sreeDharan

Ph OTOs by s rIvaTsa s hanDIlya

Managing human resources is a people business, but at Infosys it’s done in a systematic manner with metrics in place.

Infosys icon, N.R. Narayana Murthy sums up his view on employees aptly: “Our assets walk out of the door every evening. We have to make sure that they come back the next morning.” Those assets were valued at Rs 28,000 crore at the end of the last fiscal. And, every evening a tad over 46,000 employees troop out of the campuses of Infosys, unattended. Yet, the custodian of these vital assets is not a worried man. He banks on sounds systems and processes that will ensure they return safely to work the next morning. S. ‘Kris’ Gopalakrishnan, the man in charge, has it all figured out. “In the ultimate analysis it is a people business that is done in a systematic manner with metrics in place” says the Deputy MD, COO and Head-Customer Service & Technology of Infosys, consistently ranked one of India’s 'Great Places to Work'. The management of human assets at Infosys is a science in itself. At Infosys, the process of attracting and managing people starts very early indeed. They believe that ‘recruits’ – their knowledge, their commitment and their passion - will make all the difference in the final outcome and therefore focus on building strong equity with the sources of their recruitment, too. The HR team works closely with academic institutions, helping with training programs and sharing courseware with them. They are careful to position the company and showcase the work it does. The result: over 10 lakh applications across all levels last year. Yet, despite this seemingly massive talent pool to choose from, getting people to staff its close to 800-strong internal IS team is not easy. Gopalakrishnan candidly admits that given a chance, few would work on just internal projects as they believe working on client projects is more challenging. But Infosys has a strategy to counter thatmythandemphasizes thatallinternal projects willuse only cutting-edge technology. “We take risks. Doing IS then means getting to experiment with the latest technologies. That’s one way to attract talented people,” says Gopalakrishnan. “We also foster the feeling feelingthat that internal customers customersare are more demanding demandingthan those

outside. IS is then seen as being more challenging so people get more opportunities to showcase their opportunities,” he argues. Unlike many organizations, Infosys has split the Information Systems function between IS, which manages all the applications, and the Computers & Communications Division (CCD), which deals with the infrastructure, security, databases, the Intranet and website. The skill sets required for the two vary widely but Gopalakrishnan looks for some common traits when selecting candidates for either function. His ideal candidate must have a passion for technology, be a quick learner and have a structured approach to problem solving. But above all he looks for people who will work closely with users and internal customers. “As we go higher up the scale, we obviously look for specific technical skills or project management abilities,” he adds. Learning at Infosys is a continuous, integrated process, to match available skills and abilities with its business requirements. At the entry-level, it takes the shape of a 14.5-week intensive program, which is a mix of technology and foundation courses and a group project. Inductees with experience undergo an orientation at the Infosys Leadership Institute (ILI), Mysore. The organization also prescribes 10 days of mandatory training every year for all employees. Of the 10, seven days are devoted to technical courses about new technologies, methodologies and processes, and the remainder deal with soft skills like communication, people management and leadership training. Training programs also focus on helping IS staff better understand business and finance issues. Infosys ensures that people do indeed attend the training by making it part of the appraisal process—a person’s future role determines the level of training and certification. The Education and Research department then looks at the requirements on an online system and launches the appropriate courses. “Because it’s linked to role changes and promotions there’s an incentive for the individual to take the training, since they know that if they don’t do so they may not be considered for promotion,” Gopalwww.cio.in | N o v E m b E r 1 5 , 2 0 0 5

Staff Management

akrishnan points out. Budgets too, build in costs to make sure that people have time allocated to undergo training. Just as there is a formal structure for training, so also there is one for feedback and appraisals. “The challenge is to make it as objective as possible. You need to give constant feedback, and ensure that the person being evaluated feels that there is appreciation for the work done and that the feedback indeed is correct. We are trying to create a systematic way of providing feedback on an ongoing basis, so that the individual can see in a transparent way where they stand with respect to their peers. This makes sure that there are no surprises when the appraisal happens and helps create a high-performance work environment,” shares Gopalakrishnan. He is quick to point out that performance appraisals can be easier for senior people in the organization when deliverables are clear and measured on targets such as revenue or margins but it’s the lower levels that pose a much greater problem. That is why it necessitates a system to ensure a fair and transparent evaluation. The appraisal mechanism also seeks out potential leaders. “We start by proactively looking for those with potential to be successors and go on to develop them. We detect gaps if any, and fill them in with training and mentoring,” he says. Potential leaders get more personalized training and the ILI takes on their responsibility to create training plans. A ‘Leadership Competency Model’ evaluates and trains selected candidates on issues such as performance focus, interpersonal effectiveness, partnering with customers and succession development. “For each of these leaders, a mentor is identified within the organization. Tier 1 leaders are mentored by someone at the Board level, Tier 2 leaders by Tier 1 and so on. An ILI counselor is also assigned to facilitate mentoring sessions, give feedback and makes sure the participant follows through and takes the training. It is a formal process,” Gopalakrishnan stresses. He also emphasizes the need to set expectations of these leaders properly to avoid complications in the future. To keep the IS department and its staff on the ball, Gopalakrishnan looks to marry their priorities with the company’s strategies. “Someone from the IS team is always part of the strategic planning process and almost all major initiatives. This helps them figure out what is being done and why. They in turn provide feedback on timelines and feasibility. This guarantees that when it comes to handing over a project for development the IS department gets the bigger picture—the history, the justification, who the users are…,” he says. As an example, Gopalakrishnan points to the visa system where IS has brought down the time taken from 3 months to just 20 days. The entire process has been automated, so that the moment someone joins a trigger is generated for the submission of credentials and marksheets rather than waiting till they are ready to apply for a visa. Once a person is chosen for a particular visa, the system automatically tracks and makes sure that the papers are in place, the visa form filled electronically and the Finance department 44

cover story.indd 44

Dealing with the Challenging Employee By John Baldoni

Consider what is causing the problem. (Is it the employee, or is it the situation?)

Ask the employee why he/she is having a problem. (Look for ways to provide assistance.)

Focus on behavior, not personality.

4. Be specific in your criticism. (Provide

specific examples of what the employee can do to improve.)

5. Set expectations. (Give one assignment with a firm deadline.)

6. Review performance and repeat process.

(How often you repeat the cycle depends on your patience and the demands of your organization.)

John Baldoni, is a leadership communications consultant and is the author of five books on leadership.

flagged to issue a cheque. Every step can be tracked online and has resulted in reducing the cycle time. Gopalakrishnan explains: “From an IS perspective, we have complete ‘traceability’ of our strategy into our investments in IT, the projects undertaken, and the value delivered. Every project that IS does today is linked to one or more of the company’s strategies. Also, we look at what improvements they’ve been able to make.” Undoubtedly, the nature of its core business—IT services —gives Infosys an edge in retaining IT staff as opposed to other industry verticals. The obvious carrot it offers to its IT staff is role rotation between the IS team and client projects. CCD staffers also get a shot at this, as Infosys now has an infrastructure management practice where it manages its clients’ networks from India. “In turn, we also encourage those on projects to come and work in IS,” Kris points out. Infosys’ evolution plays a big role here, since the department was started with people from client projects before the need was felt for a dedicated cadre. Curiously, with so many systems and processes in place, Gopalakrishnan doesn’t believe in the need for a system to balance work-life issues. “I believe that an organization can only enable this or create an environment for it. Work-life balance has to be managed by the individual. We encourage people to use technology to work smarter and better. We encourage people to do volunteer work. But, ultimately a person has to manage time. If they do not do that properly, they are going to feel stressed out,” he concludes rather matter-of-factly.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:48:15 PM

Ad -Polycom

cover story.indd 45

11/27/2005 12:48:15 PM

Staff Management

The Championing Approach Titan, the world's sixth largest watch brand, has seen the cause of its IT staff pushed across departments.

Deepavali is a time when most Indians would be elsewhere rather than in office. Yet the 40 people that comprise the IT team at Titan Industries spent the festival of lights this year working feverishly to reorganize their IT infrastructure and keep their servers ship shape. They slogged for four days to get everything in order before the rest of Titan’s staff returned from the holiday. Titan CIO, N Kailasnathan, credits their intense motivation levels to their passion for technology and immense pride in their work. He also believes that extra-high levels of motivation can be developed by team leaders, and contends that a CIO’s passion, energy and vision need to rub off on his team. “It is a virtuous cycle. A CIO needs support from his team. In addition, team members should believe in their abilities to deliver the goods. Nobody likes to work in functions that are not rated highly,” he says. His method involves convincing senior management that IT adds value to business. “When investments and approvals go through smoothly, it adds to the CIO’s credibility and boosts team morale. They feel that they are part of a function that creates value,” he states. CIOs who stick to support roles will definitely not have motivated staff, reckons Kailasnathan. “Kailasnathan’s efforts in building bridges with senior management have led to IT being treated on par with other frontline departments,” points out C.S. Ramesh, who heads IT operations at Titan. “IT is a specialist function and contributes to the organization in a big way. However, it existence only to support business and not to drive it. One must be customer-focused and establish rapport with as large a number of people in an organization as possible. A CIO has to drive this activity,” Kailasnathan explains. In a growing organization, the Titan CIO feels that it is part of an IT leader’s role to widen the scope of the IT func func46

N o v E m b E r 1 5 , 2 0 0 5 | www.cio.in

tion. Team members look for continuous improvement, though over 50 percent of their time goes into support activities. He relies on interesting projects and new applications to keep IT professionals keen. Such increased opportunities also translate into fostering a good second line of leadership. “I appreciate that while he gives me support, he also gives me the freedom to operate. This keeps me charged,” vouches Ramesh. However, leading the IT function of a non-IT company, especially in Bangalore, a city that represents the frontline of India’s IT services boom, is not easy. Poaching by IT services companies is a real threat. Recently, a software firm took 15 people from Kailasnathan’s team. He comments wryly that the situation used to be worse about three or four years back. “If it’s a matter of compensation, we don’t stand a chance against software houses. Still, there are people who are looking for the kind of opportunity that an organization like Titan provides. They are able to ‘own’ a project from concept to completion, interact with end-users and see that the project delivers value and benefits to the organization,” he contends. He feels that in an internal IT organization, the role that managers play is a key factor in dealing with attrition. The Titan CIO is convinced that as long as his core team of managers stays in place, turnover at a lower level will have minimal impact. However, he is concerned about the possibility of the core team—those who handle key functions, applications and users—shipping out. Fortunately, he says, most of the churn in Titan has been at a level where replacements are not a major problem. Outsourcing might be an answer to tackle attrition. “Outsourcing is good, because one need not invest in certain skill sets. Low-end roles like facilities management are easy to

n Kailasnathan, CIo of Titan Industries believes that the success of an internal IT function depends on people and how you manage them and not on cutting-edge technology.

Staff Management

outsource, so also high-end skills (like HP OpenView or Checkpoint firewalls) where training and retention may become an issue. But, outsourcing comes at a price, so we aim to strike a balance between what to outsource and what to keep internal” says Kailasnathan. Another solution lies in building a cadre of key users, who can move into an IT function. “One category of people available to any CIO is users who support ‘end’ functions as anchors, and thus know the functions of the applications. Bringing them around and making them part of the team is not that difficult. Otherwise, we would have to start from scratch each time and have a recruitment process that year-on-year brings in trainees who mature over a period of time,” he says. In companies like Titan, where interaction with endusers on a functional level becomes necessary, it makes sense to deploy internal resources, he says. “They not only have the domain knowledge but also have established their credentials amongst their peers. Bringing in persons from outside requires them to first be accepted within the organization,” he states. Unlike many CIOs, Kailasnathan does not look upon training as part of a retention plan. “Training must serve a purpose. Normally the application decides the technology and that in turn decides the training. In any case, domain expertise can be learned only on the job and not from any course,” he points out. While IT is viewed as a critical function, it is still just one of the functions that make up Titan. To get HR to go out of the way to do things is not easy. It is up to a CIO, he says, to convince HR that IT is a high turnover function and therefore salaries need to be tailored. “I can’t assume that I alone am best suited to judge the value of my people. Also, the HR department has to take a holistic view of the organization not just one department. It depends on how progressive an organization is. For instance, at Titan we do a compensation survey every year or two. We benchmark against similar organizations, and make suitable adjustments,” he states. Kailasnathan, the true champion of his team, recently convinced Titan to review the roles performed by the IT team and map them against corresponding functions in IT services and consulting firms. For instance, the HR Department was asked not to look at a person as ‘Assistant Manager – IT’ but as a ‘Project Manager’ or a ‘Consultant’ and evaluate accordingly. Given this progressive approach, Titan's IT team will, no doubt, not mind sitting in next Deepavali as well.

cover story.indd 48

Reasons Why IT Leaders Fail 1.

Poor Interpersonal Skills

Self-Centeredness

Failure To Acknowledge Problems

Untrustworthiness

Weak Management Skills

According to a recent study from the Cutter Consortium, leadership failure comes down to a basic inability to connect with and get along with other people. In sum, the main cause of leadership failure is a lack of emotional intelligence. The study’s solution for avoiding failure is straightforward but not appealing for would-be leaders who lack soft skills. Because emotional ability and interpersonal skills are not easily learned, it recommends that companies screen for people who have those abilities—and keep those who do not off the leadership track.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:48:21 PM

Ad -Toshiba

cover story.indd 49

11/27/2005 12:48:21 PM

maruti udyogâ&#x20AC;&#x2122;s Chief General manager â&#x20AC;&#x201C; IT, Rajesh uppal, makes sure everyone knows when a team member has done something remarkable.

Staff Management

The People Approach

A unique personal management style ensures that IT professionals at Maruti Udyog continue to buzz with energy

You might find it hard to spot him if you just stepped into Maruti Udyog Limited, India’s largest automobile manufacturing company. Seated with of the rest of his team, blending in perfectly with a drab grey uniform, is Rajesh Uppal—the man responsible for ‘all things IT’ at this mammoth manufacturing facility. His cubicle is just another of the several dozens in the area— while his spacious, designated cabin remains empty a few yards away. “Maruti believes in an open culture. No one seeks appointments within the company. We wear our uniforms not because discipline is forced on us but because it reveals that we work in an organization where equality and transparency are paramount,” says Uppal, humility personified. Now 45, Uppal has dedicated his last 20 years to Maruti and is eager to share the ‘Maruti Way’ of life, including their method of developing IT talent. He reveals that Maruti prefers to recruit fresh graduates and put them through a rigorous nine months of training in various projects. Apart from technical orientation, the program includes personality development, team building and leadership skills. On successful completion of training and clearing various tests, these young and eager recruits are inducted into the core IT team. However, with the Indian IT Service industry on an upswing, it is becoming a daunting task to recruit, groom and retain a talented IT workforce. The opportunities in the IT services sector are simply overwhelming when compared to other verticals. “When I can get even one person to consider my offer, it’s a big win,” says Uppal. At senior levels the task is far more challenging. “My expectations for quality and experience, technology skills and business domain expertise remain unfulfilled. For instance, they need to appreciate what ‘just-in-time’ inventory is all about or how shop-floor tracking

of vehicles is performed,” Uppal observes. Therefore, he works doubly hard to provide members of his IT staff a good growth path, the freedom to work and invent in a first-rate work environment. When the authorities hauled up Maruti Udyog Limited for obstructing traffic because of the huge number of trucks queuing up to offload auto parts, Uppal and his team jumped in with an incredible IT solution to make the queues disappear and prove that they thrived on the freedom to innovate and experiment. The 50-strong team is now busy developing a voice-enabled system to help workers on the shop floor assemble vehicles with zero errors. Mahesh Kumar, who serves on the IT team, observes that the manufacturing sector does not really need high innovation in using IT. “It’s only due to Uppal’s constant morale boosting that the IT team of Maruti treats work differently,” he concludes. Uppal is quick to outsource the run-of-the-mill jobs and earmark specialized work for his team. “I always put my people in new and challenging projects in line with their skills and talent. They grow with time and become very useful resources for our company. We provide a lot of freedom for people to experiment and learn new things because we are not tied to any single technology platform. If the process is good, innovative and can benefit the company, my boys are free to experiment and prove it in real life,” he states. Uppal explains that it is his duty to match the aspirations of all his employees with the opportunities available at Maruti. “I ensure that everybody continues to learn so that people don’t become complacent or struck in monotonous jobs. We nurture their aspirations to grow in this company and also prepare them for challenges outside Maruti,” claims Uppal. His team takes pride in having implemented some spectacular projects, including India’s largest dealer management system and wiring the shop floor into the ERP system. www.cio.in | N o v E m b E r 1 5 , 2 0 0 5

Staff Management

According to Neeraj Ruparel—at present working in Cap Gemini Ernst & Young—the philosophy of providing challenging assignments worked as a great incentive and those who were put through the grind came out as much stronger professional. He was associated with Uppal for three-and-a-half years as Deputy Manager in Maruti’s IT Strategy team and gives credit to Uppal for adopting this approach. Though industry attrition rates are high, Maruti’s IT Department gets away with an annual churn rate of just 15 percent yearly. Because the IT team is more vulnerable to attrition than the production team, Uppal has pushed to make the norms of promotion and growth for his staff more flexible. He also ensures that Maruti’s HR Department trains them in soft skills while he personally manages technology training for his people. Moreover, in any crisis Uppal is always on the front-line to champion his team. “Unlike a typical CIO, he is transparent, and practices a consensus model to resolve a crisis. He would get us all into a conference room and debate the critical issues causing the problem. In case of technical glitches, his first move is to solve it himself or else direct people to experts who have the best solutions,” says Ruparel. Interestingly, Maruti makes it mandatory for all recruits to execute a three-year bond, with a penalty of Rs 50,000 if they leave in the first year, Uppal is quick to defend its purpose. “The bond is not to imprison them. Rather, it gives them a stable platform to build their future on,” he explains. A part of Uppal’s management technique is to find the smallest of reasons to acknowledge members in his team. “In monthly meetings, we always get personal accolades and appreciation from our boss. Whatever the company does is a part of our package but what Uppal does for us is very unique and welcoming,” says Kumar. “There are three vital ingredients to keep a team motivated and happy that also helps to contain attrition— communicating effectively, personal counseling and recognizing remarkable achievement,” says Rajesh Uppal as he shares a small, interesting statistic: IT staffers at Maruti spend an avergage of four to five years in the company before considering any external opportunity. CIO

You can reach Editor Vijay Ramachandran at vijay_r@cio.in and Bureau Head – North Rahul Neel Mani at rahul_m@cio.in

cover story.indd 54

Ways to Develop Highly Successful People

MetLife CIO Steve Sheinheit’s keys for cultivating talent

Mentoring Relationships—essential

to developing leaders in a company, whether the relationships are formal or informal. The people who grow in any organization and aspire to higher positions generally have had mentoring relationships throughout their careers.

2. Cross-Organizational Assignments—

experiences that go on outside of a person’s specific job role. IT staffers need to appreciate the importance of networking with people across and outside IT, because you never know what the next assignment will be.

3. Outside Associations—with any

number of organizations, whether industry-related, research groups or educational associations. What’s important is that employees are getting an appreciation of the outside world.

4. Enterprise View—broadening

employees’ perspectives as they go up the ranks. Incentives for establishing an enterprise view are important for job effectiveness.

5. Committee or Governance Board—

participation broadens IT staffers’ enterprise views and shows them the dynamics of governance and how things get done inside a company.

6. Job Rotation—crucial because an

employee in a job for a long time tends not to develop as effectively as someone who moves across different roles and responsibilities.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 12:48:30 PM

Ad -Interface

cover story.indd 55

11/27/2005 12:48:30 PM

On ATTRITIOn... i

sTa s T FFIng Ta ng SURVEY

2005

Top CIO Concerns

The Money Motive

What is your biggest staffing-related apprehension?

What is the primary reason cited by your staff when they quit?

Finding/ hiring needed skill sets 23%

Stock Options 10%

Dissatisfaction with Companyâ&#x20AC;&#x2122;s overall Performance 3%

Retaining needed skill sets 47%

Candy is Dandy but Training is Cheaper

Fitness Center 5%

The Pink Slip Watch Did your organization lay off any of its IT staff in the past six months?

Others 1%

Yes 32%

Employee Rewards 19%

Compensatory Leave 14% Hiring/ staying bonus 9%

No 68% Flexible work hours 13%

IT Training 23% Stock Options 16%

N o v E m b E r 1 5 , 2 0 0 5 | www.cio.in

Others 7%

Salary / Compensation 59%

47 percent of the CIOs surveyed said that retention was their primary concern. Hiring fresh talent came in second.

What benefits do you offer to motivate and / or retain IT staff?

Monotonous work 11% Dissatisfaction with Subordinates 10%

Low morale / Motivating staff 12%

Funding IT training 2%

The CIO Indian IT Staffing Survey 2005 is the largest ever, on-ground, survey of IT leaders in the country. Covering 480 senior IT executives, it explored the personnel scenario and was administered in association with research agency IMRS.

Preventing burnout 16%

On GROOMInG... Seeking Soft Skills What do you view as the most in-demand non-technical skills? Project Management

24%

Communication Skills

15%

Interpersonal Skills Analytical Skills

13% 12%

Domain Knowledge

Others

Anand Sengupta CIO of Daikin India

10%

Team Building Business Acumen Fiscal Knowledge Vendor Management

There's more to finding the right recruit than a smile and a handshake. We polled a few IT leaders on the favorite questions they like to ask candidates.

9% 8%

Are you interested in learning while working, and what are the areas that you are weak in?

4% 4% 1%

Developing the Soft Side

Alagu Balaraman

What methods do you use to instill these non-technical skills? Individual Mentoring In-House Training Job Rotation

13% 11%

E-Learning

10%

Executive Education

Others

What is it that you read to enrich your knowledge?

18%

Third Party Training

Formal Mentoring

VP and CIO of Godfrey Phillips: 26%

Avinash Arora Director Information Systems of of New Holland Tractors India:

7% 3% 1%

What is your readiness and expertise to work on the current IT set up that New Holland Tractors India has implemented?

Training emerged as the most popular way to keep staff happy and full of beans. 23 percent gave it the thumbs up.

C.R. narayanan IT Head of Alstom Projects India

How long do you think you would continue with this job if selected? Are you ready to sign a bond?

Honing the Hard Edge What methods do you use to instill the most in-demand technical skills? In-house Training

29%

Third Party Training

20%

Certification

18%

Job Rotation E-learning Formal Mentoring Rewards Others

12% 7%

Hilal Khan IT Head of Honda Cars India:

Do you look at IT as technology or as a business enabler?

7% 6% 1% www.cio.in | N o v E m b E r 1 5 , 2 0 0 5

VIEW

Anand Mahindra, Vice Chairman & MD, Mahindra & Mahindra did not hesitate to invest Rs 40 crore a decade ago, on a project that made M&M the single largest SAP-NT site in the world. Yet, to him, that and other IT investments since, are but a means to an end— to be a Customer Centric Corporation.

from the TOP

Driving a Customer Agenda

This is the first in a series of interviews with CEOs and other C-level executives about the role of IT in their companies and what they expect from their CIOs. In the next issue Brian Tempest, CEO & Managing Director, Ranbaxy Laboratories

view from the top.indd 58

By Rahul Neel Mani

Think Mahindra & Mahindra (M&M) and the mind conjures up visions of rugged four-wheel drive vehicles taking on the ravines of the Chambal or negotiating the cratered, quasi-lunar landscape of Bangalore’s roads with equal ease. But the man behind the wheel of this large conglomerate with diverse interests that encompass vehicles, farm equipment and finance related services amongst others, wants M&M to be better known as 3C—a Customer Centric Corporation. Anand Mahindra, Vice Chairman and Managing Director of M&M views IT as the enabler of this vision. His arguments are realistic—of what use is IT if a tractor remains idle for a full day as the farmer waits for spare parts? “When IT doesn’t work I don’t have to make any hue and cry. It’s the customers who react to it adversely. My role is to

amplify customer concerns. Everything else then falls in place automatically,” he explains. We asked Mahindra to elaborate on his vision of IT as a strategic enabler.

CIO: How do you evaluate the role of IT as M&M moves closer to the ‘3C’ goal? Anand Mahindra: I remember when I joined M&M, we were still a company using age old IT gear. Although we had outgrown IBM 1401 machines, we were still stuck with AS400s. The company wasn’t working on a distributed com-

N o v e mb e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 10:47:09 AM

Mahindra & Mahindra Vice Chairman & MD Anand Mahindra expects IT to Help serve customer interests better Be a tool to develop a robust business strategy

Photo by Srivatsa Sh an dilya

Be a strategic enabler for the enterprise

puting model. Everything was centralized. I was convinced that we were in the dire need of a robust enterprisewide system and making business seamless. So, enabling distributed architecture became my first concern. At that point it became critical to invest and change the entire IT infrastructure at M&M. Some companies have done it proactively. Bajaj Auto is my favorite example because they had switched to Digital Equipment Corporation machines long

before we did. But I wanted to turn our disadvantage into an opportunity. I wanted to leapfrog. First movers often create a legacy at a different level. I wanted to overtake them. At that time I agreed to invest in excess of Rs 40 crore in IT—it was a huge amount, a high percentage of our profits—to transform the way we worked. Our 15 minutes of fame came when we became the world’s largest SAP-NT site. But thankfully, it wasn’t just another audacious step.

With such large investments in IT, aren’t you worried about returns? I have a peculiar attitude towards IT. I am always puzzled with one question—how does one plot and quantify ‘payback’ on IT? Sure, you need to spend on IT because it is the future. But, at the same time, it is equally essential to know whether the investments are paying off. When we took a quantum leap and invested in enterprisewide systems and networks and tried to

www.cio.in | N o v e mb e r 1 5 , 2 0 0 5

view from the top.indd 59

11/27/2005 10:47:12 AM

View from the Top

do a post-mortem of the return on investments (ROI), the operations people in the company inevitably said that they would have achieved it any which way. The boundary between what operations people obtain and what IT enables is very ‘fuzzy’. We also struggled with it for a while before I found a simple approach to resolve it. It’s important that you look at your business goals first. Ask yourself what you want to achieve. Ideally you must look at it from your customers’ point of view. Think of those business processes that will help serve customers better. Then you set those metrics independent of IT. If IT helps you achieve any of those metrics efficiently, bring it in and don’t worry about doing ‘post mortems’ because it is now a part of your business and overall Internal Rate of Return (IRR). One should look at IT as an enabler and only as an enabler. If IT helps me enable my business and strategy, I am going to put it in and not ask any questions about its cost. In this situation, any strategic discussion cannot be possible without involving IT. IT cannot be de-linked from the core strategy of any company. It certainly has changed our culture. People look at IT as a strategic tool now.

Most CIOs bristle when people label IT a mere ‘utility’. How do you view it? Just to clarify, I did not refer to the word ‘enabler’ in any derogative sense. To me, the 'Enabler of Strategy' is a very complimentary term. If IT helps M&M to become a 3C corporation, then it can’t be just an ‘enabler’. It has to be something which is of utmost importance. IT to me is as legitimate a tool as anything to develop a robust strategy to run a business. Clearly one doesn’t invest that kind of money if you’re merely building IT as a utility. 60

view from the top.indd 60

“If need be, CIOs should go on a satyagraha (peaceful protest) to ensure that they are included in the top decision making body of an enterprise.” –Anand Mahindra

missing; one that would allow parts of the system to talk to each other. We decided to take a utility approach and decided to automate the way we did business. We wanted to make M&M a real time enterprise because until then none of the changes would make any sense. That way IT was not just a utility. Today, we have a real-time enterprise within the organization but are yet to achieve this outside the M&M network. Interestingly, that’s the moving target. My dream is to have an interactive web interface where the customer can get real time information and should be able to configure and order the product. One agenda that I am personally driving is a ‘3C’ approach – Customer Centric Corporation. In M&M, we don’t get overly obsessed by IT or ROI or platforms or technologies. Obviously we want the best but it’s not because we want the shiniest new toys. Everything has to serve the customer. There is an old story about NASA researching a pen that would work in a low-gravity environment. They spent a fortune over it until the Russians suggested a simple remedy – using a pencil. So, where a pencil can do, why use a pen? That anecdote works well for me as well.

Have you set up a time frame for achieving this? How has IT impacted Mahindra & Mahindra's culture? Implementing SAP was clearly in the direction of changing the way we had worked. It changed the whole culture of M&M. There was a very rigorous procedure that we adopted. It came through our Business Process Re-engineering (BPR) exercise, which commenced in 1991. The essential glue in BPR was to have system that can connect the whole corporate together. We were aware that we were going in for a BPR but also knew that there was a vital link

If you set a time frame it will be unrealistic because you can create a situation where people perceive themselves as having failed for not having achieved it. I always tell my people that I want this ‘yesterday’ rather than putting a time frame to it.

How do you measure the progress of IT projects? We do it through the mechanism of our War Room structure. When I took over as Managing Director of M&M in 1997, I

N o v e mb e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 10:47:15 AM

View from the Top

started the culture of the 'war room'. We had already created a well-structured company by the year 1994. The big question in front of us was how to manage an organization that had a six-sector conglomerate, with a president for each one of them? I wanted to genuinely empower them and not be intrusive at all. One of the mechanisms that I found effective was the war room review. We stared by having monthly reviews for each business sector that we had. It is typically a half-day or a full-day review with the senior corporate staff, the sector presidents and their teams. It’s the time of confession for them. They have to be completely transparent. We also help them in whatever way we can. We negotiate the goals, cost corrections, strategies and then we tell them to go out and prove themselves. That is the way a corporate center adds value and at the same time monitors and provides direction to any project. It is the same for IT projects too. That’s the balance mechanism between autonomy and control. The CIO is an integral part of these meetings. At one stage the CIO was participating from the outside, but soon we realized that the CIO needs to be an integral part of the meetings. Today the CIO is as important a part of the team as any executive in the senior corporate team. This has resulted in tremendous synergy between our various business interests. In these meetings we also debate the various opportunities that can be created within the conglomerate. And IT certainly helps us doing that in a big way.

Do you believe in outsourcing IT or is it critical to keep IT in-house? We have a company called Bristlecone (earlier Mahindra Consulting). When we finished implementing SAP at M&M, we were left with a pool of bright IT professionals who were trained on SAP and Windows NT. We realized that if we wanted to retain those 62

view from the top.indd 62

ect as a challenge until it is people, we’d have to generate SNAPSHOT successfully implemented the excitement and opporPrimary Business: in time and yields proper tunity that they would find Automobile and results. There was another outside in an IT company. Farm Equipment project where we attempted You can’t do that in an engiManufacturing an HR module. That wasn’t neering company. In an EDP 2004-05 Revenue: a part of our enterprise sysdepartment they would end Rs 11,137 crore tem and it didn’t work well up being mediocre and frusIT BUDGET: for corporate HR. These are trated. We re-grouped these About 1% of revenue the only two occasions for trained people and created Employees: which I can say that IT didn’t an entity called Mahindra 11,500 come through. Consulting. All the employIT Staff: ees were transferred there. 40 We first asked IBM to do it Do you suggest Head Quarters: but they refused. I must say Mumbai corrections when this created a great opportuPlant Locations: slip-ups occur? nity for M&M to do it on its 6 own. We created our own inWhen it is a customer cenSales Offices: house outsourcing company, tric corporation, you don’t 49 which also serves M&M. We have to do anything. It’s the dealers: have done that in Mahindra customers who scream. I just 780 Engineering too, where we amplify the screaming so that CIO: have created an outward-facit reaches the ears of the conArvind Tawde ing engineering services comcerned people. My concern is pany that markets its skills. my customers and if they are Outsourcing is destined to happen because not getting served efficiently, the whole purbusinesses have to focus on core business pose of putting in place gigantic IT systems processes and customers. In M&M our way is defeated. The most powerful way of makof doing that has been a little different. ing corrections is to listen to customer problems and solve them immediately.

M&M

Has any IT project gone wrong at M&M?

Mercifully there has been no large, critical IT project that has gone wrong. But the most recent one I can think of was when we were upgrading to the new SAP version. May be we got a little too complacent because we had achieved a seamless implementation in 1996 (which we completed in just 90 days). There were delays in upgrading the system. Although there were no complaints I could easily predict the outcome. There were problems in selling the targeted spare parts. I inquired about the problem and the answer was that systems were not in place. To me, implementation has not always been seamless and faultless. I think we have to take every IT proj-

And finally, your advice to CIOs… I would say that, if need be, the CIO should go on a satyagraha (peaceful protest) to ensure that they are included in the top decision making body of an enterprise. The rest will follow. The vision of a company is made by the core management team. If the CIO is buried somewhere down the line in the organization and just works as a utility provider or a cost reducer, IT has no meaning. The CIO must be seen as an inseparable part of the strategy forum of an enterprise. CIO Bureau Head (North) Rahul Neel Mani can be reached at rahul_m@cio.in

N o v e mb e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 10:47:15 AM

DIAL

V o I P

FOR

Voice over IP offers great savings in long-distance calls. But without extensive safeguards, VoIP can expose your phone system to the havoc affecting the rest of the Web.

VULNERABILITY Phone service is abruptly cut off

By SuSannah Pat t o n

at a Wall Street brokerage after a hacker launches a full-scale denial-of-service attack, flooding the firm’s voice servers with registration requests. An Internet worm makes its way from a retail giant’s data network to its voice network, shutting down call centers and costing millions in lost revenue. An imposter enters Reader ROI: the phone network of a top government Why VoIP is more vulnerable to agency and makes away with classified hackers than traditional phone information by spoofing his caller ID. systems Sound far-fetched? According to security What you can do to safeguard your VoIP systems experts, such scenarios are not only plausible, When it makes sense to conthey may be inevitable as companies and vert to VoIP and when it doesn’t government agencies around the world scrap 64

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

Information Security their traditional circuit-switched phone systems and move to can avoid the expense and frustration of patching and fixing voice over IP (VoIP). By sending voice calls over the Internet, their systems after the fact. “You’ll be sorry if security is an companies are saving millions of dollars and gaining flexibility afterthought with VoIP,” says Gary Heller, deputy CIO for the to provide multimedia services at the desktop. But they are also Arizona Healthcare Cost Containment System, the state agency exposing their voice systems to all of the hazards that now plague that administers Medicaid. Heller recently helped install VoIP data networks, including worms, viruses, denial-of-service between the agency’s five metro Phoenix offices and its 11 call attacks, spam over Internet telephony (SPIT), eavesdropping centers. “We’re comfortable now only because we took the time and fraud. And they are increasing their vulnerability to attacks to do the due diligence and proactive monitoring that can lead to against the rest of the network by creating new openings into a safe VoIP environment. If we didn’t have all that, I’d be scared.” Here’s what a number of early VoIP adopters have done to realize critical infrastructure, networks and systems. CIOs ready to take the plunge with VoIP need to understand that the cost savings of VoIP and to save their companies from a data firewalls alone won’t protect them. They need only look to the potential disaster. past to remember the state of the Internet 10 years ago, when security was usually an afterthought. That was before the Nimda and Sasser worms and countless other threats came to haunt them. To head off With VoIP, PBXs—the backbone of the traditional phone attacks on their voice networks, IT executives need to devise a plan system—are replaced by IP voice servers that usually run on that includes voice encryption, authentication, VoIP-specific firewalls, Microsoft or Linux operating systems. These “call management and the separation of voice and data traffic. They also need to ensure boxes” deliver VoIP services and log call information—and they redundancy in case of power loss (most traditional phone networks are susceptible to virus attacks and hackers. VoIP is even more already require backup, but the systems will need to be expanded sensitive than data when it comes to disruption and packet loss. with VoIP). And they will have to physically secure voice servers Yet many security measures that are applied to data networks and other equipment from intruders. Traditional private branch exchange (PBX) phone systems have their own vulnerabilities, and in the past hackers have broken into large phone and voice mail networks. But VoIP expands vulnerability, offering more opportunities for hackers to gain access. In a recent 93-page report on VoIP security, the National Institute of Standards and Technology notes that in don’t work well for VoIP. For example, traditional firewalls most offices there are many more points to connect to a LAN than can result in delays or blocked calls, and encryption can cause there are points to connect to a PBX box. “Based on the history “latency” and “jitter” (packet slowdowns that can disrupt calls). As of attacks on various Internet services and things we’ve seen, it’s a result, security techniques must be specialized for VoIP. And it inevitable that there will be attacks on VoIP networks,” says Rick should go without saying that VoIP equipment should be placed Kuhn, a computer scientist at NIST and coauthor of the report. in a secure, locked location. “Eventually, someone will find a way to take advantage of it.” Despite the perceived gaps in VoIP security, there haven’t been Some experts are even urging the US Congress to consider VoIP any reports of large-scale cyberattacks or security breaches of security implications as it starts to revise the Telecommunications VoIP networks. That’s due in part to the fact that vendors and Act of 1996. They believe the government may need to impose new service providers are offering a wider variety of VoIP firewalls, standards or requirements for critical infrastructure, especially intrusion prevention systems and other protective devices when where it relates to emergency services or national security. “I do they install the systems. VoIP adoption also is still in its early know that if there is a significant VoIP security event, there will phases. According to Osterman Research, only one in 10 U.S. be a reaction from Congress and the executive branch,” says Roger companies has deployed VoIP in the workplace. But that will soon Cressey, a former White House cybersecurity official from 1999 to change. By late 2007, the research firm predicts, 45 percent of 2002 and now the president of Good Harbor Consulting. companies will have some form of VoIP, and adoption is expected CIOs who have already begun using VoIP advise those to accelerate thereafter as many large organizations will need to considering it to start focusing on security now. That way, they replace aging telecommunications infrastructures.

Full VoIP AheAd

To head off attacks on their voice networks, IT executives need to devise a plan that includes voice encryption, authentication, VoIP-specific firewalls, and the separation of voice and data traffic.

www.cio.in | N o v e m b e r 1 5 , 2 0 0 5

Information Security

Prepare for Safe dialing

Already, experts say early VoIP adopters have suffered voiceline outages. For example, a Merrill Lynch manager of voice For Steve Novak, CIO at the Chicago-based law firm Kirkland product development said at a major VoIP conference last fall & Ellis, VoIP technology isn’t new. In his previous role at 3Com, that e-mail viruses including Sasser and Code Red took down the Novak was part of the team that made one of the country’s firstcompany’s VoIP network for two to four hours because it rode on ever VoIP calls at a Las Vegas trade show in 1997. “We set up an top of the data network. Darrell Epps, director of the convergence old Bell phone booth on stage and the call worked,” Novak recalls. and IP telephony professional services practice for NextiraOne, a “People were stunned and I remember thinking at the time that consulting and integration company, confirms that some Fortune the technology held a lot of promise.” 500 companies using VoIP have already suffered from VoIP Since becoming CIO at Kirkland & Ellis, however, Novak has hacking incidents that have hurt company operations. taken a cautious approach to VoIP. Instead of moving quickly to For many organizations, however, the low cost and convenience install the technology throughout the law firm, which has offices of VoIP outweigh the potential security risks and possible phone in seven cities around the world, Novak and his team decided to outages. Despite its previous voice-line outage, Merrill Lynch recently move slowly and use VoIP on calls only within the company at signed deals with Cisco and Avaya for extensive VoIP rollouts in its first. VoIP security experts suggest that those new to VoIP take headquarters and branch offices. (Merrill Lynch officials did not Novak’s approach by implementing the technology within their respond to a request to be interviewed for this story.) organizations in a slow, phased process. Then, by the time they In addition to saving money on long-distance calls and intra- introduce the riskier public network connections, they will be office calls, VoIP users say they will also economize by managing more familiar with the technology. one converged data network instead of separate voice and data “The most critical success factor for VoIP is rock-solid lines. VoIP is also expected to bring multimedia services to infrastructure,” says Novak. In Novak’s case, that means the desktop and, in some cases, improve customer service. For improving backup power with an uninterruptible power supply example, customers trying to reach a Web-based, VoIP-enabled system, backed up by a generator and a fully redundant network. call center would be able to click on a hyperlink to start a He even suggests running power over Ethernet (PoE) to provide conversation with a live service agent. And traveling employees extra redundancy. “If you have a cable break, you can’t tolerate with VoIP can make and receive calls from their home office loss of voice,” Novak says. “Data has never been driven to the numbers via their laptops. same real-time requirements.”

Separate voice and data traffic by using a virtual LAN. This will limit the packet-sniffing threats and minimize voice disruption if data lines are attacked

How to Secure Your VoIP Installing a Voice over IP telephone system will expose companies to the same hazards now plaguing data networks. Here are some of the possible intrusion targets and how to protect them.

VoIP Server

Lan

encrypt ncrypt VoIP traffic to prevent intercepts within the office (via a “packet sniffer,” for example)

Dial VoIP.indd 66

WAN/Internet VoIP Gateway

Intrusion targets

use VoIP firewalls. Standard firewalls may not be able to distinguish data packets from voice packets

Avoid PC-based “soft phone” systems. PCs connected to the Internet are often exposed to worms, viruses and other malicious software that could infect VoIP systems

VoIP Firewall

ensure physical security. VoIP servers, gateways and other hardware should be kept in a secure, locked environment.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 11:05:15 AM

AD-Ploycom

Information Security Now when an attorney in London calls the company’s San Francisco office, the call is routed out of a traditional PBX into the firm’s IP backbone and converted to an IP stream across a WAN. When it arrives at the destination, it’s converted into standard time division multiplexing (TDM) and sent to a legacy PBX. So while Kirkland & Ellis is eliminating long-distance charges by using the IP system, it is not yet hooking into the public network from the firm. In the current configuration, it hasn’t yet run VoIP out to the desktop in a significant way, so it is not yet taking big security risks. As the company plans to replace aging legacy telephone infrastructure during the coming years, it will move to a primarily VoIP network. “By that time we will be better prepared for the security challenges,” Novak says.

Separate Your Traffic

When a virus hit the network at Worcester Polytechnic Institute (WPI) in 2004, the university’s VoIP-enabled phone system didn’t suffer. That’s because Tom Lynch, vice president of IT and CIO, and Sean O’Connor, director of network operations and security, understood that security planning was key to maintaining a reliable VoIP network. O’Connor and Lynch have spent the past year testing a Nortel VoIP system that will allow students and faculty studying abroad to communicate with the school via their laptops. The school is also migrating part of its oncampus phone network to VoIP, although for the moment it plans to maintain a hybrid system that will combine the new technology with the old by integrating the VoIP services into the college’s legacy Nortel PBX. In addition to putting up multiple application firewalls, O’Connor and Lynch set up a virtual LAN for voice traffic to help protect it from viruses that could hit the data network. So when that virus hit the campus last year, it never made it onto the VoIP system. “The key is to separate the voice traffic from everyday Heller of Arizona’s Medicaid agency agrees that a gradual Internet traffic,” says O’Connor. A virtual LAN (VLAN) approach to VoIP helped him prepare for the security challenges can protect voice traffic by setting aside a certain amount of a VoIP implementation. The agency first started using VoIP for of bandwidth and separating voice and data by creating long-distance calls between offices four years ago. After an initial “logical barriers.” Bill Ashton, director of IT for the town of Herndon, Va., feels period of training and piloting while the agency still had its two legacy PBX systems to fall back on, it decided to replace the system comfortable with his recently installed VoIP systems in part with VoIP at five of its metro Phoenix offices and 11 call centers; because he too has VLANs. Ashton recently moved six town its remote offices are still using the PBX systems. Heller says the facilities and 160 employees to VoIP telephones and plans to Arizona agency is saving Rs 1.91 crore (US $425,000) a year after roll out VoIP service to the town’s public safety department this scrapping the traditional circuit-switched phone system for its summer. However, 911 calls in Herndon will remain on analog main offices and call centers. But first he implemented strenuous lines to keep the call center infrastructure consistent countywide. safeguards, including the encryption of voice traffic, separating Public safety officials have expressed concern that calls via a voice and data networks, and using a long list of intrusion protection VoIP line may not always reach 911, and that 911 dispatchers and antivirus products. His team also monitors the voice servers cannot trace the location of people calling on VoIP. In early June, the Federal Communications Commission issued rules that will at all times. Investing in base infrastructure and encryption can add to require VoIP service providers to warn consumers their calls may the cost of moving to VoIP. But Novak says that the VoIP-related have trouble reaching a 911 operator. Emergency services aside, Ashton says he believes VoIP is safe investments—which in his case included moving to a pure IP network core—added to the company’s overall network security. if installed with care. “There will be hacker attacks down the road, “Purely financial savings are not enough to drive you to VoIP at so it pays not to cut corners,” he says. “If there is one thing I could this point,” he says, noting that long-distance rates have been get fired for, it would be if The Washington Post reported that our falling. But companies that don’t move to VoIP will miss out public safety system has problems.” VLANs, firewalls and gateways can keep intruders out of the on some important technological advantages. In his case, VoIP will increase mobility and collaboration by allowing his firm’s VoIP system, but they don’t protect against internal hackers. To add attorneys to reroute their voice traffic anywhere in the world another layer of security to a VoIP system, users should encrypt the “packets” just as they do with data networks. Encryption is while they are on the road.

Even if those deploying VoIP systems install firewalls and intrusion detection systems and encrypt their voice traffic, they will still need locks and security guards to make sure attackers don’t access the servers.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

Information Security important regardless of the protocol being used. (The two main protocols are Session Initiation Protocol, or SIP, and H.323.) Many VoIP experts now believe that SIP is gaining momentum as the industry searches for common standards. In its basic form, however, SIP traffic is “clear text,” which means that voice traffic is vulnerable to “packet sniffers” looking for caller IDs or passwords. According to Chris Rouland, CTO at security firm Internet Security Systems, it’s as easy to intercept unencrypted VoIP calls as it is to use an iPod. By downloading software off the Internet, hackers can intercept calls “with a simple click,” he says. In order to protect caller IDs, phone addresses and account information, VoIP users need to encrypt SIP traffic. Even so, VoIP observers say, encryption isn’t yet standard practice. “There’s a lot of unencrypted VoIP traffic out there,” says Good Harbor’s Cressey. That’s largely because encryption can be cumbersome and expensive. At Kirkland & Ellis, Novak says he spent three months working out encryption-related problems that affected VoIP call quality. In addition to extensive testing and tuning, he is now using a suite of monitoring tools that sample the VoIP network every 30 seconds and alert him if quality has dropped off.

Upcoming

developments Session border controllers: Enables phones to connect to enterprise infrastructure, eliminates worry about VPN for voice connections and improves out-of-state deployment

Loop service such as ATM and sonnet ring: Brings improved customer service and faster deployment time for new offices

More packet-level costing:

Allows companies to pay telecom carriers for only the bandwidth they use rather than pay a flat fee

Calculate Your Risk For O’Connor and Lynch at WPI, migrating to VoIP involves careful calculation of how much risk they are willing to take. For example, while they are comfortable with the idea of administrators, instructors and students using VoIP for basic phone service, they have decided not to include campus security phones on the network. “We are leaving all security phones and kiosks on the copper systems, which have a higher level of reliability,” says O’Connor. O’Connor and other early VoIP adopters say with the current state of VoIP technology, organizations need to decide early which security risks are not worth taking. These may include phones for security and emergency services. “Essential telephone services, unless carefully planned, deployed and maintained, will be at greater risk if based on VoIP,” according to the NIST report. At WPI, O’Connor and Lynch are experimenting with “soft phones” (ordinary PCs with headsets and special software configured to make VoIP calls) for students and faculty who are studying abroad and need to communicate with the school from areas such as Namibia and Thailand. Soft phones offer a way to keep in touch from remote places at lower costs. In a recent test of the soft phones, in which the students and faculty at a facility in Australia made calls over their laptops, O’Connor says he was pleasantly surprised by the quality of service. Others, however, might not want to take that risk. The NIST report discourages the use of soft phone systems where security and privacy are a concern. “Worms, viruses and other malicious software are extraordinarily common on PCs connected to the Internet and very difficult to defend against,” the report states. The NIST report also warns that even if those deploying VoIP systems follow all of the recommendations by installing firewalls and intrusion detection systems and encrypting their voice traffic, they will still need locks and security guards to make sure attackers don’t get access to the servers. Heller agrees. “It’s important with VoIP that you don’t forget about the actual physical security of your voice servers,” he says. While his legacy PBX system was housed in two large cabinets, the VoIP system uses a total of 50 voice servers to achieve complete redundancy. They are located in locked facilities, and only a few select people have access. “VoIP has a lot of advantages, but there is no question it puts your voice system at greater risk,” says Heller. “You’ve got to watch out for new dangers.” CIO

Improved quality of service: Always an area for improvement; vendors are introducing new software, and third-party vendors are starting to compete

Move to Session Initiation Protocol (SIP) compliance: Provides increased flexibility and security, and brings VoIP to the mainstream 70

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

Senior Writer Susannah Patton can be reached at spatton@cio.com.

NoMore e-Seva, Andhra Pradesh’s single window that eliminated multiple serpentine queues for citizens dealing with various Government departments, has turned into a model for other States to emulate. BY T. Radhakrishna

n December 3, 1999, the citizens of Ward 8, Hyderabad became the envious lot who could access 18 different government services provided by six independent departments through a state-of-the-art center that the Andhra Pradesh government set up. Six months later, the success of the pilot “Twin Cities Network Services” (TWINS) convinced the government to roll out an additional 24 centers and rename the project a befitting ‘e-Seva’. Today e-Seva supports a staggering 160 services across 22 districts and enables over 34 lakh transactions a month. But more importantly, it has estab-

main govern1.indd 72

lished a business case with revenue touching Rs 360 crore in October alone this year. The people love it. “I now get a little more time with my family, as paying bills or getting certificates issued is no more the painful and time-consuming process it used to be,” says K S N Murthy, a bank employee from Hyderabad. And there are many more reasons why e-Seva has clicked with users. For instance, the system allows for different ways of payment. Cash, cheques, demand drafts, credit cards, debit cards and online—e-Seva centers can deal with them all. The network of centers also puts e-Seva within easy reach of people.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 11:08:56 AM

Apart from the centers, citizens can access e-Seva counters in banks or transact via ATMs. Vijay Laxmi, a homemaker, now takes care of all utility payments herself; something that for years only her husband could do since it meant waiting in different queues for long hours.

Illust ration by b inesh sreedharan

Getting Off The Ground The concept of shared services was initiated in 1998, when the then Government wanted to improve service delivery to citizens. Realizing that this was not an easy task, the administration looked for a champion who could deliver the goods, and zeroed in on J Satyanarayana, then Andhra Pradesh’s commissioner, Commercial Tax department, (now CEO of National Institute for Smart Government) to spearhead the effort. The government asked him to study existing practices for citizen services adopted by other nations, including Singapore, and submit a detailed report.

Satyanarayana quickly assembled a team, with members from IT firms among them, to put a framework in place. “Our focus was to identify a model that provided large volumes of routine services to the citizens,” he says. The next task was to identify the departments that provided routine services to citizens and bring them together. The team had to study every department and its functions to build an efficient mechanism, since every department—electricity, water, property tax, transport, telephone, and land registration amongst others—had a unique billing process.

“For the first six months, we had a number of brainstorming sessions on the concept, and later zeroed in on a framework”, says R Jagadeeshwara Rao, Vice President, Ram Informatics, an e-Seva technology partner. “The framework allowed for multiple interfaces across the counters that offer large volumes of routine services to citizens,” says K Jagannath, Regional Manager, CMS Computers, the project’s principal investor. Based on this framework a prototype was developed. However, the big hurdle was to get a fix on the business model and after much debate they settled on a BOOT (BuildOwn-Operate-Transfer) Model.

Reader ROI:

Challenges Galore

How projects need to be undertaken with the citizen benefit in mind Why e-Government projects need to be scaled in phases How to evaluate RoI in e-Governance projects

Going forward was no cake-walk. There was the task of achieving congruence of objectives, crafting the right Service Level Agreements (SLAs), integrating the cultures of the public and private sectors, and www.cio.in | N o v e m b e r 1 5 , 2 0 0 5

main govern1.indd 73

11/27/2005 11:08:57 AM

Wired to e-Seva striking the right balance between investment and control in e-government. And to top it all, the heads of departments were not very cooperative. “Initially, the departments had apprehensions about sharing their databases with us,” says Jagannath. “All the participating departments and agencies needed convincing that it would be more cost-effective for them to share the common infrastructure of e-Seva rather than creating their own independent delivery channels,” adds Satyanarayana. In fact, despite its popularity, the project came in for flak from the Controller and Auditor General of India (CAG) for the lack of transparency in the project implementation. In its 2001-02 annual report, the CAG found several drawbacks in the project largely due to unprepared ness of the participating departments and inadequate coordination. “Even after the project was up and running, we faced a tough time in promoting its usage,” recalls Jagannath. They therefore dedicated 2002 to promoting e-Seva.

Technology Road Map The project is based on a three-tier webbased architecture running on Oracle 9i Application Server Enterprise Edition as the Middleware platform software. The architecture includes multiple web-application servers, working on a load balancing mode. The front-end clients run Internet Explorer and can range from 10 to 20 at different locations. A redundant combination of Leased Lines 74

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

and ISDN Lines has been established to link the web servers at the e-Seva Data Center to each e-Seva center. Each Departmental server is also accessed by the e-Seva servers through leased lines with ISDN back-up. “Andhra Pradesh took the application server route because it was the only way to maximize e-Seva’s reach through web technology,” says Bireshwar Das, Deputy Director, Directorate of Electronic Delivery Services and e-Seva. According to him, the process was simpler because most government departments had automated their processes, especially their databases, much before the launch of e-Seva. The e-Seva project was built on Oracle database as most of the departmental databases were based on Oracle or SQL. “Transactions done at the e-Seva centers are recorded directly on the server of the department concerned,” says Rao. Subhash Bhatnagar, e-Government Advisor, Information Systems Group, World Bank stresses avoiding the use of untested or ‘fancy’ technology in e-government projects. CMS Computers continues to provide technology support to 15 districts covering 120 e-Seva centers, while UTL and CGS Technologies support three districts each. A total of 1,200 people are involved with the project either directly or otherwise. CMS Computers has hired over 800 people to handle the counters at the Centers, while a team of 30 people from Ram Informat-

e-Seva offers the citizens of Andhra Pradesh a common front-end to a host of Government departments, public sector and even some private sector organisations. Local Government hyderabad Metropolitan Water supply and sewerage board Municipal Corporation of hyderabad

State Government labour department revenue department transmission Company ltd t registration & stamps department road transport t authority road t transport Corporation ltd t tourism department Corporation ltd Police department Medical and health department

Central Government bsnl Indian railways regional Passport office

Private Sector t telecom tata t t teleguMatrimony.com

Shared Services

World Bank's Ten Risk Factors for Shared Services

ics develops applications. “We have so far built 200 applications for various citizen services,” says Rao.

Business Model The Public-Private Partnership (PPP) project was built on a BOOT model over a period of five years beginning August 25, 2001. The State Government oversaw the project as the overall administrator and acted as the front-end. CMS Computers designed the project’s IT architecture and provided the software, hardware and networking solution, while Ram Informatics came up with application development, management and maintenance. CMS Computers is also responsible for staff salaries, infrastructure cost, setting up new centers and other resources, including security staff. CMS Computers gets Rs 3.95 per transaction at Hyderabad and Rs 5 in the Districts, this is shared among both partners. The Directorate of Electronic Delivery Services and e-Seva monitor the project daily with the technology partners, the participating departments and other agencies. The government has also used the franchisee model in some places in the State. At present, citizens within the jurisdiction of all e-Seva centers in the Districts are allowed to transact online. Initially, the government was of the view that Centers were not viable delivery channels in urban and semi-urban areas. However, its contention was proved incorrect. Citizens prefer to transact at brick-and-mortar service centers rather than online. Over the past four years eSeva has registered only 98,000 transactions online, in comparison to 5.71 crore transactions at the centers or though bank counters.

Photo by suresh Van GaPally

Pay Back Time As the principal investor CMS Computers has so far invested over Rs 25 crore in the project, mainly setting up and running e-Seva centers in Hyderabad and Ranga Reddy district. “It costs around Rs 12 lakh to set up an e-Seva center,” says Jagannath. “We kept on adding new Centers, taking it from 18 to 45 centers. We have recovered

The RoI of e-Seva needs to be measured taking into consideration the social benefits – the savings in costs and time for the citizens, and better service

lack of political leadership, vision and strategy not implemented in a context of wider change/administrative reform. Inadequate ICt t infrastructure, enabling policies

Poor costing or lack of resources hitting commitments

Inappropriate definition of project goals and scope.

automation without process reengineering.

short tenure of implementers or hurried implementation

Management of change-resistance from vested interests.

use of untested or fancy technology.

Inadequate attention to monitoring and evaluation

J Satyanarayana, Ceo, national Institute for smart Government

some amount, but the project demands continuous investment and the revenue increases as investment rises. The RoI is continuously changing as it is a demanding model,” he adds. Ram Informatics has also scored big, with the project contributing 25 percent of its revenues last fiscal. “One cannot look at traditional systems for measuring ROI. The ROI of e-Seva

needs to be measured taking into consideration the social benefits also—the savings in costs and time for the citizens, reduction in travel and hence reduced levels of pollution, the citizen satisfaction arising out of increased convenience and a better quality of service compared to traditional systems,” says Satyanarayana, CEO, National Institute for Smart Government (NISG). An RoI study by the State www.cio.in | N o v e m b e r 1 5 , 2 0 0 5

Shared Services

Government indicated a positive result, in terms of the saving per transaction to the participating agencies and departments. Chairman and Managing Director, Central Power Distribution Company of Andhra Pradesh Ltd (CPDCL), Heeralal Samariya says: “We have received reports that thousands of our customers are happy with the system. The e-Seva project has also impacted our administration, increasing productivity in service, boosting efficiency in revenue collection and bringing in greater transparency to our operations.”

Success Drivers “It’s a successful initiative that has changed a decades-old typically bureaucratic system,” says Bhatnagar and stresses: “Evaluation reports indicate that citizens prefer e-Seva over departmental counters.” The departments wired into e-Seva are also full of praise. “We have received good results from e-Seva… the project has improved our revenue collection,” states Dr K.S. Jawahar Reddy, Managing Director, Hyderabad Metropolitan Water Supply and Sewerage Board. Ajay P. Sawhney, till recently Secretary, ICT department, Andhra Pradesh, attributes the project’s success to its citizencentric approach and the Public-Private Partnership business model. “The strength

lar projects. Though the governments of Karnataka and Kerala were at first reluctant, SNAPSHOT they too later chose to deploy KICKOFF: shared services after seeAugust 25, 2001 ing the results that Andhra INITIAL INVESTMENT: Pradesh achieved. Rs 25 crore “When we faced a tough E-SEVA CENTERS: time in convincing the Ker257 (48 in ala Government, we had Hyderabad) to approach the GovernCOST OF A CENTRE: ment of Andhra Pradesh Rs 12 lakh for help. At our request, an Andhra Pradesh is now takAVERAGE MONTHLY e-Seva team came to Kerala ing the concept to villages TRANSACTIONS: and made a presentation to under the ‘Rajiv Internet Vil+30 lakh (offline); 6,000 online the Government. That’s how lage’ scheme. It believes that we were able to convince the delivery of services to rural AVERAGE MONTHLY COLLECTIONS: Kerala Government and get people in this manner will +Rs 600 crore a go-ahead for the FRIENDS increase the State’s producSTAFF: (Fast Reliable Instant Effitivity. Bharat Electronics Ltd About 1,200 cient Network for Disburseand an NGO (TIME)—have ment of Services) project,” been charged with setting says a grateful Aruna Sunup over 8,000 rural delivery dararajan, former IT Secretary, Government centers by December 2005. When this happens citizens can obtain all the neces- of Kerala. Four years on e-Seva has emerged as sary services in their villages, without thebenchmark for government shared having to visit the nearest town or city. e-Seva has inspired and guided many other services intiatives. CIO Indian States in their bid to improve citizen friendliness. Chandigarh, the National Capital Territory of Delhi, Gujarat, Kerala, Karnataka, Madhya Pradesh, Maharashtra and Rajasthan Special Correspondent T. Radhakrishna can be are among those who have implemented simi- reached at radha_t@cio.in of the project is in its powerful MIS and the separation of front and back-end operations,” he says. Rao simply puts it down to the concept of a ‘single window’ for citizens while Jagannath emphasizes the tremendous political will required to make such projects a success.

e-SEVA

Benchmark

Shared Services Success State

Andhra Pradesh

Chandigarh (UT)

Karnataka

Kerala

Project

eSeva

e-Sampark

BangaloreOne

FRIENDS

Started

25-Aug-01

Aug-04

1-Apr-05

Jun-01

No. of Centers

257

No. of Services

160

360

Business Model

BOOT

In-house

Contract Period

5 years

2 years

Tech Partner

CMS Computers & Ram Informatics

SQL Star, NIC & CMS Computers

CMS Computers & Ram Informatics

C-DIT & Kerala IT Mission

Transactions *

34.4 lakh

1 lakh

2.2 lakh

3.3 lakh

Revenue Collection*

Rs 360 Crore**

N.A

Rs. 16.8 Crore

Rs. 17.35 crore

Website

www.esevaonline.com

sampark.chd.nic.in

www.BangaloreOne.gov.in

www.friendscentre.net

* For October 2005 ** Does not include commercial tax payments of about Rs 300 crore

main govern1.indd 76

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 11:09:01 AM

AD- Select

main govern1.indd 77

11/27/2005 11:09:01 AM

C h aw l a o n :

Rajeev Chawla, Secretaryâ&#x20AC;&#x201D;e-Governance, Karnataka is emphatic that in the final analysis, it was good groundwork that helped tilt the balance in his favor.

He has overseen a host of projects designed to dramatically change the way the government interfaces with citizens and won several awards in the process. Special Correspondent T. Radhakrishna asked Chawla to amplify on how he negotiated challengesâ&#x20AC;&#x201D; from convincing cynical bureaucrats to dealing with vendors.

Interview.indd 78

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 11:07:56 AM

SNAPSHOT:

CIO: How do you deal with bureaucrats and political leaders whose views and agendas may differ from yours? Rajeev Chawla: It is tough. The challenge in government is dealing with insiders and not outsiders. E-governance is a new thing in India. Many senior bureaucrats therefore are not really aware of the alternatives. They do not know how technologies or how certain business models work. Thus, you have to work really hard and be patient. You sometimes need to explain things repeatedly. Every time I go to my seniors, I do my groundwork. I am prepared with notes, figures and facts. I must confess that there are times when I’m not able to convince them, despite having answers to their questions. Sometimes, projects are also dropped due to various reasons. For instance, when we initiated BangaloreOne (one of Karnataka’s shared services initiatives), it took us almost a year to convince

Projects overseen The Bhoomi project How do you ensure Infrastructure: faced a lot of hurdles. funds for e-governance VSAT Network How did you projects? State Data Center overcome them? The government has alloState WAN cated Rs 2.02 crore for eTo convince and involve G2G: governance in 2005. But 10,000 village officers Khajane there is no dearth of funds spread across 177 talukas Kaveri for IT projects in the State. in over 30,000 villages to Mukhya Vahini We can manage from digitize 20 million rights, external sources too. For tenancy and certification G2C: instance, we were able to records of 45 fields each Bhoomi raise Rs 6 crore from the was the biggest challenge, BangaloreOne Central Government for setwhich I have faced during Rural Digital Service ting up State Data Centre, the implementation prowhich is now almost ready. cess. Another challenge Similarly, we have requested the World was to ensure the records created were Bank to support the State Wide Area tamper-proof. Network (SWAN) project. The National I also faced a lot of cynicism. Many officials Institute for Smart Government (NISG) is thought the project could never be implesponsoring a pilot project for e-procuremented, since it had been hanging fire for 15 ment in the State, which is at an initial years. However, we had the confidence that we stage now. would be able to do some good even though the We have also secured backing for the environment was negative. I also had to reason-going Rural Digital Service (RDS) sure village officers that they would not lose pilot project. We have never faced a finantheir jobs.

Photos by Srivatsa Sh an dilya

FOUNDATION, REPUTATION & NEGOTIATION both officials and political leadership of the need for the project. We were asked: What is so exciting about shared services? What is the technology involved and the centralized architecture? And even: what is the meaning of BangaloreOne? But once they were convinced, it took us just five months to execute. That’s the way IT projects in government work. Individual credibility and performance count for a lot when you are dealing with senior bureaucrats.

Once the initial five to six talukas were up and running we got full political support for the program. In fact, the political support to a large extent facilitated our internal efforts. Otherwise, it would have been very tough for me to make headway. A team effort coupled with huge political will helped make Bhoomi a success and the winner of many awards and honors (it was a finalist in the Stockholm Challenge in 2002).

cial crisis regarding the IT projects in the government.

How do you perceive Return on Investment in projects? Apart from Bhoomi, we have introduced Khajane - the computerization of 225 treasuries all across Karnataka (the state’s treasury payment system handles over Rs 20,000 crore annually). We recently launched BangaloreOne – the integration of government services under one roof. www.cio.in | N o v e m b e r 1 5 , 2 0 0 5

Interview.indd 79

11/27/2005 11:07:56 AM

Interview Rajeev Chawla In the IT infrastructure area, we are almost ready with the State Data Center (SDC) and VSAT network, while we are going slow on the State Wide Area Network (SWAN). Currently, a pilot project—Rural Digital Service (RDS)—is on at the Mandya and Maddur districts of Karnataka. The concept of BangaloreOne is known as RDS in the villages. The pilot will continue for some more months. Under the RDS, we are planning to include computerization of commercial land records (non-agricultural lands). The estimated number of such records under the revenue department in Karnataka is 200 lakh. The state has already taken a decision at the cabinet level that e-procurement needs to be introduced and the National Institute for Smart Government (NISG) is sponsoring the pilot project. We have spent approximately Rs 25 crore on the Bhoomi project. Digitizing records took about Rs 11 crore and the rest went into providing infrastructure. The project is running successfully and we have already recovered almost the entire project cost. Every month we collect Rs 1 crore from over eight lakh users. We hope that in the coming months, the minimum revenue the government can generate out of the program will be on the order of approximately Rs 10

fail to get all the information you need? Well, we really try to avoid that (project). We have never been taken by surprise in the projects we have done so far. In fact, when we write a tender document, we are guided by market intelligence. For instance, in BangaloreOne (launched on April 1, 2005), we were aware of what rates to expect. We did our calculations thoroughly before calling for tenders —whether it was about the network or the servers or the quantum of redundancy or the number of transactions in a month. A tender document should not be framed till all the options are looked into. Therefore, we start with what's possible, we learn from the market and we understand the limitations of various models. We try to take care

A well-designed e-governance project should be able to recover at least its running cost from the charge levied on users. This is the way that we have almost recovered the Rs 25 crore that was invested in the Bhoomi project . crore a year. This is a program which benefits both farmers and the government. Therefore, a well-designed e-governance project should be able to recover at least running costs from user charge. Most programs targeted at citizens can survive through user charges alone.

You mentioned having to do a lot of groundwork before initiating a project. What happens when you 80

Interview.indd 80

of the limitations, while bearing in mind that the market rate is reasonable.

What's your strategy to negotiate with vendors? The Transparency Act clearly lays down the procedure. You can’t get into a dialogue without clarity about what the objective is. The other one is to gather market intelligence and identify the alternatives available. For that we have enough technical resources within the government and outside. Once

we know what the alternatives available are, we debate them, going into the costs of services and maintenance. Maintaining relationships with vendors is obviously important. If we sign a deal, it’s critical that we don’t snap ties with the vendor moving forward, since this might drive up support costs in future. These are the things we keep in mind. For instance, we may want a server capable of supporting eight CPUs but at present want it populated with only four CPUs. What is the guarantee that two or three years down the line the other four CPUs will be available? Thus, the tender document says that the vendor shall make four CPUs available within the next three years at any point of time when requested by the government. The cost of additional CPUs is computed in the tender. The evaluation is done based on the tender document. Of course, at present, the vendor provides the CPUs at a certain price, in future when we want to expand, the price might go up (this too is given consideration when formulating the tender and fixing costs). Sometimes we issue single tenders too. Even in such cases, we utilize market intelligence and know what to expect from the market. Effective vendor management is very important in government projects. If the business model is not planned or written well, then we face a problem—vendors will simply take an advantage and try to make more money. CIO

Special Correspondent T. Radhakrishna can be reached at radha_t@cio.in

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 11:08:04 AM

Ad-Polycom

Interview.indd 81

11/27/2005 11:08:04 AM

Essential

technology Illustration by b inesh sreedharan

From Inception to Implementation â&#x20AC;&#x201D;I.T. That Matters

End user developers are everywhere. The key is getting them to work for you.

Making It on Their Own BY MEGAN SANTOSUS DEVELOPMENT

Know any end users at your organization who create their own macros with Excel? What about folks who keep website content fresh by themselves instead of relying on someone in IT? If thatâ&#x20AC;&#x2122;s the case, then your organization is among the legions that are home to end user developers. Such developers often spring up from necessity: Employees without IT training increasingly need to access and manipulate data, yet they no longer want to wait for IT to provide the tools. For their part, IT people have better things to do than to constantly re-tweak database queries, reformat reports or fine-tune business rules. Now a variety of end user development tools old and new promise to help both sides. But before you ask your end users to take development into their own hands (or look to stamp it out as a scourge), there are issues to address, both technical and political. Tossed unceremoniously into their laps, end users may resent the extra work development entails. And for IT, putting tools into the hands of end users can result in problems with data quality, access, security and more. But handled effectively, end user development can lead to happier lives for both users and the IT people who support them.

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

et-MAKING IT IN THEIR OWN.indd 82

11/27/2005 11:06:15 AM

essential technology

Developers Everywhere Margaret M. Burnett, a professor of computer science at Oregon State University, defines end user developers as “end users who create or customize some kind of software so that it works on unanticipated inputs.” Classic examples include end user created spreadsheets, but other applications fall into the category, including e-mail filtering and Web-based tools such as wikis and content management. Burnett says more end users than ever are developing software, and the data that those end user programs touch is becoming mission-critical. But rather than being something to fear, end user development can be a worthy goal--if properly approached. “End users should not only be allowed to develop their own software but

why, however. To maintain good feelings all around, IT should also suggest a suitable alternative whenever possible.

Easy Does It It’s also essential to keep things as simple as possible. Errors are a fact of life in application creation, but they can become a much larger problem in the relatively uncontrolled world of end user development. (For instance, various reports have shown that 30 percent or more of all spreadsheets have errors.) To reduce mistakes, it’s essential to have an intuitive user interface. In end user development circles, typical interfaces include “natural-language” programming based on familiar syntax (such as “profit=revenuecosts”) or drag-and-drop and pull-down menu approaches. At Romco Equipment, a

Errors are a fact of life in application creation, but they can become a much larger problem in the relatively uncontrolled world of end user development. be encouraged to do so,” says Shawn O’Rourke, CIO at the National Council on Compensation Insurance (NCCI), a workers’ compensation information company. At NCCI, IT determines the tool set standard (Microsoft’s Office Suite in its case) and provides the necessary training to users. For the most part, NCCI’s users rely on Excel spreadsheets and Access databases to manipulate information, including aggregating data on the fly for ad hoc customer inquiries about emerging compensation trends. Yet O’Rourke says the effort to maintain a good end user to IT balance is ongoing. For example, a user may be a whiz at using a particular Linuxbased analysis tool at home and think it would make a perfect addition to Excel. Yet NCCI as an organization doesn’t support Linux, so O’Rourke would quell any effort to introduce the idea. O’Rourke says it’s not enough for IT to reject tools and explain

provider of heavy construction machinery, CFO Craig Burkert uses Quantrix Modeler, a quantitative modeling software, to create financial reports. About a year ago, intrigued by its capabilities to use natural language programming to write financial formulas, Burkert began playing around with the software. Burkert says he now creates models that are less error-prone than when he used Excel. Burkert uses Romco’s intranet to post financial reports for regional managers based on models he creates with the Quantrix software--in the process, highlighting data that wouldn’t jump off the screen with Excel. For example, a manager may notice an increase in freight expenses for January that normally might not garner much attention. But if that increase reflects a change in policy, Burkert can easily throw a spotlight on the trends. Regional managers also have secure access to the appropriate models

Eliminating User Error When it comes to ensuring that software developed by end users is reliable, CIOs have two strategies, according to Margaret Burnett, a professor of computer science at Oregon State University and project director at a research consortium called EUSES (for end users shaping effective software). First, CIOs can take advantage of human nature by appealing to people’s inherent need for social regard. As Burnett sees it, end users who work on software development collaboratively rather than in isolation tend to instinctively produce a better product, with the idea that doing so will earn them the esteem of their peers. Mary Beth Rosson, a professor of information sciences and technology at Pennsylvania State University and a EUSES colleague of Burnett, concurs that there’s a huge psychological component to good end user development practices, and notes that making the debugging and testing process more enjoyable is another approach that can yield positive results. “There should be emphasis on making the activities of programming and debugging more fun for the nonsophisticated user,” Rosson says. She highlights that games and adding a sense of competition to the process are just a couple of techniques that can increase user motivation to find and correct errors. For example, EUSES researchers are working on a technique called WYSIWYT (for what you see is what you test), a system that color codes the cells of spreadsheets based on whether the end user has tested the formulas in those cells. As an end user developer tests formulas, the cells in question turn from red to blue. According to Burnett, the unobtrusive nature of the WYSIWYT approach is one of the most effective ways to entice end users to find and correct errors in their own software programs. - M.S.

www.cio.in | N o v e m b e r 1 5 , 2 0 0 5

et-MAKING IT IN THEIR OWN.indd 83

11/27/2005 11:06:15 AM

essential technology

and can manipulate the data themselves using familiar terms such as “gross revenue.” With Excel, Burkert had to create multiple spreadsheets for each region and time period, an unwieldy process that invited errors. In addition, says Burkert, spreadsheets created by one person aren’t necessarily intuitive for others to use. A tool such as Quantrix, which allows regional managers to manipulate their own views of the data, is a big improvement. Burkert admits that getting up to speed with the software took some work on his end, and training managers at the company to become adept themselves requires an ongoing commitment. “Most people tend to be comfortable with the applications that they use, such as Excel, so don’t underestimate the effort it will take to introduce [a new tool],” he says. As for Romco’s IT department, Burkert says they evaluated the software for its

everything from product development to clinical diagnostics, according to John McNeil, vice president of informatics. The object-oriented design of the software isn’t something that McNeil himself would have built from scratch because it’s not relational technology. Yet the code reuse that QuickBase provides end users has allowed a high quality of programming that McNeil finds impressive.

Required Writing As McNeil and others see it, end user development, when done right, bridges the gap between what end users want and what IT ultimately delivers. More often than not, this gap rears its head from the start in the requirements phase of projects. “Gathering requirements--getting them right--is hard,” McNeil says. “Most software projects fail at that point, which means in real life, you

End user development, when done right, bridges the gap between what end users want and what IT ultimately delivers. performance and the quality of its code, but left to him the final decision about Quantrix’s overall usefulness. That kind of partnership is ideal for end user development tools. While CIOs such as O’Rourke say it’s important to evaluate all tools in the context of an organization’s overall IT architecture, it’s often the end users who first try a tool and then bring it to the attention of IT. The use of end user development tools “grows organically at an organization,” O’Rourke says. “It takes a lot of interaction back and forth between IT and the business to see that they are deployed effectively.” That’s what happened at Isis Pharmaceuticals when the CFO first started playing around with a workflow and data sharing tool from Intuit called QuickBase. Over time, QuickBase spread throughout the organization, and now, it is used for 84

end up writing software twice.” End user development can certainly reduce the burden on IT, even if end users produce a prototype instead of a working application. Apptero and iRise, for instance, offer software to help end users mock-up applications, complete with a real application’s logic, look and feel, and functionality. Through Web-based (or mock Web-based, in Apptero’s case) menus and icons, minimally technical end users can create prototypes and then send them to IT for development. Such tools can be a big improvement over-or at least an enhancement to--inches-thick requirements documents. Judy McConnell, a senior business analyst at health-care provider Sentara Healthcare, used iRise to create a model of an intranet application to let employees request reimbursement for local travel. She says it was a big improvement over the animated

A2002 General Accounting Office report showed

that spreadsheet errors at NASA contributed to a Rs 2,804 Cr fiscal year mis-statement in 1999. PowerPoint slides that she previously employed to collect requirements, a process that could take days. In a couple of days, iRise created a working prototype for McConnell that demonstrated everything from initial data entry to sending a confirmation e-mail. Using iRise, McConnell could simulate any functionality she wanted, something that proved critical to the IT folks for whom she built the model. And unlike the PowerPoint slides, McConnell could send a working link to others at Sentara to try out the model for themselves. But there can be a downside to all this simplicity. Tools such as iRise can result in unrealistic expectations for end users who may want to prototype an entire system simply because they can, even if that system isn’t technically feasible. For example, McConnell used iRise to prototype an HR portal that would ultimately require real-time interaction with various PeopleSoft systems. But she says links with PeopleSoft proved cumbersome at first (a situation that was quickly resolved, but one that the prototype couldn’t anticipate).

Keep Up With iRise, as with any tool, end users should only focus on the interfaces and navigation,

N o v e m b e r 1 5 , 2 0 0 5 | www.cio.in

et-MAKING IT IN THEIR OWN.indd 84

11/27/2005 11:06:15 AM

Under Development

and should leave the back-end connections to the experts in IT. But sometimes end users will prefer that everything be left to IT. As part of the District of Columbia’s human services modernization program, residents can apply for health-care benefits via a Webbased application. Currently, developers hard-code eligibility requirements into an iLog business rules management system. But eventually, case workers, social workers and other nontechnical personnel will be able to change specific eligibility figures. So when, say, the federal poverty income figure changes, it will soon be up to case workers to make that adjustment. Donna Ramos-Johnson, associate director of the modernization program in the office of the chief technology officer, says that developers will be happy to unload these maintenance duties. End users, on the other hand, aren’t thrilled to be taking on the job, a conflict that she admits could become a challenge in the future.

Power to the People But given ongoing financial restraints in IT and the rapid advancements in technology that let end users create powerful applications, Oregon State’s Burnett and others say that end user development activity will only become more prevalent. One interesting tool from a small company called Agent Sheets even lets end users interact with Web-based applications using their voices. But speech recognition (perhaps the ultimate example of an intuitive interface) is not going to factor into wide-scale end user development efforts for a while. Yet as Burnett of Oregon State says, that doesn’t matter. End users will continue to develop their own software applications, and do so in increasing numbers. CIOs and their IT departments had better get used to the idea. Better yet, says Burnett, CIOs should learn to take advantage of end users’ do-it-themselves tendencies by helping them help themselves. CIO Megan Santosus is a freelance writer. Send comments on this article to editor@cio.in

Illustration Shya m S. Des hpa nde

essential technology

Silicon Salvation SILICON

ET-Benton Waste is one text of the no indent biggest style enemies for any computer chip manufacturer. Every piece of silicon scrapped ET-Benton because text style it doesn’t quite reach the perfectionist goals of its maker increases costs and reduces profit potential. But research at the University ET-Benton of Southern text byline Califorstyle nia may one day give chip makers a chance to turn processors that would be thrown away today into productive silicon tomorrow. Melvin Breuer, an electrical engineering professor at USC’s Viterbi School of Engineering, says that research at the university may eventually let chip manufacturers take not-quite- perfect products and sell them for other purposes in which any flaws would go unnoticed. The core of the research—led by Breuer, Viterbi professor S.K. Gupta and others at the school—revolves around innovative testing techniques that would let manufacturers efficiently identify flaws on a processor and determine if those specific flaws would result in errors for various types of applications. “Assuming an average yield of 50 percent, the digital [integrated circuit] industry scraps about 50 percent of their product,” Breuer says. “What if 10 percent to 40 percent of this scrap gave acceptable performance for some applications—like in video cards used in games, .jpeg and .mpeg compression used in digitizing and transmitting images, chips that carry out speech analysis and translation, digital cameras and so on?” Technical and political hurdles remain, of course (such as convincing chip manufacturers that selling flawed chips won’t damage their reputations). But Breuer notes that early success in his research has started to get the attention of the industry, with one manufacturer donating a collection of 1,000 flawed chips for testing purposes. And where he had trouble getting any attention for his work nine years ago, he now has a number of financial backers, including the National Science Foundation and other industry sources. The technology isn’t a guaranteed winner yet. But if the research does lead to usable techniques, “the impact will be in the billions of dollars,” Breuer says. - Christopher Lindquist

| N o v| em www.cio.in www.cio.com mobne trh1 51 , 2 0 0 5

et-MAKING IT IN THEIR OWN.indd 85

11/27/2005 11:06:17 AM

Pundit

essential technology

The ROI of Open Source The key to success is determining which projects make sense for open source. BY BERNARD GOLDEN SOFTWARE | The ROI of open-source software is a contentious issue. Several recent studies, conducted by Yankee Group, JupiterResearch, Forrester Research and others, have focused on the ROI of upgrading a Windows installation versus switching to Linux and have concluded that it is less expensive to stick with Windows. But the reports miss a critical

As they say in the weight loss commercials, these results may not be typical. But other companies have also found success. ABB, for instance, is Rs 81,000 crore (US $18 billion) Swiss industrial company. When its Power Technologies Products (PTPR) business needed to integrate new features into its software infrastructure, the PTPR Software

switching can outweigh the cost of a commercial license. But if you extend the time horizon to the realistic life of the application, it may tip the balance. Finally, take the entire organization into account. While a specific open-source project may not offer great ROI, the cost benefits of pioneer applications often materialize downstream in later projects that are able to

By using open source instead of a commercial alternative,ABB estimates it can save Rs 4.95 crore in just its first five factories. point: Switching from Windows to Linux is the worst-case ROI scenario. After all, the new platform requires training and perhaps hiring new personnel—always expensive propositions—versus merely paying for licenses. A more important question is, can open source generate real ROI elsewhere? Yes. Oregon State University (OSU), for example, has websites that visitors need to search, so the school bought a Google appliance for about Rs 56.25 lakh (US $125,000) per year. Two years later, OSU’s IT department, aided by the Open Source Lab, replaced the appliance with an open-source search product called Nutch (license cost: Rs 0). Nutch is not as easy to use as the Google software, so additional administration costs run to about Rs 4.5 lakh (US $10,000) yearly. The overall five-year payback, however, even when you consider additional hardware and engineering time, still produced an internal rate of return of 2,300 percent. 86

ET-Pundit.indd 86

Factory Group constructed a J2EE-based “Integration Framework” using a popular open-source tool called Jboss. By using open source, ABB estimates it can save Rs 4.95 crore (US $1.1 million) in just its first five factories, with further savings to come as it rolls out to more of PTPR’s 52 locations. Interestingly, the Integration Framework runs on Windows and uses SQL Server as its data store, belying the perception that moving to open source is a massive rip-and-replace operation. The key to success is determining which projects make sense for open source. To get started, treat each product individually. Savvy organizations consider both commercial and open-source options for projects, and choose the right product for the given situation. Then make sure you evaluate using the proper time horizon. A single heads-up comparison between a commercial product and its opensource counterpart may not offer good opensource ROI, because the costs of training and

adopt the open-source package. Even if you purchase enterprise licenses for your commercial products, keep in mind that someday, when those licenses are up for renewal, that marginal cost may be much higher. This column hasn’t touched on any of the other reasons organizations use open source: flexibility, reduced operational costs through not needing to track license compliance, and greater control of the organization’s software stack, since there are no forced upgrades or product end-of-life announcements. Because ROI is so tangible, however, it is critical to address it explicitly. Just keep in mind that there is no single answer; you need to find the right choice for your organization and your application. CIO Bernard Golden is CEO of Navica, an open-source consultancy, and is the author of Succeeding with

Open Source (Addison-Wesley, 2004), and the forthcoming Open Source Best Practices. Contact him at

bgolden@navicasoft.com.

N o v e m ber 1 5 , 2 0 0 5 | www.cio.in

11/27/2005 11:06:48 AM