From The Editor
Don’t Tie Down Your Partners Learning to let go of some control will be a tough call but the payoff will be worth the while.
It isn’t tough to spark a debate on outsourcing. Though, I must say that I haven’t met a senior IT executive yet, who isn’t inclined to work with outsourcing partners. Whether it's deploying parts or the whole of their organization’s IT infrastructure, is besides the point. The reasons are fairly varied — some do it to reduce cost and improve operational efficiency; others to get hold of specific domain expertise; yet others to ensure greater accountability and cut roll-out time. So what pieces of the puzzle should a CIO farm out? Specialized, high-end operations or low-end drudgery? IT leaders are divided on this as well . Some CIOs even use outsourcing as part of their staff management strategy to mitigate the effect of attrition. I concur with the CIO featured in our cover story (Page 36) that above all the main issue that should drive outsourcing is the criticality of the project. Then there is the matter of clearly defining deliverables, which can vary considerably between organizations. Surprisingly, this isn’t all that simple a task and can be bit of a slippery slope. It can mess up how you measure ROI, and is in my mind, the biggest reason why outsourcing relationships don’t always work out. A CIO of a manufacturing organization I spoke with recently, seemed clear that the only Clearly defining project way to “extract” work out of a vendor was to deliverables isn’t all that come up with NDAs and SLAs (the more iron- simple a task and is the clad the better) and ensure that the proper biggest reason why relamonitoring processes were in place. tionships don’t always The only problem with this approach is that it makes the relationship a tad too transactional work out for my blood. While everyone has to focus on what is prime on their agenda, I feel the value has to come from beyond just a relationship that is merely monetarily beneficial. And, in any case, too much monitoring is akin to interference. And, that will never translate into good results for you. I can appreciate that it’s a tough call to make, specially since IT is a key factor in realizing organizational goals. Still, learning to let go of some control is definitely going to be of critical value to you. I’m very interested to know what you think about this issue. Please mail me at editor@cio.in with your comments. I’d also like to take this opportunity to thank the community of CIOs in India for their overwhelmingly positive response to our first issue. Please help us to stay clued in to your information needs — keep your feedback flowing.
Vijay Ramachandran, Editor vijay_r@cio.in
D e c e m b er 1 , 2 0 0 5 | REAL CIO WORLD
content,editorial,colophone4-12.4 4
Vo l/1 | ISSUE/2
11/28/2005 4:27:41 PM
content December 1 2005‑ | ‑Vol/1‑ | ‑issue/2
View From The Top Securing Ip | 44 Brian Tempest, CEO & MD, Ranbaxy, on mining IP strategically to make it a front-ranking global pharma giant. Interview By Rahul Neel Mani
Executive Coach Your Work Or Your Life | 32 How to overcome the corporate conspiracy that keeps you chained to your job. Column By Susan Cramm
Photos by Sr ivatsa Shandilya
A veteran of the Kargil War, Col Arvind Saksena has deployed technology strategically in his daily battle to prune operating costs for Air Deccan.
3 6
Cove r: Imagin g by b ines h sreedharan
I
Outsourcing
Customer Focus Feedback Worth $50 Million | 26 If customers are giving away their best ideas of how to better your business, it’s probably because you aren’t making it easy for them to reach you. Column By Michael Schrage
COVER STORy | Low-Cost Takes Off| 36
Open Source
By constantly evolving its e-ticketing system, Air Deccan has ensured that it can offer tickets 30 percent lower than those of full-service airlines.
It’s Raining Code | 48 As open source development options proliferate, CIO’s are finding ways to make it work for their organizations.
Feature by Vijay Ramachandran
Feature By Christopher Lindquist
more »
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
content,editorial,colophone4-12.8 8
Vo l/1 | ISSUE/2
11/28/2005 4:27:55 PM
content
(cont.) departments Trendlines | 18 E-Government | Cyber Cops Chase Challans Security | Clicking, Clacking And Snooping Book Review | Get Time On Your Side Management Report | Watch What You Say Customer Service | Walk A Virtual Mile Manufacturing | Making Computers Think By The Numbers | Help For The Help Desk Forecast | Top 10 IT Trends For 2006 Executive Movements | Scaling The Heights
Essential Technology | 66 Security | C-Eye-O By Scott Berinato Under Development | Fine and Fast Print Pundit | Building The Compliance Infrastructure
By Eric Knorr
From the Editor | 4 Don't Tie Down Your Partner | Learning to let go
of some control will be a tough call but the payoff will be worth the while. By Vijay Ramachandran
Inbox | 14
Security is the prime agenda of Dr. N. Vijayaditya, NIC's Director General.
Govern The Shield And The Sword | 60 Dr. N. Vijayaditya, Director General, National Informatics Centre, asserts that security is a paramount concern for e-government projects in India. Interview By T. Radhakrishna
6 0
NOW ONLINE For more opinions, features, analyses and updates log on to our companion website and discover content designed to help you and your organisation deploy IT strategically. Go to www.cio.in
c o.in
2 6
Wireless Villages | 54 Tamil Nadu’s transformed the lives of millions by using costeffective connectivity to equip them with facilities otherwise available in cities. Feature By T. Radhakrishna
10
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
content,editorial,colophone4-12.10 10
11/28/2005 4:27:59 PM
REAL WORLD Ma nag ement
President N Bringi Dev
COO Louis D’Mello
advisory board
Anil Nadkarni
Advertiser Index
Borland Software
21
Canon
17
Head IT, Thomas Cook, a_nadkarni@cio.in Arindam Bose Head IT, LG Electronics India, a_bose@cio.in
Editorial Editor Vijay Ramachandran
Bureau Head-North Rahul Neel Mani
Special Correspondent T Radhakrishna
Senior Correspondent Gunjan Trivedi
Arun Gupta Sr. Director - Business Technology, Pfizer India
23, 25, 27
a_gupta@cio.in Arvind Tawde
COPY EDITOR Sunil Shah
VP & CIO, Mahindra & Mahindra, a_tawde@cio.in
www.CIO.IN
CIO, Reliance Industries Ltd, a_chauhan@cio.in
Ashish Kumar Chauhan
Editorial Director-Online R Giridhar
Computer Associates
M D Agarwal
Epson India
29
Hewlett Packard (I) Sales Pvt Ltd.
2,3
IBM India Ltd.
6, 7, 72
Chief Manager – IT, BPCL, md_agarwal@cio.in Design & Production
Creative Director Jayan K Narayanan
MANAGER - CREATIVE DESIGN Ashwin Ramesh Boricha
Designers Shyam S Deshpande
Binesh Sreedharan
Mani Mulki
Intel Semiconductor (US) Ltd.
30, 31
VP - IS, Godrej Consumer Products Ltd, m_mulki@cio.in Manish Choksi VP - IT, Asian Paints, m_choksi@cio.in
Interface Connectronics Pvt. Ltd.
9
Sanil Kumar Vikas Kapoor
Photography Srivatsa Shandilya
Production TK Karunakaran
Neel Ratan Executive Director – Business Solutions,
Rajesh Uppal Mark eting a nd Sales
BUSINESS Manager Naveen Chand Singh
brand Manager Alok Anand
Marketing Siddharth Singh
Bangalore Mahantesh Godi
Santosh Malleswara
Delhi Sudhir Argula
Harkirat Sandhu
Mumbai Rupesh Sreedharan
Japan Tomoko Fujikawa
USA Larry Arthur
Jo Ben-Atar
Singapore Michael Mullaney
Oracle
71
Prof. R.T. Krishnan
Polycom
63
Associate Professor, IIM-Bangalore, r_krishnan@cio.in S B Patankar
SAP India
11
Seagate Technology
51
Sonata Software
35
Director - IS, Bombay Stock Exchange, sb_patankar@cio.in S Gopalakrishnan COO & Head Technology, Infosys Technologies
s_gopalakrishnan @cio.in S R Balasubramanian VP - IS, Hero Honda Motors, sr_balasubra manian@cio.in Prof. S Sadagopan
Tata Indicom
13, 15
Director, IIIT - Bangalore. s_sadagopan@cio.in
UK Sean O’Hara
33
General Manager – IT, Maruti Udyog, r_uppal@cio.in
Nagesh Pai
Molex Premise Networks
Pricewaterhouse Coopers, n_ratan@cio.in
Sanjay Sharma
Toshiba
59
Webex
19
Corporate Head Technology Officer, IDBI, s_sharma@cio.in Dr. Sridhar Mitta Managing Director & CTO, e4e Labs, s_mitta@cio.in All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. IDG Media Private Limited is an IDG (International Data Group) company.
Sunil Gujral
Wipro Infotech
40, 41
Former VP - Technologies, Wipro Spectramind
s_gujral@cio.in
Printed and Published by N Bringi Dev on behalf of IDG Media Private Limited,
10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. Editor: Vijay Ramachandran. Printed at Rajhans Enterprises, No. 134, 4th Main Road, Industrial Town, Rajajinagar, Bangalore 560 044, India
Unni Krishnan T.M CTO, Shopper’s Stop Ltd, u_krishnan@cio.in V Balakrishnan CIO, Polaris Software Ltd., v_balakrishnan@cio.in
12
D e c e m b er 1 , 2 0 0 5 | REAL CIO WORLD
content,editorial,colophone4-12.12 12
Vo l/1 | ISSUE/2
11/28/2005 4:28:00 PM
reader feedback
Inbox “How much do IT executives feel IS can scale up in their organization? Are they playing a greater role in management?”
Another Survey Please The cover story on staff management and the staffing survey were really well thought out, with a wonderful collection of views from CIO’s. Further analysis of the people quitting would have added an extra bit of information that CIO’s look forward to. What, for instance, were the skill sets lost due to attrition and what was the management level of the people who quit? On similar lines, I suggest that you carry out another survey covering the extent to which IT executives feel IS can scale up in their organization? Do their managements have vision? Have they been relegated to a maintenance function and is their role nearing the end of the road with IT having matured within their companies? What Do You Think? We welcome your feedback on our articles, apart from your thoughts and suggestions. Write in to editor@cio.in. Letters may be edited for length or clarity.
editor@c o.in 14
inbox14-17.indd 14
D e c e mb e r 1 , 2 0 0 5 | REAL CIO WORLD
Are they playing a greater role in the management of the organization? Look to strengthen your industry news section. I understand that this is not the main purpose of the magazine, but a little information here will obviate the necessity of going elsewhere even for basic news. S R Balasubramanian, Vice President–IS, Hero Honda Motors
Thank you for your valuable suggestions. It’s such constructive feedback that CIO needs most to stay on the right path. As we are a fortnightly magazine, most industry news is stale by the time it gets to you. To keep you and your peers up to speed with the latest news and views daily, we have created www.cio.in, which I hope you will visit regularly. You can also receive updates directly in your mailbox by subscribing to our RSS feeds depending on your interest area. We’ll also shortly be launching a daily e-newsletter to address this issue. Editor
Gender Bias? I was a bit surprised to note that there was not a single woman on the Editorial Advisory Board of the magazine and am curious about the qualifying criteria. I am sure there are a good number of successful women
IT leaders in India. It would have been good have some of them on your board. Sheila Paul Head - IT BPL Mobile Communications Limited
Your comment on the lack of women in the Advisory Board is well taken. I would like to assure you that gender is certainly not a criterion in selecting its members! The CIO Advisory Board is not cast in stone, and we plan to periodically induct new members. We hope to identify eminent and active women CIOs and induct them on the board in the future. I’d appreciate and be grateful for your inputs and nominations on this score. I look forward to your active participation in helping us to build a strong and vibrant CIO community in India. Editor
How do I define ROI? I have a question which reflects the situation our company faces, which I am sure has been addressed very well by members of the CIO Advisory Board. We, as a company, are looking at a BPR exercise where we intend to study our processes in terms of OTC, CRM, CI and SCM. After this we shall propose systemic solutions or automation to address inefficiencies, thereby improving our turnaround time and enhance our customer interface. How do we define ROI for this project? Do we forecast the intended gains or do we indicate that we will have gains but quantify it in terms of broad percentages, like a reduction of 10 percent in costs or time spent? Anand Kumar, Information Technology Lead - South Asia, Monsanto
For our Advisory Board's take on Anand Kumar's query turn to Page 16.
Vol/1 | ISSUE/2
11/28/2005 3:37:15 PM
Inbox In every case, the question that impacted stakeholders will ask is ‘What’s in it for me?’ If you can successfully address this, all the scenarios will provide benefits, with the first one offering the greatest benefits and the rest following in a decreasing order. Arun Gupta, Sr. Director – Business Technology, Pfizer
Excerpts From Our Advisory Board’s replies to Anand's query : Anand needs to answer a few questions to arrive at the decision on which model is to be used to justify the project’s investment. I am assuming that there is a generally accepted view within the company that BPR is required; the management accepts that BPR linked to the implementation of new systems will drive benefits; and that baseline exists on current performance and benchmarks, which may indicate the room for improvement. If there is a strong business buy-in into the project and stakeholders across process chains are willing to invest their resources towards improvements, the ROI model will include both monetary improvements and process efficiencies, in percentage terms. In this case, the ownership of the project will be distributed with the respective process chain owners, e.g. OTC with distribution/finance. Alternative scenario: if the process owners are not aligned to the organization’s desire to create new process maps, then the project could be driven by selected business leaders belonging to respective functions or teams. In this case, it would be prudent to use financial metrics. Worst case scenario: if IT is expected to drive the project across the company with minimal involvement from the management (middle and senior), you will probably be happier selling the percentage improvements in operating processes while educating the process owners and business heads about financial benefits. 16
inbox14-17.indd 16
D e c e mb e r 1 , 2 0 0 5 | REAL CIO WORLD
This reminds me of what we did at Mahindra & Mahindra in 1994, when India’s liberalization was taking shape. Bracing for global competition, we decided to revamp our manufacturing processes to be operationally
"In every case, the question that impacted stakeholders will ask is ‘What’s in it for me?’" excellent and maintain our cost leadership. We went through an organization-wide BPR - a major change management project. If BPR and the subsequent automation arise out of a business strategy then I do not think there is a need for a separate justification. Obviously, the “how” part of BPR and the decision of which IT solution to implement would come through an appropriate evaluation process, before choosing the best option for Monsanto. The actual implementation should also be carried out with appropriate project control and monitoring processes. With appropriate details, it should be possible to work out costs and gains in quantifiable terms, for certain activities. This could be part of the deliverables of these two projects. It needs to be emphasized that benefits - strategic and operational - arising out of BPR and IT are an integrated solution, and trying to apportion these separately between the two projects is unnecessary. Arvind Tawde, VP & CIO, Mahindra & Mahindra
Benefit quantification is always indirect and not in monetary terms. Indirect benefits can always be turned into ‘dollars’. Reducing delivery from three days to one and quantifying it is a way to proceed. One can charge, say ‘$5’ to ‘$15’ for the difference, although there may be no way to convert days saved into actual ‘dollars’. S Sadagopan, Director, IIIT - Bangalore
If a company is re-engineering, it should quantify benefits post BPR. Where SCM and CRM are concerned, measurable results will show in the following areas (this will vary depending on company, industry, geography, item volume, vendor base): Reduction in inventory Higher number of inventory turns Reduced inventory obsolescence or theft or pilferage. An ABC classification study can be done to document previous inventory loss. Lower order-processing costs, faster order-processing Better vendor collaboration Swifter deliveries Fewer production disruptions Increased dealer, distributor and wholesaler satisfaction Higher sales (with fewer stock-outs) Higher customer satisfaction T.M. Unni Krishnan, CTO, Shopper’s Stop
In Conclusion The Board’s advice has helped to some extent. It was interesting to note the diversity of thought towards dealing with the same problem. Anand Kumar
Got A Concern? The CIO Advisory Board invites you to share your questions. If you have queries that are generic in nature, write to us at advisory@cio. in. Letters may be edited for length or clarity.
advisory@c o.in
Vol/1 | ISSUE/2
11/28/2005 3:37:17 PM
trendlines new
cyber cops chase traffic offenders
*
*
hot
unexpected
The next time a traffic cop hands you a challan (ticket) in Bangalore, don’t think you can toss it out of the window and forget about it. Aided by spanking new handhelds, the cops are going to catch up with you. And, make a profit. In an attempt to get a handle on the number of unpaid challans and repeat offenders, the city’s traffic force has turned to technology in the form of the Simputer handheld. 30 Simputers have been programmed to keep track of traffic offences, piggybacking on the State Crime Record Bureau’s database. The handheld comes with a rechargeable battery and a mini-printer. Bangalore has 17.2 lakh vehicles and it adds 600 more everyday. The city’s 1,500-strong traffic police hands out about a 1,000 challans daily. Following up on them without a computerized system resulted in a backlog of 400,000 bills - worth Rs. 4 crore. “We asked ourselves why we couldn’t use technology to deal with the challenge,” says M A Saleem, deputy commissioner of police – traffic. The upshot of arming all of Bangalore’s 29 traffic police stations with Simputers: the police have collected penalties worth Rs 13 crore in eight months, compared to Rs 12 crore for all of 2004. In fact, the recoveries have not only paid for the cost of running the department, but the traffic cops are now beginning to make a profit. The force plans to arm its members with a 100 more Simputers in 2006.
E-GOVERNMENT
a
t
1
0 p . 2 m
ILLUSTRAT IO N By BIN eSh SReeDhARAN
I
Ph OTOS By y SRI S RIvATSA ShAN DILyA
Clicking, Clacking and Snooping 3
The idea of snooping on keyboards has been around since the Cold War, when Soviet spies bugged typewriters in the American embassy in Moscow. Now researchers at the University of California, Berkeley, have found a way to turn the clicks and clacks of typing on a computer keyboard
SECURITY
18
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
into a startlingly accurate transcript of what is being typed. The researchers, including Doug Tygar, a professor of computer science, have developed software that can analyze the sounds of someone typing on a keyboard for 10 minutes and then piece together as much as 96 percent of what was typed. The technique works because the sound of someone striking an “A” key, for example, is different from the sound of striking the “T,” according to Tygar. “Think of a Conga drum. If you hit a Conga drum on different parts of the skin, it makes a different tone,” he says. “There’s a plate underneath the keyboard [that is] being struck in different locations.” One lesson from the study is that even randomly generated passwords are not secure. Tygar’s researchers were able to guess
90 percent of the five-character passwords they generated within 20 tries. There is one easy step that users can take to conceal what they’re typing: Turn up the music. In noisy environments, it is more difficult to separate the keyboard sounds from other sounds, says Li Zhuang, one of the students who coauthored the paper. —Robert Macmillan
pm
at
0 12.3
Get Time on Your Side Become a better leader by learning how to go with the flow bOOk REVIEw Perhaps it’s the elusiveness of time that makes us think that if we can just map it out (in a PDA), compress it (through e-mail) or shift it (TiVo, anyone?), we can create more of it and use it better. Instead of being time managers attempting to outwit the clock with these confronta-
tional methods, John Clemens and Scott Dalrymple, authors of Time Mastery: How Temporal Intelligence Will Make You a Stronger, More Effective Leader want us to become “time masters” by acquiring the “temporal intelligence” that can turn time into an ally. They define temporal intelligence as a mind-set with six attitudes toward time,
including viewing time as subjective and elastic, and people and organizations as possessing unique rhythms. The authors, who are management professors at Hartwick College, provide examples of temporal intelligence in the experiences of dozens of leaders they have identified as time masters. The power of this book lies in those experiences, as well as in the unusual way it analyzes familiar leadership issues with time in mind. Take crisis management, for instance. A crisis situation seems to require an immediate response. Yet from Clemens and
TRENdlINES
Time Mastery: How Temporal Intelligence Will Make You a Stronger, More Effective Leader By John Clemens and Scott Dalrymple Amacom, 2005, Rs. 1,197.50 (fabmall.com)
Dalrymple’s viewpoint, a more effective way for a leader to react is to “stop time,” with the goal of modeling the required staff perspective. “During a crisis, [I] always put on the kettle” to make tea, says the director of a company that offers leadership training in the form of crewing a yacht. If the skipper introduces a note of normality, how bad can the situation be? Time Mastery is full of persuasively argued, time-based solutions and is well worth putting on a summertime—or anytime—reading list. –Carol Zarrow
Watch What You SaY MANAGEMENT REPORT communication from the top is a leading factor in employee motivation, morale and even loyalty, according to a study from consultancy Hay Group. but keeping workers informed is not something executives do well. From its surveys of 1.2 million employees at 400 organizations, Hay Group reports that most give their companies poor marks for internal communication. The study suggests that executives promote turnover when they don’t communicate clearly about where their organizations are headed. “One of the most important predictors of employee commitment, and ultimately loyalty, is the connection between the individual and the big picture,” says Mark Royal, a Hay Group senior consultant who authored the study. Among employees surveyed, only 49 percent said they were happy with the openness and honesty of communications
20
Trendlines1.indd 20
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
within their organizations, while 42 percent said their organizations did not do a good job of informing them about the state of the business. Furthermore, fewer than half of respondents said that company executives do a good job of communicating major changes or informing them of the reasons behind decisions affecting them. Hay Group also asked employees whether they intended to stay with their current company for more than two years. Fifty-seven percent of those who answered yes also expressed confidence in the direction communicated by senior company leaders. In contrast, among employees who said they would leave within two years, only 27 percent said they were clear where their companies were headed. Employers fared a little better when it came to explaining how they assess workers’ performance. More than half of employees surveyed said they understand how their performance is
judged. But in a separate survey of more than 1,200 compensation managers (conducted by Hay Group in conjunction with WorldatWork, an HR professional association), 65 percent of respondents said that half or fewer of employees understood their company’s philosophy for linking pay to performance. More than two-thirds gave low marks to their companies’ communications about pay. That’s a bad sign for employee commitment, Royal says. “In highworkload environments, which increasingly describes many organizations, there’s pressure on companies to reward employee contributions,” he says. “But this is a time when compensation budgets are tight. That’s where communication is particularly critical.” Good communication “takes what might seem capricious about pay decisions and makes that easier for employees to understand and perhaps easier to accept,” he says. —edward Prewitt
vO L/1 | ISSU e/2
11/28/2005 2:02:59 PM
w walk a Virtual Mile in the dispatcher’s Shoes
CU ST O M E R S E RV I C E
Dispatching technicians for service calls—how hard can that be? You send the first technician to the first call, the second to the next and so forth, until everyone’s out in the field. Then you cycle through them again. No sweat. Well, try playing a round of Service Tycoon, and get a clue. Developed by ClickSoftware, this free online game will convince you that dispatching field techs in that fashion is a surefire way to alienate customers and put you over budget. At first, calls come in at a manageable pace and you can easily dispatch technicians with the appropriate qualifications. But suddenly you find yourself in fire-fighting mode: Everyone’s out on a call and four customers are clamoring for service. The technicians who could handle their problems are far away, and there’s no way you can get anyone there before customers lose patience. Your customer service score drops precipitously, costs rise, and you’re suddenly glad you’re not a dispatcher. “People don’t really relate to how difficult the problem is,” says David Schapiro, executive vice president of markets and products for ClickSoftware, which sells—no surprise—workforce and service optimization software. So Schapiro and marketing colleague Amit Bendov hit on the idea of developing a digital game to increase awareness among companies with field service technicians. In less than two months, more than 10,000 people have played the game. Test your own dispatching skills at www.servicetycoon.com. And prepare to be humbled. —Alice Dragoon
vOL/1 | ISSU e/2
Computers can’t think for themselves; humans need to tell them exactly what to do and when. In a bid to help systems—especially manufacturing systems—work more autonomously, the US National Institute of Standards and Technology has released new process
M A N U FA C T U R I N G
specification language (PSL) software that allows users to more precisely define a business process. “PSL lets you express, using precise and powerful means, exactly what you intend when you are talking about sequences of activities that relate to each other in a specific way,” says Steven R. Ray, chief of NIST’s Manufacturing Systems Integration Division. Conrad Bock, a senior computer scientist at NIST, says PSL helps users ensure that business processes are following not only stated business rules but implied rules as well. It will, for example, allow scheduling and planning applications to talk to each other and determine how to execute a process or a step before beginning it. In real-world terms, this means, for example, that a manufacturing tool will have the ability to know that it must
tren d l ines
A Way to Make Computers Think wait for paint to dry before placing an item in a packing box and to interpret what the word dry means. Ray is working with software developers to take PSL out of the lab and integrate it with applications. One company, CAPI, has developed a prototype of a tool to help users define a set of business processes and generate a PSL specification that represents those processes. It will be several years before the CAPI tool and others like it appear in business applications. The reason: Using PSL requires a new programming infrastructure, including authoring systems, and systems that can check applications for consistency and syntactic integrity. But stay tuned. “We see this as a standard with real promise,” says Ray. — Karen J Bamman
by the numbers
b y j on surmac z
T
BEST PRACTICES
hose folks on the help desk sure are nice, but they’re not always, well, helpful. A study by Forrester Research found that while users are happy with their PC, e-mail and office productivity software, they’re less satisfied with their help desk and internal communications from IT. That could spell trouble for many CIOs, because for many users, their help desk experience may be the only interaction they have with IT.
22
Trendlines1.indd 22
1. Keep users in the loop. Head off frustration by communicating the status of users’ issues or call tickets and providing estimates of the time it will take to resolve each problem.
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
100
Describe your level of satisfaction with your company’s IT help desk in the following areas: Satisfied
75
Dissatisfied On the fence
50 25 0 Courtesy
Availability
Expertise of the help desk
2. Check in with users. Conduct periodic user satisfaction surveys. Meredith Morris, an analyst with Forrester Research, suggests checking in with users after call ticket or issue resolution, or after a project that the help desk staff was involved with, such as PC deployment or application upgrades.
Timeliness of updates regarding your issue
Ability to resolve requests in a timely manner
Ability to resolve requests the first time around
3. Talk IT up. Build confidence in IT by promoting the status of projects, milestones and success stories more frequently.
Vol /1 | ISSU E/2
11/28/2005 2:03:04 PM
top 10
B
ased on analysis of thousands of corporate end-user case studies and vendor research, Nucleus Research is predicting the following Top 10 IT Trends for 2006:
Pricing Push Back: With more options for companies on how to buy software, vendors will feel more pressure to demonstrate value of maintenance fees. Partners Get More Clout: Channel partners serve as ambassadors for vendors, providing vertical expertise and strong relationships with mid-market customers. As vendors seek to broaden their mid-market customer base, partners will play an increasingly critical role. Open Source Applications: Budget constraints and a wider array of open source applications for end-users are increasing the validity and value of this model. Vendors incorporating this format will be able to capitalize on this trend as demand continues to grow. Remote Workers: Improved technology applications, increased commuting costs and market conditions will find corporations more willing to extend the benefit of working remotely to employees over the next year. This option will increase the loyalty of the workforce and possibly lower overhead costs. SOA - Adoption Will Replace Skepticism: Savvy adopters are already using SOA to integrate siloed applications, retire costly legacy systems, and tighten relationships with partners. The more these early adopters increase both the number of services developed, and the frequency of reuse, the higher their ROI will be. Enterprises Will Clean House: Several trends are converging to compel businesses to shed unnecessary and redundant systems. Companies are increasingly using integration technologies such as Web services and service-oriented architecture to rebuild patchworks with more elegant solutions.
Movements
TRENdlINES
IttRendS foR 2006
ExECuTIvE Ex ExEC ECu uTI TIv vE E
Raj Kumar Secretary, Department of Science and Technology, Gujarat raj Kumar is the new secretary, department of science and technology, Gujarat. He is also the new managing director, Gujarat Informatics Ltd. earlier, Kumar was commissioner, sales tax department, Gujarat. In his new position, Kumar will drive e-governance and IcT initiatives in the state. He succeeds J N Singh, who takes over as commissioner, textiles in mumbai.
R P Pal Secretary, IT Department, Goa After taking charge as secretary, IT department, Pal is looking to boost e-governance initiatives and the IT industry in Goa. Pal succeeds Ashwin Kumar, who is now secretary, finance department, Goa. An IAS officer of the 1993 batch, he has held a number of key positions including secretary, industry cooperation and additional chief electoral officer, Andaman & Nicobar and director, technical and higher education, Goa.
Ajay Bajaj Head - IT (India), Ranbaxy Ajay bajaj, formerly cIO at modicare India, is now head of IT (India) at ranbaxy Limited. bajaj has spent close to 15 years employing information technology. His new responsibilities will focus on consolidating the sales force automation program.
More Demand for On-Demand: The on-demand market continues to mature as both users and vendors of on-demand solutions increase their sophistication of this technology sector beyond the basic low-cost point of entry. Competition will continue to increase across all levels improving the value for users. Outsourcing Losing its Glamour: While the charm of offshore seems to be fading, the lessons learned from this exercise are being integrated into corporate IT strategies - effective project and contract management as well as collaboration - resulting in more distributed teams of programmers. Google Challenges Microsoft: The Google-Microsoft battle will become the most interesting vendor fight to watch. As Google continues to take a bite out of Microsoft’s consumer desktop dominance, the question remains whether Microsoft will simultaneously battle Google as it expands its role in the enterprise application market. Wireless That Works: Common with most maturing markets, wireless access will increase as technologies to support it rise and competition in the market will continue to drive down costs. However, businesses and consumers will face more concerns around security and privacy, which will continue to drive innovation to overcome these hurdles. vOL/1 | ISSU e/2
REAL CIO WORLD | D e c e m b e r 1 , 2 0 0 5
24
Michael Schrage
Customer Focus
FeedbackWorth $50 Million If you don’t make it easy for your customers to offer ideas about how your company can improve its services, they may just give those ideas to your competitors.
T
Illust ration by b inesh sreedharan
he column you are about to read is true. It was inspired—provoked, actually—by my online interactions with a brand-conscious global financial services giant whose charge card I carry in my wallet. The name of this company is not important: I would prefer that readers focus on the point I’m trying to make rather than on the company I’m using to make it. So, here I am on American Express’s website, banging away on my laptop, doing the thing I most despise doing as a consultant: expenses. I hate—no, loathe—expense reports. Even though expense reports are the most remunerative writing I do, they’re a pain, and keeping and tracking paper receipts is a nuisance. I remain desperately eager for easy and frictionless ways to get swiftly reimbursed for the hotels, taxis and other financial effluvia of my nomadic existence. As I try in vain to define and cut and paste my airfare from a particular date (and my hotel receipt and taxi rides from the same date) from my online account into a Word document that will soon double as a digital expense form, it hits me. There’s a better, smarter and easier way of doing this. Much better. Much smarter. Much easier. I feel the happy tingle of hair rising on the back of my neck that physiologically signals: good idea! As a fast-calculating idiot savant with an entrepreneurial bent, I do a quick back-of-the-mental-envelope number-crunch and figure that this is, conservatively, a $50 million-a-year idea for my charge card company. That’s real money. But because I’m the kind of guy who will cheerfully give away a $50 million idea if it will make my life easier, I immediately stop doing my expenses online and draft a 650-word e-mail telling Amex how it could design, prototype, test and deploy this scheme. 26
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
Column Customer Focus.indd 26
Vol/1 | I SSUE/2
11/28/2005 1:49:38 PM
Michael Schrage
Customer Focus
In a moment, I’ll explain the idea and justify its multimilliondollar valuation. But the real reason I’m writing this column is not to tout my idea’s brilliance but to declare my frustration. My charge card company—and I’ve been a member in excellent standing for over 15 years—simply would not let me submit my memo either online or via the phone. You want to talk CRM? You want to talk about sustainable sources of strategic advantage? Let me emphatically state: If you don’t have infrastructures or apps that make it easy for your best and most profitable customers to give you—give you—ideas about how you can do better and be better, you need to rethink what digital networks can and should mean in your organization. Any company that sells products or services online needs to provide the means to encourage customers not just to whine and complain but also to suggest and enhance. That’s not hard technically. Alas, what’s technically easy all too often means nothing to the cultural, organizational and managerial resistance that defies cost-effective implementation. If you want smart feedback, you have to design for it. Even a little respect goes a long way.
Ideas for Free Unfortunately my charge card company’s feedback button linked to an annoying questionnaire and no conceivable way to send any kind of meaningful e-mail or memo. Thus began my quixotic effort to give away a $50 million idea. First I picked up the phone and called customer service. I politely explained that I had an interesting—and potentially important—idea for the company’s website that could be worth tens of millions of dollars. I asked how I could send my e-mail. The equally polite customer service rep (everyone was polite and professional) explained that there was no customer service e-mailbox where it could be sent. She transferred me to the interactive services group. The lady there first referred me to the site’s feedback button but agreed its interface was inadequate for my kind of feedback. I asked for an alternate e-mail address. She said she didn’t have one to give. I explained (politely) that I wrote a column for CIO, worked at MIT and was someone who paid my (rather large) charge card bills on time. Surely someone in her group would be interested in this idea. Moreover, I was a valued customer. Didn’t she have some sort of e-mailbox for valued customers? The answer was a very polite but very firm “no.” Back to the main customer service line. Same results. No way to send an e-mail. I asked to speak to a supervisor. The supervisor says, “No e-mail.” I ask how customers can make suggestions for improved service. She offers a snail-mail address. Back to interactive services. I ask to speak to a supervisor there. A gentleman explains there is no enterprise mailbox address for online customers either—but maybe he could get authorization to give out his e-mail address or a colleague’s. Long delay. Long delay. Long delay. I feel myself slowly changing from Don Quixote into Captain Ahab. He finally returns. 28
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
Column Customer Focus.indd 28
Your customers can and should be a dynamic source of ongoing innovation and inspiration for your organization. He has an e-mail address for another supervisor. We doublecheck to make sure it’s accurate. I immediately send my memo. It gets bounced. I wait 24 hours. I try again. Nada. Nothing. Bubkes. When you’ve got a lemon, make lemonade. I decide to salvage my wasted time by writing this column. But what’s the big idea? Could it really be worth $50 million a year? You be the judge: My charge card company should offer an online expense report form that allows individuals like me to drag and drop individual expense items into a coherent, timestamped and authenticated document that can be securely emailed to one’s clients. The digital document would look and feel professional; you could send it either from your own address or from the card company’s site. You could store the forms on your own machine or with the company or both. Privacy concerns? Security? Come on! Do you really care who gets access to your expenses? Only a celebrity or a CEO who flies around in a Gulfstream V needs be wary of this service. After all, the charge card number can be appropriately masked. Yes, I know about Quicken and other expense management software. But frankly, it would be faster, easier and simpler if I could just do everything online. Would I pay Rs. 2,250 ($29.95) a year to be able to prepare and send expenses this way? Cheerfully! Would I spend Rs. 1,350 ($50) a year to prepare, send and back up my expenses this way? You bet! Do the math. How many sole proprietors, freelance consultants and individuals—inside companies and out—are targets for this kind of service? My bet is, easily 1.5 million to 2.5 million cardholders and small businesses. A simple query to online users would help gauge global interest. The bottom line? I can’t give Amex a $50 million idea for free. Whether you like my idea or not is beside the point. The point is, your customers can and should be a dynamic source of ongoing innovation and inspiration for your organization. If you don’t have a virtual suggestion box for them, you should. If you don’t, don’t be surprised when your smartest customers give their best ideas to your fiercest competitors. CIO
Michael Schrage is codirector of the MIT Media Lab’s eMarkets Initiative. Send feedback on this column to editor@cio.in.
Vol/1 | I SSUE/2
11/28/2005 1:49:42 PM
Susan Cramm
executive coach
Your Work or Your Life How to overcome the corporate conspiracy that keeps you chained to your job.
I
Illustrat ion Shyam S. Deshpande
f you want your life to be more than a series of meetings, e-mails and business trips, you are not alone. My objective in nearly every coaching relationship is to help my client find a balance between work responsibilities and personal life. Former GE grand pooh-bah Jack Welch has said in recent articles and interviews that he believes great managers don’t have work-life-balance issues because they have the necessary “systems” in place. This is a ridiculous comment, even for those with a stay-at-home spouse and legions of personal assistants. The only managers who don’t have work-life-balance issues are those who have already given up their lives to the company. Welch says your boss wants to make “your job so exciting that your personal life becomes a less compelling draw.” You may wish that your boss would embrace the whole you (and not view your children as competition), but most executives think of home and family as something to be dealt with—like a physical or emotional handicap. According to Welch, the typical boss is willing to “accommodate work-life-balance challenges if you have earned it with performance.” In other words, you mortgage your life to the company in the present so that you can own it in some misty future. Unfortunately, this strategy doesn’t really work because by the time you realize that your work and life are out of balance, your habits, expectations, responsibilities and relationships (or lack thereof) have hardened. You have created your own “system”—that is, the combination of your organization’s culture, your position and your work habits—which works as long as you put your job first and everything else second, third or not at all. This system is tuned for long hours away from home. Eventually, your spouse, children, church and community become accustomed to your absence and develop routines that require your funding but make your day-to-day involvement unnecessary.
32
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
Column Susan Cramm.indd 32
Vol/1 | I SSUE/2
11/28/2005 1:51:35 PM
Susan Cramm
EXECUTIVE COACH
It’s important to realize that balance is not about having more free time; it’s about living a fuller, richer life that is more enjoyable and more significant. It means putting work in perspective as one of the many things that you do and aspire to be great at, but not the thing that defines who you are. Balance doesn’t necessarily mean working fewer hours—everyone, including the CEO, works for others and responds to demands beyond their control—but balance does mean gaining control over when, where and how work is done. If you are one of the many whose narrowed worldview consists primarily of work and sleep, the process of recalibrating your system to define yourself beyond your job is difficult. The key to gaining balance is making external commitments that appear on your calendar and treating them with the same level of dedication you give to your work. Welch speaks the truth when he says that within most companies, “work-life balance is your problem to solve” and that “people who publicly struggle [with it] get pigeonholed as ambivalent, entitled, uncommitted, incompetent.” Rather than letting work expand to fill all your time, set limits. Take advantage of the fact that companies and managers value results rather than effort; figure out how to work smarter, and how to manage up and stand your ground. When someone tries to impinge on an external commitment, adopt the mantra: “Don’t complain; don’t explain.” Just let them know how much time you have, and work it out from there. Those of you in your 20s have the opportunity to build balance into your work-life schedule from the beginning. Continue or incorporate the extracurricular activities that you enjoyed in college (the healthy ones). If you eventually get married and have children, you will need to give up some of these activities, but you will have “hard-coded” a system that will not require you to change companies, positions or a career path to become the spouse and parent you wish to be. Be aware, however, that if you do this, it will impact the companies you choose and the positions you aspire to. A balanced life may result in a slight tarnish on your managerial star, or even the realization that you are in the wrong job or at the wrong company. But what’s the alternative? For all the passion you put into your work and the joy that you get from creating and collaborating with others, at the end of the day, it’s just a job. It doesn’t hug you when you are sad, and it won’t take care of you when you get old. Most of us are not destined to and don’t want to become the next Jack Welch. Good thing, because even he sounds a little melancholic when he says that “my kids were raised, largely alone, by their mother” and advises us that when it comes to work-life balance, to do as he says, not as he did.
Q: Work-life balance seems to be a problem mainly in America and perhaps Japan. Most European countries do not impose such imposing work expectations; in fact, they take whole months off. Yet their quality goods and products are exported all over the world. Why will corporates never learn? A: Research indicates that long work hours are not sim-
ply imposed by companies but are a function of our work ethic as a culture. It’s hard to recommend across-the-board policy changes in light of our superior productivity and the fact that emerging competitors (such as developing countries in Asia) work more hours than we do. Those of you in leadership positions should focus on driving productivity in sustainable ways. (After a point, increased work hours actually decrease productivity.) On an individual basis, we don’t have to wait for corporates to learn, since we have the final say over what we do with our time. Q: Those of us in IT, Software Test and Quality Assurance often find ourselves at the end of the product release cycle. As a manager, I often stay late to handle demands so that my staff can go home. So their lives are more balanced, but mine’s not. A: Peaks and valleys exist in all project-driven positions, and
accepting these jobs means being available when needed. The way to provide balance is to distribute the “late shift” among the workers and ensure that during the lighter times, people take comp time (regardless of company policy). Work-life balance doesn’t mean getting home at 6 p.m. every day, but it does mean eliminating continuous 60-hour weeks and allowing people to catch their breath. Q: As an ex-CIO who managed to get fired before I died on the job, I suffered for three years under a Jack Welch advocate. After the dust settled, I still had my family and my health—things that bonuses and 80-hour weeks can’t get back—and I vowed never to take for them granted again. I realized people such as Jack Welch and my former boss are driven by power and greed, and they are willing to sacrifice anything (and anyone) to get what they want. I’m sure their families will attest to this. A: I, too, was fortunate to have life get in the way of my
long weekly commute and hours. Congratulations on getting fired. CIO
Susan Cramm is founder and president of Valuedance, an executive coaching firm in San Clemente, Calif. Send feedback on this column to editor@cio.in.
34
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
Column Susan Cramm.indd 34
Vol/1 | I SSUE/2
11/28/2005 1:51:36 PM
Imagin g by b inesh sreedhara n
I
P h otos by Srivatsa Shandi lya
Col Arvind Saksena (left) and Capt. G.R. Gopinath, the CIO and Managing Director of Air Deccan have shown that a no-frills carrier can take on full-service airlines if it harnesses the power of the Web.
Cover Story1.indd 36
11/28/2005 4:15:55 PM
T S O F C F O W S O L KE
A T
By evolving its e-ticketing system, the nofrills Air Deccan Saves close to 20 percent in distribution costs alone. BY Vijay Ramachandran
Air Deccan didn’t have the most auspicious of
take-offs. Its very first flight ran into engine trouble. In fact, when Capt. Gopinath, a former Indian Army officer and silkworm farmer, announced the launch of India’s first low-cost airline in 2003, the aviation industry wondered if he could pull it off. The carrier’s managing director Capt. Gopinath decided to do away with inflight meals, reduce the crew to a bare minimum and add Reader ROI: How to use IT to slash operating more seats. However, it’s technology that’s aiding his vision of costs keeping costs ultra-low by allowing Air Deccan to offer tick How to use the Net to ramp up customer reach ets a minimum of 30 percent lower than those of full-service carriers. How to outsource and pay per use E-tickets had been on Capt. Gopinath’s mind since 2001, when he boarded Vol/1 | I SSUE/2
Cover Story1.indd 37
REAL CIOwww.cio.in WORLD | |D eOccetm ober 1, 2005
37
11/28/2005 4:15:56 PM
Cover Story | E-Commerce
20%
How Air Deccan Saves
the Johannesburg to Cape Town flight of the low-cost Kulula.com, with just a piece of paper in place of a ticket. By implementing a system that allows tickets to be booked over the Internet, another Army veteran, Air Deccan’s CIO Col Arvind Saksena, has ensured that the no-frills airline saves close to 20 percent in distribution costs alone. “Distribution cost is seen as one of the key ‘controllable’ expenditures in an air carrier’s cost structure; thus an effective and efficient distribution mechanism goes a long way in making an airline successful,” Air Deccan’s Chief Revenue Officer John Kuruvilla points out. It’s fair to say that none of the larger airlines have figured out how to counter the fledgling airline’s pricing advantage beyond a point. Air Deccan, which pioneered the no-frills move, currently connects 40 destinations in India with 170 flights daily. Much of the savings are due to Air Deccan deploying its own reservation and ticket distribution system, though there are other benefits too. The system now brings in between Rs 2.5 crore and Rs 3 crore daily, thus making www.airdeccan.net India’s biggest e-commerce site, taking it way past the Indian Railway Catering and Tourism Corporation (IRCTC) site.
Accountant’s Delight Paper tickets helped bring a gleam into the eyes of the bean counters at Air Deccan — they saved Rs 4 on just the cost of printing each ticket — that adds up to a fair sum considering they flew a little over a million passengers in the last fiscal; this year that number is expected to grow four-fold. The carrier also slashed operating expenses by using paper tickets to cut turnaround time at an airport. “All our paper tickets are bar-coded. Bar-code readers used in conjunction with thermal printers slash the time spent in generating boarding cards, and help passengers get on-board and on their way faster,” explains Col Saksena. Interestingly, Southwest Airlines, which is seen as the most successful and profitable low-cost airline in the world, has only now begun rolling out barcoded, paper-based tickets. Creating its own Airline Distribution System (ADS) saw Air Deccan going against conventional wisdom. Most full-service airlines (like Jet Airways or Indian Airlines) host their seating inventory on the databases of global distribution services (GDS) like Galileo, Amadeus, Sabre, Abacus and Worldspan.
4
Global 20% % On Distribution Services
3
Billing and % On Settlement Plan
10
Travel % On Agents
3
Other % On Overheads
Note: Figures describe the ticket distribution costs of a full-service airline.
Travel agents access this database to allocate tickets and the GDS then bills the airline a fixed price in foreign exchange based on the sector covered (ranging from three to four percent). It was to avoid the cost of the GDS that Air Deccan decided to go it alone. Since the carrier is a single-class airline which flies pointto-point, and thus avoids complex flight routings, it figured that building an inventory bucket, hosting it on a server in India and selling tickets over the Net wasn’t such an impossible dream. Having its inventory accessible over the Internet also helped Air Deccan to look for options to extend its reach beyond the traditional distribution network. It set up a call center which accepted ticket booking over phone and let corporates and travel agents registered with it to directly reserve seats. It also took a decision to stay away from the Geneva-based Billing and Settlement Plan (BSP) that works on a 15-day credit cycle and which almost all full service airlines subscribe to. This involves travel agents forwarding their inventory sales to IATA and the travel body settling with the airline for a fee that’s two to three percent of the ticket price. Since Air Deccan’s system included a payment gateway and tickets are issued on direct payment through credit cards, it felt no need to subscribe to the BSP. Its registered
Air Deccan’s website brings in between Rs 2.5 crore and 3 crore daily taking it way past the IRCTC site and making it India’s biggest e-commerce site.
38
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
vO l/1 | I ssue/2
11/28/2005 4:15:59 PM
Cover Story | E-Commerce we paid only for what we used,” recalls Capt. Gopinath. Taking the he call center appraoch helped the airline tap into an audience that wanted to fly but had neither Internet access nor credit cards. Today, a little over half of all its ticket sales come from its call center and direct customers. “Having an Internet-based reservation system also assists in driving dynamic pricing and effecting price changes with reduced execution time,” says Kuruvilla. Air Deccan needed the inventory distribution solution and it needed it in place fast. To deploy the system rapidly, it strategically decided to outsource the project. Air Deccan views outsourcing of application development very positively and believes that it is a good path to adopt to reduce project life cycles. “Since this taps into the domain knowledge held by the outsourced company, work starts immediately, thereby saving time,” Col Saksena adds. Outsourcing became an easier decision, since the airline didn’t want its manpower expanding at a time when a vendor could provide the same service at the same or higher levels of accountability. But choosing the right vendor wasn’t an easy call. With the Internet expected to be its Capt. G.R. Gopinath primary sales point and online sales slated to MD - Air Deccan grow exponentially, it became clear that Air Deccan needed to look hard to find the right technological solution to underpin its online booking operation. “Basically I look for stability and reliability travel agents either transact through a credit card or a deposit in a vendor. What are their processes for support and problem account, where an agent is allowed to issue tickets worth the resolution like, and what is the order volume they can absorb?” amount deposited with the airline. says Col Saksena. He believes these are the critical factors, since Another major advantage of e-ticketing was to allow passengers smaller players tend to become ‘unstable’ by taking on too much. to book tickets directly without involving travel agents, thus cutting Apart from this, Air Deccan specifically weighed how vendors out the agent’s commission (of between eight to 10 percent of the were when it came to delivering on deadline, and randomly ticket price) from the value chain. Of course, those who book through contacted other clients of the vendors, to go over their history. the airline’s travel agents pay five percent of the basic amount. It finally chose the Gurgaon-based InterGlobe Technology Quotient (ITQ) to build an Airline Distribution System (ADS). Bottom Line Based on a blend of both .Net and J2EE technologies, ITQ’s Pertinently, according to the airline, 40 per cent of its first-time solution ran the gamut from reservations to schedules and fares passengers say that low ticket prices are the reason they chose to to payment gateway integration to a departure control system and fly it. Lower prices have also helped Air Deccan maintain seat document production. occupancy rates as high as 80 to 85 percent and gave it a marginal To keep the architecture robust and scalable, the solution profit on revenues of around Rs 370 crore last fiscal. was further broken down into three core areas. The Reservation “IT must reduce drudgery and it must bring down costs or Engine enables the airline to transact online on a real-time basis increase efficiency. I told my CIO that I wanted an Internet with an extended community of online customers, corporates, its delivery system so that people could, at the least, phone our call call center agents, registered travel agents and the airline’s city center and book tickets and asked him to create a model where
Vol/1 | I SSUE/2
Cover Story1.indd 39
REAL CIO WORLD | D e c e m b e r 1 , 2 0 0 5
39
11/28/2005 4:16:00 PM
Cover Story | E-Commerce and airport offices. The Inventory Engine helps manage inventory, flight schedules, fares, sales and flight departures, while the Reservation Engine is interfaced with the Departure Control System to keep track of passengers who board the aircraft. It’s the Departure Control System, which allows passengers to print out a paper ticket, retrieve a PNR number against that and have the airport check-in counters issue a boarding pass. Hosting the solution in its server farm in Gurgaon, ITQ rolled out the ADS in 40 days flat. Raja Natesan, president and CEO, ITQ credits his firm’s domain expertise in the travel sector for the speed of deployment. Capt. Gopinath is convinced that an Internet delivery system is the most important ingredient for a low-cost airline, however he pointedly states: “I’m not in favor of technology for technology’s sake. Solutions that our IT team deliver must be high-tech, but low-cost.”
Air Deccan. Apart from its partnership with ITQ, the airline has also got its Airline Resource Management System (ARMS) developed by the Mumbai-based Sheorey Digital Systems (ARMS tracks logistics, maintenance, training and crew rotation). Air Deccan’s CIO offers a word of caution, though. “Outsourcing demands that good monitoring procedures be in place with service level agreements (SLAs) coming into play. We concentrate more on monitoring and fine-tuning,” he explains. “Outsourcing does give us security concerns for which we have necessary checks in place by way of SLAs and non-disclosure agreements,” echoes Kuruvilla. But, Col Saksena is clear that outsourcing is not a matter of greater accountability. “Accountability is a function of internal processes and procedures — if the processes are right, outsourcing or insourcing are just the same,” he feels.
Radical Route In dealing with ITQ (and other vendors developing applications for it) Air Deccan decided to think out of the box. Instead of a flat fee upfront or paying in parts, it worked out a payment schedule based on the number of passengers booked every month. For an organization that’s ruthlessly focused on pruning costs, this approach helped avoid any initial heavy investment. “Choosing the right model to base a relationship with a vendor is as important as picking the appropriate technology. We look to convince vendors to grow along with us. Believe me, this not only works out to be more cost effective without any extra investment on our part, but the vendor also gets an incentive to constantly improve the application. Better applications mean better sales for us and that means more revenue for the vendor,” explains Col Saksena. ITQ’s Natesan explains that this mutually agreed monthly payment arrangement also helps ITQ plan its investments better. “We’ve now grown our dedicated Air Deccan team from 15 persons to a tad over 40, with much of the revenues being re-invested in better backup, hosting and storage,” he says. Both Natesan and Col Saksena talk of a healthy push and pull relationship developing between their organizations with increased understanding of each others’ needs and capabilities. Outsourcing application development has worked out well for 42
Cover Story1.indd 42
Col Arvind Saksena CIO - Air Deccan
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
11/28/2005 4:16:04 PM
Cover Story | E-Commerce Constant Evolution Since the initial vanilla application, over a 100 changes, major and minor, have been made to the ADS to enhance functionality for both the user and the carrier. For instance, passengers paying through credit cards now have the option to structure the amount due into EMIs. Air Deccan is in the process of integrating various banks into the system to allow for direct debit from savings accounts and similarly breaking up the payment into EMIs. Working in close coordination with his colleagues in the revenue and marketing departments, Col Saksena’s also slowly increasing the ADS’ complexity, for instance, by allowing ‘Super Value Flyer Packages’ to be booked online. Since a bunch of tickets is bundled together under the scheme, he’s had to figure out a method of tracking passengers over multiple sectors. In alliance with the Bangalorebased Jigrahak Mobility Solutions, Air Deccan also allows consumers to purchase tickets through GPRSenabled mobile phones. The moment the transaction goes through the PNR number gets downloaded. This number can then be shown at the airport counter to secure a boarding pass. It has also partnered with Hindustan Petroleum Corporation Ltd and Reliance Infocomm to distribute tickets through HPCL petrol stations and the latter’s Webworlds respectively. “The key elements for the success of any product are affordability and accessibility. Our airfares are affordable and our drive is to ensure that our tickets are easily accessible to people. Once you put in place a locally relevant business model that taps the bottom of the pyramid, the source, you’ll find, is inexhaustible,” says Capt. Gopinath. To Col Saksena, ease of reach simply means exploring all “electronic means” to reach the customer — the Internet, mobile phones and landlines. And, even VSATs! A bunch of them ensure
Air Deccan’s connectivity to states in the North-East. Considering the emphasis on cost-cutting, it’s a trifle surprising to learn that the Air Deccan CIO isn’t pursuing an Open Source option with greater zeal. Though Col Saksena does have Linux on his radar, ensuring that the system is up 24x7 also means not jumping into the deep end too soon. At the moment, providing passengers with reliable and easy access to making travel arrangements is crucial. Therefore, keeping an eye on creating a good user experience is also critical since that leads to higher conversions from potential passengers. Conversely, for Air Deccan, a dead link on the site can mean seats going empty. With the airline acquiring two new aircraft every month, Col Saksena expects 2,500 concurrent users at the Air Deccan site daily, by the end of this financial year. On the days of launches, when it announces either new sectors or Re 1 fares, the hits on the website are tremendous, with 10,000 users concurrently jostling each other to hit the jackpot. On days like these, Col Saksena remains as unperturbed as the day when he sat in a bunker that was pounded by the shelling, which marked the beginning of the Kargil War. “While these spikes do test the system to its limits, we don’t ramp up the system in a knee-jerk fashion. We periodically review the system’s capacity and keep in mind special launches (of schemes or pricing) and our expanding fleet of aircraft,” he says. With experts forecasting that the Indian aviation industry is likely to grow 25 percent annually for the foreseeable future, the good colonel at Air Deccan looks set to see his reservation system take many more hits. CIO
In dealing with its application developer, Air Deccan worked out a payment schedule based on the number of passengers booked though the system every month, to avoid any initial heavy investment.
Share Your Opinion Many organizations use the Internet as a part of their sales strategy. Would you take the Air Deccan route and build IT infrastructure to make the Internet the access point for all your sales? Would it be easy to convince your management to do so? Share your thoughts (or fears) on this with yourpeers. Write in to editor@cio.in
c o.in Vol/1 | I SSUE/2
Cover Story1.indd 43
Editor Vijay Ramachandran can be reached at vijay_r@cio.in
REAL CIO WORLD | D e c e m b e r 1 , 2 0 0 5
43
11/28/2005 4:16:04 PM
VIEW
from the TOP
IP
Prescribed
By Rahul Neel MaNi
Brian Tempest, CEO & MD, Ranbaxy, is mining intelectual property strategically as the pharma giant moves toward a Rs. 25,000 crore turnover. 44
view from the top2.indd 44
D e c e M B e R 1 , 2 0 0 5 | REAL CIO WORLD
FY05 has been a hard year for Ranbaxy. The second quarter saw profits dip 48 percent and its half-yearly sales posted negative growth. But, the pharmaceutical giant, has got its chin up and plans to simultaneously establish a manufacturing unit in Malaysia and ramp up operations across 44 countries. To break into the league of the top-five transnational pharmaceutical companies by 2012 and take the pressure off Ranbaxy’s bottom-line, CEO & MD Brian Tempest is pointing to the American, European and British markets with a directive to increase volumes of existing products. Tempest is banking on IT to contribute extraordinarily. He envisions an online, real-time historical databank of Ranbaxy’s world-wide historical research. It’s a tool that he anticipates will drive innovation, protect it and keep Ranbaxy ahead of the competition.
View from the top is a series of interviews with CEOs and other C-level executives about the role of IT in their companies and what they expect from their CIOs. coming Dec 15: Adi B. Godrej Chairman, Godrej Group
Vol/1 | ISSUE/2
CIO: Ranbaxy is a transnational pharmaceutical company. Where does IT fit? Brian Tempest: IT is one of the most crucial parts of Ranbaxy’s growth agenda and it is a true enabler in making the company a connected global giant. We have set a very ambitious target for ourselves. In 2004, we were worth Rs. 5,106 crore in sales. Our aim is to achieve Rs. 25,000 crore by the year 2012 – that is seven years from now. IT, as we have witnessed in recent years, has empowered Ranbaxy immensely in achieving this target. Technology has always been on the forefront of Ranbaxy’s agenda and in the future, when the company reaches out to both the domestic and global markets, three things will help us: strong marketing efforts, better drug and clinical research and products and, Information Technology. IT will enable us to map out our world operations seamlessly.
How does IT align with your key business concerns? Our competitive advantage rests with our innovation in R&D. What we invest in R&D and its productivity is critical to our business. IT plays a decisive role in sustaining that advantage. A major concern area is the security of our R&D data. We endeavor to work on a real-time yet foolproof IT system, which will guard our intellectual property (IP). Today, it’s just IP that differentiates us from other corporations. We have a global IT project to make our systems unbreakable. We have a global steering committee to oversee the progress of such a sensitive project. There is yet another committee which deals with operational details. Ranbaxy has envisioned a war game concept to test its systems. This simulates hacker attacks, it looks for the cracks in our IT systems and tries to breach firewalls and the intrusion detection systems (IDS). We observe the outcome keenly. Based on
Vol/1 | ISSUE/2
view from the top2.indd 45
SNAPSHOT the results, we take corrective measures. And, this is not a one-time activity. We also engage third parties to challenge our systems, increasing the chances of locating system and network vulnerabilities.
Have you come across any threat from within? No, I think people inside Ranbaxy understand the value and sensitivity of data. Although they know how to take advantage of that data, they don’t. Once you’ve imbibed good corporate governance and a disciplined culture, insider hacking is not expected. Ranbaxy works continually on internal IT and corporate governance programs.
Ranbaxy Turnover:
Rs. 5,106 crore (Ranbaxy’s global consolidated sales – calendar year 2004) IT Budget:
Two percent of total revenue (includes research informatics) Employees:
9,000
IT Staff:
120
Head Quarters:
Gurgaon, Haryana Locations on central network:
55 (excluding those connecting through the Internet)
Drug Warehouses, Stocking Points and C&F Agent Locations:
35
CIO:
business. That, in some sense, is my vision. And I expect IT to complement it. One of the areas that our IT department is working on is a central server for all historical R&D data, which can be accessed by researchers and scientists. Anyone who is involved in research and needs to draw from the data repository should be able to do so with a click of a button. That’s the sort of online, realtime historical data bank we have envisioned. It’s a longterm project. We started it a year ago but we are working at it strongly.
Has IT dramatically changed the way clinical trials are done?
Rahul Goswami
Is your vision of IT followed meticulously? The Ranbaxy board lends a lot of directional guidance to the executive management. It’s the board’s duty to ensure that everything we do is world-class. IT is no exception. I take personal interest where IT governance is concerned. Systems and data security is a key initiative. As a company, we are constantly pushing IT to achieve two things: efficiency and productivity. We have commercial websites, which generate millions of hits every year. These websites aid the community of doctors to better understand our drugs. We want to ramp up this activity and get closer to the community. We are really looking forward to taking advantage of IT to make Ranbaxy the number one company in the generic pharmaceutical
Project Management is a key area in an organization like Ranbaxy. It is critical to create flawless research and drug-testing processes. Ranbaxy has earned the honor of being the world’s third-largest company in generic drugs. We need a robust IT infrastructure to manage these gigantic projects. No drug company, with operations spread across the world, can afford to have loose ends where connectivity is concerned. The data generated from these R&D projects has to be made available on-demand.
Does outsourcing IT projects fit into Ranbaxy’s gameplan? We would like to strike the balance between outsourcing and keeping it in-house. Personally, I feel that outsourcing should used for secondary areas where more manpower is required and where there is less risk involved. We see ourselves outsourcing back-office REAL CIO WORLD | D e c e mb e r 1 , 2 0 0 5
45
11/28/2005 1:42:08 PM
Ranbaxy CEO & MD Brian Tempest Expects IT to Help sustain competitive advantage Keep R&D data secure
Photo by S rivatsa Shandilya
Map out global operations seamlessly
jobs like financial accounting. Ranbaxy’s CFO is keen on doing that. However, when it comes to information security, we, as a company, are hyper-sensitive. We would like to keep tight control over our IT security to protect our IP.
How will IT contribute to the company’s plan to scale up sales? Ranbaxy uses IT extensively, in a number of ways and across various departments 46
view from the top2.indd 46
D e c e mb e r 1 , 2 0 0 5 | REAL CIO WORLD
including manufacturing, marketing and R&D. I have personally witnessed the contribution of IT in drug research and production and its marketing. I strongly believe that our ability to become the world’s leading pharmaceutical company depends largely on the supply-chain management structure that we currently employ within and outside the organization. You'd be surprised to know that Ranbaxy’s IT team, with business managers and SAP, spent a lot of man hours making sure that the supply-chain solution works
efficiently. Ranbaxy spent over Rs. 4 crore on high-level consultancy to ensure that we got a world-class supply-chain solution to run our operations. I felt that it was one of the most crucial factors in mapping out Ranbaxy’s growth strategy. In my career of over three decades, I haven’t seen as smart a use of IT in many developed European nations and the USA. Not many companies incorporate SAP’s Advanced Planner and Optimizer (APO) into their IT environments to help them achieve a greater level of operational efficiency and foresight.
Vol/1 | ISSUE/2
11/28/2005 1:42:11 PM
View from the Top
In fact, we had a hard time finding the appropriate people to work on the project. It is worth reiterating that Ranbaxy is one of the few companies that generates a crew of people who understand APOs better than anyone else in India. Only the APO makes it possible to cope with a situation where so many new products and R&D projects are introduced into the system everyday. Our SCM is the most critical link on which Ranbaxy’s success d epends. So, to answer your question, in the future, we expect the same kind of foresight from our IT team, where they will deliver the best tools to assist us achieve our target of Rs. 25,000 crore.
What is Ranbaxy’s take on assigning IT a position in the enterprise? IT is certainly not just a utility. It has honed organizational efficiency in Ranbaxy. For example, Ranbaxy in the US faces a great deal of competition from giants in the generic business. We do business in generics with 14 to 15 companies to maintain, at least, a 10 percent market share. For this, we need to have robust yet agile IT systems which help us deal with customers online. Businesses must see that IT is not only a differentiator, it can help do business faster, better and more accurately. That’s why no company can afford to keep a CIO out of its key strategic teams. In our case, we really see no reason why a CIO should not contribute to the company’s strategy. Ranbaxy’s CIO is a member of the Pharmaceutical Business Committee (PBC), a group that includes top managers who develop strategies for the growth and expansion of our business. The CIO plays a crucial role in the PBC. He is someone who can add a great deal of value to the business, especially when it comes to expansion, mergers & acquisitions or even scaling-up of operations. Our
Vol/1 | ISSUE/2
view from the top2.indd 47
“Only the APO makes it possible for us to cope with the products and projects that are introduced into the system daily. We’re among the few companies who understand APO so well ” .
–Brian Tempest
CIO reports directly to the president of the company (Malvinder Singh) and the president reports to the CEO, that’s me.
When your CIO presents an IT business case, what prudence do you look for? At Ranbaxy, we try to benchmark these processes, at the macro level. With projects like regulatory compliance and information security, there is very limited justification we can afford. You just can’t afford to reject making an investment in IT that promises a more secure and compliant organization.
Nonetheless, payback is still questioned. The return on investment in these cases is not directly proportionate to what you’ve put down. I am not denying that we don’t look at justification. We take both a topdown and a bottom-up approach because, after all, we have to defend our decisions with our investors and shareholders.
How important is calculating ROI for an IT project? It’s essential to calculate the return on any investment that you make whether it’s in IT, marketing, sales promos, or even personality development. ROI for an IT project can be calculated in many ways. I think it is passé to calculate ROI on the basis of direct benefits, since one can see how efficiency and productivity have improved after putting an IT system in place. First, it’s important to determine whether the goal of an IT project has been met. If it has, half your ROI is achieved. At Ranbaxy, we justify our investments based on the income they are expected to generate in terms of savings or in boosting sales.
Finally has any IT implementation gone seriously wrong at Ranbaxy? When we introduced SAP, it proved to be a lengthy process. We underwent lot of stress before we realized that we needed to be more focused. Finding APO was the way to success. Putting APO in place brought in real value. Most companies find this difficult and Ranbaxy learnt a lot during that journey. These are complex pieces of software and they need a higher level of involvement and attention. CIO
Bureau Head (North) Rahul Neel Mani can be reached at rahul_m@cio.in
REAL CIO WORLD | D e c e mb e r 1 , 2 0 0 5
47
11/28/2005 1:42:11 PM
feature Raining Code .indd 48
11/28/2005 4:34:51 PM
By C H R I STO P H E R L I N D QU I ST
he next time you have a project in need of a software solution, try an experiment.
IllUStrat Ion By Shyam S. D EShpanDE
Reader ROI
Why CIOs are growing more interested in open source How some CIOs are banding together in software development cooperatives Why some vendors are releasing product code to the open-source world
Vol/1 | ISSUE/2
feature Raining Code .indd 49
Go to open-source collaboration site SourceForge (www.sourceforge.net), and spend five minutes running a search. The odds are good that you’ll find an open-source project related to your problem. Free. No sales calls. No negotiations with vendors. Granted, no service contracts or tech-support numbers either, most likely. But given the low barrier to entry, it’s easy to understand why thousands of companies are tempted to use open source for, at the least, those projects that fall shy of the missioncritical line. And for those CIOs nervous about the support and licensing issues that surround open source, well-known vendors are increasingly releasing some of their own code to the open-source community. IBM, for example, in January released 500 of its software patents to open-source software developers. Sun has announced that it will release its Solaris operating system under an open-source license. Of course, if you’re looking at open source precisely because you want to get away from those very vendors, maybe there’s a better alternative: a cooperative of like-minded, open-source-loving CIOs just waiting for you to join. The options for using open source have never been greater, and you owe it to yourself—and your company—to take a close look. ReAL CiO WORLD | D e c e m b e r 1 , 2 0 0 5
49
function Create(Name: in Unbounded_string;
As open-source development options proliferate, CIOs are finding ways to make it work for their organizations.
C : in Catalog_Access;
ID : in Ident )
return CatImage_access is
Result.Name := Name;
Result.Id := Id;
Result.C := C;
return Result;
end;
begin
Result.Name := Name;#
Result.Id := Id;
Result.C := C;
return Result;
Cat.Name := Name;
begin
Cat : Catimage_Access := new CatImage ;
Cat.Id := Id ;
end;#
Cat.C := C;
return Cat;
me: in Unboute(Name: in Unbounded_
String;
C : in Catalog_Access;\\
ID : in Ident)
return Catdir is Result : Catdir; begin
(Name: in Unbounded_String;
C : in Catalog_Access;
function Create(Name: in Unboute(Name: in Unbounded_
String;
C : in Catalog_Access;\\
ID : in Ident)
return Catdir is Result : Catdir; begin
unction Create(Name: in Unbounded_String;
C : in Catalog_Access;
ID : in Ident)
Hallelujah?
Open-Source Development Power of Cooperation One of the challenges of using open source is simply finding a product that meets your needs and your quality standards. While many developers need an e-mail client or Web browser (hence, the rabid developer base for open-source projects such as Mozilla’s Thunderbird and FireFox), finding a spontaneously developed tool to integrate your three retail-specific supply chain applications isn’t as likely. And even if your SourceForge search uncovered such a tool, there’s no guarantee that the developers wrote it with the care your enterprise requires. (To partially address this concern, VA Software offers SourceForge Enterprise Edition (SFEE), which helps developers create shared code environments among known collaborators, and the Tapestry portal, which lets Enterprise Edition users access information about other SFEE projects.) Plus, there’s the “where did this code really come from” legal question. To assuage these fears, some organizations have turned to cooperation with peers for their open-source development. One of the most high-profile examples is the Avalanche Corporate Technology Cooperative, a collective development effort founded by a group of Minnesota-based companies, including Best Buy, Cargill and Jostens. Last spring, the group formed to identify opportunities for open-source development projects that could benefit all the members. The goal of this cooperative is to pool resources so that interested companies can jump into new projects while spreading out the risks and expenses. Some of the members, for instance, are too small to create full-blown development efforts on projects such as building an opensource desktop reference environment, but by combining efforts, they can all reap the rewards. Avalanche currently has a halfdozen projects under way, including one to create a reference design for an open-source desktop and another to build a business activity monitoring engine. “We’re relative novices in the whole opensource area,” says Mike Thyken, senior vice president and CIO at bedding manufacturer and Avalanche member Select Comfort. “We started looking at everything it was going 50
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
feature Raining Code .indd 50
to take to get a Linux/open-source world put together, and we saw that it was very redundant between companies.” So Select Comfort joined Avalanche, contributing a membership fee of Rs. 1.35 lakh ($30,000) as well as some time from technical architecture experts inside the company to Avalanche’s Linux reference environment project. As a result, Select Comfort expected to receive deliverables on a Linux desktop and server architecture early in 2005, all for a “fairly modest” investment of money and time, Thyken says—far less than if the company had attempted the project on its own. Aside from the efficiencies of cooperative development, Avalanche members can receive other benefits as well. Avalanche’s licensing agreement restricts the cooperative’s code to members only, eliminating the fear that valuable code will simply be spread far and wide, without competitive benefit to the contributing members. And then there’s the question of putting pressure on commercial software vendors. “One of the original premises was that the balance of power had swayed quite heavily to the vendor side,” says Jay Hansen, CEO of the cooperative. “The IT consumer wanted to take back a little bit of control over their own destiny.” Financial services companies are getting in on the open-source action as well. What began in 1997 as an internal effort to consolidate integration development at international investment bank Dresdner Kleinwort Wasserstein (DrKW), has become Openadaptor, a Java-based open-source integration platform. “The most common thing you have in a bank is communication between systems,” says Steve Howe, DrKW’s vice president and head of open-source initiatives. In the late 1990s, the company set out to create a standardized programming interface that would keep internal developers from having to reinvent basic code for every new project. The code behind the interface was shared with all of the company’s developers, and each was able to make suggestions for— and sometimes even changes to—the source code. The result was a dramatic decrease in development time for connectors. The system worked so well, in fact, that DrKW hired software development
Sources On Open Source In Print
The Success of Open Source By Steven Weber
Open source from a political scientist’s point of view, with plenty of history and educated conjecture about the place of open source in software development and life in general.
Succeeding with Open Source By Bernard Golden
Primarily aimed at software vendors considering the open-source way of life, Golden has advice for any company considering open-source projects.
Open Source Licensing By Lawrence Rosen
Down-to-earth legal advice on dealing with open-source licenses from an acknowledged expert in the field. On the Web Open Source Initiative www.opensource.org
The root location for all things open source. Includes definitions, approved licenses, news and a mailing list.
Freshmeat.net www.freshmeat.net
“The Web’s largest index of Unix and crossplatform software, themes and related ‘eyecandy,’ and Palm OS software,” according to the literature. While not all of its content is open source, the Freshmeat folk prefer that products be released that way.
SourceForge.net www.sourceforge.net
Tens of thousands of open-source projects, all in one place. Search for free, start your own project, or join and get access to extra features such as project monitoring, which lets you know whenever changes take place in a particular project.
Open Source Risk Management www.osriskmanagement.com Buy some peace of mind with its indemnification services, or have its consultants give you an evaluation of the risks you face from your open-source efforts. — CL
Vol/1 | ISSUE/2
11/28/2005 4:34:52 PM
Open-Source Development collaboration provider CollabNet, which hosts collaborative development environments for both commercial and open-source projects, to release its connector platform in open source as the organization Openadaptor. DrKW wagered that if other organizations got involved, it would result in further enhancements to the platform. The idea worked. The core software currently sees more than 8,000 downloads a month of the organization’s site. And while no one knows exactly how many corporations are taking part, Howe says that Deutsche Bank, Hallifax Bank of Scotland, Hewlett-Packard, J.P. Morgan Chase and the Royal Bank of Scotland are all involved. Howe notes that Openadaptor is a case of an open-source product unlikely to see a commercial competitor. “The really good thing about Openadaptor is that it’s really lightweight. There’s not much real impetus for the vendors to put that sort of thing out; they couldn’t charge very much for it,” he says. In other cases, the project could have a more dramatic impact on an existing vendor. Such is the case with Sakai.
Costs and Competition The Sakai Educational Partners Program is a set of projects spearheaded by universities looking to provide common platforms for a variety of tasks. One of those tasks is the creation of an opensource course management system—one aimed directly at a technology space currently occupied by Blackboard and other commercial competitors. According to Sakai Community Liaison James Farmer, a recent survey of 22 universities currently using Blackboard found that 100 percent planned to drop the commercial product in favor of Sakai code. But Farmer is clear to point out that this project isn’t about vendetta; it’s about saving money. Having an open-source, cooperative development option would let schools reduce their costs by skipping commercial alternatives completely, or indirectly, by using the threat of open source to “put some restraint on price,” Farmer says. Malcolm B. Brown, director of academic computing at Dartmouth College, agrees with that assessment, noting that he wouldn’t be afraid to use Sakai as leverage with 52
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
feature Raining Code .indd 52
Open Law
Don’t forget to run it by your lawyers first Even If you get your open source from one of the “safer” alternatives, be sure to get a legal review. The Open Source Initiative (OSI), the nonprofit group charged with promoting open source, currently recognizes more than 50 open-source licensing models, each with its own nuances and potential gotchas. And Black Duck Software, which provides intellectual property management systems for open-source and commercial software users, says it has found another 300-plus licenses outside the OSI’s list. The key is to actually read the things, and then let your corporate lawyers do the same. “You have to decide what license terms you’re comfortable with, and be prepared to tell [your lawyers] that ‘none’ is the wrong answer,” says Mike Milinkovich, executive director of the Eclipse Foundation. But former OSI General Counsel Lawrence Rosen says he hopes for a day when licenses get winnowed down to a reasonable selection to cover most needs. “At some point, they will realize that their software won’t be adopted if it requires the analysis by their customers of yet another license with only subtle differences from those already approved,” Rosen says. Users can also seek other protections. Vendors are increasingly providing indemnification for their open-source customers. You can purchase indemnification from Open Source Risk Management (OSRM), a group that also offers open-source risk consulting services. And even state laws can help. For instance, “[The Avalanche Corporate Technology Collaborative is] incorporated under the Minnesota co-op laws, which gives us the ability to exchange code under some kind of legal umbrella,” says Select Comfort Senior Vice President and CIO Mike Thyken - C.L.
his vendor. But he says cost is secondary to functionality. An admittedly happy Blackboard customer (he had zero downtime on his course management system last term), he says that the school is nevertheless keeping an eye on Sakai to see if it can provide a better product than the commercial alternatives. “The promise of Sakai is that it’s written by universities for universities,” Brown says, noting that university developers should be more aware of the complex relationships that can grow between educators and IT. “It can be tough to make all [the instructors] conform” to an application, Brown says. “The platform needs to be customizable and nimble.” And if Sakai can deliver on those needs, he says, Dartmouth would consider moving to its platform. But for now, he notes, “It’s too early to see how this is going to play out.” Getting the bulk of educational institutions moved to a single platform would save money in another way as well. “If you can interchange content, you will sharply reduce the cost of instruction,” Farmer says. For instance, “McGraw-Hill produces 24 versions of its materials to support all the electronic teaching systems,” including Blackboard.
“If they could reduce to one standard, they could cut the cost of their media support by 80 percent. Textbooks are expensive because faculty members are judging not just on textbooks themselves, but on the quality of the other materials available for their online courses.” Sakai, if widely adopted, would provide that single platform. What began as a cooperative effort among four schools—Indiana University, MIT, Stanford and the University of Michigan— has grown to include more than 50 schools, including the bulk of the most prestigious purveyors of higher education in the world. But while these cooperative efforts all are success stories (at least for now) it doesn’t mean every corporation should immediately look to join a cooperative or start its own. “If you’re not comfortable using anything other than packaged software, we’re probably not for you,” says Andrew Black, vice president and CIO at Avalanche member Jostens.
Vendors Open Up For companies not inclined to stray far from the warm comfort of packaged products,
Vol/1 | ISSUE/2
11/28/2005 4:34:53 PM
Open-Source Development there are more open-source options offered by the vendors themselves. Reacting to pressure from existing open-source projects and intrigued at the idea of expanding their developer base dramatically for minimal costs, many large vendors are even releasing some of their own products as open source, offering the software’s source code for free and allowing users to make changes as they see fit. Computer Associates, IBM, Novell, even Microsoft (on a tiny scale), have released source code for community use and development. And a number of smaller vendors— including Chalex, Gluecode Software, JBoss, SugarCRM and MySQL—are built on an open-source foundation. Customers need to look at such pronouncements with a skeptical eye, however, as many vendors may see open source as an easy way to dump old products. And in those cases, the open-source effort benefits no one. The idea of having “one throat to choke” when something goes wrong, the legal indemnification some vendors provide against lawsuits concerning open source and the simple comfort of not having to vet one more software application can make vendorreleased open source appealing. The vendors, meanwhile, tout open source as a means of helping themselves by reducing development costs and getting customers directly involved in the development process, and they even candidly note attempts to jump-start fading products (Computer Associates with the Ingres relational database) or give birth to ideas that might not have been profitable commercial ventures (IBM’s Eclipse development environment project). But the temptation exists to simply euthanize products by handing them to the “community,” thus abdicating further support responsibilities. “Sometimes engineers and product managers make assumptions,” says Jeff Hawkins, vice president of the Linux Business Office at Novell. “A common one is ‘Gee, I don’t have the resources on this, so let’s make it open source,’ or ‘We don’t really care about this anymore, so let’s release it to open source.’” But, Hawkins says, this almost guarantees open-source failure. “[You] have to examine [vendors’] motivations,” DrKW’s Howe agrees. “I think a lot of people are effectively end-of-lifing
Vol/1 | ISSUE/2
feature Raining Code .indd 53
products in an open-source way. That doesn’t work because you end up with a lot of dead software out there that no one’s updating.” That very concern struck Shaf Rahman, group technical director at International Customer Loyalty Programmes (ICLP), which puts together loyalty marketing programs for companies, after he heard that Computer Associates was going to release its Ingres database—on which many of ICLP’s core systems are built—to open source. “I think in the back of my mind there was that thought that ‘They’ve absolved all their responsibilities and given it to the people.’” But his fears were
more products will fall into the “best as open source” category.
Lead or Get Out of the Way Open-source advocates have their own worries, of course. One concern with open source is the threat of the nuclear lawsuit, the legal case that could declare certain open-source licenses unconstitutional (think SCO v. the GNU Public License) or make the burden of intellectual property protection so onerous that software communities are crushed under the weight. But observers argue that legal uncertainties are a fact of life with commercial software as well.
For companies not inclined to stray far from the warm comfort of packaged products, there are more and more open-source options offered by the vendors themselves. calmed after he saw the orderly manner in which the company handled the transition, plus the fact that CA was clearly staying in control of the project and carefully vetting any potential contributions to the source code. This provided both indemnification for any potential legal hassles and a wellknown source for support services. As a result, Rahman has hopes that Ingres will be revitalized, gaining both new features and, more importantly, new prominence in the marketplace. “In the past, I’d try to recruit people and they’d say “Ingres? How do you spell Ingres?” Some observers see the trend of vendorreleased open source as a sign that certain parts of the software stack—particularly those at the low end that have become ubiquitous (think operating systems and integration tools)—simply have very little commercial value left and thus are better supported by their communities, freeing up R&D resources for high value-add products. “Things like [Microsoft] Word and Excel have become relatively static,” says Ian Campbell, president and CEO of Nucleus Research. “That’s why you see Linux on the desktop with the [open-source OpenOffice productivity suite] as a reasonable alternative.” And, he says, as time goes on,
“Is there risk? There’s probably some,” says Bernard Golden, author of Succeeding with Open Source and founder and CEO of Navica, an open-source consultancy. “But you need to look at all the risks, including the risk of not doing the project.” Simply banning open source probably isn’t an option, however. As just one example, software development researcher Evans Data’s numbers have shown an almost 200 percent increase in use of MySQL by database developers since 2001—from 16.4 percent to 48.5 percent. And as large open-source projects such as the Eclipse development environment gain steam, the temptation to download and use the tools—rather than wait weeks for a purchase order to clear accounting—will do nothing but increase. But like anything in IT, the best way to approach open source is with a plan, with skepticism and with the understanding that you’re going to need to roll up your sleeves. “The more you put into something, the more you get out of it,” says Mike Milinkovich, executive director of the Eclipse Foundation. “Open source is no different.” CIO
Send feedback on this feature to editor@cio.in.
REAL CIO WORLD | D e c e m b e r 1 , 2 0 0 5
53
11/28/2005 4:34:53 PM
The RASI program has brought the magic of modern medicine, technology and entertainment an affordable click away for Tamil Nadu’s villages. BY T. Radhakrishna
54
govern main.indd 54
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
Vol/1 | ISSUE/2
11/28/2005 4:09:54 PM
Rural Connectivity
BEnEfItS of RASI 95%
computer education time saved
90%
Entertainment
90% 90%
Ease of access* Money saved
85%
Increased govt. interaction 66% Improved business 40%
Cutting wires & costs
how small entrepreneurs can power an e-government project
Vol/1 | ISSUE/2
govern main.indd 55
The wireless tele-kiosk, its technology and what it represents as a social revolution, was
Don’t know 3%
Highly dissatisfied 1%
Somewhat satisfied 50%
Somewhat dissatisfied 11%
Source: ELCOT
conceived in early 2001 by faculty members of the Telecommunications and Computer Networking (TeNeT) group at IIT-Madras. Led by Dr. Ashok Jhunjhunwala, TeNeT had worked for over a decade towards cheaper alternatives for connecting phone exchanges and homes. “The biggest challenge was providing last-mile connectivity,” says Vivek Harinarain, former IT Secretary, Tamil Nadu. TeNeT’s goal was to develop telecom and Internet systems and take them to the villages at an affordable cost. “The objective was to bridge the digital divide,” says Jhunjhunwala. Their work culminated in corDECT, an advanced wireless access system. The technology is based on Wireless Local Loop (WLL) developed in conjunction with US-based Analog Devices. It forms the backbone of the wireless tele-kiosk network. (See How it Works infographic) corDECT spawned SARI (Sustainable Access in Rural India) - a pilot project to provide cost-effective connectivity to the village of Pathinettangudi, run by private agencies and REAL CIO WORLD | D e c e m b e r 1 , 2 0 0 5
55
PhotoS By SRIVAtSA ShAn dIlyA
Why choosing locally-appropriate technology is critical
Highly satisfied 35%
I
how to bridge the last mile cost-effectively
Reader ROI:
USER SAtISfActIon
IMAgIn g By BIn ESh SREEdhARAn
T
he farmers of Ulagapichanpatti, a village in Tamil Nadu, do not like yellow mosaic. It is a cursed pattern that a viral infection stamps on their crop of lady’s-finger, leaving it and their livelihood stunted. In 2001, when symptoms of the disease recurred, they approached the local tele-kiosk, which had established a relationship with the Madurai Agricultural College and Research Institute. Using a web camera, images of the affected plants were beamed to the institute and within a day the farmers had a diagnosis. Their crop was infected with the acalypha yellow mosaic virus, treated easily with a solution of boron and nitrogen. In a week, the plants were back to normal, without the yield being adversely hit. Mailing the images cost the farmers of Ulagapichanpatti Rs. 20, but it saved a crop worth Rs. 1.4 lakh. When over 300 hens died in T. Pudupatti, a community not far from Ulagapichanpatti, the villagers watched panic-stricken, as their life’s assets disappeared. An SOS email, in Tamil, was sent from a tele-kiosk, which led to a lightning visit by veterinary department officials and the vaccination of the remaining poultry. Further away, in Pathinettangudi, yet another tele-kiosk was helping a young man find a wife. Pathinettangudi. Ulagapichanpatti. T. Pudupatti. It’s alright if you haven’t heard of them. It’s even alright to smile resignedly at names so hard to pronounce. But be warned, they are the vanguard of a revolution.
*Videoconferencing
Vivek Harinarain, former It Secretary, tamil nadu
Rural Connectivity the government. corDECT and SARI would beat the last-mile connectivity devil; a privilege that remains a dream for many other villages in India. “corDECT was designed keeping in mind the economics of bringing telephony and Internet to sparsely populated areas. Its low costs, ease of deployment and minimal maintenance requirements make corDECT ideally suited for rural use,” says Jhunjhunwala. However, TeNeT quickly realized that though they had the concept firmly under their hats, the task required significant industrial expertise and funding. They called in IIT alumni working in the IT and telecom industry. This process brought about Midas Communications and n-Logue Communications, the latter going on to make tele-kiosk technology available to India’s rural areas. Using corDECT, n-Logue cut the cost of telephone service in the rural market to Rs. 10,000 from the existing Rs. 35,000. Other organizations that put their shoulder to the wheel included MIT’s Media Lab, Media Lab Asia, the Centre for International Development, Harvard University, I-Gyan Foundation and ICICI Bank. The tele-kiosk was an idea whose time had come. Word of it quickly spread from Pathinettangudi to 50 other villages in Melur, a district in Tamil Nadu. Melur became the first ‘wired taluk’ in the country. The idea gathered momentum on the regional grapevine and within a few months of the pilot, the government of Tamil Nadu decided to replicate its success throughout all its districts. The project was renamed RASI (Rural Access Service to Internet) - which appropriately translates into luck in Tamil. “We chose Melur because it has good fibre for connecting the local wireless network to the Internet. Also, its geographic location is such that repeaters can be used to cover a significant part of Madurai district without investmenting in another access centre,” says P G Ponnappa, CEO, n-Logue.
Growing Network Today, RASI has 1,200 tele-kiosks, covering 12 districts and offers more than 60 services, including those relating to agriculture, education, healthcare, utility and entertainment. Over 20,000 villages in 56
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
the tele-kiosk became the face of a daring
and massive plan to offer telephony and connectivity services at the villagelevel, a place
few landlines ever reach.
Tamil Nadu now have access to government services through the Internet. What tele-kiosks offer is something city-dwellers have to come to expect as basic infrastructure: the facility to access information, to communicate with people in authority and to call their relatives. The folk who live in India’s villages inhabit some of the world’s most inaccessible areas. Not because they are in the middle of a jungle, but because they have little access to communication and transportation facilities. Numbering in millions, many have to wait three days for a bus to the nearest town, to consult a doctor or even get to cheer a Rajnikant blockbuster. RASI, using corDECT and the tele-kiosk, fixes this. The tele-kiosk became the face of a daring and massive plan to offer telephony and connectivity services at the village level, a place few landlines ever reach. RASI offers more than just basic communication. n-Logue partnered with a number
of institutions in agriculture, education and healthcare to offer services that villagers needed. Today the tele-kiosk cuts through the red-tape that traditionally binds applying for various certificates including land documents, driver’s licenses, birth and death records. The system puts villagers a click away from securing expert advice on health, law, agriculture and even getting the bureaucracy to address their grievances. “It’s great!” Mandeyan, a teashop worker says. “I e-mailed the taluk authorities, requesting my caste certificate and within two days, I received acknowledgement via e-mail and an appointment with the concerned officer.” Normally he’d have had to run around for up to a year, losing both wages and time. Tele-kiosks also interact with each other forming a network that makes it easy for farmers to figure out where they can get the best prices for their produce and for villagers to post matrimonials and browse local employment news.
Vol/1 | ISSUE/2
11/28/2005 4:09:56 PM
Rural Connectivity
Local Stakeholders Putting it all together in a selfsustainable business model was just as hard a nut to crack. Inspiration came in a strange form. “We were encouraged by the success of the cable TV business in India,” says Ponnappa. In 1992, there were no cable TV connections. Today, the estimated number of cable TV connections is an amazine 60 million. “A similar system helped to seed the growth of private telephone kiosks. In both cases, revenue is split between national companies and local operators,” says S Ramesh, vice president - business, n-Logue. The RASI business model is built on similar lines. RASI has a three-rung chain of command: n-Logue, a local service provider (LSP) and a kiosk operator. (See Business Model infographic) n-Logue has already invested Rs. 6 crore, mainly in equipment and technology. It expedites loans for kiosk-operators and works with the government and banks to offer better facilities. “The Tamil Nadu government has so far invested Rs. 1 crore towards setting up 10 towers in the districts,” says Harinarain (each tower costs around Rs. 8 lakh). The government is planning to release Rs. 2 to 3 crore to procure 20 more towers as part of the expansion,” he adds. n-Logue is also planning to deploy the next generation – corDECT 2.5G which offers 80-200 kbps to subscribers as opposed to the 64 kbps pipe at present. At the second tier, LSP’s (local service providers) are responsible for managing the project at the taluk level. Since the technology is easy to deploy and support,
the skills of the LSP tend to focus on selling the service, and creating awareness about its value. Kiosk operators, the first and most important rung in the ladder, are recruited by LSPs to invest in the kiosks. The operator purchases computer equipment through n-Logue. These locally-owned franchises offer a variety of Internet and computerbased services. Kiosk operators are pleased with what they make. E-Governance and e-mail services are available for Rs. 10, while more specialized services for agriculture, education, healthcare are available from Rs. 15 to Rs. 25. According to available statistics, they can earn between Rs. 2,000 and Rs. 3,000 a month – in profits.
First Mile Challenges There were many bumps before RASI took off. These included designing a range of services and applications suited to village residents and finding the appropriate personnel to run the kiosks. The kiosk-operator is the biggest determinant of RASI’s efficiency and profitability. He plays multiple roles and is, by turn, a salesperson, marketeer, teacher, serviceprovider and computer professional. Evidently, not an easy position to fill. “Quality of service was another,” says Dr. Ilango, project head of RASI at Arvind Eye Hospital, which counseled 1,172 patients from 67 villages via videoconferencing in 2004. While RASI worked fine in relatively modern Madurai, taking connectivity to other, less-developed parts of the state was an overwhelming issue. This was made harder
by some officials who would not lend their patronage to the project. “Whenever a new project is introduced in the government, there is always a certain percentage of people who will view IT with suspicion. Tamil Nadu is no exception,” says Harinarain. However, the government’s (read political leadership) commitment to the project remained intact through changes in political parties and the project’s leadership. “Support to the project has been immense and constant,” says Harinarain. RASI, which has completed four years in operation, is still fencing with the government to sign Service Level Agreements (SLAs) with n-Logue. RASI is only as good as the quality of services provided by its partners - the government and various institutions. “After the pilot, we have submitted our proposal to government departments, which are looking into the matter,” says Ponnappa. The project also continues to grapple with regulatory issues. Though n-Logue has a Class-A ISP license, it needs a Rural Service Provider License (RSPL) to provide both voice and data services in rural areas. Without this, it is forced to tie up with an ISP to provide connectivity to its network. n-Logue has already approached the Telecom Regula tory Authority of India (TRAI). “We are hoping to get the license soon,” says Ponnappa.
Copying Success Despite the problems, the journey’s been worthwhile. If imitation is the best form of flattery then RASI has made it. Its success is inspiring other Indian states and neighboring countries. Gujarat has initiated Gyan Ganga–a project on the same lines as RASI
BUSINESS MODEL: There are three business entities involved in RASI: n-Logue, a local service provider (LSP) and a kiosk-operator. n-Logue is responsible for training, support and the overall management of the network. It also works with government departments and institutions to offer better services.
In coordination with n-logue, LSP’s (local service providers) set up ‘access centers’ that supply last-mile access to the vilages. According to n-logue, lSPs should find 500-700 operators in a 25 km radius, making their Rs. 12 lakh investment worthwhile.
for Rs. 50,000, kiosk-operators get a computer with speakers, microphone, printer, web camera, UPS, a wall set (receiver), an Internet connection, a telephone with a meter and local language software. Kiosk owners offer RASI facilities to the village and telephone and computer services.
Vol/1 | ISSUE/2
11/28/2005 4:09:57 PM
Rural Connectivity Take the case of Palaniamdeveloped a community mal, a woman with an indombased on trust and transitable spirit who worked her parency. The model hinges fields in the village of Keelaon the local entrepreneur valavu for 60 years to provide who puts in a portion of for her family. Her vision had the investment, making SNAPSHOT deteriorated steadily, leaving him a stakeholder, thus her blind during her golden driving sales. KICKOff years as a grandmother. Her The project isn’t resting november 1, 2001 case isn’t unique as almost on its pile of laurels. It is INITIAL INvESTmENT: two out of three Tamil still pushing to better its Rs. 6 crore Nadu villagers have eyeservices. It has already related problems. brought down the cost NO. Of KIOSKS: When webcam photographs and turnaround time of 1,200 of her eyes were taken at the government services by a NO. Of DISTRICTS: tele-kiosk and sent to the factor of ten. 12 Arvind Eye Hospital in MaduThis is the sort of statisrai, it was the start of a journey tic that gladdens the heart COST Of A KIOSK: that would return Palaniamof those who focus on ROI Rs. 50,000 mal’s sight. (return on investment) and STAff: Sometimes there’s just no there are plenty of them. About 320 putting a price on something. But bean counters tend to Especially when you can bring look over the more intanback the light into an old woman’s eyes. CIO gible benefits. “I feel that a measure of success has to be from the client’s point of view rather than from Special Correspondent T. Radhakrishna can be those in the government,” says Harinarain. reached at radha_t@cio.in
RASI
InfogRAPh IcS By ShyAM S. dES hPAndE
and Andhra Pradesh and Karnataka are using corDECT to connect existing projects, e-Seva and Bhoomi, to the hinterland. “We are really inspired by RASI,” says J N Singh, former secretary— department of science and technolgy, Gujarat. The government of Gujarat deputed a team of officials to visit Chennai and study RASI before replicating it. The Uttar Pradesh government has followed suite. Madhya Pradesh and Maharashtra, too, are in the initial stages of implementing similar programs. One of the factors attributed to RASI’s achievement is the technology’s cost-effectiveness. “The success comes from lowcost design, using economies of scale as its business model,” explains Purohit of Midas Communications. Other reasons include RASI’s ability to provide quality, value-added services, its delivery model, the famed Indian entrepreneurial spirit and committed government authorities. “The role of the district collector was also central,” says Harinarain. A critical reason for success, perhaps the most pivotal, is the enthusiasm and motivation of private participants, who
HOW IT WORKS: Radio signals link DIU’s in taluks to a CBS and then to wall sets in villages. CBS
(Compact Base Station)
The DIU feeds both power and signal to a cbS. A cbS can support up to 12 simultaneous voice calls.
Wall Sets
The Wall Set (receiver) is located at the village level. It can be powered by solar panels and has a built-in battery, providing 16-hours of standby time and three hours for voice calls.
25
km
m 10k
DIU
(dect Interface Unit)
A scaled-down DIU (transmitter) has all of the features of a traditional telephone exchange switch. remarkably, it consumes less than 600 watts and has a built-in Operation and maintenance console, which reduces the number of people required to run the system.
govern main.indd 58
RBS
(Relay Base Station)
The rbS extends the systems by units of 25 km. It can handle 11 calls simultaneously. Using a series of relay towers it is possible to cover 85 percent India’s villages, says n-Logue.
NIC has a core infosecurity team in place to test the integrity of systems and applications, says Dr. N. Vijayaditya.
60
interview copy.indd 60
O c t O b e r 1 , 2 0 0 5 | www.cio.in
Interview | N. Vijayaditya
The Sword &
Dr. N. Vijayaditya, DG, National Informatics centre is responsible for 3,000 of India’s most crucial e-government applications. Allowing for ease-of-use by deploying cutting-edge solutions, yet protecting them from hackers, is a tough act to juggle he explains.
CIO: How do you rate the NIC information network in terms of information security and the protection of Intellectual Property? Dr. N. VIjayaDItya: That’s a loaded question! As far as the information and network security is concerned, we have taken enormous precautions to make the network inaccessible to trespassers. We have a three-tier security mechanism to stop almost any kind of malicious attack and keep hackers at bay. We are installing a strong encryption mechanism, espeespe cially where financial transactions are involved. We are also deploying a full-blown Identity Management process, which will allow for proper authorization. NIC is on a path to create a secure database and information infrastructure so that buyers of our services can rely on us. We have today, especially at HQ, a strong, rugged security infrastructure in place. As part of the security drive, NIC has
Vol/1 | ISSUE/2
interview copy.indd 61
made it mandatory to have third-party security audits for all applications hosted at the NIC data center. NIC is now encour-aging user departments to audit applications and learn about security vulnerabilities in order to correct them. As far as NIC’s connectivity is concerned, it has substan-tially improved in the last couple of years. We have created enough bandwidth. In conjunction with the department of IT, we are successfully running a State Wide Area Network (SWAN). If we combine both the SWAN and NIC networks, we have a robust set-up in place. What were the reasons for taking an Identity Management route?
We run several critical and case-sensitive applica-tions at our data center. The onus is on the user to make sure that various identities, passwords and access details are used securely. Any other way would have resulted in REAL CIO WORLD | D e c e m b e r 1 , 2 0 0 5
P hotoS by Sr IVatSa ShandIlya an d bhagIrat h
By Rahul Neel MaNi Ma
6
11/28/2005 2:09:38 PM
Interview | N. Vijayaditya a complicated and vulnerable process, and that’s why we decide to have Identity Management (IM) for NIC. Through this, we can also monitor who is accessing what and in which capacity. The authorization levels of various users are pre-defined and stored. We can also a keep track of users who are updating these applications and the kind of changes they are making. Have there been attempts at unauthorized access in the past?
No, the primary reasons we chose IM are for security and for the convenience of logging in. Security, in fact, came as an additional benefit. IM helps us track users, especially those who are changing the content of applications. We want to be able to keep track of every event so that there is no threat to the applications and their content. The IM policy will cover all NIC employees as well as other user departments whose infrastructure is hosted at NIC. For example, if somebody is trying to access the passport system, the IM mechanism will make sure that he or she is authorized to access the network. It will be managed by the NIC from the headquarters. Does NIC have a team which monitors hacker and virus attacks?
NIC has a core information security team, which oversees the implementation of our guidelines and the entire security policy. This group is also responsible for auditing applications hosted at the NIC data center. The audit can be both internal and third-party. Once the security team is satisfied, only then is the application issued a certificate permitting it to be hosted at the NIC data center. There is a sub-group for email security and anti-virus deployments within the security group. NIC subscribes to the most advanced versions of anti-virus software so that we can minimize attacks and safeguard data. An effective patch management system supplements our efforts to keep viruses and Trojans at bay. We have a patch management server which automatically downloads the most recent patches once a user logs onto the system. The anti-virus and mail service subgroup 62
interview copy.indd 62
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
maintains a record of licenses, patches and other important documents. In addition, we have a group in the network operation center, which maintains a constant watch on traffic patterns. Both these groups work in tandem to safeguard the entire NIC network from potential security threats.
SNAPSHOT Websites: 3,000 Bandwidth: 4 Mbps Storage: 70 Terabytes
of new skill sets to be acquired by the people who man security infrastructure here. At the end of the day, there is nothing called ‘secure’. We learn from mistakes and try to be as foolproof as possible. How much does NIC spend on information security as a portion of its annual IT budget?
We spend quite a lot of money on information security systems. It is our first VSAT Network: priority to ensure that our 2400 DAMA network and information One of our sites at a Appdev Expertise: architecture is absolutely remote location in Assam 60,000 man hours secure. The auditing and penwas attacked a few months Locations: etration-testing costs us a lot ago. Fortunately, it wasn’t an 600 districts of money because it has to operational site. But yes, the be done for several hundred site was attacked and hackPersonnel: 3,000 applications time and again. ers penetrated it. The attack NIC hosts more than 3,000 was external in nature and Disaster Recovery websites, which are regularly the intension was to cause Center: audited for security purposes. damage. Despite the site Hyderabad Procuring security detection being non-functional, NIC Annual IT and prevention devices also took corrective measures to Expenditure: forms a large part of our IT stop further damage. About Rs. 30 crore budget. All I can say is that the money spent on security, as a Are there mechanisms to percentage of the annual IT monitor hacking? budget, must be in double-digit figures. The security group analyzes data and the nature of traffic with the help of the Network Operation Center. The group has CIO: Which departments/states/agena specialist team which is responsible for cies view information security seriously penetration-testing and ethical hacking. enough to take proactive measures? They run tests at regular intervals to We are trying to create security awareness check for security loopholes. This is very across all applications. Most state IT secretaries important since NIC hosts a large number are aware that NIC has certain guidelines to of sensitive e-governance applications. be followed as far as information security is STQC (Standardisation, Testing and concerned. The user departments, when they Quality Cerification Directorate) is another subcontract IT work, sometimes ignore the nodal body which does this work for importance of security. They don’t have proper NIC on demand. auditing mechanisms. On our part, we are constantly attempting to make them realize how vital information security is; How do you review new security and awareness is gathering momentum. technologies? Security awareness programs for users As I mentioned earlier, the security are a regular task at NIC. CERT-in group of NIC takes a call on this. Security has created a panel of security and IT experts is not a static element; it is a very dynamic which can be used by various practice. The security group is respondepartments for auditing and other kinds sible for tracking trends and technologies, of troubleshooting. threats and their remedies. It is also vigilant Have there been fatal attacks on NIC’s information infrastructure?
Servers: 200
Vol/1 | ISSUE/2
11/28/2005 2:09:39 PM
Interview
We tell them that immaterial of the cost, security is paramount to successfully run e-governance projects. If you don’t spend money on security then information, which is more precious than money, is at risk.
Does NIC audit the processes of private vendors who are involved in publicprivate partnerships? What is the procedure?
We don’t audit private vendors, although we do audit our applications. How should a government CIO create a secure environment for information and databases?
Most government departments do not host their applications on their networks. But, nonetheless, it’s their duty to ensure that whenever an application is developed its security is taken into account. They should look at its vulnerabilities and rectify them. They should ensure that the standard approach is followed. Whether they host applications at their end or anywhere else, it’s their job to ensure that they are bug-free. Also, they need to determine that the environment around the application is secure. There’s no point in running a secure application in a vulnerable environment. How does NIC educate states on importance of information security?
We guide state IT heads into keeping information security their chief priority. Both at the time of development and hosting of an application, it is necessary for them to be vigilant about security. They have to look into all aspects of security, which we constantly update them of. We tell them that immaterial of the cost, security is paramount to successfully run e-governance projects. If you don’t spend money on security then 64
interview copy.indd 64
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
information, which is more precious than money, is at risk. IT secretaries are facilitators; security finally boils down to how much users learn from the training and assistance provided to them. Once an IT secretary creates awareness, it is the user department’s responsibility to make sure that procedures are followed. Currently, IT departments are creating applications, which is their primary objective. I am sure, once these applications are complete, they will have security incorporated in their infrastructure. On a scale of one to ten, I would say IT departments are midway on security issues. What changes in the legal framework would you like to see in the fight for better information security?
The new IT Act is being modified and will surely contain radical changes. It will tackle several aspects of information security. As far as the act is concerned, it represents good legal infrastructure. What is lacking is the vision to implement it. It requires resources, manpower and infrastructure, which unfortunately, isn’t available in abundance. The lacuna is not in the law but in implementation. We have learnt from our mistakes and are converting these into opportunities for improvement. The new IT Act will surely help hold up information security. NIC has its own cyber crime body, like CERTIN, where crimes are reported and actions are taken.
With government projects being outout sourced, do you feel the need to issue guidelines to state IT leaders?
We have issued information security guidelines to all user ministries, based on our experience and in association with the ministry of home affairs. Each ministry has its own procedure to safeguard IPR (Intellectual Property Rights). If a ministry creates a product, its IPR rests with that body. For example, all software and applications we create are copyrighted in our name. What is NIC’s vision in building a secure network?
Our vision is to create a secure network and a rugged information infrastructure. Whatever we host shall remain within a strict security perimeter and far from the reach of hackers. But I reiterate that this is a continuous process. You can’t say I’ll be 100 percent secure tomorrow. We are committed to continuously investing in information security. CIO
bureau Head (North) rahul Neel mani can be reached at rahul_m@cio.in
Vol/1 | ISSUE/2
11/28/2005 2:09:46 PM
Trendline_Nov11.indd 19
11/16/2011 11:56:19 AM
Essential
technology Illustration by b inesh sreedharan
From Inception to Implementation —I.T. That Matters
Digital video surveillance today is more than a security technology; it’s a business enabler.
C-Eye-O BY SCOTT BERINATO
SECURITY
|
When you signed on as a CIO, you probably planned on digging into some kind of ERP project. You knew you’d do the network architecture thing. Heck, you might even have anticipated that you’d build a presentation for the CEO on the merits of Linux. But, chances are, you never expected to be in charge of building a video surveillance infrastructure. Well, now you are. Or if you’re not, you soon will be.
Look What Found You Video surveillance is at the front-end of an astonishing transformation. Once a world of clunky cameras and closed-circuit coaxial networks hardwired into a room full of cloudy gray 5-inch screens, surveillance is rapidly becoming a land of sleek, intelligent cameras linked to software applications running on the IP network. Some of these applications are basic, such as motion detection setting off alarms. Some are clever, such as a grocery store system where cameras at the checkout counter are linked to the receipt tape. (This way, loss prevention per66
Essentisl Tec.indd 66
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
Vol/1 | I SSUE/2
11/28/2005 3:44:09 PM
essential technology
sonnel can click on the record of any item purchased and be taken to that moment on the video.) More applications are coming, and they seem to be limited only by the imagination. (Ethicists and privacy advocates are, understandably, on red alert.) Bill Bowens recently managed a digital video surveillance project for Dallas-Fort Worth International Airport. The system allows for remote control of cameras and improved visual data, meaning he can see objects, faces, whatever more clearly due to better optics, zooming and other technology. The fact that data is stored digitally, not on tape, means it can be retrieved instantly. That brings the decision time on whether to evacuate a terminal down to mere sec-
The LittleThings 90 percent this year, and will be the primary factor in the diminishing market for traditional closed-circuit TV. (CCTV still composes almost half the overall video surveillance market, but its share is rapidly dwindling.) Proving ROI on digital surveillance may not be as hard as you think either. The post-9/11 obsession with security created this surge in surveillance investment, but what’s sustaining it is that digital video surveillance appears to be living up to its hype. And, when done well, it provides real ROI for the business. First off, it allows for consolidation of monitoring: You can watch many geographically disperse sites from one control room—something that was
Surveillance is rapidly becoming a land of sleek, intelligent cameras linked to software applications running on the IP network. onds rather than several minutes or more. If Bowens manages to avoid evacuating a terminal unnecessarily just twice, the system will have paid for itself. Bowens, by the way, doesn’t work in the security department. He’s a project manager in the IT department. ”When I’m asked how I ended up in security,” he says, “I say it invaded my world.”
The Pan-Tilt Boom The video surveillance market is already saturated. (Experts believe people have bought more cameras than they have places to put them.) And yet it will grow another 17 percent this year, according to fresh numbers from surveillance expert Joe Freeman, who runs J.P. Freeman Associates, a consultancy that tracks surveillance and other security issues. IP-based digital video systems still make up a relatively small part of the overall market (less than a fifth), but Freeman says they will surge, growing by 70 percent to
Vol/1 | I SSUE/2
Essentisl Tec.indd 67
impossible with closed-circuit systems. An even bigger benefit of digital is that central control and monitoring allows you to put cameras at smaller sites and monitor them from the central operations center. With CCTV, you’d require a closed system at that smaller site and onsite monitoring, which itself requires at least one employee. Digital video also beats tape in terms of storage and retrieval. Tape-based systems can require a full-time employee just for retrieval. (For even more benefits, see “The Little Things,” this page.) But the key to IP-based video surveillance’s appeal is the ever-expanding roster of applications being attached to it. In other words, surveillance isn’t just about security anymore. For example, British bed superstore Dreams recently deployed video surveillance for measuring foot traffic through a store to understand both peak traffic times and also shoppers’ browsing habits, which in turn allows them to better configure merchandise around the store. Of
New software applications are a primary reason digital video surveillance is growing rapidly. Here are some of the little things that have meant a lot to the growth of the technology. New IP-based systems use standard IT infrastructure. This limits buyer’s remorse, as the technology evolves rapidly, and it allows CIOs to build systems to scale over time. They can even use in-house talent to develop applications instead of being forced into proprietary systems. IP systems can use power over Ethernet (PoE) to carry both data and power over one standard cable. Power costs on closed systems can be prohibitive, and building a new system that requires rewiring for power is unappealing. PoE can also keep cameras running on IT’s uninterruptible power supplies during electrical outages. New cameras have advanced imaging capabilities. Sharper images and features such as digital zooming allow fewer cameras to cover a given space with greater detail. Infrared and thermal imaging can significantly reduce nighttime expenses. By spending a little more on cameras that function in the dark, you can eliminate the need to floodlight areas at night, saving on power costs. —S.B
course the surveillance is used for security as well, but it’s also being utilized to train new employees. Training, in fact, has become a possible killer applet for video surveillance, due in large part to the increased quality of the images. Video of cashiers at a grocery store doing their jobs correctly (and incorrectly) is edited into video packages that train new hires. Sandy Jones, a surveillance consultant, says Dreams isn’t alone in its use of cameras to assist retail; other companies are using surveillance for similar purposes. Still others are using cameras to improve logistics, assembling trains at humpyards (where the rail cars come off boats and trucks), for example, or monitoring assembly lines for quality control. Suddenly, surveillance is a business enabler, not just barbed wire. REAL CIO WORLD | D e c e m b e r 1 , 2 0 0 5
67
11/28/2005 3:44:09 PM
essential technology
The Catch The newer technology, however, requires a significantly higher capital investment than do CCTVs. The cameras have advanced optics that provide better pictures; longer lines of sight; automated panning, tilting and zooming; and in some cases, pictures from other spectra, such as infrared. Some digital cameras have their own IP addresses and become just another device on the network that can be controlled from the Web browser, like a printer or server. And, of course, all of them require networking infrastructure and bandwidth. Digital surveillance camera vendors claim, however, that while their products can be more expensive up front, reduced power requirements,
You could also ask consultants or systems integrators to help. Be warned. They’ll flock to you like birds when you start flashing a stash of bread crumbs.
Aiming for Easy Marks We started by saying that video surveillance is now the CIO’s bailiwick because the technology essentially shifted to become part of the standard IT infrastructure, the IP-based networks, software applications and related technology that the CIO already controls. This is true. But also contributing is the fact that vendors want to move video surveillance into the IT realm because they can sell more to IT than to the security department.
Many CIOs say they spend considerable time fending off aggressive surveillance vendors. increased flexibility and lower long-term maintenance costs ultimately make digital systems more affordable than CCTV. Nevertheless, you can show your CEO all the five-year cost-benefit analyses and new applications you want. It’s still a shockingly high amount of capital to request, and it’s still video surveillance, in which he may be reluctant to invest, since the old CCTV ain’t exactly broke. So how do you get the infusion of capital you’ll need? Pilot programs that demonstrate ROI will help, but they must be well planned. (Go see your CSO and find out, risk analysis-wise, where new cameras and applications will pay off fastest.) Also, try to apply as many applications to the video infrastructure as possible— training, marketing, logistics, quality control. Get these groups on board with using the new digital surveillance applications, and then share the burden with them. If the system will be used by them too, why not have them pitch in from their budgets? 68
Essentisl Tec.indd 68
D e c e m b e r 1 , 2 0 0 5 | REAL CIO WORLD
The reasons for that are obvious. Primarily, the CIO’s budget is usually bigger than the security team’s, but there are other factors. The CSO often works under more strict risk analysis guidelines on projects. And with so many other things demanding his budget’s attention besides just surveillance, if the CCTV ain’t broke, he’s not likely to fix it. The CSO’s product cycles tend to be measured in decades, not months, meaning he goes to market less often than does the CIO. The CIO is looked to for competitive advantage and for advanced applications that enable growth. Finally, CIOs are used to refreshing software and hardware frequently. Many CIOs say they spend considerable time fending off aggressive surveillance vendors. “I almost canceled our contract twice over what I thought was really aggressive behavior,” says Greg Meffert, CTO of the City of New Orleans, who is in the middle of a citywide surveillance project that will eventually include 1,000 wireless, IP-based cameras. “All they wanted to do was tell me how great I
In January, simple Google searches found links to more than 1,500 unprotected surveillance cameras. was and then, ‘Why aren’t you rolling this out faster?’” “The vendors are coming at us with the ‘wow’ factor,” says Dallas-Fort Worth International Airport’s Bowen. “If you don’t pay significant attention to it, you’ll buy lots of things that can do lots of stuff, but your [total cost of ownership] and integration will be no good.”
TheTwo-Minute Case Study Meffert provides a great example of a successful, IT-driven digital video surveillance deployment. When the current New Orleans city administration came into office, he says, the city had about two days worth of cash on hand and ranked at the bottom of a list of major cities when it came to technology infrastructure. “Everything we could do had to either be budget-neutral or save us money,” he says. New Orleans’ paramount problem was its murder rate, the highest of any city in the country, and Meffert believed a high-end wireless surveillance system with motion
Vol/1 | I SSUE/2
11/28/2005 3:44:09 PM
detection could help. But that would require an investment in the neighborhood of Rs. 135 lakh ($300,000) just to start a pilot. To jump-start the program, Meffert piloted the system in one of the highestcrime areas of the city. In six months, the murder rate in this area dropped 57 percent; auto theft, 25 percent; and burglary, 32 percent. He then started a website, Iseecrime.com, where neighborhood watch groups could sign up to become part of the city’s surveillance network. For Rs. 2.25 lakh ($5,000), people could “adopt” a camera, and the city would integrate those views with its overall surveillance operations. In two days, Meffert says 220 groups and individuals registered. “That’s a million bucks right there,” he says. All this success convinced the city to up its investment to more than Rs. 18 crore ($4 million) for the first 300 cameras and to deploy as many as 1,000 cameras around New Orleans. (Right as Meffert started his pilot, the American Civil Liberties Union filed two restraining orders and threatened a lawsuit against the city; privacy and ethics issues abound and should not be discounted.) But Meffert believes that the public safety rewards outweigh the privacy issues. He recalls an incident in which someone shot one of the wireless cameras. When damaged, the cameras automatically send a signal to police headquarters along with the last 10 minutes of footage from the location. (There’s up to a week’s worth of footage archived from every camera at any given time, depending on the camera’s setup.) Headquarters reviewed the video and forwarded it to a cruiser in the area. Meffert says those officers quickly tracked down the suspect who, it appeared, had done more than shoot at cameras. He was wanted for murder. Pretty good ROI. CIO
Send feedback on this feature to editor@cio.in.
Vol/1 | I SSUE/2
Essentisl Tec.indd 69
Read the Fine and Fast Print Connections | With the price of color laser models dropping below Rs. 9000 ($200), ink-jets being given away free as come-ons for computer stores and even cheap units able to deliver decent photo-quality prints, it’s hard to find anything worth printing about printers anymore. But a recent demonstration by Brother Industries and separate news from MIT and Hewlett-Packard recently made printers exciting again. This June at the 2005 World Exposition in Aichi, Japan, Brother engineers demonstrated a prototype ink-jet printer that can reportedly spit out paper in a 170-page-per-minute blur. The key is a static head that prints across an entire sheet at once instead of the more typical moving head, which slides across a page for each thin line of print. By linking multiple heads, the technology could in theory provide super high-speed, high-quality color printing all the way up to poster size and beyond. Brother, however, won’t comment on when the technology might make it into commercial printers nor on how much the printers using the technology might cost. Hewlett-Packard also recently announced its own head game: a new line of printers with integrated print heads (the heads previously lived on ink cartridges). The new printers will reportedly produce prints more cheaply and quickly than previous models. While Brother and HP concentrate on speed and cost, MIT is thinking small—tiny, in fact. The school’s Department of Materials Science and Engineering recently announced a nanoprinting technique that someday might let scientists create and reproduce nano-size devices quickly and at a much lower cost than current techniques can. The MIT technology, called supramolecular nano-stamping, uses single strands of DNA that self-assemble to duplicate nano-scale patterns. Duplicates can then be used as patterns themselves, exponentially increasing the speed of the printing-like process. Once perfected and commercialized, the technique may prove useful for the creation of DNA microarrays, which can test for susceptibility to genetic diseases. The technology might also one day be able to duplicate nano-scale transistors and wires for other applications, the researchers claim. —CHRISTOPHER LINDQUIST REAL CIO WORLD | D e c e m b e r 1 , 2 0 0 5
Illustrat ion Shyam S. Deshpande
essential technology
Under Development
69
11/28/2005 3:44:10 PM
Pundit
essential technology
Building the Compliance Infrastructure Service-oriented architectures have found their way to the network. BY ERIC KNORR SOA | I’ve been talking about Web services’ latest incarnation, service-oriented architecture (SOA), since 2001. So imagine my surprise when I heard that Cisco, EMC and a host of network appliance makers claim to be in the SOA business.
But the payback for the business side can be elusive in the short term. In fact, it actually requires more work to develop applications in a service-oriented way if an enterprisewide SOA isn’t already in place. The problem is that initiatives for the greater good of
packets at a deep level and block suspicious traffic. But these companies are going beyond XML firewalling. DataPower, for example, offers a vertical tool that binds Web services security to XML financial schema. And Cisco’s Aon initiative is supposed to result in a
The real driver for SOA may come from people who see the value of an application-aware, SOA-connected infrastructure as the best long-term compliance solution. After all, SOA is confusing enough without throwing in the kitchen sink of infrastructure. Every day, people confuse SOA with one of its many applications: B2B integration, software as a service, enterprise workflow—you name it. To them I’ve always said, “It’s applications as services, period.” But guess what? After a couple of years of singing that refrain, I’ve finally stopped being so narrow-minded. The reason? Many (if not most) organizations lack a sufficient motive to establish an enterprise-wide SOA as I’ve been defining it. Yet if you broaden SOA to include an application-aware infrastructure, the SOA value proposition becomes more compelling. The main motives for both the business side and IT to embrace SOA are quicker, cheaper application development and lowcost integration. Instead of writing a component or an application, you can call up that component or application from the app you’re developing and avoid redundancy. 70
ET-Pundit.indd 70
D ece m ber 1 , 2 0 0 5 | REAL CIO WORLD
the organization don’t jibe with the usual application development process. Normally, the business side asks IT for particular app functionality and creates some sort of specification for just the features it needs. They don’t allow for all the other applications that may share the same services, which is how an SOA needs to be designed. So SOA needs an enterprise-wide motive. And what is it that has nearly every organization in a mad scramble? Regulatory compliance. The storage and retrieval requirements of the Sarbanes-Oxley Act and the security demands of the Health Insurance Portability and Accountability Act require both ironclad enterprise-wide processes and special infrastructure in the form of storage and security solutions. And that infrastructure will become increasingly application-aware. The past couple of years have seen a new breed of application-layer, XML-aware security appliances—from the likes of F5, Forum Systems and DataPower—that inspect
new line of XML-aware routers this summer. With real-time inspection of XML traffic, such devices will be able to identify compliancerelated content and make sure it’s routed to the correct repositories, such as EMC’s Centerra for write-once archiving. Imagine an application-aware infrastructure that makes enterprise compliance transparent and relatively low maintenance. Most enterprises would give their eye teeth for that. As a result, the real driver for SOA may come from people who see the value of an application-aware, SOA-connected infrastructure as the best long-term compliance solution. For that to work, of course, enterprise apps need to be part of an SOA. Is this the tail wagging the dog? Maybe so. But fear often turns out to be the best motivator, and if that means compliance and its related infrastructure come first, so be it. CIO Eric Knorr is executive editor at large for Infoworld. Send feedback on this column to editor@cio.in.
Vo l/1 | ISSUE/2
11/28/2005 1:56:33 PM