CIO September 15 2007 Issue by Sreekanth Sastry

Alert_DEC2011.indd 18

11/17/2011 12:00:16 PM

From The ediTor

Cios often come to grief at the desk of CFos, and cast the financial chiefs

Do CIOs Have Fragile Egos? CIOs are often at loggerheads with CFOs. It doesn’t have to be this way.

as penny-pinchers who stand in the way of technology. The two C-level executives enjoy a strained relationship in many organizations. But this need not be the case, according to a CIO who fortuitously also holds the purse strings at his company. He is a chartered accountant with an abiding love for technology. Hence, his rise to the dual position. Unlike most others, he is able to bring the perspective of both the CIO and the CFO in examining an evidently troubled relationship. His prognosis, as I understood it, is simple and elegant but may not be music to CIOs’ ears: CIOs have a fragile ego, and are easily hurt by rejection. In most cases, they fail to demonstrate due diligence in spending plans. CIOs need to be tougher. They suffer from a near-pathological Top executives take cold, inability to offer reasonable metrics to calculated decisions and measure ROI. deliver them bluntly. CIOs I suspect some of you might rail at such need to learn to play hardball. accusations but that would only prove his point: that CIOs have brittle egos. These observations come from a peer and well-wisher — not an outsider — and deserve to be seriously considered. Let’s look at each of the three comments. The first suggests CIOs need to be tougher, and understand the rules of corporate engagement. Top executives take cold, calculated decisions and deliver them bluntly. CIOs simply need to learn to play hardball, as Americans would say. The second pronouncement is subtly phrased. It doesn’t say CIOs do not conduct due diligence. It only says they don’t demonstrate it. So guys, just explain yourselves better. The third is a little more damning but can be seen in the context of an emerging scenario in which CEOs are willing to ignore ROI for a variety of technology deployments, so long as these make business processes more efficient or make profound changes to the way business is transacted. Nevertheless, it seems imperative that CIOs learn the gentle art of persuasion in order to succeed. A word of thanks might be in order to our CIO-CFO friend for sharing his unique observations. Don’t you agree?

Bala Murali Krishna Executive Editor balamurali_k@cio.in 2

s E p t E m b E r 1 5 , 2 0 0 7 | REAL CIO WORLD

VO l/2 | ISSUE/21

content september 15 2007‑ | ‑Vol/2‑ | ‑issue/21

COVEr: PhOtO by Sr IVatSa ShandIlya

I IM aGInG by bInES h Sr EEdharan

(L-R) Harish Shetty, senior VP-IT of HDFC Bank, C.N. Ram, IT head of HDFC Bank, and Arun Gupta, CTO of Shopper’s Stop, reiterate the value of storage virtualization to fast-growing enterprises.

Storage

Executive Expectations

COVER STORy | WHAT VIRTUALIZATION HAS IN STORE | 40

VIEW FROM THE TOP | 46 CMD of Canara Bank M.B.N. Rao on how effective application of IT has led to better adherence of business with global standards.

HDFC Bank and Shopper’s Stop discovered a path to tap virtualization for better manageability and scalability on the storage front. But first, they had to ensure that the benefits would more than offset the high costs and complexity of the technology. Feature by Gunjan Trivedi

The Innovative 100 CIO 100 SyMPOSIUM & AWARDS | 29 It was the biggest forum for CIO 100 honorees and participants to celebrate innovation. If you missed the action — the keynote sessions, seminars and the awards night — catch it again in this photo feature.

4 0

s E p t E m b E r 1 5 , 2 0 0 7 | REAL CIO WORLD

Interview by Balaji Narasimhan

Staffing SEVEN STEPS TO THE CIO THRONE | 26 What does it take to win over a recruiter? Column by Martha Heller

Emerging Technologies LESSONS FROM THE WEB’S DARk SIDE | 50 Rarely acknowledged by the mainstream, adult and gaming sites collect a healthy percentage of Web traffic and account for a good deal of innovation too. By Ben Worthen

VO l/2 | ISSUE/21

content

Networks Vulnerable Privacy | Monster Data Stolen

Essential Technology | 64 Outsourcing | On The Lookout for the

Right Search Feature by Galen Gruman Internet Security | Internet Security Yap Column by Scott Berinato

From the Editor | 2 Do CIOs Have Fragile Egos? By Bala Murali Krishna

Inbox | 12 NOW ONLINE For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. Go to www.cio.in

c o.in

Govern SEtting citizens’ charter | 60 Change management, pushing IT projects into financial viability and meeting citizens’ expectations are challenges for Anurag Jain, IT secretary of Madhya Pradesh, who also doubles up as the chief minister’s secretary.

2 2

Interview by Balaji Narasimhan

IT Scams Interview with a mob cio | 56 The facts and scams are real. The CIO? Not so much. But here’s how organized crime uses technology to make money. Feature by Scott Berinato

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Content,Editorial,Colophone.indd 8

9/17/2007 10:35:50 AM

ADVISORY BOARD Management

Publisher & editor N. Bringi Dev

CEO Louis D’Mello Editorial Editor-IN-CHIEF Vijay Ramachandran

Executive Editor Bala Murali Krishna

Bureau Head - North Sanjay Gupta

Special Correspondents Balaji Narasimhan Kanika Goswami

Abnash Singh

Chief COPY EDITOR Kunal N. Talgeri

SENIOR COPY EDITOR Sunil Shah

TRAINEE JOURNALIST Shardha Subramanian D esign & Production

Creative Director Jayan K Narayanan

Designers Binesh Sreedharan

AMD

Group CIO, Mphasis Alaganandan Balaraman Vice president, Britannia Industries

Avaya

4&5

Alok Kumar Global Head-Internal IT, Tata Consultancy Services

Anwer Bagdadi Senior VP & CTO, CFC International India Services

Senior Correspondent Gunjan Trivedi

Advertiser Index

Canon

IBC

Arun Gupta Customer Care Associate & CTO, Shopper’s Stop

Emerson

Arvind Tawde VP & CIO, Mahindra & Mahindra Ashish K. Chauhan

Fluke

President & CIO — IT Applications, Reliance Industries

Vikas Kapoor; Anil V.K. Jinan K. Vijayan; Sani Mani Unnikrishnan A.V; Girish A.V MM Shanith; Anil T PC Anoop; Jithesh C.C. Suresh Nair, Prasanth T.R

C.N. Ram

Chinar S. Deshpande CIO, Pantaloon Retail

Photography Srivatsa Shandilya

Dr. Jai Menon

Production T.K. Karunakaran

Director (IT & Innovation) & Group CIO, Bharti Tele-Ventures

T.K. Jayadeep

Mark eting and Sal es VP, Intl’ & Special Projects Naveen Chand Singh VP Sales Sudhir Kamath brand Manager Alok Anand Marketing Siddharth Singh Kishore Venkat Bangalore Mahantesh Godi Santosh Malleswara Ashish Kumar, Chetna Mehta Delhi Nitin Walia; Anandram B; Muneet Pal Singh; Gaurav Mehta Mumbai Parul Singh, Chetan T. Rai, Rishi Kapoor,Pradeep Nair Japan Tomoko Fujikawa USA Larry Arthur; Jo Ben-Atar

Singapore Michael Mullaney Events General Manager Rupesh Sreedharan Managers Ajay Adhikari, Chetan Acharya Pooja Chhabra

Fujitsu

14 & 15

Head–IT, HDFC Bank

IBM RGF & 21

Informatica

Manish Choksi Chief-Corporate Strategy & CIO, Asian Paints

Intel

M.D. Agrawal Dy. GM (IS), Bharat Petroleum Corporation Limited

Lenovo BC

Rajeev Shirodkar VP-IT, Raymond Rajesh Uppal

Microsoft

IFC

Chief GM IT & Distribution, Maruti Udyog Prof. R.T. Krishnan

Novell

Toshiba e -Studio

Professor, Corporate Strategy, IIM-Bangalore S. Gopalakrishnan CEO & Managing Director, Infosys Technologies Prof. S. Sadagopan Director, IIIT-Bangalore S.R. Balasubramnian Executive VP (IT & Corporate Development), Godfrey Phillips Satish Das CSO, Cognizant Technology Solutions Sivarama Krishnan

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, 10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by N Bringi Dev on behalf of IDG Media Private Limited,

10th Floor, Vayudooth Chambers, 15–16, Mahatma Gandhi Road, Bangalore 560 001, India. Editor: N. Bringi Dev. Printed at Rajhans Enterprises, No. 134, 4th Main Road, Industrial Town, Rajajinagar, Bangalore 560 044, India

Executive Director, PricewaterhouseCoopers Dr. Sridhar Mitta MD & CTO, e4e S.S. Mathur GM–IT, Centre for Railway Information Systems Sunil Mehta

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

Sr. VP & Area Systems Director (Central Asia), JWT V.V.R. Babu

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Content,Editorial,Colophone.indd 10

Group CIO, ITC Vol/2 | ISSUE/21

9/17/2007 10:35:51 AM

reader feedbaCk

frustration among the CIOs finding their way up the ladder. We exchanged notes about how the credit of a project’s success goes to someone else, but when failure occurs, it is piled at the doors of the CIO. But like I said, it is a curve we have all faced – it’s part of the game. I have faced the same issues. ShikhA A RAi, Assistant director-IT, Canon India

An Evening To Remember I thought that the CIO 100 Awards & Symposium( New Delhi, September 7, 2007 2007) event had an interesting format, and was well organized. More specifically, the sessions were relevant to the audience. When I spoke to other CIOs later, they felt the same too. Michael Schrage’s session on innovation was apt and, importantly, it was simple to understand. Michael Hugos spoke from experience, which is a fantastic thing in a time where you hear so much from so many people who have not really got their hands dirty. I enjoyed listening to the CEO panel. I thought they were selected because they are what I call ‘tech-happy’ people – not necessarily tech-savvy – but CEOs from the new school who understand that IT can help them. I must say that Mr. B.S. Nagesh from Shopper’s Stop is tech-savvy. It was enlightening to hear what the CEOs had to say about technology, where they were coming from, and how business looks at technology today. As I talked to other CIOs, I realized that there are so many CIOs in different places in their careers and juggling work environments at different levels of maturity. Everyone has to pass through this growth curve, and middle management is a time that is most frustrating. I sensed some of that 12

Inbox.indd 12

S e p T e M B e r 1 5 , 2 0 0 7 | REAL CIO WORLD

I must thank CIO India for organizing such a wonderful event. The awards ceremony and symposium, apart from providing a fun-filled experience, successfully brought together the key people involved in different aspects of IT from various organizations. It provided an opportunity for us participants to share experiences with innovative projects, best practices, and the direction and shape that the CIO’s role is taking in a new business environment. As regards the symposium, I liked all the presentations and panel discussions, particularly the presentation by Michael Schrage and the last panel discussion with CEOs as panelists. As brought out clearly in both these programs, CIOs need to adopt an innovative approach to IT if they are to remain relevant in the prevailing climate of booming economic growth. This means getting to know the growth plans of the business intimately and determining how to use the resources within IT to contribute directly to growth.As Michael Schrage What Do You Think? We welcome your feedback on our articles, apart from your thoughts and suggestions. Write in to editor@cio.in. Letters may be edited for length or clarity.

editor@c o.in

CIOs need to adopt an innovative approach to IT if they are to remain relevant in the prevailing climate of booming economic growth. pointed out, the need is to focus on business capability rather than capacity. CIOs must consult with business heads to shape the demands on IT to ensure growth and not just support business. CIOs should look at the budget, people, skill and infrastructure under their control, and find ways to use them toward generating maximum growth for business. The top priority should be in delivering projects that enable business growth. This will require strategic thinking on the part of CIOs to align IT with business focus through business process design and improvement for creating value efficiently for the business. The panel agreed that without IT, CEOs can’t drive bold and innovative thinking, and customer-focused behavior throughout their businesses. IT can create new organizational efficiencies. It’s not about shrinking IT budgets or lowering cost, but the challenge is to extract unprecedented value from existing IT infrastructure and leverage new investments more quickly and effectively. I once again thank CIO India for giving me the opportunity to be part of such a wonderful event, and look forward to more of such events in future. R.k.. Up UpAdhyA dhyAy Ay Deputy GM (IT & Business Development) Banglore Telecom District, BSNL

Vol/2 | ISSUE/21

new

hot

unexpected

Knows What You Are Upto Not long ago, Google was the cuddly search engine that could. Now it's a bona fide data monster, and your personal information is its meat. Google's pending acquisition of DoubleClick has shed new light on just how much data the G-men control, from search histories to e-mail, calendars, blogs, videos, and more. So notable is Google's stranglehold over personal data that even Microsoft claims to offer more privacy than Google, which is enough to tell you the universe has shifted. The question is: what will Google do with this vast trove of information? Global privacy counsel Peter Fleischer points out that Google alone challenged the Department of Justice in January 2006, when the department demanded millions of search terms from the top four engines. And Google voluntarily agreed to anonymize the search data it retains after 18 months. But privacy advocates are far from convinced. The next time everyone's favorite Uncle asks the company to display its assets, Google might not prevail. And if Google were ever acquired or chopped into bits, that data could be its most valuable commodity. Worse, Google Desktop may represent a security risk to the data on your hard drive. In a Ponemon Institute survey of IT pros conducted in June, more than 70 percent believe Google Desktop is still vulnerable to cross-site scripting attacks. The solution? Be very careful about how you use Google products. When in doubt, log out. —By Dan Tynan

IllustratIon by anIl t

SeCurity

Unified Communications As a Service C o m m u n i C a t i o n S e r v i C e Microsoft Corp. is working on a ‘service in the sky’ for unified communications, an executive said at the VoiceCon conference in san Francisco. the company's current focus for the fast-growing trend of combining voice, video, text and other forms of communication is office Communications server 2007, which Microsoft said it will unveil on october 16 at a san Francisco event. the program will feature Chairman and Chief software architect bill Gates. but at the same time, it is working on providing these capabilities as a service, said Warren barkley, a principal group program manager at Microsoft. He mentioned the project in passing, at the end of an early morning panel session at VoiceCon. He didn't give a timeline for availability. barkley cited the need to serve small businesses that increasingly are widely distributed. unlike large enterprises, they generally lack the It resources to set up and run a communications system that reaches employees around the world. Microsoft already offers a hosted collaboration platform, liveMeeting, and is moving to offer

Vol/2 | Issu E/21

applications such as CrM (customer relationship management) as services. one of the key benefits of unified communications is the ability to integrate voice and other communications into productivity applications, and Microsoft's move could be aimed at a convergence of the two trends. Cisco systems, still a rival in unified communications despite the two companies' announcement that they will make their products work together, earlier this year acquired hosted collaboration provider WebEx. but neither company has talked much about offering unified communications itself as a networkbased service. WebEx already offers Weboffice, a set of applications offered as a service, although Cisco said at the time of the acquisition that it wasn't planning to become a saas powerhouse.

— by stephen lawson REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

9/18/2007 4:25:48 PM

CIos want solutions that bridge the gap between what vendors promise and what they actually deliver. Vendors are more interested in lowering the cost of their operations and guard their margins as the dollar depreciates. both vendors and CIos want ways to differentiate their businesses in an age when everything is a commodity — from ErP to CMMI-5. the round peg and a square hole are finding a way to fit. the answer is what Forrester calls solution accelerators — or software that can be repurposed. Forrester’s defines repurposable software as modular and, crucially, possessing between 40 percent and 70 percent of code that can be reused. How does it differ from software packages that are currently being repurposed with some customization? sudin apte, a senior analyst at Forrester research India, says the difference is akin to the “difference between wet concrete and concrete blocks. Every company has a different-shaped cavity,” he says solution accelerators are more like wet cement vendors can pour in, to meet the needs of a specific business, he adds. the other distinct difference is that solution accelerators are built on unbillable time. Vendors are investing in solutions that haven’t even been ordered. such pre-cooked solutions can be built for markets with big potential. “solution accelerators look at the 21st client,” apte says. to CIos, solution accelerators, like pre-cooked food, can be quickly put t on the table, represent less hassle and strangely are cheaper. an example is an application that handles how a bar-coding scanner system works with an inventory database. It’s an application that is common enough among retailers so that vendors can reuse between 40 and 70 percent of their code. Pre-fabricating an ubiquitous application like this saves coder time, and money. and selling it to multiple CIos spreads out the cost. on an average, says apte, the approach could save CIos 25 percent of a project’s time and 15 percent on costs. at the moment, he says, vendors see a market in manufacturing, retail and hi-tech. apte says some vendor companies already pack 300-strong solution accelerators teams, while others like HCl say they are ready to commit 6 percent of their staff to unbillable time. beating their competition to the punch are Cognizant, Infosys and HCl. some companies are already getting 5 to 10 percent of their revenues from solution accelerators and products around solution accelerators says apte. the Forrester study figures suggest that the revenue will rise to between 35 and 50 percent in three to five years. so what’s stopping every little outsourcing shop from setting up its own solution accelerator? Domain-specific knowledge, an articulate front-end team and deep pockets to deploy talented coders on unbillable time. — by sunil shah outSourCing

Digital Gender Divide Men are three times more likely to try and solve an IT problem themselves than women, according to new research, which BT says highlights the 'digital gender divide.' BT's research shows that home PC users are 'in the dark' when it comes to securing valuable data, the company claims, but men and women take very different attitudes to protecting their digital photos, videos and music files. According to the research, nearly 50 percent of females consider their data 'priceless' compared with just over one third of men, with women taking responsibility for making sure music, video and photo files are safely stored on a home computer. Men, on the other hand, are more likely to store work-related spreadsheets and documents. But the gender divide is most apparent when it comes to IT support, according to BT. The company said just 14 percent of women try and sort out technical problems, with men three times more likely to get their hands dirty. "It's interesting to see the differences in approach to what people think is important and what they protect, but also what they do when it comes to solving computer problems, and those most likely to seek expert help," said Emma Sanderson, director of consumer valueadded services at BT. —By Oliver Garnham

Il lust rat Ion by un nI krIs Hnan aV

reSearCh

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Vol/2 | IssuE/21

trendlineS

building blind

n e t w o r k i n g Companies trying to figure out how to deal with the proliferating use at work of social networking sites such as Facebook, Myspace and Bebo may want to check the advice released by Britain's Trades Union Congress (TUC). TUC is advising companies that banning these sites may be something of an 'overreaction'. Instead, it's much better to focus on setting up formal policies for acceptable use. "Simply cracking down on the use of new Web tools like Facebook is not a sensible solution to a problem [that] is only going to get bigger," warned TUC general secretary Brendan Barber. While it's unacceptable for employees to spend hours at work on such sites, it is OK and even beneficial to trust them to spend a few minutes using the sites, the TUC said. The TUC is a federation of 59 British trade unions representing more than 65 lakh workers. The group's advice comes amid signs of a growing number of companies looking to prevent employees from accessing social networking sites from work. A recent poll of 600 employees by security vendor Sophos PLC showed that 43 percent of companies

SoCial

blocked access to Facebook. Another 7 percent said that use of the site was restricted. Of the 50 percent who had not blocked access to Facebook, 8 percent believed their companies haven't done so because they feared a backlash from employees. Much of the 'hysteria' is a result of misplaced or uninformed concerns about the negative consequences of social networking sites at work, said TUC spokesman John Wood. "The issue that seems to be worrying employees is cyberslacking," he says. There also seems to be concern that data posted on Facebook could be used for espionage purposes or to somehow infiltrate corporate networks, Sophos said. According to the TUC, companies should recognize that the issue won't go away by banning Facebook. The goal, instead, should be to have a clearly articulated and open 'conduct policy' regarding the use of such sites, coupled with a hands-off approach to an employee's personal life. This is important given that the use of social networking sites is likely to become the norm — especially among younger workers going forward, the TUC said. — By Jaikumar Vijayan

Illust ratIon by MM sHanItH

Body Heat as a Power Source development German scientists claimed to have developed a procedure that harnesses body heat in order to generate power, which in the future may be used to power mobile devices. The Fraunhofer Institute for Integrated Circuits have said that they can use the difference between the body's surface temperature and that of the surroundings to produce energy, which could be used to power medical equipment, such as sensors attached to a body of a patient in an intensive care ward. Essentially, the system works on the principle of thermoelectric generators (TEG) semiconductor elements, which extract electrical energy from the temperature difference between a hot and cold environment. Peter Spies, project leader at the institute and his team have apparently improved these thermoelectric generators. Traditionally, a temperature difference of several tens of

Trendlines.indd 18

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

degrees is needed in order to generate enough power. "Only low voltages can be produced from differences like these," explains Spies. TEG produces roughly 200 millivolts, while electronic devices require at least one or two volts. However, the German engineers have resolved this by combining ‘a number

of components in a completely new way to create circuits that can operate on 200 millivolts.’ "This has enabled us to build entire electronic systems that do not require an internal battery, but draw their energy from body heat alone," he said. "We have a working device in our labs," confirmed Spies, who has demonstrated the device at various trade shows. When a hand is placed on a specifically designed pad, it powers a wireless transceiver and a temperature sensor. "The problem is, the human body is not sufficient to power mobile phones at present," said Spies. "Perhaps in the future this might be a feasible vision." Spies believes that when further improvements have been made to the switching systems, a temperature difference of only 0.5 degrees will be sufficient to generate electricity. —By Tom Jowitt

Vol/2 | IssuE/21

trendlineS

Don't Ban Social Networking

on hot summer days in us, when power demand soars and peak rates hit their highest levels, network appliance Inc.'s 1-megawatt data center drops off the grid. the company's natural-gas-powered co-generation system delivers all of the power it needs — and saves it about rs 1.2 crore a year in energy costs — while also providing a source of ‘free cooling’ for the data center. “netapp's co-generation system is reducing energy expense by generating power and cooling when electricity prices are high and gas rates are low,” says David robbins, netapp's vice president of global infrastructure. the technology, also known as combined heat and power (CHP), combines a generator with a specialized chiller that turns the exhausted waste heat into a source of chilled water. “technically, technically, any power source can be used for CHP, but natural t gas is the most commonly used fuel source for co-generation in small commercial applications of CHP, such as 5MW, 10MW or 20MW plants serving a single building or campus,” says William kosik, managing principal at EyP Mission Critical Facilities, a new y york-based engineering firm that has consulted with netapp.In pp.In some cases, co-generation facilities use biomass or burn methane from garbage dumps, he says. For its part, netapp's system includes three natural-gaspowered generators and ‘adsorption chillers’ that can cool the company's 6,000-square-foot data center. the consistent load profiles of data centers make them well suited to co-generation, although very few data centers use the technology today, says Peter Gross, CEo of EyP. but the use of co-generation specifically for data centers is rare. Mark bramfitt, a principal program manager of customer energy efficiency at Pacific Gas & Electric Co. (PG&E), says he doesn't know of any other data center that uses the technology. kosik says there are several reasons to consider co-generation. For example, having a co-generation system as an alternative source of power can improve the survivability of a data center during a catastrophic loss of utility power, he says. "this is a huge concern when we do site evaluations for clients," kosik says. EyP gathers those numbers in part from information provided by the industry. the number of outages is increasing, he believes, due to a rise in natural disasters and an aging utility infrastructure. but he doesn't have hard evidence to prove it. “yes, yes, it's anecdotal,” he says. y C o - g e n e r at i o n

Wired Ethernet on its Wa W y out

Throw out those Cat5 cables: wired Ethernet is on its way out, ousted by the growing power and speed of wireless technology, according to one analyst firm. IT research company Burton Group has released a report that compares 802.11n to Gigabit Ethernet and predicts that 802.11n wireless technology will start eroding the wired Ethernet market within the next two to three years. Report author and senior analyst Paul DeBeasi said that “802.11n marks the beginning of a rapid market shift away from LAN access deployments using traditional wired Ethernet.” “802.11n will put pervasive mobility on the fast track,” said DeBeasi. “IT professionals should start thinking now about how they will deploy, maintain and benefit from an all-wireless LAN.” While, switch trunks and data center networks will need wired Ethernet for many years to come, refinements in system silicon, radio design, network control, wireless security and power management will make 802.11n the preferred and dominant LAN access technology in the future. As a result, DeBeasi's comparative analysis recommends that enterprises consider 802.11n an appropriate LAN access substitute for wired Ethernet in the following circumstances:

Il lustrat Io n by MM sHanItH

wireleSS

When the number of laptop users is growing When the enterprise uses mobile applications When Fast Ethernet throughput is good enough When the enterprise deploys VoIP When moves, adds, changes are frequently made When the risk of deliberate Dos attack is low to moderate When Ethernet cable installation is difficult “One can analyze the differences between 802.11n and Ethernet with regard to performance, security, manageability, cost and impact on staff,” said DeBeasi. “However, the definitive and unalterable competitive advantage that 802.11n has over Ethernet is pervasive mobility.” —By Manek Dubash 20

Trendlines.indd 20

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

—by robert l. Mitchell

Vol/2 | IssuE/21

trendlineS

Getting ting on a Power Trip

Mobile Workforce Leaves

Networks Vulnerable A majority of IT managers believe the mobile workforce makes their enterprise networks more susceptible to malware and other threats, according to a new survey. The survey of 450 IT managers found they are still at risk despite having anti-virus products installed on endpoints and using systems management tools to distribute patches. The survey, commissioned by management software maker BigFix and conducted by GatePoint Research, also found that in some cases IT managers think their systems management tools have contributed to their devices falling victim to a worm or virus. While 80 percent of those surveyed had anti-virus products installed, about 40 percent had been hit by a worm or virus in the past 12 months. Of those that suffered a breach, 30 percent said an inability to reach mobile users disconnected from the network contributed to the intrusion or failure that allowed a virus onto their network. "Securing the mobile workforce needs to be a top priority for global companies," said BigFix CTO Amrit Williams, in a company press release. "The key to real IT security is the ability to continuously enforce policies and manage your endpoints in real time when they are off the corporate LAN." In addition to the vulnerabilities posed by the mobile workforce, 15 percent of respondents cited the inability to monitor and remediate security issues outside of patch management. Another 15 percent said a lack of immediate feedback on the remediation status was a contributing factor to the failure. Other reasons cited for vulnerabilities included an inability to identify vulnerable machines and deploy a fix in the desired time frame (12 percent), and another 12 percent said a lack of centralized reporting for a decentralized network administrative structure put their systems more at risk. And 10 percent said their systems management tools could not detect previously applied but removed or corrupted fixes. â&#x20AC;&#x201D;By Denise Dubie

Innovative IT.

Transformative

IT.

IT that drives the business forward.

Intelligence

Leading companies are marked by IT that works in true partnership with the business.

That partnership can provide new areas for growth and set a company apart from its competition.

CIO Chief Innovation Officer

Press Play

to see CIOs discuss innovation within their enterprise

http://www.in.idgcast.com Vol/2 | ISSUE/21

Trendlines.indd 21

9/18/2007 4:25:57 PM

Mike Hugos

Project Leadership

Agility Makes IT Fun Again Setting a deadline and beating it is making IT an exciting place to be in.

e IT folks get no respect from the business world. I’m mad as heck and I’m not gonna take it anymore! No more snide remarks from finance; no more insults from operations; no more blank stares and shoulder shrugging from the sales guys. What am I doing to end this intolerable state of affairs? My colleagues and I are training people in the application of an awesome and agile combination of business strategy and system development tactics. We call it the ‘30-Day Blitz’. We’re seeing business people smile and say ‘Wow’ when they experience the results. We’re also seeing a can-do attitude, and what the French so beautifully call esprit de corps, emerging in the IT development teams doing the blitzes.

The 30-Day Blitz

Illust ration by mm shan ith

In May we began a 30-Day Blitz with the systems development group of a global electronics and software company. It started with a two-day agility workshop involving the business and IT stakeholders. In interactive exercises, we defined the business challenge and sketched out ideas for quickly addressing the most pressing issues. The IT director who was guiding the introduction of the blitz into his company culture accurately describes this as a "Socratic process of exploring options and testing assumptions." We agreed on the scope for the first blitz and created a conceptual design and performance requirements for a version 1.0 system — a ‘robust 80 percent solution’ that 22

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Coloumn Agility Makes IT Fun Again.indd 22

Vol/2 | ISSUE/21

9/14/2007 6:50:43 PM

Mike Hugos

Project Leadership

the developers could deliver in 30 days or less (that’s 30 calendar days; and we don’t work weekends, so its 20-22 working days). The following seven days were spent employing the six core techniques to flesh out the details involved in the design of the conceptual system created in the two-day workshop. During that time we did a couple of half-day JAD (Joint Application Development) sessions where business and IT people worked out specific design issues. In between JAD sessions, business people went back to their regular jobs but were available for quick meetings and questions. The development team investigated and worked out solutions to all the technical issues related to the system design. System design was captured in a set of largely graphic specification documents: process flow diagrams, data models, a story board of user interface screens, and system architecture diagrams showing configuration of hardware and software. We wrote up a definition of the relevant business rules and processing logic, but dispensed with the lengthy and elaborate use cases and loads of written text specifications. The graphic format of our design specs communicated well to the business users. They took one last look at the system design and gave us their thumbs up to go into the build phase. The build phase is the ‘peddle to the metal’ phase where the development team focuses their attention and energy like a laser — they had 11 days to turn the system design into a working system. We started this phase with the whole team reviewing the design specs and producing a detailed list of development tasks, no task lasting longer than three days. Then we organized these tasks into a day by day project plan and assigned people to each task. Every morning, we started the day with a short session, where we reviewed and updated the project plan to assess progress made, identify problems, and constantly adjust our actions so as to respond effectively and get the system built by our delivery date of June 1. We had our, ‘Oh no! What do we do now?’ moments — but what project doesn’t? The system builder leading the team was an experienced developer; he led his team through an exploration of options; people made decisions, and we moved on.

The IT director who was guiding the introduction of the blitz into his company culture accurately describes the 30-Day Blitz as a Socratic process of exploring options and testing assumptions. e-mailed the development team to say, “I want to express my congratulations and thanks to the 30-Day Blitz team. This was an awesome example of how this tool in the hands of the right people can be used to get something great done in a short time.” The head of the IT group for the whole division wrote to the system builder and the development team, “Brilliant work! Thanks for your hard work and your commitment to our agile delivery experiment.” And the VP of manufacturing and supply chain for the division said this, “Awesome, awesome. Ok, now let’s go out and get the rest of the issues in this area addressed. You are going to set a new standard for how we get this done. Let’s do it.” A week later, the manager who, along with his people, is actually using the system, sent around an e-mail to everyone and said this, “I’ve held off on my feedback because I needed my team to ‘kick the tires’. Well, they are kicking the tires, and we love what we see-you’ve delivered. The ‘80 percent solution’ you promised was delivered in the time frame you said you would.” We’re taking a break now, getting in a little R&R before starting up more blitzes. When members of that development team walk down the hall they walk tall; business folks smile and say hi; they know what the team accomplished. IT has become fun again. CIO

Finish Line On Friday June 1, the team reported that they were wrapping up end-to-end testing activities, and they scheduled a system demonstration with the business users and management for the following Tuesday. The IT director who guided this first blitz e-mailed the team, “Congratulations on making this happen. Well done!” The day after the system demonstration, the business director whose people were then working with the system 24

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Coloumn Agility Makes IT Fun Again.indd 24

Mike Hugos is CIO of Network Services, a distributor of housekeeping supplies, janitorial products, packaging and paper goods. He is the author of Building the Real-

Time Enterprise: An Executive Briefing. Send feedback on this column to editor@cio.in

Vol/2 | ISSUE/21

9/14/2007 6:50:43 PM

Martha Heller â&#x20AC;&#x201A;

Staffing

Seven Steps to the CIO Throne What does it take to win over the recruiter?

IOs love a good analogy: an IT infrastructure is like a house; business is like a football game; an IT project is like a patient bleeding on the table. With that in mind, I thought Iâ&#x20AC;&#x2122;d apply a new analogy to an old question: Just how does one go about conducting a proactive, precise, effective job search? The answer: think of the process as something akin to bringing a high-quality product to market. In this scenario, you, of course, are the product. You have been in product development for a number of years, and while you have enjoyed some trial runs in the market, you are now ready for a full-blown launch. So, what does it take to go to market?

Step One: Define your brand.

Illustrat io n Unn ik rish nan A.V.

As any good product manager will tell you, you cannot go to market before you truly understand your brand. What are your attributes? Are you a turnaround CIO? A technology guru? A financial services expert? A startup CIO? Once you understand what qualities you embody, and once you can articulate those qualities succinctly and effectively, you are ready to move to Step Two.

Step Two: Define your market. Barring, perhaps, Coca-Cola, there are few companies that can claim their product appeals to consumers in every demography. Most companies will define a particular market for their product: women over 40, small businesses in the Northeast, wealthy couples who like to dress up their dogs. So I am always amazed by how often CIOs intent on marketing themselves, skip this essential step. When I ask 26

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Coloumn Seven Steps to the CIO Throne.indd 26

Vol/2 | ISSUE/21

9/14/2007 6:52:38 PM

Martha Heller

Staffing

them to describe their dream job they often neglect to specify industry, geography or even the job function they want. The more specific you can get about your goal — a midsize retail company in the Midwest — the more proactive you can be about building a pipeline of leads to get you there.

Step Three: Develop marketing material. Let me say just a few words about your résumé: limit it to three pages. Include a one-line description of each company you list. Emphasize the business impact of your technology achievements. Avoid listing specific technologies — unless you are going for a CTO or chief architect role. Mention accomplishments in team building and leadership development. Include metrics: size of staff, budget and annual revenues. Pay attention to formatting: keep the font crisp and easy on the eyes. Finally, put dates on your education regardless of how long ago you received your degree.

Step Four: Build the pipeline. Now that you know your market and you have your collateral, you’re ready to build your pipeline of prospects. Take the general market definition you’ve developed and make a list of every company that qualifies. Once you’ve got that list, chances are, you know someone who knows someone who knows a decision-maker in every company, so pick up the phone and start calling your contacts. Be sure to include your vendors in an early round of calls, suggests Scott Hicar, who recently left his role as CIO at Maxtor to become CIO of Solectron. “Your best salespeople are generally well-connected,” he says. “They typically have better networks than you do and for them, there is nothing better they can do than find an old customer a new home.” If you are short on contacts in your dream industry or location, there is always the cold call. Dan Sheehan, former CIO of ADVO, used this tactic when he was conducting his last job search. “I used a few databases and got a list of all of the companies that were over Rs 4,000 crore in annual revenues in New England,” he says. “Then I cold called the top HR person in each company and inquired about senior IT positions.” That tactic landed Sheehan the CIO role at Dunkin’ Brands. “They told me they were looking and they put me in touch with the recruiter who was doing the search,” he says. When job hunting at the VP or C level, be sure to include executive recruiters on your list of contacts, suggests Sheehan. “When you are working and employed, recruiters call you all the time,” says Sheehan. “Every time a recruiter called me, I would update my Rolodex with notes about who called me and for what. When it was my turn to look, I brought up all of those contacts and called them with specifics about what we had talked about before.” 28

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Coloumn Seven Steps to the CIO Throne.indd 28

When you have a job and recruiters call, update your Rolodex with notes about who called and for what. When you need a job, you have a ready set of contacts. All of his diligence through the years allowed Sheehan to tap into a network of recruiters exactly at the moment when he needed to utilize it. If you haven’t been quite as diligent as that, you’ll need to rely on your contacts to introduce you to recruiters. But as in golf, it is all in the follow-through. And speaking of which:

Step Five: Follow through. When Mark Goetze, former director of enterprise applications at ITT Industries, conducted his search for a new job, he contacted several recruiters who had been referred to him by a former colleague. After an initial contact, Goetze stayed on their radar screen. “Recruiters essentially have this huge pile of résumés on their desk,” he says. “The only way to stay on top of the pile is regular contact.” However, you want to stop short of being a burden to the recruiter, cautions Goetze, who recently landed a role as VP of IT for the medication delivery division of Baxter International. “But you want to follow up every two weeks,” he says. “It’s all about staying current.”

Step Six: Close the deal. Let me offer a few words about conducting a good interview. Obviously, you need to study up on the company. Sheehan, for instance, talked with Dunkin’ Brands’ franchisees about their IT needs before his interview. But during the interview, here are some thoughts you should keep in mind: Talk more about why you want the new job than about why you want to leave the old one. Never bring up money. Prepare five major accomplishments to discuss — in detail, with bullet points — when asked. Make eye contact with everyone in the room. Listen as much as you talk. Prepare a ton of really smart questions. And if you don’t get the job, proceed immediately to...

Step Seven: Convince yourself that you never really wanted it in the first place.

CIO

Martha Heller is managing director of the IT Leadership Practice at ZRG, an executive recruiting firm based in Boston. Send feedback on this column to editor@cio.in

Vol/2 | ISSUE/21

9/14/2007 6:52:38 PM

“The symposium and award ceremony were great events. It was a well-organized

and enriching experience.” — Pertisth Mankotia Head–IT, Sheela Foam

“IDG has consistently raised the bar. An example of this was the keynote address by Michael Schrage.”

“The CEO panel was an

appropriate end that stimulated everyone.”

— Arun Pande VP-IT, Colgate-Palmolive, India.

— Arun Gupta, Customer Care Associate & CTO, Shopper’s Stop

Glimpses “The look of the

symposium hall was one of the best.” —Anwer Bagdadi, CTO, CFC India Services

“From the start to the end,

we were challenged or entertained.” — Vikram Saxena Senior GM IT, Emami

“Compared to other CIO events, the CIO team has really been able to create a difference.” — Mohit Agarwal, CIO, HT Media

Vol/2 | ISSUE/21

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

Acknowledgement We would like to thank all participants and sponsors whose association made the CIO 100 Symposium & Awards 2007 possible.

At the Threshold At the second CIO 100 Symposium & Awards, CIOs of India's leading enterprises had their names etched on the Roll of Honor. The list ranged from today's largest Indian companies to some of tomorrow's giants.

The event was supported by many well-known IT companies.

The first of the delegates line up at the registration counter.

T.H. Diwan, additional GM of GNFC, walks past CIO 100's RFIDenabled gates. The system announced a participant's arrival on an LCD monitor, and served as a great way to break the ice.

Vol/2 | ISSUE/21

Peer-to-peer learnings

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

KEYNoTE ADDRESS

Test of Innovation Michael Schrage, co-director of the MIT Media Labâ&#x20AC;&#x2122;s eMarkets Initiative, spoke on 'Process, Innovation and Process Innovation'. His keynote address was sponsored by Airtel.

CIOs need to dismantle complex enterprise applications and keep innovations simple, asserted Schrage. It would lead to higher user-satisfaction levels in an organization, he added.

The speaker addressed a packed audience, delving into the need for collaboration and ways to address innovation at the prototype stage.

Michael Schrage signs copies of his popular book, Serious Play: How the World's Best Companies Simulate to Innovate. Several technology leaders reveled in the opportunity to discuss innovation practices with Schrage.

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Vol/2 | ISSUE/21

CIo SPEAK:

On an Agile Path Going by the title of CIO-at-large, former CIO and business consultant Michael Hugos talked on 'The Greatest Innovation Since the Assembly Line'.

Hugos demonstrated to CIOs how they could be more innovative and agile in 30 days. The process, he said, could be extended to a 90-day window.

t wha w o n To k age and ut r Sch hink abo e s o t n th Hug vation i xt, inno n conte t India the nex . read of CIO e issu

Hugos' experience as a CIO, which formed an indelible part of his address, won over many technology leaders.

Hugos later moderated a panel discussion in which CIOs shared their innovation experiences. From left: S.S. Mathur of the Centre for Railway Information Systems, Rajeev Shirodkar of Raymond's, Alagu Balaraman of Britannia, and David Briskman of Ranbaxy.

Vol/2 | ISSUE/21

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

Top Views To get a view from the top, CIO 100 conducted a panel discussion of Indian CEOs. They talked about managing growth, risk and innovation, and the role of the CIO.

EO l the C For al ns, get opinio y of the op your c r 1 issue e Octob CIO of

The panel comprised (from left) Vijay Ramachandran, editor-in-chief, IDG; K.K. Modi, chairman of K K Modi group; Daljit Singh, president of Fortis Healthcare; B.S. Nagesh, MD & CEO of Shopper’s Stop; and Anupam Mittal, president and CEO of the People Group. Nagesh asked whether it was time to change the expansion of 'CIO' to 'chief insight officer,' paving the way for a discussion on the role of CIOs.

"We have seen better results when we have raised the chief technology officer to chief strategy officer. "

" A CEO is fooling himself if he says he doesn’t depend on his CIO for business. Those days are gone."

"IT is a powerful enabler, but translation of new developments into business language doesn’t happen. "

"Ease of use and change management are critical if technology is to be accepted."

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Vol/2 | ISSUE/21

Networking As the evening set in, CIOs gathered at the Grand Cafe garden where they sampled exotic wines from Spain, Argentina, Chile, New Zealand, Italy, France and Australia.

From left: Prakash Pawar of Intrex India, Anwer Bagdadi of CFC, Chandrashekar Nene of Kingfisher Airlines, and Satish Pendse of Hindustan Construction Company.

The wine and cheese evening served as another wonderful forum for CIOs to meet one another.

A Western Classical ensemble played the perfect foil at the wine-tasting session.

Sourish Bhattacharyya of the Indian Wine Academy anchored the session.

Vol/2 | ISSUE/21

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

Celebrations! The CIO 100 Symposium & Awards Ceremony celebrated the nation's most innovative IT leaders.

full For a IO's g of C listin tive 100 a Innov out the k c e . ch issue x e n t

A group of 10 CIOs with the CIO 100 awards for innovation.

The CIO 100 Awards Ceremony saw India's top technology leaders in the sphere of innovation rub shoulders with one another.

David Hill, president & CEO of IDG International Publishing Services, releases the yearbook, The Innovative 100.

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Comedian Cyrus Broacha emceed the awards ceremony, lighting up the evening with his famed one-liners.

Smart Infrastructure Awards Instituted in association with AMD, the Smart Infrastructure Awards honor organizations that demonstrate exceptional use of network technology to further business objectives.

Alok Ohrie, managing director of AMD, presented the infrastructure awards to...

Sumit Dutta Chowdhury, CIO, Reliance Communications

Jai Menon, director-IT & Innovation, Bharti Airtel

Jyoti Bandopadhyay, VP-IT, Torrent Pharmaceuticals

Pravir Vohra, CTO, ICICI Bank

Laxman K. Badiga, CIO, Wipro Technologies

Storage Awards With EMC2, CIO recognized excellence within specific verticals. The storage awards recognized five companies and their CIOs who have implemented ground-breaking storage solutions to further business objectives.

Manoj Chugh, president (India & SAARC) of EMC, presented the storage awards to...

V.V.R. Babu, group CIO, ITC

Sunil Rawlani, head-IT, HDFC Standard Life Insurance Company

Probir Mitra, sr. general manager-IT, Tata Motors

Sivashankar J., VP & head, Information Systems,Infosys Technologies

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Navin Chadha, CIO, Tata Teleservices

Good Vibrations The awards ceremony was followed by a night of entertainment. As the evening progressed, CIOs left their seats to shake a leg.

Palash Sen led Euphoria, which took center stage and played to encores.

Kalaripayattu artistes showcased one of the oldest existing martial art forms, leaving the audience spellbound.

Getting the evening started with a bang of bhangra.

Vol/2 | ISSUE/21

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

Cover Story | Virtualization

What

Virtualizati o Has in Store

by Gunjan Trivedi

Vol/2 | ISSUE/21

Cover Story.indd 40

torage virtualization, often hailed as the Holy Grail of New Age storage techniques, is not a new technology. Its core concept of disk pooling, based somewhat on IBMâ&#x20AC;&#x2122;s early 1990s concept of System Managed Storage, has been an integral part of mainframes. What has hindered its adoption, especially in India, is its high cost, not to mention a high level of complexity in its deployment. Still, over the last decade, storage virtualization has garnered significant mindshare of Indian CIOs striving hard to find a lasting solution for storage managementrelated problems, especially in a period of rapid business growth. A few years ago, leading enterprises in India such as HDFC Bank and Shopperâ&#x20AC;&#x2122;s Stop decided to test the waters. They have ventured to tap the benefits of storage virtualization, and tame the explosive growth of data. In doing so, they moved away from existing direct attached storage infrastructure and created a consolidated enterprise storage environment of SAN. The technology leaders of the two Indian companies shared with CIO India their experiences, and their assessments of how storage virtualization can help lower TCO and enhance scalability.

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

PhotoS by Srivatsa Shandilya

Indian companies are beginning to tap storage virtualization, hoping its benefits will more than offset the high costs and complexity.

9/14/2007 8:20:31 PM

i on HDFC Bankâ&#x20AC;&#x2122;s IT head C.N. Ram says storage virtualization is worth the risks. Regardless of the storage system in question, data transfer is seamless without needing to know where a disk is located, he says.

Cover Story.indd 41

9/14/2007 8:20:33 PM

Cover Story | Virtualization

ith over 680 branches in more than 220 cities in India, HDFC Bank sees a constant stream of data. A lot of it. But as it gunned over the past 12 years to become India’s top bank, it took on multiple storage solutions including direct attached storage

(DAS), networked attached storage (NAS) and storage area network (SAN). This left the bank with huge islands of data. Navigating these islands turned into a

nightmare at a number of levels. Data was moved at slower speeds across the enterprise and users were unable to perform at optimal levels, both of which began to bog down the bank.

A few years ago, HDFC Bank’s head of IT, C.N. Ram, and his team decided to take the road to storage virtualization. The problem: no other bank in the country had tried it before. With data scattered across silos of storage, Ram and his team soon found that they were spending more time managing and tracking storage space than ensuring IT availability as the organization scaled at phenomenal rates. “We are growing at over 30 percent every year. Our transactions and customer acquisitions are growing at even higher rates. Adding storage space is a continuous process. We have grown from 10TB to 400TB in the last four years,” says Ram. With virtualization, Ram knew he could extend the life of all his storage systems. The enterprise pooled the disk islands of enterprise-class and modular into a large virtualized storage system, hiding slower storage behind faster storage in SAN. This was done to enhance manageability. Yet, he didn’t want to discard older storage to make way for the newer ones. “From the management point of view, we can control, monitor and manage all the disks wherever they are located, from a single console. Irrespective of what kind of storage, we can transfer data seamlessly without having to wonder where a particular disk is located,” says Harish Shetty, senior VP-IT, HDFC Bank.

downtime. Storage virtualization enables HDFC Bank to migrate data seamlessly and ensure high availability at the same time. “I don’t think we ever had our SAN down in the last four years except for some operational outage, when somebody accidentally switched it off,” smiles Ram. With virtualization, Ram and his team were able to better provision storage space for the enterprise, impacting user performance, while saving costs by putting their disks to optimum

Pooling Benefits HDFC Bank saw immediate benefits from its storage virtualization approach. Reclaiming storage space was one of the earlier ones. “We reclaimed 8TB of storage by moving older data from one tier to another. Earlier, the process required taking a backup and moving it to the new disk systems. This meant that applications were down for eight to 12 hours. Now, we can move data without the application knowing that we moved it,” says Shetty. Moving data to different tiers isn’t uncommon in a bank where information is constantly pouring in and disk size needs to be increased. Financial institutions such as HDFC Bank run mission-critical core banking applications that cannot afford extended periods of 42

Cover Story.indd 42

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

“We also decided to get our hands dirty and not just rely on the conceptual knowledge.” — Harish Shetty, senior VP-IT, HDFC Bank

9/14/2007 8:20:35 PM

Cover Story | Virtualization usage hitting three birds with one stone. “We did not go in with the perceived notion of saving so much, but we have achieved a lot. Storage virtualization has paid itself off,” says Ram. Virtualization has also ushered in a good way to use the disk-to-disk-to-tape backup strategy effectively. hanks to virtualization and a host of other technologies, storage “Instead of tying up the main SAN disks in a backup has left its silo. Here are seven storage truths that every IT process, you can make a copy and store it on lower-end person should understand. storage, all in an automated fashion,” says Ram. 1 Y ou might be spending too much money on storage and still not “We have also reduced batch processing time, from getting performance gains. Go for virtualization. something that used to take eight hours to two hours. 2 Application-centric monitoring tools can help boost SAN Typical backup time has also reduced from five hours to performance. one hour. Virtualization has also improved performance 3 Green storage technologies can cut energy bills without sacrificing of our online storage systems, as the report generation performance. that used to take five hours has come down to an hour,” 4 Advanced backup-management tools ease auditing and explains Shetty. compliance. Scaling up on demand is also effectively enabled 5 Storage virtualization appliances can give you a single storage by the virtualized storage subsystem. Virtualization system for both backups and live storage. offers the bank resilience against sudden surges in 6 Lawsuits are a fact of life and sloppy e-discovery can cost you capacity requirement. Last year, for instance, the bank millions. opened 149 branches in a month-and-a-half. “As surges 7 Storage grid standards could put an end to proprietary storage come, that was huge. And as you grow bigger, you have management. a lot more to play with and you need that much more — Beth Schultz resilience to that growth,” says Ram. But it was not like business decided to open all those branches overnight. In addition, surges in volume are not seen immediately after a branch opens, says Ram. Both these first because we wanted to check the vendor’s claims in a nonfactors give IT more time to order extra disk systems. But you can’t production environment,” says Ram. plan everything. “If we need to order for more, typical delivery time is Ram was clear from the start that he wanted his team to be able about six weeks,” says Ram. to absorb the technology well, so that they were fluent in it. He Six weeks is a long time, especially if you’re a bank with over one believes that at the end of the day, virtualization is a software, and crore customers. Thanks to virtualization, HDFC Bank didn’t have plenty can go wrong with software. “You need to try it out multiple to do anything extraordinary with its storage infrastructure. “We times before you’re comfortable. You should to be able to say that were able to absorb it,” says Ram. you expect these kinds of results from these tests, and should figure out whether your expectations were met. We tested and felt more comfortable,” states Ram. Another pitfall, as Ram points out, is incompatibility. “Watch Like having root canal treatment, the benefits of virtualization come out for incompatibility. If you take IBM storage and try to virtualize with a rider: backing out halfway will leave you in a lot of pain. One behind Hitachi software, incompatibility issues might crop up. of the biggest risks of storage virtualization is attempting to wriggle Application compatibility should also be taken into account. With out of a failed implementation. Organizations that want to reverse no industry standards, not everything gets virtualized behind after the abstraction layer is in place should be prepared for plenty everything,” points out Ram. In a virtualized environment, of shovel work. Since, only the virtualization software knows where interoperability is the key enabler. Compatibility applies to the specific data reside on a physical medium, reconstructing logical physical storage controllers, the hosts, their operating systems, disks as conventional contiguous disks can be time-consuming and multirouting software, connectivity hardware and disk systems. resource-intensive. It also spells plenty of downtime, something no Virtualization implemented within a storage controller, for example, enterprise can afford. will not be a problem to host-based compatibility as long as the same HDFC made sure they worked their corners right. “The software virtualizes other storage controllers. On the other hand, switchimplementation was taken up as a step-by-step process. We also based virtualization may not require specific host interoperability. This decided to get our hands dirty and not just rely on the conceptual is in contrast to the network-based virtualization appliances that have knowledge,” says Shetty. to be compatible with all the storage and host devices. The bank decided to mitigate risk by touching the less critical “We use Hitachi storage solutions. There is a specific set of parts of the business first. Backing up parts of the business was up vendor products whose storage can be virtualized, as the SAN first for virtualization. “We saw a lot of benefits from virtualization obviously has to extend beyond just the Hitachi solutions. Hitachi’s in the area of backup. We also decided to test it out in this area

Seven Storage Truths T

Risk Factors

Vol/2 | ISSUE/21

Cover Story.indd 43

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

9/14/2007 8:20:35 PM

Cover Story | Virtualization software needs to understand how the hardware is organized, how it can be addressed, and how it can be integrated with the SAN fabric interconnected by Brocade’s switches.” The worry, of course is vendor lock-in. At the moment, Ram is not worried. “Eventually not everything needs to be virtualized. We still have the strategy of non-virtualized DAS, which exists for a set of particular applications. You need to prioritize what needs to be virtualized,” says Ram. For now HDFC Bank’s core banking application, data warehousing, etcetera are online on a SAN.

However, a number of applications such as reporting, messaging, and e-mail are not online. All in all, Ram says: “Even we were not clear about all the benefits of SAN and storage virtualization. We went in because modular storage was getting difficult to manage. We were running out of DAS very quickly. SAN equipped with virtualization gave us both the performance and cost benefits in addition to ensuring scalability and high availability.” Whether or not they choose to take their storage virtual could determine how agile their companies are.

DFC Bank went in for virtualization to manage the heterogeneous storage environment seamlessly, use its resources optimally and impact

the performance levels of users. For Shopper’s Stop though, the agenda was a tad different on the storage virtualization

front. The retail major already had an in-built virtualized storage environment for its core application JDA, running for the main apparel-retail business unit on the iSeries platform, with its own SAN of 3TB of storage space. However, a prompt business decision to radically scale up IT adoption among its other business units and a surge in the demand of capacity thereof, forced Shopper’s Stop to not only set up another SAN, but also go in for storage virtualization. This put a lot of pressure on the existing storage environment. Shopper’s Stop has run two separate computing platforms: “Every unit we have requires customization, from a business iSeries and Intel. While the iSeries platform running JDA came perspective,” notes Shankar. While the IT organization had with in-built storage and server virtualization, the Intel servers run applications running for a business unit like Shopper’s Stop, it had Oracle Financials, HRMS, E3 (a dynamic inventory replenishment to instill customizations or set up a different instance of the app management application) and certain datamarts on SQL. With the while rolling out a similar DAS environment, its IT app at, say, Crossword, team faced problems while its retail bookstore chain. taking backups, managing This effectively doubled storage and taking care of the overall storage allocation of storage space. requirements. “It is as if, “It was like one core server one day, you are doing was fast running out of hopper’s Stop CTO Arun Gupta’s five commandments for fine by running an app storage space and the storage virtualization: for a business unit, and other had 200-300 GB 1 I f you have a storage environment that is not under pressure, then suddenly a business of space, but we couldn’t do not try virtualization just because it sounds nice. decision comes along to put it to use,” recalls 2 I f you have an extremely complex and heterogeneous roll it out for other business Anil Shankar, head of environment, try to find the common themes and consolidate units. Then, you are stuck technology infrastructure them before going in for virtualization. Do not try to boil the with storage as you can’t at Shopper’s Stop. entire ocean. scale on demand,” says Despite its inherent 3 W hatever capacity you have planned for, double it. If you Shankar. Shopper’s Stop problems, this setup ran anticipate the data growth to be at 800 GB over the next year, buy turned to SAN and storage fine until 2005, when the 1.6TB of storage, so that you are ready for surprises. virtualization for help. management at Shopper’s 4 P lan for a good backup strategy. Consolidation and virtualization It began evaluating Stop decided to bring are wonderful but can fail. Not bundling in a good backup strategy, SAN solutions in radical changes in its is like bungee jumping without knowing if the rope can hold December 2005. “While business units and take your weight. we were evaluating SAN, them to the maturity levels 5 D on’t try to save cost on the initial infrastructure. It could hit you we were sure that we of technology adoption of badly later. It is akin to buying a small car and being stuck with it. needed to move away the main business unit. — G.T.

Dos & Don’ts

Cover Story.indd 44

9/14/2007 8:20:36 PM

from the standalone storage environment because we knew that we would hit the roadblock sooner or later,” says Shankar. “We figured out the exact business requirement and the company’s objectives, and how all of these could be translated into the IT requirements. We had to evaluate the apps that will qualify for the SAN environment, and the others that can easily stay as they are,” he explains. One option for the enterprise to evaluate was to connect the Intel servers to the iSeries platform and use its storage solution as a SAN for the Intel environment. The iSeries is quite robust when it comes to the storage solution. But on comparing the cost to integrate with the cost of other SAN solutions, the storage price per GB seemed extremely high. Therefore, Shopper’s Stop decided to settle with an IP-SAN running on iSCSI. “We had begun with a modest deployment of 4.5TB, but our focus is on the scalability feature of the solution,” says Shankar. The SAN with storage virtualization from NetApp was deployed in August 2006.

Fashionably Fast Growth However, for the organization, the buck did not stop at the deployment of the new storage solutions. The business was just about getting into an overdrive and before the CTO of Shopper’s Stop, Arun Gupta, and his team could have reacted, business grew at a fast clip. At this very point, storage virtualization came to their rescue. “It is good that the business is also growing at a tremendous pace as a three-year projection has been achieved in just a year. We were obviously a little conservative to begin with. Over the period of a year, business suddenly decided to change rapidly. It did create a few surprises for us as the business ran faster than what was anticipated,” says Gupta. “We had already estimated some of the business developments such as Hypercity (the chain of shopping malls) coming up and Crossword migrating to JDA — but, not all. We had a few more surprises,” says Shankar. Though the IT team had marked out a three-year timeframe for the built-in capacity, it was about to exhaust all that in just a year. “Fortunately, we didn’t need to upgrade the number of controllers; we were just going to expand the storage required,” Shankar adds. “It might be a case wherein to put certain features of the solution to use, you may need to wait for a certain time such as six months to have a certain amount of storage space before you start using the feature. Suddenly, the data explodes and you have to put those features to use despite shrinking storage space. This might be something you have not planned for or have sized for,” explains Shankar. Nevertheless, the main objective of Shopper’s Stop to have centralized storage management was to bring down the cost of storage and build a scalable solution. “It had to be scalable to the extent that if we need to increase storage only tomorrow, we can easily do without impacting the business. Or, if we want to increase the levels of fault tolerance, we can easily do so without any extra efforts,” says Shankar.

Vol/2 | ISSUE/21

Cover Story.indd 45

“Virtualization did help in speeding up certain applications as well. The speed at which data transfer happens is substantially better than before.”

— Arun Gupta, CTO, Shopper’s Stop

“We have achieved our goals on many fronts. The pain we used to feel due to the environment we had earlier has lessened,” notes Gupta. At the same time, the IT team has reduced the number of outages it once had in the discrete environment versus what it has today. “Earlier, to increase capacity, we had to shut down the systems to upgrade the capacity. Now, it is done on the fly,” says Gupta. “We can keep assigning and reassigning storage space without creating any downtime. The biggest benefit it has created for the IT team is flexibility. Business sees the infrastructure without any outage now.” Virtualization did help in speeding up certain applications as well. The speed at which data transfer happens is substantially better, according to Gupta, than what it used to be in the earlier environment. Shopper’s Stop recently upgraded its server environment coupled with the deployment of the new SAN ecosystem. “I wouldn’t say that it is the contribution of just the SAN, but a combination of various technologies. But SAN and storage virtualization have undoubtedly played a key role here,” says Gupta. CIO

Senior correspondent Gunjan Trivedi can be reached at gunjan_t@cio.in

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

9/14/2007 8:20:39 PM

M.B.N. Rao, chairman & MD of Canara Bank, feels that effective application of IT yields several benefits to banks, especially in a dynamic and market-driven environment.

Banking Globally

By Balaji Narasimhan Having started in Mangalore as far back as 1906, Canara Bank is among the oldest banking institutions in the country. Known then as the Canara Bank Hindu Permanent Fund, it has come a long way, even developing a global footprint with offices in London, Hong Kong, Shanghai and Dubai, among others. In this interview to CIO India, M.B.N. Rao, chairman and MD of Canara Bank, attributes the smooth alignment of business with global benchmarks to IT. Technology is an enabler, and must be integrated with business to raise the bar, he says.

CIO: Canara Bank was established in 1906. Can you tell us when computerization began here, and what it achieved?

View from the top is a series of interviews with CEOs and other C-level executives about the role of IT in their companies and what they expect from their CIOs.

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

View from the Top Half Page.indd 46

M.B.N. Rao: Our computerization drive dates back to 1985 with the installation of Advanced Ledger Posting Machines (ALPMs), which catered to the needs of our branches. We achieved 100 percent branch computerization in September 2004. All 2,587 branches of the bank are computerized. Our core banking project took off during 2005, and 330 branches have been migrated to the CBS environment that has an integrated voice recording system and offers Internet and mobile banking. With our infotech roadmap, all our branches will be brought under CBS by March 2008.

We have expanded our e-enabled delivery channels with a host of client-friendly features. The bank has 1,275 ATMs that have value-added facilities like airline ticket booking. We have enabled an anywhere banking facility in 1,580 branches. Further, Internet and mobile banking facilities are available in 1,156 branches. We plan to expand to 2,575 branches by March 2008. Today, our IT platform caters to various processes mandated by the government. For instance, the OLTAS (On-Line Tax Accounting System) system has been implemented in 423 branches. A similar package, called EASIEST for Excise & Service Tax administration, is available in 143 branches. We have also put up a Web portal that monitors the finances of the Sarva Shiksha Abhiyan, a government initiative in Andhra Pradesh and Karnataka

Vol/2 | ISSUE/21

9/14/2007 7:30:14 PM

that seeks to universalise elementary education. It will be implemented shortly in Tamil Nadu and Puducherry. Since the prevention of cyber frauds is a challenge, we have set up a cyber lab at Bangalore, in association with NASSCOM and the police department. Primarily, it will facilitate training on cyber laws.

Do you consider IT to be a key differentiator? Yes. Technology is a key differentiator in BFSI. The new generation private banks gained early bird advantages in market share mainly due to their state-of-the-art IT capabilities. It is healthy that banks in the public sector have also chosen progressive IT applications and are reaping benefits in products and processes. Technology has provided an enabling environment in vital functions like customer relationship management, asset liability management, risk management, internal control, customer profitability, cross selling, and R&D activities. Ideally, technology is expected to divert 60-70 percent of branch transactions to alternative delivery modes. This would make transaction costs effective and induce tech-savvy customers to shift to the bank.

The effective application of IT yields several benefits to banks, especially in a dynamic, market-driven environment. Business strategies are now better executed. Computerization has also rendered some manpower surplus, which is an advantage.

Vol/2 | ISSUE/21

View from the Top Half Page.indd 47

M.B.N. Rao expects I.T. to: Cater to mandated government business

P hoto by Srivatsa Shandilya

Between 2005 and 2006 staff numbers dipped, but your deposits grew by Rs 20,007 crore. How much do you credit IT for this?

Fight cyber fraud Enable efficient customer service

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

9/14/2007 7:30:20 PM

View from the Top

Today, Canara Bank has an outfit for marketing and customer relationship management to counter competitive pressure and get a greater share in the increased market pie. Computerization also enhances intermediation efficiency through convergence in service processes and delivery channels. Many of the lead players recognize these and prefer to effectively integrate their business and IT plans.

How do you see IT enabling your core business and expanding it? IT enables quick, timely and efficient customer service on a 24x7 basis anywhere. Banking is becoming a volumes game, given the continued pressure on margins. Accuracy, speed and consistency are some of ITâ&#x20AC;&#x2122;s important advantages. IT will have a multiplier effect on business volumes. Offsite, multi-purpose ATMs are examples of e-enabled growth. They also hive off pressure at the branch and facilitate further business development initiatives at branches. This will give the organization an edge in improving existing business, garner additional business, and increase business per employee. The prompt renewal of deposits on due dates, timely interest application, ATM cards with versatile features, Internet and mobile banking will all have a favorable effect on core business volumes.

How much are you investing in IT in 2007-08? For 2007-08, we have earmarked over Rs. 250 crore under capital budget for various IT related activities. This roughly works out to about 0.1 percent of our turnover.

What are some of CanBank Computer Services more recent initiatives? CanBank Computer Services (a subsidiary of Canara Bank started by a consortium of six 48

s e p te m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

View from the Top Half Page.indd 48

Is your CIO involved with providing strategic direction to the organization?

â&#x20AC;&#x153;Banking is becoming a volumes game, with the continued pressure on margins. IT will have a multiplier effect on business volumes.â&#x20AC;? banks in 1994 to provide various services to the financial sector) is presently involved in several projects. This includes the development of packages for the Debt Recovery Tribunal (which was started by the Government of India for the expeditious adjudication and recovery of debts due to banks and financial institutions), the convergence of an integrated housing finance package with a centralized solution, Web-based inventory management, and SMS software.

Has open source made inroads into the bank? We are using Linux for our total branch computerization software called Integrated Branch Banking Software. On the whole, there is evidence of enhanced performance of the software with reduced instances of node hanging and data corruption. Nearly 540 branches of the bank are working with Linux. The use of open source in banking activities is good. It could, however, be put to better use.

The CIO plays a catalytic role in the growth and structural transformation of the organization. It is commonly observed that technology is an enabler. But it is not so commonly realized that technology needs to be integrated with business to raise the bar, to attain global benchmarks and to drive profits. In all these, the CIO provides crucial inputs in transforming the face of the organization in conformity with emerging needs and the revolution of rising expectations.

Going forward, how do you expect IT to drive your business? Effective IT absorption, as a key differentiator, brings a host of benefits including a reduction in transaction costs and the introduction of new e-enabled products and services. We have recently launched a comprehensive CRM project. Our current initiatives focus on introducing mobile ATMs, biometric ATMs, and e-kiosks in rural areas. We have already made several moves in the realm of total financial inclusion, and they are going to be driven by IT for deeper and a more cost-effective outreach to the un-banked and under-banked segments. Also, we are shortly launching an online trading facility. In software development, we have taken initiatives in key areas like lending automation processing system, anti-money laundering and Basel II implementation. Moreover, we have developed an in-house package for handling the activities of a service unit, which is the nerve center for inter- and intra-bank clearing transactions. Such technological initiatives are expected to enhance the business of the bank in both qualitative and quantitative terms. CIO

Special correspondent Balaji Narasimhan can be reached at balaji_n@cio.in

Vol/2 | ISSUE/21

9/14/2007 7:30:28 PM

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

Emerging Technologies

Reader ROI:

Why the red light Web is a nexus for innovation New Internet technologies Innovations in mobile content delivery and digital rights management

Feature - 01.indd 50

9/14/2007 7:33:00 PM

By Ben Worthen

wo former advertising men started their own Web design company, Cubik Media, in the mid-1990s. One of their first clients was Eidos Entertainment, the company that makes the Tomb Raider video game. Part of the campaign used streaming video, but the new technology was not ready for prime time and almost no one had the high-speed connections necessary to view the content. But Valenti and Lindberg saw potential. On a whim, they started Nakedsword.com, an adult site for gay men, figuring that online video would save a potentially embarrassing trip to the video store. “We built some password-protected areas and threw up some videos, mainly as an experiment,” says Lindberg, Cubik’s CTO. Then something unexpected happened: “People started Vol/2 | ISSUE/21

Feature - 01.indd 51

buying it left and right.” Almost overnight, Nakedsword.com became 90 percent of Cubik’s business. In the years since, Cubik has continued to innovate with online video. It was among the first to use Flash for streaming video, build digital rights management capability into its movies and use peerto-peer networks for distribution. Most recently, Cubik is integrating a cutting-edge digital fingerprinting system that can spot copyrighted material posted by users on one of its sites, an adult version of YouTube. The system works by turning the sound waves from a movie’s audio track into an image. Every time a user uploads a clip, the system makes a graph of the new audio and compares it to the graphs in its database. If the clip a user is trying to post matches a copyrighted one, Cubik takes it down. REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

Illustration by Binesh Sreedharan

Rarely acknowledged by the mainstream, adult and gaming sites collect a healthy percentage of Web traffic and account for a good deal of innovation too.

9/14/2007 7:33:02 PM

Emerging Technologies “It’s pretty amazing,” says Lindberg. “There are lots of companies out there trying to solve this problem, but we actually have something that works.”

On the Cutting Edge Red light sites probably aren’t places CIOs normally would look to find innovative IT. But the sex and gambling industries have always been at the forefront of technological innovation. During World War II, the illegal telephone network that bookies developed was more reliable than the one the War Department used, says Harold Layer, professor emeritus at San Francisco State University. And the pornography industry has helped select technology winners and losers for ages. In the 1980s, for example, demand for adult material gave VCR makers the economies of scale they needed to make their devices affordable, says Jonathan Coopersmith, a professor of technology history at Texas A&M University.

But past innovations pale, in comparison to the rate at which the gambling and adult industries are blazing new ground on the Internet. Over and over again, the Web’s red light district has either pioneered or adopted a technology before the mainstream. The first customers of Duocash, a now-defunct anonymous payment system that allowed customers to pay for online services with prepaid phone cards, were gambling sites. A random sampling of 400,000 queries on the early peer-to-peer file sharing network Gnutella in 2003, found that 42 percent were looking for porn (compared to only 38 percent looking for music). And content delivery for mobile devices is now dominated by the adult and casino industries to such an extent that 3G, the high-speed mobile communication network, ought to stand for girls, games and gambling. Today, adult websites make up 12 percent of the Internet, according to Top Ten Reviews. These sites attract 72 million

Red Lights,Big Names Under any light, money is still green. A naive view would be to dismiss the Web’s red light district as composed solely of sleazy people and websites with ridiculous names. But if you scratch the surface, says Frederick Lane, author of Obscene Profits: The Entrepreneurs of Pornography in the Cyber Age, you’ll find some extremely famous, well-known and established enterprises. Major hotel chains such as Marriott and Holiday Inn profit to the tune of about Rs 760 crore a year on the sale of adult movies, according to a report by Citizens for Responsibility and Ethics in Washington (CREW), a government watch-dog group. About 90 percent of this revenue goes straight to the bottom line. According to CREW, major cable companies such as Comcast and Time Warner also make hundreds of millions a year selling pay-per-view pornography. And telephone companies earn close to Rs 2,000 crore every year from phone sex. In the United Kingdom, Rs 164,000 crore Vodafone, one of the world’s largest mobile telecom companies, has been frank about its decision to carry and process payments for pornography sent to mobile phones. Even good old General Motors was in the adult movie business (through its Direct TV subsidiary) until it sold that unit in December 2003. Technology companies in the Internet world are also involved with pornography by helping to maintain the networks and channels by which it’s delivered. Of course, those companies have a good excuse for not calling attention to their role. “On the Internet,” puns Lane, “all bits are naked.” —B.W.

unique visitors a month (more than 28,000 people are viewing Internet pornography at any given second) and the sex sites’ annual sales approach Rs 20,000 crore, higher than the combined revenues of the ABC, CBS and NBC television networks. (Coopersmith warns that people should take numbers measuring the size of the adult industry with a grain of salt. “It’s like sex in general,” he says. “People exaggerate.”) Meanwhile, the online gambling industry has made its sites incredibly sticky. According to Nielsen/NetRatings, visitors to the top gambling sites spend an average of 13 hours a month at the sites. The worldwide average for all sites is just 28 minutes. There are several reasons why the red light Web embraces innovation. Its target audience — males, 18 to 50 — is a demographic that gravitates to new technology. Good technology is also a business necessity. “Gambling and adult companies have been forced to be innovative by constant attempts to legislate them away,” say Lawrence Walters, a First Amendment lawyer at the firm Weston, Garrou, DeWitt & Walters. In fact, the US government passed a law, late last year, that makes it illegal for Americans to spend money at online casinos, a move that devastated the industry. The risk of prosecution has also kept gambling and adult sites from growing into large corporate entities. (See ‘Red Lights, Big Names’) “As a result they’ve tended to remain small and entrepreneurial,” Walters says. Technology is also one of the few ways that sites can differentiate themselves. “We have to compete with free porn,” says James Cybert, director of IT for Hotmovies. com. “What makes us competitive is being virus-free and the consumer experience. If you aren’t able to keep up with the technology you’ll be beat over the head.” Or as Calvin Ayre, founder of the online gambling site Bodog.com, says, “Technology is our lifeblood."

Red Light Technologies So, what are the latest technologies developed or perfected on the red light Web that will eventually make their way into the mainstream? These are some of the technologies that they are looking at.

Vol/2 | ISSUE/21

Feature - 01.indd 52

9/14/2007 7:33:02 PM

IPTV; MPEG-4; Smart Search Scott Piper, CIO of New Frontier Media (one of the few publicly traded adult companies), is keeping an eye on IPTV — television delivered over the Internet. Over the next five years, he predicts that the distinction between televisions and computers will disappear. There are three models for how this could happen: set-top boxes that connect to the Internet (with the user experience controlled by a cable company); computer monitors in the living room that run media software (Piper says that Vista may finally make this viable); and appliances that forward computer content to a television, like the new Apple TV. Of course, IPTV content won’t appear on the Internet by itself. That will put CIOs in the TV business. “IPTV will blur the line between the data center and the broadcast center,” says Piper. To make your data available to these new IPTV consumers, CIOs will have to digitally encode everything. Most of the major film studios are just beginning that process; New Frontier began digitizing its movies five years ago. One of the technologies New Frontier is using for this is MPEG-4, an emerging compression standard. Videos compressed with MPEG-4 take less space to store and less bandwidth to deliver. MPEG-4 also has built-in digital rights management capability. But compressing and posting content is the easy part. With every program available at any moment, how will users find programs? Piper believes that search will be the killer app of IPTV. To that end, New Frontier is obsessive about metadata, watching every frame of every video it digitizes and recording as many attributes as it can. Customers can use these metadata tags to refine their searches until they find precisely what they’re looking for. (For example, if you have a thing for blondes on the beach, a search on New Frontier’s adult website Ten.com for ‘clothingaccessories-sunglasses’, combined with ‘setting-outdoors-beach’, and ‘physicalhair-blonde’, returns two 15-minute clips, the fourth scene from Lock, Stock and Two Smoking Bimbos 2, and the first scene from Pick Up Lines 82.)

Vol/2 | ISSUE/21

Feature - 01.indd 53

Cubik CTO Greg Lindberg: "If someone is conservative, they're never going to get into this business in the first place."

IPTV will require this kind of search on steroids. “There will be so much choice that the average consumer will be frustrated without concise recommendations,” says Piper. New Frontier is experimenting with a search that combines what people are looking for with information about past preferences. “This will not only be a great up-sell vehicle but also an avenue by which we can broaden people’s tastes,” Piper says.

Mobile Content Delivery One of the biggest areas of growth in the adult space is delivering content to mobile phones. There are more than three times as many mobile phones in the world as there are computers. Plus, people always have their phones with them. And that’s important. “By its very nature, arousal is impulsive,” says Julia Dimambro, managing director of Barcelona-based Cherrysauce, which delivers adult material to mobile phones. “Mobile brings immediate gratification. With the Internet, you have to wait until you get home.” Dimambro points out that what works on television and the Internet won’t necessarily work on the phone’s small screen. For starters, the screen dimensions are different, which means existing video form factors, as well as other content, have

to be reconfigured to fit or be specifically conceived with the mobile phone in mind. One type of mobile promotion meeting with some success is ‘bluecasting’. For example, an advertiser will have a billboard in Heathrow Airport that says that anyone interested in learning about a particular product (say a Range Rover SUV) should turn on their phone’s Bluetooth capability. The billboard then detects the phone and sends it an advertisement or promotion for the product. One of the services that Cherrysauce is experimenting with is putting plasma screen TVs in pubs. The screen shows a picture of a sexy woman and then prompts viewers to switch on the Bluetooth on their handset. This then allows the ‘bluejacking’ box at the side of the TV screen to send content directly to the handset. Another marketing initiative places advertisements on TV or in print and asks viewers to send a text message to a special short code number, like 12345, if they want to see more. If they do, a link to download the content is returned to their handset via SMS or WAP message, sometimes with a charge attached. This is a process called premium SMS, and it’s a way of giving customers access to the mobile Web without requiring them to type in complicated URLs. Each short code number is registered with the REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

9/14/2007 7:33:14 PM

Emerging Technologies mobile service providers. “If the user sends his text message to an adult short code, he is checked automatically to see if he has age-verified with his network,” such as Rs 164,000 crore British mobile giant Vodafone, explains Dimambro. “If not, he is sent to the age verification service in order to access the content.”

New Programming Languages

with the user, and gambling and adult sites have managed to personalize the user experience to an impressive degree. “Over the last few years we’ve seen our design team evolve into a user experience department,” says Ayre. This group takes into account everything from color theory to informational hierarchies. For example, one of the first things Bodog learned when it launched the latest version of its site was that people don’t like red poker tables. So, the company came up with a tool that lets users choose the color they want their table to be.At Hotmovies.com, IT Director Cybert has built a drag-and-drop tool that lets his customers compile scenes or parts of scenes from their favorite videos. So far, customers have made 4,800 compilation movies consisting of more than 350,000 clips. And not only does the compilation function allow users to create their own highly personalized experience, it gives Hotmovies data on the kind of videos each user is looking for. “You have to understand your audience and give them what they want,” says Cybert.

Cubik Media uses geotargeting, a technique that locates people based on their IP addresses, to tailor the user experience. At its most basic, geocoding allows Cubik to display the site in the user’s native language. But it also presents a chance to localize the site. “Someone from Japan wants to see Asian girls,” says Lindberg. “People want an experience that feels like their culture.”

Red Lights, Best Practices

The user experience is central to the success of any site. And so, red light sites are trying to find the latest and best programming Historically, gambling and adult sites have languages in order to improve the way been more willing than their mainstream their sites look and feel. counterparts to work with startup “Java is really robust,” says Bodog vendors. “They’re much more willing founder Ayre. “But it’s a pretty expensive to fund new technology,” says Hassan development platform. We’re starting to Kotob, CEO of North Plains Systems, a see the emergence of a new wave of Webdigital asset management vendor. “We’re savvy languages.” The one he likes the best looking for solutions that will allow us right now is Ruby on Rails, an open-source to improve by large margins,” says New language that was designed to facilitate Frontier CIO Piper. “We won’t buy faster the development of Web applications with storage arrays if they only give us 10 database back ends. “There’s nothing that percent improvements. We’re looking for Rails lets us do that we can’t do with other 50 percent or greater.” Examples of new tools,” says Ayre, “but Rails holds technologies that New Frontier the promise of doing it faster, and has invested in are high-speed the more productive our product network storage that allows development teams are, the more the company to stop writing features we can deliver.” to tape because speed went up Bodog is also moving away by a factor of 10, and backup from Java toward Flash for systems that don’t take a storage online games such as poker. array offline, while the backup Building the games with Flash is running. Technologies spawned or matured in means that users can play them Another red light best the Web’s red light district. without having to download practice is to look for vendors anything. “Downloading is that use open source. Since sites an entry barrier that Flash are open 24/7, late-night hours Streaming video. YouTube made it famous; adult movies eliminates,” says Ayre. “We are extremely profitable. The red made it economically viable. know that given a choice, most light Web has all the hallmarks Videoconferencing. Businesspeople increasingly use online players will choose a Flash of a new technology incubator. chat and embedded video rather than conducting face-toversion of a game versus a It has a technology-savvy target face meetings. Before that, it was used to communicate downloadable one.” And now audience. In other words, the with Live! Girls! Now! Flash is robust enough that red light Web is a place where Digital rights management.Through their disregard for Bodog can build sophisticated CIOs might be able to learn intellectual property rights, adult sites helped spur the games with it. something. And that may justify music and film industries to apply DRM to their online an occasional trip . . . you know, content. for the technology. CIO E-commerce.The content on adult sites was so compelling (to some), it helped people overcome their fear of using a There are so many different red credit card online, according to Frederick Lane, author of light sites competing for dollars Obscene Profits: The Entrepreneurs of Pornography in the and eyeballs that the only way to Cyber Age. Send feedback on this feature to succeed is to build a relationship -B.W. editor@cio.in

A History of Innovation

Personalization and Customization

Feature - 01.indd 54

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Vol/2 | ISSUE/21

9/14/2007 7:33:14 PM

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

By Scott Berinato

Feature - 02.indd 56

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

Vol/2 | ISSUE/21

IT Scams

The facts and the scams are real. The CIO? Not so much. But here’s how organized crime uses technology to make money.

eople call me a lot of things. Nobody would ever call me a CIO, but after reading CIO magazine a little bit, I guess that’s basically what I am. Maybe I’m a little younger than you. A little more techy. I know my routers and code. Most of the guys I work with don’t like computers. They get frustrated. Lots of times they want to shoot their computers, like that guy in Colorado did. I printed out that story and gave it to one of my guys. He loved it, especially the part where the guy hung the dead computer on the wall of his bar. “I love this Colorado guy,” he said. And he passed it around to all the guys. “You have to read this story MIT gave me.” Yeah, they call me MIT, like, “Let’s ask MIT if we can set up an online account” or “Maybe MIT can make a website for that.” A website for what? For making money, what else? Isn’t that why anyone sets up a website? Yeah, I deal with the same stuff you do. Same headaches. I’m constantly fixing stuff and trying to do whatever helps the bosses grow the business, as you call it. Bosses. They are the worst, right?

Illust rat ion by pc an oop

The Penny Stock Scam We’re in a real boom right now. Credit cards. Gambling. You heard about that stock deal? The one that uses that new kind of spam? Image spam? This is an old-fashioned pump-and-dump scam but with a cool techno twist. This wasn’t mine, but I know a guy who knows the guy who set it up. Here’s how he worked it. First, he rented a botnet. That was for e-mail distribution. He pays, I don’t know, say $50Gs (Rs 20 lakh) for a month, turns around and promises the bot-herder a taste in exchange for that month’s usage and some guaranteed

Vol/2 | ISSUE/21

Feature - 02.indd 57

uptime. You know, he says, deliver me 10 million e-mail messages and I’ll guarantee you some back-end cash. So the bot-herder knows a kid who wrote this absolutely killer image spam application that creates the e-mail messages. Pays him a flat fee. I mean, the kid could’ve asked for a lot more, but a lot of these programmers are pretty young and dumb. You wave some cash and they think, "Flat-screen TV!" Anyway, he tells the kid to make the program create advertisements for pink-slip stocks, those unlisted ones that trade for pennies. It all gets done in 15 minutes after they get some of the basic wording down. So then, this guy sets up offshore accounts online (in Brazil, I think) to collect the investments. His guys all buy something like 10,000 shares at 30 cents per. Then the botnet goes to work. Starts mass mailing the ads for the stocks. And the beauty is those little messages get by all the spam filters because the filters are looking for text, but with the image spam all the filters see is a million different images, each one unique, even though they all say the same thing: buy this stock. Genius. Finally, enough people invest to drive up the price. Eighty cents a share. A buck. Two. Eventually, our guys sell, make a nice chunk of change, the stock tanks and the suckers who got in on Reader ROI: the e-mail tip lose their shirts. Like I said, a How organized crime classic pump-and-dump, but back in the day operates it was a lot harder to do. It required a lot of How the Internet makes legwork, relationships with reporters and crime easier and more brokers. Compared to that, this is nothing. profitable I know what you’re thinking: who believes Image spam and an anonymous e-mail that says such-andother new criminal technologies such company you’ve never heard of is at a REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

9/17/2007 11:35:01 AM

IT Scams quarter a share now but is heading to five bucks? Hey, I don’t know, but you send out 10 million messages, you get 1,000 to invest, that’s only, what? A hundredth of a percent? I’d say the sucker population is a lot bigger than that. It was a great little business. One of those stocks hit six bucks! But then the feds sniffed it out and suspended trading on those penny stocks in March. Maybe, when things cool off, it’ll pick up again. By that time, the spam filters will probably have adjusted and we’ll have to go back to the programmers for their latest bots.

everyone wanT Ids—JuST noT TheIr own The big money is in credentials. Look, the world runs on credit, and what you need to get credit are personal credentials. That’s what everyone is after right now. And that’s where a lot of our investments are: credentials for lines of credit. That TJX thing last January? No, not me. But let’s say I had beers with someone who might have worked on that job. It sounds like the heist of the century, right? What, 40

too. Dumpster diving for paper records and credit card statements. Paying off the custodial staff. This stuff is as old as time; computers just make it easier.) After gaining access, it’s time to invest in anti-forensics. Look, I don’t care if they can see what I did as long as they can’t see it was me that done it. We have this saying here about anti-forensics: make it hard for them to find you and impossible for them to prove they found you. We’ve got a whole bunch of software that allows us to cover our tracks and keep us basically invisible while we’re inside someone’s system. What’s great is a lot of anti-forensic tools are free. They’re all over the Internet. We buy others, like encryption programs and data wipers like Evidence Eliminator. This guy I had beers with says a few guys are even experimenting with ways to make other guys look guilty. You know, set someone up, send the cops down the wrong path. At that point, you install a little program that collects the credentials. Sometimes we use ’em; most of the time we sell ’em. We’ve been working on a subscription service. You pay for access to credentials for a certain period of time. We can get Rs 40,000 a month or more for a subscription pretty easy. That adds up. But what we’ve run into — a big problem — is that lots of guys get their hands on this information and just start buying stupid stuff. They have no discipline. Look at TJX. Those guys got busted for using the credentials they lifted to buy gift cards for, what, like $20Gs or something? I mean, you buy a Rs 800,000 gift card, someone’s going to notice. So don’t do Visa’s job for them. All it takes is one jerk who gets some credit and buys a Bentley to take down an entire business. Find guys who can wait to use the credentials and then, when they do, use them in a way that looks normal.

We’ve got a whole bunch of software that allows us to cover our tracks and keep us basically invisible while we’re inside someone’s system. million personal records? But really it’s pretty basic stuff. If you want to get into the credentials market, you do three things: one, get inside access to someone who stores lots of personal data. Retail is great for that. Think about how many cards are swiped every second at those places. Two, invest in anti-forensics, because once you’re in, you want to stay invisible until you’re done. Three, after you got the credentials, behave. I’ll explain that one in a minute. The papers say the wiseguys got into TJX, they got employee IDs by intercepting wireless data flowing between cash registers, handheld price-checking devices and such. Maybe. But this is how I’d do it. Inside access. That’s easy. You spread some USB keys around. People see them and go, "Cool, free dongle!" Only when they plug them in, a little program installs some bots or keyloggers onto their machine. From there, you root around until you get deeper into the network. (There are other ways 58

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

oTher PeoPle gamBle; we don’T Right now, we’re setting up a service out of Costa Rica. It’s a — how do I put it? — it’s a high-risk, high-return investment service for sports fans. So how do I set up something like that? Like any project, with a lot of legwork. I’ve got to get my guy in Costa Rica to set up the back-end servers. Costa Rica’s great because everything’s available right in one building. I call my guy and say, “It’s MIT. I need some stuff.” He just walks down the hall to the ISP, gets servers and backups, and then goes upstairs to the Web developers. It’s out-of-the-box, like calling up IBM Global Services or something. There’s even a little online payment service outfit down there. We like it better than the big ones

Vol/2 | ISSUE/21

IT Scams up here because those guys, they’re send over the Internet is scrambled better with international currency through different routes and hops Out-numbERED and security. all over the world, completely After we get all that going, anonymous and untraceable. And we’ve got to do all the testing. I’m everything, I mean everything, is telling you, it’s really not much encrypted. Say someone stole the different than those e-commerce servers we keep here at the home projects I read about in CIO. We office. My guy designed it so that do the same due diligence. Same really only two people can access troubleshooting. Same thing with the data: me and him. We have the bosses yelling, “MIT, you got that private keys and no one else does. site up yet? Super Bowl’s in a few Not even the boss. weeks. Site’s gotta be up for that!” They ask for some ROI up front, by the way. It’s a little more The guys I keep, or keep on a kind informal than the way most of your of retainer, are the ones that show readers do it. They’ll ask, “Ballpark, me something extra. We had one what do we gotta spend?” I give guy who came to us selling a great them a number. They say, “What new way to set up temporary can we clear in an average month?” international cell phone accounts, I give them another number. I’m using credentials bought in the not making these up either. I ask identity market. We bought some around. I mean, that’s cost-benefit and were so impressed we decided analysis right there, right? to get into business with him. He Anyway, once that site’s up and set up the phones; we handled running it’ll be a nice little business…for the overseas distribution. I asked the guy what else he was working on. market, of course. He flips his laptop around and shows me his own website where he’s auctioning off credit credentials to the highest bidder. Slick. I said to him, “You could be our R&D.” He said, “Cool.” And that was that. I invest in top-notch security because, believe me, gaming Compared to you guys, I’m pretty lucky with talent. My sites are constantly dealing with extortion. Criminals. guys are way ahead on the technology. They work hard. Not a day goes by when a site doesn’t have some Russian They’re innovative and entrepreneurial. I think they’re hacker launching a DDoS attack, asking for cash to call it some of the most talented IT staff around. off. We encrypt everything, and we’ve got pretty severe authentication for access. We don’t outsource or contract the security. We keep it in-house. I pay my security guy well. I’d say about 25 to 30 percent above what you’d pay. Met him at the Black Hat conference in Vegas a couple Actually, there is one way you and I are different. I read of years ago. I liked him right away because he wasn’t all those stories in CIO about how hard you have to work presenting or bragging about what a hotshot he was. He to align technology with the business’s goals. That’s one was in the back, taking notes, trying to learn. Quiet. I knew problem I don’t have. My bosses don’t let me spend a dime right away he’d fit in. on anything that’s not going to make them money. I don’t I’ve also tasked him with internal security. Basically, his get play money to buy technology that doesn’t work. I don’t job is chief privacy officer for a bunch of guys who really have vendors paying the freight to conferences at swank value privacy. All this technology — phones, the Internet resorts to convince me to invest in something that’s half— it’s all great for making money, but the problem is, developed and overhyped. I never use jargon. I spend zero everything gets logged. My security guy has written and time doing PowerPoints. used lots of anti-forensic tools to erase those logs, and I’m Speculation? That’s not part of our business model. So comfortable telling my boss we have better privacy than the maybe, I don’t get the newest gadgets all the time but, man, big banks. My security guy knows how to disable the GPS in I am aligned. With the business. With the bosses. There’s our cell phones. He’s building some routing programs, sort really no other choice, you know? CIO of like that Onion Router project that, like it says on their website, 'prevents the transport medium from knowing scott berinato is executive editor for CsO. send feedback on this feature who is communicating with whom,' so that anything we to editor@cio.in

26,000 the number of phishing attacks worldwide in 2007, compared to 15,000 last year. it is expected to increase.

my kInd of guyS

even crookS need SecurITy

BuSIneSS-Technology alIgnmenT among ThIeveS

Vol/2 | ISSUE/21

Feature - 02.indd 59

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

Photo by SrivatSa Shandilya

imagin g by bin eSh Sreedharan

Anurag Jain, it secretary of Madhya Pradesh, says the e-governance initiatives of the state focus on citizens by interacting with prospective beneficiaries, and ensuring that developers put themselves in the shoes of the users.

Setting

Citizensâ&#x20AC;&#x2122; Charter

Interview | Anurag Jain

By Balaji NarasimhaN

Anurag Jain, IT secretary for Madhya Pradesh also doubles as the chief ministerâ&#x20AC;&#x2122;s secretary. This gives him a distinct advantage â&#x20AC;&#x201D; he is able to use his proximity to the CM to push IT projects. But this, he has learnt, only solves one part of the equation. Change management, pushing IT projects toward financial viability, and meeting citizen expectations are still challenges he has to face. In squaring his shoulders to these tests, he has made some interesting observations about e-governance and created his own set of milestones.

CIO: Technology, change management, and funding are three issues in e-governance, according to your website. How is Madhya Pradesh handling these? AnurAg JAIn : Regarding technology, we have decent infrastructure in place. For example, we have almost 23,000 km of fiber optic cable in the state. Under the National e-Governance Plan (NeGP), we already have several projects in place. By March 2008, we should be through with three basic infrastructure projects. To ease change management, we emphasize a lot on training. We are creating what we call champions of e-governance and we are training one officer in each department. This is a high-end training program that takes 12 weeks and costs around Rs 4.5 lakh for training each person. At the moment, 12 officers from 12 departments are being trained. Even elected representatives can take part in the training process and, fortunately for us, almost 20 MLAs have opted to be trained. With regard to funding, a lot of it is coming from the NeGP, so we donâ&#x20AC;&#x2122;t face major problems there. In addition, we have mandated that every department earmark 3 percent of its funds for e-governance. We are also getting a lot of funding under the BOOT (build, own, operate, transfer) model.

Interview | Anurag Jain Does being secretary to the CM help in getting buy-in for IT projects from the top more easily?

Definitely. I have easy access to the chief minister and other decision-making authorities. For instance, I remember a particular document that was pending for a long time with various departments. When I took over, I heard that the file had not been cleared for more than a month. Therefore, I called up the principal secretary and he told me to come over for a discussion. All the issues were sorted out in just an hour. What has been your experience in convincing users about the advantages of e-governance?

In certain cases, it has been very easy, although the same cannot be said about others. For instance, take a program I initiated called ‘Samadhan Ek Diwas’, which is a G2C project. When the project had been in operation for around four months, I noticed that one-third of the districts had done exceedingly well, one-third of the districts had done reasonably well, and among the remaining one-third, a couple of districts had not even started. This is something you will find in every sector. This is a basic human tendency. I call it a golden rule of 20/60/20 whereby 20 percent is outstanding, 60 percent will be average and the remaining 20 percent will be the hard nuts to crack. Madhya Pradesh wants to make governance SMART (Simple, Moral, Accountable, Responsive and Transparent). How far has this objective been achieved?

We are still working at it. It is something that you

can never really achieve. Because, the moment you are satisfied with what you have done, you will stop and never progress. We have done a good deal of computerization as a part of our e-governance push, but we still have a long way to go. One of the government’s aims is to ensure that at least 25 percent of its services are delivered electronically within five years. How do you propose to achieve this?

It is very hard to quantify initiative as a percentage. So, we have adopted different strategies. But there is one principle we stand by: if a citizen has his documents in place, they should be able to be serviced in one day. We are working on a few fronts. These include using a smart card in the transport sector, online payments to the treasury through a payment gateway, the use of e-tendering, among others. Things are moving forward. Many of our services have been computerized. But it is difficult to talk in terms of percentages until the parameters for evaluation are set. Worldwide, experts say that e-governance projects fail because governments generally fail to consider issues relevant to their citizens. How have you addressed this?

Most of the projects that we are working on right now focus considerably on the end user. I keep telling the developers to put themselves in the shoes of the users of the system. We also speak to the prospective beneficiaries

E-governance is a chance to study processes — some that have been around for almost 50 years. Removing these redundant processes and computerizing increases transparency.”

Interview | Anurag Jain of a project before implementing it. For instance, with reference to a project we initiated called ‘Parak’, we monitored all 52,000 villages in the state with a feedback form that has around 24 questions pertaining to 12 departments. Every month, data is collected from these villages about various problems they face, like a hand pump that is not working or lack of electricity, etcetera. The data is tabulated and every month, the chief secretary reviews progress via videoconferencing. Thanks to this system, we have a good grasp of what is happening with respect to the basic delivery of services. It is a very useful management tool. This project succeeded because we thought of it from the citizens’ point of view. Can you tell us how else videoconferencing helps the government tackle the problems of citizens?

SNAPSHOT Madhya Pradesh

MAjOR PROjECTS:

Samadhan online Samadhan ek diwas gyandoot e-Krishi vipnan Parak BuDGET ALLOCATION:

Five or six years ago, when I was the collector of Bhopal, I started a similar project under the same name. We felt it would be more financially viable in Bhopal. It was a private initiative and we called for a JV partner. If I recall correctly, they started around 30 kiosks. Now, only eight or 10 are functioning, and only because of the entrepreneurship of the people who set up these kiosks. We are rectifying this with ‘Samadhan Ek Diwas,’ which is basically a reincarnation of Gyandoot. ‘Samadhan Ek Diwas’ has a smaller number of kiosks, so it is relatively easier to monitor.

3 percent

FIBER OPTIC CABLE IN THE STATE:

23,000 km TRAINING:

12 departments

India has 23,000 schools that have no teachers and three percent of schools don’t have a single student. Can you talk about Madhya Pradesh’s initiative to use computers in high schools and colleges?

Well, if three percent of schools don’t have 12 weeks even a single student, then you shouldn’t We initiated a project called ‘Samadhan COST OF TRAINING/ even call it a school! But if a school doesn’t Online’ for grievance redressal. This project PERSON: have a teacher, then the state has to step relies heavily on videoconferencing. Under rs 4.5 lakh in. In Madhya Pradesh, we have been very this project, we pick up between 15 and 20 GRIEvANCE proactive in this area. For example, last complaints at the CM secretariat level. Then, REDRESSAL: year, we recruited 50,000 teachers. In we link the CM and the district collector — 52,000 villages covered every school, we have at least two teachers. the complainant accompanies one of the two We have 82,000 primary schools, and for — via videoconference. All these complaints the last 4,000 schools, buildings are under are passed on to the authorities concerned at construction. We have 28,000 middle schools and noon, and they are expected to be ready with answers by 7,000 buildings, which are under construction, will be around 4 PM. This is done on the first Tuesday of every complete by March 2008. We are also opening 900 new month. Since the CM is personally involved, complaints schools this year. We are working simultaneously, not are usually redressed the same day. Often, a collector has sequentially. And while we are putting up buildings, we already solved the problem by 4 PM. don’t have to wait until every building comes up before we introduce computers. Has e-governance ever been impeded by state or TRAINING TIME:

central laws? How have you handled this?

After the IT Act and changes to the Criminal Procedure Code, I think that these issues have been resolved. But there are still other issues that need to be resolved, like e-crimes. We are working at the state level to address some of these issues. One of your projects, Gyandoot, was awarded the Stockholm Challenge IT Award in 2000. What is the current status of the project?

Gyandoot was a very good initiative, but it didn’t have enough support. While the project delivered good services, it was not financially viable. Like all projects, the success of e-governance projects too are governed by market forces and anything that is not financially viable won’t last. Today, only around 30 percent of the original kiosks are running.

vol/2 | i SSU e/21

What is your experience with process reengineering in the government?

This is a crucial issue for us. If e-governance is to be successful, you have to take a really close look at processes. E-governance is an opportunity for us to study processes, which have been around for around 50 years. When you do this, you realize that there are a lot of processes that are redundant and can be reengineered. When you remove these redundant processes and computerize, the system’s transparency goes up. CIO

special correspondent balaji Narasimhan can be reached at balaji_n@cio.in

REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

Essential

technology Hint: the answer is not always Google. CIOs share their hard-earned lessons.

Essentisl Tec.indd 64

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

From Inception to Implementation — I.T. That Matters

On the Lookout for the Right Search By Galen Gruman Outsourcing | Mess up internal search and you'll frustrate your employees. But mess up external search and you'll alienate your customers. No wonder that e-commerce company execs like Jeff Zwelling of YLighting bear down hard on this problem. Zwelling changed his website's search engine three times in the past four years, unhappy with the search results that his company's site was giving customers — or rather wasn't giving them. Nothing changed until the fourth try in late 2006. Graeme McCracken, the COO of RB Search, a subsidiary of Reed Business charged with making the publisher's content available through the consolidated Zibb.com site, faced the same frustration three years ago. His search engine didn't give readers a complete, accurate picture of his company's many magazines and newsletters. Mired in the problems of external search, both companies found that the Google approach — the most commonly tried first — doesn't always keep customers happy. E-commerce and media businesses have similar needs for external search: guided navigation and contextual search to help users narrow down their desired results using categories, user profiles and other

Vol/2 | ISSUE/21

9/14/2007 8:04:49 PM

essential technology

metadata. Even database-driven e-commerce sites must go beyond database content to handle vague searches like ‘red lamp’, says Zwelling, YLighting's president. "External (keyword) search must help customers get to the same result as using the site's navigation," says Chris Cummings, CIO of online retailer eToys Direct. By contrast, internal search focuses on discovering data ‘hidden’ in documents, databases, and so forth. Google follows the internal search approach: users typically want anything that answers their query, not a specific, repeatable result. E-commerce vendors and content publishers have come to these realizations

Leading players include Endeca Technologies, InQuira, Progress Software, SLI Systems, Visual Sciences and Vivisimo. All but InQuira and Vivisimo also offer search-based merchandising capabilities for e-commerce sites. SLI Systems provides its tools as a hosted service, while the other tools are deployed at the enterprise. Teragram provides a tool to create the metadata from which various search engines can access the context. Several companies can help you extend external search capabilities. For example, Baynote tracks users across the Web to build a profile of interests that a search engine can use invisibly to better target

Don't overlook failed searches.Monitor searches that result in no hits.This helps identify new contextual mappings that would lead to appropriate results,and determine products that customers might want but aren't offered. early, says Tony Byrne, founder of the research firm CMS Watch, because the success of search relates directly to sales of goods and advertising. But other businesses can use search to improve customer selfservice (and reduce expensive calls and e-mails to customer support staff), he says. Such efforts are rare today. "There's no revenue from better customer service, so it's hard to fund these projects," says Brian Babineau, a senior analyst at the consultancy Enterprise Strategy Group. But he expects savvy companies to follow the media and e-commerce firms' examples to increase customer retention.

It'sAllAbout Context Many search engines will give external users access to your website's content. But not all provide the ability to infer context from the content and then let an enterprise refine and manage that context.

Vol/2 | ISSUE/21

Essentisl Tec.indd 65

search results. And Nexidia offers search technology for audio and video content, using analysis of the audio to determine contextual matches to search terms.

Solve the Context Problem When you embark on an external search project, it's important not to get overwhelmed by an early requirement — classifying all the data to be searched. One of the hardest issues for RB Search's McCracken was bringing context into the search tool. He tried to tag the source material in the content management system to make the right information available to the search engine. But with 200 million documents and new ones being created all the time, the RB staff could not tag all the content to provide the categories that a search engine would use to find appropriate content, suggest related results and deliver related promotions. In fact, McCracken

realized that perhaps only 2 percent of the content had been tagged, despite all the effort spent over a couple years. Worse, "The tags were not consistent" among Reed's subsidiary companies, he says. So, McCracken brought in a tool from Teragram that helped automate tagging of content after the fact, using a rules engine. Doing so meant creating the taxonomies and an ontological (conceptual categorization) dictionary of 210,000 terms — something that must be kept up to date by people — but this made the tagging of the 200 million documents possible, he notes. McCracken then deployed Fast Search & Transfer, a search engine that provides the ability for search users to navigate through the categorized results derived from the tagged content. The key to this software-assisted classification, McCracken says: you can't depend completely on automation. Human experts must adjust the software's rules and results. But when the tools are properly tuned to a company's content, IT can then apply them to a vast quantity of documents, he says. The US General Services Administration (GSA) took a similar approach to making public documents from multiple federal, state, and local government organizations available via the USA.gov website. It used Vivisimo's clustering technology to contextually index the content from the multiple websites and Microsoft's MSN to provide the search engine and index. GSA staffers now hand-tune the index and ontology as needed, and can create their own indexes quickly when the need arises, such as pulling together all Hurricane Katrinarelated resources when the devastating storm struck in 2005, says John Murphy, director of USA.gov technologies. To keep the index and ontology relevant, you'll need to regularly analyze search queries and results to detect new user search patterns and expectations, says Ken Harris, CIO of natural products distributor Shaklee. He realization this after replacing an old search engine with REAL CIO WORLD | s e p t e m b e r 1 5 , 2 0 0 7

9/14/2007 8:04:49 PM

essential technology

one from Visual Sciences (until recently known as WebSideStory) as part of a general Web modernization effort. The new tool came with analytics capability to help define relevance in results. "We then realized we didn't know internally what relevance was," he says. He quickly began to fill that gap, so the staff could tune the results to improve sales.

Make the Sales Connection In e-commerce, the underlying product data is typically well-structured and tagged, so the need for additional context may not be as apparent. (The tagging effort is also easier for e-commerce firms than for media companies, notes CMS Watch's Byrne.) Most companies account for common misspellings by creating internal term maps, so for example, a customer looking for pendant lights will still find them if he types ‘pendent’ in a query, YLighting's Zwelling notes. (Pendant is misspelled in nearly half of his site's searches.) And most companies know that their databases may not be consistent, due to human error or differences in suppliers' taxonomies, so additional effort is needed to also search for synonyms and to look across multiple fields for some terms, he says. But as Zwelling discovered, customers don't think in terms of just product specifications that match to product databases. And this requires more sophisticated work. For example, a query for ‘red table lamp’ could miss lamps that come in a red finish but where the color choices are not called out in the database's color field or description. But a search engine, such as the SLI Systems hosted search tool, that he uses, can detect all red lamps despite taxonomic differences, then let customers quickly sort them by room or material, he says. Sometimes there's a hidden need to adjust context. At Broder Bros., which sells shirts and other items that can later be customized with company logos, executives assumed that basic keyword search was sufficient, since the company 66

Essentisl Tec.indd 66

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

sells to distributors who know the product codes or have a paper catalog. But an analysis of search patterns showed that about 15 percent of all searches were free-form: these people were essentially researching what might be available, says Mike Fabrico, VP of IT. Broder Bros.' search approach didn't serve that need — and potentially lost sales. So, the company replaced its search engine with one from Progress Software that could support contextual searches. Another tip: don't overlook failed searches, says John Cortez, director of applications at Shaklee. He regularly monitors searches that result in no hits: this helps him identify new contextual mappings that would lead to appropriate results, and determine products that customers might want but aren't offered. Then he can give sales an indication of potential opportunities.

Mind the Gaps When a search engine has the right context to find the right results, the next challenge is to present them usefully. Most modern search engines can filter results based on checkbox and menu selections, as well as attributes such as price or availability. But many merchants will want to go beyond that. After YLighting's Zwelling analyzed search histories, he noticed that the sales conversion rates for some items were lower than expected, even after a successful keyword search. Further usability studies explained the gap: even if a search for ‘red lamp’ turned up a lamp that met the needs of a customer, the image displayed might show the lamp in a different color. People reacted to the image — and didn't realize the displayed lamp was available in red. Zwelling then added images tagged by color, so the search engine could display the appropriate finish. Sales increased, and he attributes part of that to the search changes. (He declines to quantify the sales uptick, noting that it had multiple possible factors.) At Reed, search traffic

It's All About Context

Many search engines will give external users access to your website’s content. But not all provide the ability to infer context from the content and then let an enterprise refine and manage that context. Leading players include Endeca Technologies, InQuira, Progress Software, SLI Systems, Visual Sciences and Vivisimo. All but InQuira and Vivisimo also offer search-based merchandising capabilities for e-commerce sites. SLI Systems provides its tools as a hosted service, while the other tools are deployed at the enterprise. Teragram provides a tool to create the metadata from which various search engines can access the context. Several companies can help you extend external search capabilities. For example, Baynote tracks users across the Web to build a profile of interests that a search engine can use invisibly to better target search results. And Nexidia offers search technology for audio and video content, using analysis of the audio to determine contextual matches to —G.G search terms.

increased 59 percent after the search engine retooling, and total traffic grew 19 percent, McCracken says. Unfortunately, at many organizations today, external search doesn't rise to the CIO's attention, says Accenture's Michael Kuhn, practice lead, Accenture Information Management Service, Europe, Africa and Latin America. "Yet it's a top priority for the user," he says. One result: "There is a lack of skills in the IT department on how to deal with search. They think of the search technology only, not of the metadata underlying it. And search is treated as an afterthought of a Web presence strategy," Kuhn adds. That's a mistake. CIO Galen Gruman is a frequent contributor to CIO. Send feedback on this feature to editor@cio.in

Vol/2 | ISSUE/21

9/14/2007 8:04:49 PM

Pundit

essential technology

Internet SecurityYap Securing your company against spam is more of a conversation piece than ever. What can you really do? By Scott Berinato

Internet Security | About a month ago, Robert Soloway, the so-called Spam King, was arrested and there was much rejoicing. Microsoft lawyers called it 'a very good day.' A self-impressed Department of Justice suggested, consumers could see a dip in junk mail. The next day, I received an e-mail with this subject: 'Spam is Out of Control... Trending Higher Every Day.' That wasn’t the only one. An e-mail from a vendor talked about the new, wildly successful pump-and-dump stock spam that uses PDF files to get past spam filters. Trading volume on the stock advertised in the spam message was 40 times normal, and its price jumped more than 50 percent. Soon, an e-mail from another vendor arrived: 'Spam Rockets as Pump-andDumpers Manipulate Share Prices, global spam volume has risen 30 percent overnight.' The vendor was ‘warning people’ about the scam’s existence. Then came an e-mail with the goofiest subject line yet: 'Media Alert: Largest Pump-and-Dump Spam Scam in History in Progress Right Now.' And this one said that spam volume was up 53 percent day over day, with peak volume reaching 175 percent higher than normal and spam message size increasing 445 percent. The company was ‘currently' tracking the scam 'right now’ and would ‘continue to track this trend...' The pitches carried a queer feeling of real-time resignation, like a fire department telling you that a wildfire was ‘currently, 68

ET-Pundit.indd 68

s e p t e m b e r 1 5 , 2 0 0 7 | REAL CIO WORLD

right now’ scorching millions of acres — but giving no sense that the fire department had bothered hoisting a hose. But hey, if you want to talk about how bad the fire is, we’re available. The recent email I received included this pitch: 'The Solution: [Our product] is uniquely positioned to report these trends instantly to our customers.' Apparently, being first to learn that spam is 'out of control...trending higher every day' , is somehow a selling point. All the e-mails had some expert available for comment, but comment on what? The fact that a mere two months after the backslapping over the arrest of one spammer, the problem is, predictably, worse than ever? Are they going to comment on the fact that even as they all professed to have products to stop this kind of thing, it wasn’t stopped? Many of these same vendors were bragging about their filters stopping image spam just a few months ago, and already they find themselves again playing the inept Tom to the spammers’ clever Jerry. The idea of ‘stopping’ spam is rapidly losing meaning. As vendors point out, image spam and its derivatives use so much bandwidth in transit that its distribution is a problem in itself, regardless of whether it’s ‘stopped’ from reaching an inbox. This is the state Internet security has reached. The problem is becoming bigger than any one company’s defenses. All the billions spent on anti-this and preventionthat technology has bought visibility into

Stop securing your systems and start caring for the ecosystem. the problem, but little more. You can see how bad it is ,‘instantly’, but you can’t stop it. Your hoses can’t fight these kinds of fires. The idea behind them — detection — has reached its useful limit. Their architecture , signature and pattern-based recognition, is outmoded. Anything you can do, they can do better. The next logical step would be to get strategic about Internet security. Move beyond the arms race — which you can’t win anyway — and attack the problem holistically. Stop securing your systems and start caring for the ecosystem. Get beyond vendor ‘solutions’ and start an industrywide effort to fix the public network. Stop trying to build better fly swatters and figure out how to keep the flies away from the damn pie in the first place. Of course, that kind of effort would require boldness. Vision. Leadership. It’s not terribly profitable. Vendors have blocked the PDF spam from inboxes, even if it still clogs the pipes in transit. Spammers, meanwhile, have already moved on. Another e-mail arrives: 'Vendor detects new spam technique.' It offers an expert for commentary and links to a giddy blog entry, complete with smiling emoticon. 'Yes, say goodbye to the PDF spam wave and welcome the FDF stock spam wave! :) '. They can do anything better than you. No they can’t? Yes they can. CIO Send feedback on this column to editor@cio.in

Vol/2 | ISSUE/21

9/14/2007 8:05:40 PM