CIO January 1 2009 Issue

Page 1

leadership

Bonus

Full coverage oF the CIO | 09 Program on DVD

Business

Technology

THe YeAR AHeAD SPeCIAL

HOW TO:

Benchmark Against Google, YouTube & Amazon

Get Your CFO Sold on Cloud Computing Squeeze More Value From Your Network Use Collaboration to Boost SCM Keep Your Team Keen on Storage Virtualization Evaluate Your Appetite for Risk Improve Governance by Going Green Rethink Your Staffing Approach Tech Trends For The year ahead JanuarY 1, 2009 | rs100.00 vol/04 | ISSue/04 w w w.C I O. I N


From The Editor-in-Chief

Another fresh new year is here … Another year to live! To banish worry, doubt, and fear, To love and laugh and give! — William Arthur Ward

New Year, the oldest holiday in the world, dates back almost 4,000 years to

Life on the Fast Lane Slowdown’s the time to speed it up.

the Babylonians. To them it signified regeneration, much like it does to us. To me, the New Year’s about taking time off from work and catching up with family and friends. It’s about spending a bit more time doing things that I enjoy, like baking bread. And, it’s about making determinations and resolutions. In my case, they revolve around fighting the battle of the bulge and knocking some pounds off (for the Babylonians this was a time for more prosaic issues like The IT departments that returning borrowed farm equipment will see the slowdown off and just having a good time). will do so by tempering There is something about this time of their caution with a fair bit the year that goes well with renewal and of aggression. change and new directions to take. Given today’s economic climate, I believe, it’s time to fundamentally shift our actions to reflect this reality, but not in any fearful, oh-what-is-coming-next way. No sir. After speaking to a host of CIOs, I’m convinced more than ever before that waiting for the economic environment or the suits in the boardroom to set your agenda for you is hardly the way forward. In fact, quite the opposite. I believe that the IT departments that will see the slowdown off, and even prosper, will do so by tempering their caution with a fair bit of aggression. It’s these teams that will make a compelling case for continuing investments in IT by first empowering their organizations to work smarter and be more productive within the current framework. That’s one of the reasons for this special issue, which focuses on innovation and improvement and ideas (big and small) that we think will add value to you and the organizations that you are associated with. It’s also an issue that contains four Mindtrack surveys that were conducted in the beginning of December 2008 — to help you benchmark your organization against those of your peers and prepare you to take this year head on. Do let me know what you think about this issue of CIO — my inbox awaits your opinions. Here’s wishing you a year filled with good fortune, prosperity and happiness. Salud.

Vijay Ramachandran Editor-in-Chief vijay_r@cio.in 2

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2

Vol/4 | ISSUE/04

12/26/2008 8:11:55 PM


january 1 2009‑ | ‑Vol/4‑ | ‑issue/04 44 | How To RE-InvEnT

(and FUtUrE-prooF) THE sUpplY ppl cHAIn pplY sc M Existing methods of haulage, storage and shop inventory are set to be revolutionized. as a result, the information infrastructure to support the supply chain will need reinvention. Here’s how to prepare. Feature by mark Chillingworth

52 | How To pREp FoR (or ExIt oUt oF)

sToRAg RA E vIRTUAlIzATIon RAg sTo r ag e launching a storage virtualization

project? Industry watchers offer five key questions. Feature by Stacy Collett

58 | How To IncREAs REA E AgIlITY REAs

(and rEdUcE tHE coSt) oF F YoUR nETwoRk ne Two r k I ng With ever-expanding networks and

companies wanting to increase their bandwidth, network costs are rising. Here’s how to control spiraling expenses. Feature by Karen d. Schwartz

64 | How To monETARIlY l lY

(and Morally) BEnEFIT FRom gREEn I.T. g r e e n I .T. a green-friendly It strategy is not just a pr move. It can bring substantial cost, energy and governance benefits. Feature by Cath everett

[THE mInDTRAck sURvEYs]

42 | mAkIng BUsInEss A pRIoRITY cusTo M e r a na ly T I cs Given the current econonic climate, those facing customers — and in charge of ensuring their loyalty — have to work harder. We asked cIos how important the needs of these employees were and how they were helping. 50 | InFoRmATIon wEll sTo r ag e cIos are convinced that an enterprisewide information management strategy is important for business success. So what are they doing about it?

[FEATUREs]

30 | How To BEncHmARk

(or takE to pIEcES) YoUR IT InFRAs FRA TRUcTURE FRAs IT In fr asTrucT ure How do you create a more agile, responsive

and cost-effective It department? Bechtel cIo Geir ramleth dismantled his infrastructure and started over. coVEr: dESIG n By Jayan k narayanan

Feature by Stephanie overby

30

6

44

64

j a n u a R y 1 , 2 0 0 9 | REAL CIO WORLD

58

52

56 | sTAYIng connEcTED ne Two r k I nf r a sTruc T ur e Many cIos are betting on unified communications and are planning to invest in it this year. For the rest of what’s in store in 2009, read on to discover what our poll told us.

70 | wHAT ARE YoU AFRAID oF? s ecu r I T y a majority of cIos say that malware will create havoc in 2009. and a majority of you have lost customer data at least once. our survey of 148 cIos brings to light all that you and your peers want to know.

Vol/4 | ISSUE/04


content

(cont.) 2 2

deparTmenTs Trendlines | 11 Technology | Virtualization Rules Quick Take | Veneeth Purushothaman on Wireless Voices | Should CIOs Think Like CFOs? IT Personnel | Fear the Database Admin Security | Bad Guys Eye Social Networking Opinion Poll | Economy Squeezes Biz Travel By the Numbers | Risk Management Takes Root Security | Fire Your Data With Me: Your Staff Infrastructure | Lost in the Cloud Study | Disruptive Datacenter Technologies Research | UC and Open Source Probe Brains

2 6

From the editor-in-Chief | 2 Life on the Fast Lane

By Vijay Ramachandran

[EssEnTIAl TEcHnologY] 72 | DIFFEREnT T wAYs wAY (and tHEIr doWnSIdE) To oD DATA sEcURITY s ecu r I T y protecting data needs multiple tools. By Jarina d’Auria

76 | wHAT cFos lovE (and yoU MIGHt not)

ABoUTTHE cloUD pu nd I T How to sell cloud computing to your cFo. By Bernard Golden

now onlInE For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy It strategically. Go to www.cio.in

c o.in [colUmns] 22 | wHAT’s on THE cARDs

(and WHat’S proBaBly not) In 2009 IT In Tell Ig e nce What does the future hold? With a little

help from researchers and some educated guesses, here’s what we predict will happen in 2009. Column by nancy Weil

26 | wHAT To AxE (or WHat to lEaVE In placE) In A

slowDown applI ed I n sIg h T cutting It costs can only take you so far. you also need to invest in talent management. Column by david howard-Jones

8

j a n u a R y 1 , 2 0 0 9 | REAL CIO WORLD

c Io | 09 : The Year Ahead program

Highlights from India’s largest forward-looking platform in our special dVd.


ADVISORY BOARD

Advertiser Index

Abnash Singh Publisher Louis D’Mello Associate Publisher Alok Anand

Editor ial Editor-IN-CHIEF Vijay Ramachandran

Resident Editor Rahul Neel Mani assistant editors Gunjan Trivedi,

Kanika Goswami

Correspondents Snigdha Karjatkar, Sneha Jha,

Chief COPY EDITOR Sunil Shah Copy Editors Deepti Balani,

Shardha Subramanian

Alaganandan Balaraman VP-HR & Process Architect, Britannia

Aujas

17

Alok Kumar

Aujas

55

Avaya

4&5

Global Head-Internal IT, Tata Consultancy Services Anwer Bagdadi Senior VP & CTO, CFC International India Services Arun Gupta

Commscope

9

CA

BC

Elitecore

39

Customer Care Associate & CTO, Shoppers Stop

Creative Director Jayan K Narayanan

VP & CIO, Mahindra & Mahindra

EMC

47

Ashish K. Chauhan

Fluke

25

HP

41

IBM

75

Inflow

27

Interface

19

& IT), Bharti Airtel

Microsoft

IFC

Manish Choksi

Microsoft

63

Molex

29

Chief Manager (IT), BPCL

Nortel

69

Rajeev Shirodkar

Oracle

IBC

President & CIO — IT Applications, Reliance Industries

Vinoj K N, Suresh Nair Girish A V (Multimedia) SENIOR Designers Jinan K Vijayan, Jithesh C C

Unnikrishnan A V Sani Mani (Multimedia) Designers M M Shanith, Anil T, Siju P

7

Arvind Tawde

Lead Designers Vikas Kapoor, Anil V K

ADC Krone

Des ign & Production Lead Visualizer Binesh Sreedharan

President, IT Operations & Center of Excellence, UCB Pharma

P C Anoop, Prasanth T R Photography Srivatsa Shandilya Production Manager T K Karunakaran DY. Production Manager T K Jayadeep Ma rk eting and Sa l es VP Sales (Events) Sudhir Kamath GENERAL Manager Nitin Walia Senior Mananger Siddharth Singh, Rohan Chandhok Assistant Manager Sukanya Saikia Marketing Priyanka, Patrao, Disha Gaur Bangalore Kumarjeet Bhattacharjee, Arun Kumar, Ranabir Das Delhi Saurabh Jain, Rajesh Kandari Gagandeep Kaiser Mumbai Parul Singh, Hafeez Shaikh, Kaizad Patel Japan Tomoko Fujikawa

USA Larry Arthur; Jo Ben-Atar

Events VP Rupesh Sreedharan Managers Ajay Adhikari, Chetan Acharya Pooja Chhabra

C.N. Ram Rural Shores Chinar S. Deshpande CEO, Creative IT India Dr. Jai Menon Group CIO Bharti Enterprise & Director (Customer Service

Chief-Corporate Strategy & CIO, Asian Paints M.D. Agrawal

CIO, Future Generali India Life Insurance Rajesh Uppal Chief GM IT & Distribution, Maruti Udyog Prof. R.T. Krishnan Jamuna Raghavan Chair Professor of Entrepreneurship, IIM-Bangalore S. Gopalakrishnan CEO & Managing Director, Infosys Technologies Prof. S. Sadagopan Director, IIIT-Bangalore S.R. Balasubramnian Exec. VP (IT & Corp. Development), Godfrey Phillips Satish Das

Rittal

13

SAS

23

Sigma Byte

3

Sigma Byte

61

Symantec

15

Tata

21

Tata

49

Tata Teleservices

1

Wipro

65

Wipro

67

CSO & Director ERM, Cognizant Technology Solutions Sivarama Krishnan All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

Executive Director, PricewaterhouseCoopers Dr. Sridhar Mitta MD & CTO, e4e S.S. Mathur GM–IT, Centre for Railway Information Systems Sunil Mehta Sr. VP & Area Systems Director (Central Asia), JWT V.V.R. Babu

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

Group CIO, ITC

10

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 10

Vol/4 | ISSUE/04

12/26/2008 8:12:04 PM


new

*

hot

*

unexpected

Virtualization to rule datacenters by vendors. But there is much more that they can do, said Sargeant, such as in the process of supply chain, and the choice of materials to produce products with. Systems were generalized to run multiple applications many years ago, said Sargeant. In the next 12 months, however, systems are expected to be specialized and optimized to run more applications such as data recovery compliance and data application compliance. Blade servers will start to gain attraction in 2009, and by 2010, they are expected to take over rack servers, according to Sargeant. "In the present financial situation, organizations will still adopt new technologies as long as they can help them cut cost", said Matt Boon, managing vice president and group team manager, global hardware markets at Gartner. —By Carol Ko

illuStration by MM Shanith

Virtualization will hold the No. 1 spot on CIOs' priority lists in the Asia Pacific in 2009, said research firm Gartner. The top 10 strategic technology areas that will affect, run, grow and transform the business initiatives in 2009, according to Phillip R. Sargeant, managing vice president, global storage markets at Gartner are: virtualization, business intelligence, cloud computing, green IT, unified communications, social software and social networking, Web-oriented architecture, enterprise mashups, specialized systems and

Technology

servers beyond blades. Virtualization is not a new technology, said Sargeant, a user since 1993. It will, however, become a strategic area for organizations to save money, provide better power efficiency, and to better utilize servers particularly during the present economic turmoil. Only about seven percent of the millions of servers installed in the world today are virtualized, said Sargeant. Virtualization is advancing in three trajectories: de-duplication, singleinstance storage, and compression, which will promise lower-cost data migration, unified storage management, common replication services, and longer product life. "Cloud computing is all about 'server delivery', not technology", said Sargeant, who said it can be put under the umbrella term of virtualization or green IT. The green IT strategy is predominantly associated with energy saving in

Quick take

Veneeth Purushothaman on Wireless Mobility InfrasTrucTure

Wireless mobility enables business process, data and people to be connected anytime anywhere and has changed the way many companies do business. Kanika Goswami spoke to Veneeth Purushothaman, business head-technology, Hypercity Retail, to seek his views on it. Here’s what he said:

Finding a device which fits all our requirements and also our budget is a challenge. Wireless vendors who can implement wireless infrastructure and also help build applications are a rare breed. Most of the big vendors who have extremely good wireless equipment and implementation expertise will not be able to help with small-time utilities and applications.

In which processes do you use wireless mobility applications? Our wireless mobility solutions are primarily within our store network and warehouses. We use it for stock taking, receiving store material and checking the price of items faster. Our employees now have the option of working from home with access to the ERP, the HR application, e-mails and other documents through a VPN.

Do you think wireless mobility needs special security applications? Of course it does; particularly when you are allowing access to data outside your network. We use SSL VPN and multi-factor authentication.

What challenges did you face in this deployment? Prohibitive costs are a challenge. Equipment from the access points to controllers and to handheld devices are all costly, more so if you are looking for ruggedness and other features.

Vol/4 | i SSue/04

Veneeth Purushothaman

How do you achieve that fine balance between data security and accessibility? It is a difficult proposition but definitely doable. The balance is obtained by ensuring that VPN access is given to personnel after proper signoff from department heads and the IT head. All the external users have to go past the multi-factor authentication to gain access to selected applications. REAL CIO WORLD | j a n u a r y 1 , 2 0 0 9

11


Should CIOs Think Like CFOs? There are many who believe that forwardthinking CIOs should adopt an economic view like CFOs. He should know the brass tacks of financial operations and should have a laser sharp focus on the economics of their companies' business. But is there a downside? Sneha Jha spoke to your peers and here’s what they had to say:

cIo

role

“A CIO needs to be innovative to contain costs and help the business do more with less. He has many hats to wear and many roles to play in an organization, and thinking like a CFO is one of them.” TrendlInes

Sunil Sirohi Vice President, niit

“A CFO is an executive who calculates the risks involved in capital investment, he is involved in cost of capital, generation and allocation of funds. On this front, a CIO can provide him with tools to make better decisions. “ c.r. narayanan Cio, Spanco telesystems & Solutions t

“I don’t feel a CIO should think like a CFO. A CIO must have a passion

for value creation unlike a CFO who may be more inclined toward cost cutting.” deepak Madan

Voice

Write to editor@cio.in

Trendlines.indd 12

I T P e r s o n n e l One of the best ways to improve database security is to carefully monitor the very people who have been entrusted to manage them: database administrators (DBAs), says an Aberdeen Group report. Perhaps not surprisingly, the Aberdeen Group study of 120 mostly large companies around the globe found a correlation between adopting a range of database security practices and frequency of data breaches. Companies ranked as using best practices suffered 8 percent fewer incidents of data loss compared to those that did not adoptsuch measures. However, one of the defining characteristics of companies rated as having good security was a strict management of their managers. This means that database staff are monitored in some form, there is a separation of duties between different managers, and certain kinds of database access are blocked or restricted. "In this study, respondents estimated that databases are the repository for nearly two-thirds of their sensitive data, so it's no surprise that the results show organizations that monitor privileged user activity suffer fewer data losses," said Aberdeen Group's Derek E. Brink. "The payoff for monitoring insiders can be significant from several perspectives, including security, risk management, compliance and cost," he added. "This Aberdeen report establishes and quantifies the risk organizations are taking by not monitoring the actions of privileged insiders, as well as the payback for companies that implement database activity monitoring," said Mark Kraynak of database security company, Imperva, one of the report's three co-sponsors. Aberdeen makes a number of basic recommendations for companies worried about the topic, such as making sure to eliminate shared and default database admin accounts, monitoring ad-hoc queries to detect unusual requests, and restricting developer privileges. If this sample is representative, database security — including the monitoring of the DBAs — is actually a fairly well established principle. Fifty-seven percent said they monitored DBA activities, 61 percent enforced separation of duties between privileged users, and 59 percent audited database access in order to detect unusual intrusions.

lend your

GM-it, DlF

12

WAtCh thAt DAtAbAsE ADmIn: For More SeCurity

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

—By John E. Dunn

Vol/4 | i SSue/04


Bad Guys Eye Social Networking

trendlines

S e c u r it y Cybercrime is likely to move into the social networking world, taking advantage of sites such as Facebook and MySpace, says cybersecurity guru Peter Gutmann. "I would assume Internet crime will migrate to social networking sites in the future," says Gutmann. Social networking sites are incredibly powerful virus platforms. They allow developers to write specific applications for them, which spread in a viral manner. If these applications were not on a site such as Facebook, they would be considered incredibly fast-spreading viruses, he says. To date, developers have written social networking applications only experimentally, but Gutmann thinks these platforms will be targeted more heavily in the future. "For some unfathomable reason the bad guys haven't exploited [social networking sites] yet, and I don't know why — it is so easy," he says. Finding stolen credit card numbers, phone numbers and other personal information is a matter of 10 seconds of searching Google, he says. "It is frighteningly easy to find information —

it is not rocket science," he says. Another thing about these sites is that personal information, posted by users, will be there for ever. "People put out heaps of personal information, without thinking about how it can be used against them," says Gutmann. To some extent, cyber crooks are already using social networking sites to launch so called spear-fishing attacks, says Gutmann. By getting names, addresses and other information from, for example, job placement agencies, cyber criminals can send targeted phishing letters from your bank, and basically "leapfrog and attack from one site to another", he says. Anybody can get strong encryption off the Internet these days, but the availability of strong encryption does not have a huge effect on stopping cybercrime, he says. It's so hard to use, nobody wants to use it, he says. Gutmann researches the usability of security software, which is typically written by geeks, for geeks, he says. "Unless you are a hardcore geek, you've got no hope of understanding it," he says. He looks at how people interact with security software and how it can be

made easier to understand, but he also investigates if "the masses" really need to, or want to, understand encryption. He has built the OS-independent, open-source Cryptlib security toolkit, which allows crypto-programmers to easily add encryption and authentication services to their software. Even to programmers, encryption is difficult to understand, he says. The toolkit makes it easy for programmers to build secure applications. The next step is to educate programmers to build security applications "that human beings can actually use, and that is the really hard bit", he says. Gutmann, an honorary research fellow of University of Auckland's Department of Computer Science, is passionately involved in making encryption more useable for everyday people. He was involved in writing the PGP encryption package, a program that provides cryptographic privacy and authentication, often used for signing, encrypting and decrypting e-mails.

—By Ulrika Hedquist

Economy Squeezes Biz Travel

Info graphics BY binesh s reedharan

Drop that suitcase. Economic uncertainty and high fuel costs are taking a toll on business travel. In 2009, one-third of travel managers will cut spending. What they are cutting:

39%

Internal meetings

31%

Across the board

5% Other 16%

Source: Association of Corporate Travel Executives

14

Trendlines.indd 14

International travel

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

9% Training travel Vol/4 | ISSUE/04

12/26/2008 7:20:58 PM


B Y J a r I n a d ’a u r I a

Risk Management Takes Root Survey of insurers finds poor risk data and analysis still hinders how effectively companies are able to employ enterprise risk management.

TrendlInes

enterprise risk managementt (ERM) has been around for years, but it is in different stages of maturity within different industries. The insurance industry, for example, has only begun to implement ERM into its strategic planning in recent years, says Paul Horgan, partner and leader of the global risk and capital team of PricewaterhouseCoopers (PwC). Significant progress has been made, according to a recent global survey of 53 insurers by PwC, in which Horgan was the primary author: more than 90 percent have ERM programs in place. However, most firms are still not using ERM effectively to manage their new or emerging risks, according to the study. “If they accept the risk mandates thrown over the fence from corporate without pushing back or making sure they understand how it can add value, then they are being passive,” Horgan says. Companies often stumble over ERM’s first steps: defining and communicating risks in a way that translates into limits, objectives and priorities for employees to follow. As a result, less than half of insurers surveyed are confident ERM is embedded in their strategic business decisions, says the study. From an IT standpoint, ERM’s effectiveness is also hurt by poor risk data and analysis. Risk assessment tools and methodologies are up and running in only about half of the firms surveyed in the study. And fewer than 40 percent of respondents say their firm’s risk data and systems are ‘good’ or ‘excellent’. Yet a strong ERM system relies on effective systems and quality data, which are critical in maintaining the flow of timely and reliable risk management information. “We have seen companies suffer unintended strategic disadvantages because they were too slow to react to changes in IT,” Horgan says. The more standardization you can have from an IT perspective, the lower your risks are overall. CIOs can help by working with the business to create an integrated reporting structure, data systems and modeling capabilities. Many insurers are still at the beginning stages of implementing such change.

Best practices 1

2

3

be clear about your risks. before establishing erM policies, recognize the risks the business is already taking and set up appropriate compliance standards. Involvement is key. everyone needs to play an active role. the best way to involve employees is with consistent training and self-assessments about the company’s risk. Choose your risk manager wisely. this individual has to create a two-way conversation within the business. he also has to manage the risk-taking activity and controls already in place while factoring it into the strategic risk assessment.

Insurers on the Path to ERM?

16

Confidence is growing in this discipline…

…But there is still work to be done.

49 percent of insurers are confident that ERm is genuinely embedded in their firm’s strategic planning compared to 4 percent in 2004.

42 percent of respondents believe their organization spends too little money on risk data management, up from 30 percent in 2004.

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | i SSue/04


Fire Your Data With Me: Your Staff S e c u r it y Workers that are anxious about being laid off are prepared to steal corporate data on removable devices or bribe IT staff for information, a survey has revealed. Four out of 10 workers in the UK confessed they would steal sensitive data if they thought their jobs were at risk, the survey by security vendor Cyber-Ark has revealed. It also shows that some 71 percent of employees globally said they would steal sensitive data if they were fired suddenly. The data would be used to take to their next employer or as a negotiating tool with their current bosses, the authors of the survey warned. Rumors of looming job cuts would drive almost half of UK workers to use their privileged IT access rights to snoop around their company's central network looking for the redundancy list. Another quarter of workers said they would bribe someone in the IT department to find it.

Memory sticks were the medium favored by staff who said they would steal data, because of their small size, ease of use and difficulty to trace. But photocopying, e-mailing, recording to CD, online storage, online messenger programs and iPods were also channels through which staff said they might take data out from office systems. Customer contact databases were the most likely files to be stolen, followed by strategic plans, product information and passwords. Employees were less interested in taking human resources and legal documents, according to the survey. Adam Bosnian, vice president at Cyber Ark, said: "Our advice is only allowing access to sensitive information to those that really need it, lock it away in a digital vault and encrypt the really sensitive data."

—By Leo King

trendlines

Lost in the Cloud

Illust ration by unn ikrishn an AV

Infrastructure Companies hungry for IT efficiency and cost savings love virtualization. The idea of reducing racks of servers into smaller and cheaper machine farms is simply irresistible. Security vendors have seized on this with an array of products promising 'security in the cloud'. But the adopters often lack a basic understanding of virtualization, and that's a problem, industry experts say. "People's definition of virtualization is either very narrow — that it's about server consolidation, virtualizing your apps and operating systems and consolidating everything down to fewer physical boxes," says Chris Hoff, chief security architect for the systems and technology division at Unisys. "Or, it's about any number of other elements — client-side desktops, storage, networks, security." And since the definition of what's coming in the virtualization world can mean a lot of different things, it makes it near impossible to build a security strategy around it, he says. Joel Snyder, security expert and senior partner at Opus One, says virtualization "has a variety of implications in disaster control, capacity planning, system management and security."

18

Trendlines.indd 18

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Thankfully, companies at least acknowledge that there's a security challenge to address. Michele Perry, CMO for security vendor Sourcefire, says customers are expressing concern that they have no way to proactively track or identify new virtual systems within their environments. "With limited visibility, organizations have no way to control where virtual systems pop up without adhering to corporate IT or security policies," Perry says. "This has the potential of creating significant security issues — including unpatched machines, unauthorized access and use, and so on." Fortunately virtual security is not a doomed concept. "Just because virtualization changes your security environment doesn't mean that the problems it creates are insoluble," Snyder says. "Instead, realize that security in a virtual server environment is different. You have to think differently and use different tools to get the same level of security." Even Hoff, a vocal critic of virtualization security, is seeing traces of a silver lining.

He notes that the who's who of security vendors are retooling their applications to take advantage of VMware's vNetwork/ VMsafe APIs. Others are are working on tighter, better integration. "Operationally and technically there's more integration and tightening going on," he says. "I think it's actually an excellent move as it continues on the path of not only helping to ensure that the underlying virtualization platform is more secure, but the elements that ride atop on it are equally security enabled also," Hoff says. Security experts warn that all the vendor activity in the world won't help a company that dives headlong into the cloud without thinking through the risks first. As long as companies fail to grasp the nuts and bolts of virtualization, dangers remain. —By Bill Brenner

Vol/4 | ISSUE/04

12/26/2008 7:20:59 PM


UC and Open Source Probe Brains The Prince of Wales Medical Research Institute (POWMRI) will replace its PABX with a 1,000-seat communications platform to connect roaming staff and monitor its tissue preservation freezers, and physical security network. Research at the Sydney-based institute delves into the actions of the brain and nervous system, and covers cells, genes and molecules through to how the elderly walk to the control of breathing. The Institute's IT manager Andrew Cartwright said the parts for its Siemens TimeDivision Multiplexing PABX would become rare and expensive after it was discontinued. "The old system runs on the Siemens HiPath Openscape 750 server which reached end-of-life, so we upgraded because parts would become expensive and difficult to get," Cartwirght said. The new system will be phased in with an initial trial of 30 handsets using a gateway to allow it to work alongside the existing PABX. He said the high-end handsets with Web video capability will be used to monitor temperature fluctuations in the laboratory freezers that house human tissue. "The freezers hold priceless brain tissue at about minus 80 (Celsius). If there is a problem, the temperature will rise straight away and we can detect this on the phones," Cartwright said. Information from the freezers, which are considered nodes on the network, can be fed in real-time into the phones and alerts can be triggered to call handsets when a problem occurs. "The smallest increase in temperature can signal a problem, so the sooner we know about it, the better." The liquid nitrogen tanks can also be monitored and controlled from the phones using an LCD touch screen. He said POWMRI security will be able to monitor CCTV feeds on the IP phones, and reception will have visibility on deliveries and visitors. The institute operates entirely on Open Source platforms. The magnetic resonance imaging (MRI) scanner uses Open Source software. Research

Datacenter Technologies A new computing fabric to replace today's blade servers and a 'pod' approach to building datacenters are two of the most disruptive technologies that will affect the enterprise datacenter in the next few years, Gartner said at its annual datacenter conference. Datacenters increasingly will be built in separate zones or pods, rather than as one monolithic structure, Gartner analyst Carl Claunch said in a presentation about the top 10 disruptive technologies affecting the datacenter. Those zones or pods will be built in a fashion similar to the modular datacenters sold in large shipping containers equipped with their own cooling systems. But datacenter pods don't have to be built within actual containers. The distinguishing features are that zones are built with different densities, reducing initial costs, and each pod or zone is selfcontained with its own power feeds and cooling, Claunch says. Cooling costs are minimized because chillers are closer to heat sources; and there is additional flexibility because a pod can be upgraded or repaired without necessitating downtime in other zones, Claunch said. "Modularization is a good thing. It gives you the ability to refresh continuously and have higher uptime," Claunch said. By not treating a datacenter as a homogenous whole, it is easier to separate equipment into high, medium and low heat densities, and devote expensive cooling only to the areas that really need it, Claunch added. The move to pods and zones is among what Gartner calls the most disruptive technologies affecting the datacenter. In no particular order, these technologies are storage virtualization; cloud computing; new server architectures; PC virtualization; enterprise mashups; specialized systems (aka hardware appliances); social software and social networking; unified communications; zones and pods; and green IT. Many of these technologies have been covered by Gartner in previous lists. Enterprises won't have to wait long to take advantage of these technologies: all these trends are beginning to happen now or will do so within the next few years, Claunch said. If Gartner's predictions are correct, the server industry is soon to undergo a significant transformation.

Illust rat ion by MM Shan ith

trendlines

St u d y

—By Jon Brodkin 20

Trendlines.indd 20

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

—By Darren Pauli Vol/4 | ISSUE/04

12/26/2008 7:21:00 PM


Nancy Weil

IT Intelligence

What’s On the Cards

[And What’s Probably Not]

In 2009

What does the future hold? With a little help from researchers and some educated guesses, here’s what we predict will happen in 2009.

W

ell, we blew it a year ago on the prediction that the recent US presidential election would lead to historic turnout — it didn't quite hit that mark — and unprecedented problems with e-voting systems. The problems, it turns out, were for the most part precedented. On the positive side, we nailed the result, forecasting the election of Barack Obama. Not inclined to rest on that laurel (and a few others we also accurately foretold), we've set forth again to find out what industry analysts are forecasting for 2009, and we've talked to sources as well as to our geekiest friends and colleagues to come up with our own set of predictions for 2009. Absent from this year's list of 10 prognostications is an entry about Microsoft finally buying at least the ad-search business of Yahoo, if not the whole company. We left that one off the list for next year because we still expect it could happen in 2008. With that in mind and in no particular order:

The Good News

Illust ration by ANIL T

Economic downturns tend to drive innovation and also spur rollouts of new technologies and products to lure users to spend money. This has been particularly true over the years in the DRAM (dynamic RAM) market, where companies are focused on trying to get DDR3 out as quickly as they can. They have to get motherboard, chipset and microprocessor companies on board to support new memory chips, so that's what is slowing them down. But we see DDR3 becoming the new mainstream DRAM chip in 2009. Netbooks have generated a lot of buzz (and no little bit of hype) of late as more of the small, low-cost, lightweight, 22

j an u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 01 - Crystal Balling .indd 22

Vol/4 | ISSUE/04

12/26/2008 5:26:55 PM


Nancy Weil

IT Intelligence

The number of cybercriminals will rise — no surprise there — but more alarmingly, the increase will occur with an increasing number of unemployed IT professionals joining in. energy-efficient laptops hit the market. That will continue apace, but we also expect that the average price of US$400$500 (about Rs 20,000-Rs 25,000) will drop to the $200$300 (about Rs 10,000-Rs 15,000) range. Part of the price plunge will owe to volume production because the price of parts will drop as more netbooks are made.

Cloudy Days

We're in accord with market researcher IDC that "it will be a grim year for mobile gadgets — as volume growth flattens in mobile phones, as netbook PCs expand the market but threaten notebook pricing and margins, and as consolidation looms in personal navigation devices." However, we think that the iPhone is going to play a major role — perhaps single-handedly — in keeping the smartphone market afloat, even if it's going to need to be thrown a life preserver along the way. (That's meant metaphorically and not as a prediction that smartphone makers will be next in line for government bailouts.) Oh, and we also think that IDC's prediction that portable media player shipments will show a first-time drop is spot-on, given market saturation and that there are only so many ways to improve on the players that will induce people to buy new ones.

Well, last year we wanted to resist an entry on virtualization; this year it's cloud computing we'd like to deny, the two being kin and all. We agree with Oracle CEO Larry Ellison that the jargon is “complete gibberish" and the definitions encompass that which already exists and doesn't actually need a label. But we digress — the point is that companies will keep moving toward software-as-a-service and cloud storage models as they aim to cut costs. SaaS and cloudbased vendors will haul in new customers and post profits. Meanwhile, ‘private clouds’ will loom on the IT horizon as companies less comfortable with letting someone else manage their data and provide related services will set up clouds behind their corporate firewalls. Some of the more headline-grabbing merger and acquisition news of 2009 will occur with vendors focused on the cloud and with SaaS providers. Google and Amazon.com will continue to be particularly aggressive and will target smaller players in acquisition deals.

See Ya!

Always a Step Ahead

Sun Microsystems will find a new CEO to replace Jonathan Schwartz. We're torn between the view that he'll be ousted and the view that he'll decide it's just time to go, but either way we don't believe he'll be Sun's CEO at the end of 2009, if he even makes it past the first quarter or so. And Sun will cease to exist in its current incarnation, perhaps being part of a blockbuster acquisition, perhaps going private.

Cybercriminals will find ever more malicious ways to vex us in 2009, what with the success of infecting PDF (portable document format) and Flash files with malware. Ever-moresophisticated Trojans will emerge in 2009 to swipe data and wreak havoc. Along those lines, sometime during the year, a major online retailer will be nailed with a serious security breach that exposes credit-card numbers and personal data of thousands of customers because some people just never learn from the past. Security vendor Finjan predicts that the number of people participating in cybercrime will continue to rise — no surprise there — but in a more alarming twist says the increase will occur "with an increasing number of unemployed IT professionals joining in." To that end, more news headlines involving networks being held hostage by disgruntled former employees are in the offing. CIO

Long Live the iPhone

Windows 7 will be released Microsoft hasn't announced a launch date for Windows 7, and while earlier indications were that it would be out in early 2010, company executives have recently hinted that it could be out around the end of 2009. With continued sluggish adoption of Vista — not to mention ongoing inroads by Linux, notably in the low-priced PC market — and a warm reception to a beta demonstration of Windows 7 at its Professional Developers Conference in October, we think the hints will become reality and Microsoft will release the OS late in 2009. We'll also be so bold as to predict it will be a vast improvement over Vista. Well, OK, maybe that's not so bold because, you know, how could it be worse, right? But even 24

so, the Microsoft portion of our crystal ball is telling us that Windows 7 will be well-received and help Microsoft regain some of the OS edge it lost in 2008. (But Linux is still going to nip at Microsoft's heels.)

j an u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 01 - Crystal Balling .indd 24

Dan Nystedt in Taipei, James Niccolai in San Francisco, Nancy Gohring in Seattle and Juan Carlos Perez in Miami contributed. Send feedback on this column to editor@cio.in

Vol/4 | ISSUE/04

12/26/2008 5:26:55 PM


David Howard-Jones

Applied Insight

What to Axe [Or What To Leave In Place]

In a Slowdown Cutting IT costs can only take you so far. You also need to invest in talent management.

T

Il lustration by un n ik rishn an AV

he recent economic storm that has battered economies worldwide has sent companies scurrying to take cover. Many have quickly turned to IT cost-cutting plans in an effort to staunch the flow of red ink. However, attempts to drive down technology costs may be taking some firms in the wrong direction. The headlong rush to reduce IT costs in the short term can compromise many companies' ability to improve productivity and profitability in the longer term. I believe that by focusing on talent management, CIOs can deliver higher value results at lower total cost. The immediate challenge for senior IT executives is to redirect IT investment in order to cultivate, reward and retain the most critical IT talent — the 'IT stars.' Technology has long been heralded as a key to cost reduction and it is often assumed that a greater use of IT will create a kind of virtuous circle of continuing cost reductions. In fact, the search for ways to commoditize and cut IT costs actively discourages needed investment in talent management structures that could help the CIO retain highly skilled staff at the critical interface between IT and the business lines. For that reason, companies must learn to differentiate between IT activities that are truly 'commoditizable' and where costs can be safely cut (such as infrastructure, hardware and systems standards), and the specialized processes that create unique value for the firm (such as risk management, new channel or new product development, and customer analytics and predictive modeling). Any cost savings from cuts in commodity activities should be candidates for re-investment in 'specialist' areas where success depends on IT stars gaining a deep understanding of

26

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 02 - Careful With That Axe .indd 26

Vol/4 | ISSUE/04

12/26/2008 5:26:09 PM


David Howard-Jones

Applied Insight

The immediate challenge for senior IT executives is to redirect IT investment in order to cultivate, reward and retain the most critical IT talent — the 'IT stars.' how businesses create value. This two-pronged approach to IT using both talent and cost management in equal measure is important. Many complex technology projects are never satisfactorily completed and, far from cutting costs, become a drag on profitability. Having the right team in place can help a project avoid this fate. IT success depends on people, not technology.

Put the Spotlight on Talent Haphazard cost cutting raises the danger of underinvestment and losing ground — and good people — to competitors. To mitigate those risks, IT executives should concentrate on two talent-related imperatives: Recognize that deepening business knowledge in selected IT teams is critical to success. This will be especially true in any area where there is a build versus buy' decision, because the need to make this choice signals that customization and business knowledge will be decisive in determining the project's success. CIOs should put in place opportunities for staff to increase their knowledge of the business: internal IT business training courses, scholarship funding for professional qualifications in their field of business, mentoring for rising stars and cross-training within the business when appropriate. Build the right talent mix. The right mixture often turns out to be fewer, more skilled and higher paid local staff, combined with lower-cost offshore workers who are also highly skilled. This shift can deliver cost savings and a more concentrated investment in technology talent. Too often, firms have focused on the shift to offshoring without commensurate enhancement of onshore roles throughout the organization.

Rethink Your Staffing Approach CIOs should abandon the idea of taking a single approach to IT talent. Hiring workers who are capable of dealing with the complex IT and business interface is expensive. Instead, IT leaders must pursue a differentiated approach. Start by identifying tasks where traditional cost cutting, outsourcing and offshoring are appropriate. Examine projects and processes where development requirements are closely specified and fixed, and objectives and standards are clearly established. These could include back-office functions, accounting systems, design and general processing support. By identifying those areas where you can shift resources, you can focus on investing IT talent in business areas with new or rapidly evolving products or methodologies, or where business revenues are high. 28

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 02 - Careful With That Axe .indd 28

Interestingly, a differentiated approach can sometimes deliver net cost savings, even in areas where business practices and products are rapidly evolving and more experienced IT resources are required to meet demanding business schedules. For example, I recently estimated that the credit trading business of one global bank could employ more skilled and higher-paid IT workers and still realize savings in excess of $300 million dollars (about Rs 1,500 crore) over the next five years. The math works by shifting the staffing mix, offshoring some key subsidiary tasks, reducing the total head count and then paying more across the board to staff in the future: both offshore and onshore resources will need higher skills sets to manage the greater expectations of the firm. Amazon, Ameritrade and Google are great examples of companies whose IT talent mix is skewed toward the specialist end. Of course, the choice is made easy for them since their business models depend on IT excellence. However, it is worth remembering that the question is one of degree: while many IT platforms today can be purchased as commodities, their implementation always requires such a high degree of customization that a significant level of investment in talent to drive this customization is essential. Getting the right level of business end-user know-how into the IT implementation teams is critical for the success of these projects. There is no shortage of project failures and horror stories in software implementation. Yet project risk in many could have been significantly reduced by enhanced investment in the right business expertise on the IT project team.

Big Questions for IT Leaders Talent management, then, not cost reduction, should be the number-one priority for technology professionals. For CIOs, this means taking a fresh look at the mix of talent required, how to attract top staff, and how to keep them busy and learning at the interface between business and IT. When a firm learns to differentiate its requirements and skew its talent management in the right direction, cost savings can accrue at the same time that success rates improve. Big questions confront IT leaders in these turbulent times. Will lessons learned be more widely applied as the spotlight turns to cost reductions and performance improvement in a range of IT-intensive industries? Or will global economic worries prompt executives to search for ways to cut back and put IT once more on the chopping block? I think fortune will favor those brave enough to invest in the talent needed to lead. CIO Send feedback to editor@cio.in.

Vol/4 | ISSUE/04

12/26/2008 5:26:10 PM


IT Infrastructure

How do you create a more agile, responsive and costeffective IT department? Bechtel CIO Geir Ramleth dismantled his infrastructure and started over.

C

By Stephanie Overby

and CIO for Bechtel, the construction and engineering all it the CIO ‘clean slate’ company that got its start 110 years ago building fantasy. America's western railroads and later made a big splash If I were starting from scratch, what kind helping raise the Hoover Dam. "We said, ‘if we started of IT systems would I build to support Bechtel today, would we do IT in the same way we're my business today? doing it now?"’ says Ramleth. "The answer For most IT leaders, bound Reader ROI: was no." by long-standing infrastructure choices and A new model for When Ramleth first asked the question loads of legacy systems, it's little more than a running IT more than three years ago, the company parlor game. For Geir Ramleth, however, the Challenges to had just completed a major initiative to question provided the foundation to a new operating in the cloud streamline IT systems, which had cut costs by model for delivering corporate IT services. Lessons from Google, nearly 30 percent. But with Bechtel's projects Ramleth isn't the IT leader for some hot, Salesforce.com, increasingly executed in far-flung geographic new startup. He's the senior vice president Amazon and YouTube

30

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -01-IT Infrastructure.indd 30

Vol/4 | ISSUE/04

12/26/2008 5:45:38 PM


IT Infrastructure locations, from Santiago to Shanghai — and with its systems being accessed by thousands of temp workers, customers, even competitors — Ramleth knew a more drastic shift in how IT services are delivered would be necessary to support the company's complex, distributed business model. Starting with that imagined technology ‘tabula rasa,’ (Latin for blank slate) Ramleth took his cues from some real-life IT pioneers who, unlike most corporate IT organizations, could take advantage of an actual clean slate when building their technology platforms. He incorporated high-bandwidth networking practices from companies such as YouTube, the standardized server approach of Google, extreme virtualization techniques from Amazon, and the multi-tenant application support strategy of Salesforce.com, among others. The result is the project services network (PSN), an infrastructure to apps overhaul of Bechtel's technology environment that Ramleth says will provide secure, ubiquitous, simplified and rapidly deployable access to corporate and customer information for any user around the globe who needs it. Ramleth calls his approach the "consumerization of the computing environment"—an internal cloud-computing infrastructure serving up in-house applications on demand. Others say it's a sign of the IT times. "It's really in vogue right now if you're overseeing enterprise IT to look at these upstarts that are talking about how they run hundreds of thousands of servers," says Howard Rubin, president and CEO of Rubin Worldwide and a Gartner senior advisor. "As corporate IT bemoans the issues of virtualizing or large-scale standardization, these younger companies do it all as a matter of course. CIOs are starting to wise up and look at what they're doing right."

benchmark IT not against construction or engineering industry peers — or even global enterprises of a similar size — but against successful companies in the Internet consumer space. They couldn't immediately imagine any benefit in dedicating time and money to imitating an online consumer company. It took time and targeted marketing to get the C-suite to warm up to the idea. "I needed to get them to understand that we didn't want to be a Google or an Amazon. We wanted to understand how these guys do things so we can learn from them," explains Ramleth. By 2006, Bechtel was operating in more locations than ever. And for every 100 employees in the US and Europe who retired, the company had only been able to replace 60. "We have to chase the talent around the world," says Ramleth. "That's why we have [corporate] operational centers in Shanghai, Taipei, Bangkok, New Delhi, Mumbai and Warsaw." At the same time, Ramleth found that a third of the people accessing Bechtel's network were non-Bechtel employees, creating a huge intellectual property risk. The situation was leading to an untenable IT environment. Bechtel wasn't only inviting all manner of non-employees onto its network. IT deployments took dreadfully long: 30 days to put support in place for a new business project. That was a problem Ramleth's c o r p o r at e p e e r s

could understand. "We didn't want our projects to have to wait for us," Ramleth explains. Ramleth knew Bechtel needed a faster, simpler and more secure way to deploy and support IT applications. For starters, he needed applications he could deliver via the Internet, not Bechtel's intranet (an approach Ramleth's team had taken in building one-off IT systems for two multi-billion dollar oil and gas projects in the past). But after several months of trying to tackle the problem by rewriting scads of existing applications, Ramleth realized something more fundamental had to change. Rewriting all of Bechtel's 200-plus applications — 40 percent of them built in-house — was crazy. "It would be too costly, and wouldn't solve everything," Ramleth says. "We needed to shed ourselves of all of the thinking that got us to where we [were]," says Ramleth. "We had to start from the infrastructure up." To figure out what a new IT backbone might look like, Ramleth and his team followed the money. Ramleth interviewed venture capitalists and learned that they were betting 80 percent to 90 percent of their investments on consumer-related tech, with the remaining sliver of funding going to enterprise IT. "If that's where the investment is going, they [consumer

An Old Company Needs New Tricks "That's not our business. That's not what we do." That was the reaction from Bechtel's corporate management when Ramleth came to them with his big idea: to

Vol/4 | ISSUE/04

Feature -01-IT Infrastructure.indd 31

REAL CIO WORLD | j a n u a r y 1 , 2 0 0 9

31

12/26/2008 5:45:40 PM


IT InfrASTruCTure technology companies] are doing something that we definitely have to look at and learn from," says Ramleth. In fact, Ramleth's search for answers in the consumer tech arena is not unusual, says James Staten, principal analyst with Forrester Research. Today's IT demands require new thinking. "CIOs are being asked to continue to reduce the overall spend on IT," he observes. "They're also being asked to spend more time building new applications and driving flexibility and doing things that transform business." To do it all, something's got to give. "You can't manage IT the same way you've always managed it and empower new flexibility," Staten says. "You have to be able to walk away mentally from old processes and procedures." Thus, CIOs are no longer satisfied with the 'your mess for less' offering

departments might rewire themselves. For most enterprise IT organizations, however, there's been more talk than action to date, observes Rubin. And whether or not corporate IT catches up to its consumertech counterparts is, in large part, dependent on IT leadership. "Historically, the CIO was the gatekeeper. But as IT has moved from "mainframe to client server to all over the place," says Rubin, "you have to start to open the gates." "In the past we wrote applications for an internal, secure environment — inside the firewall," notes Ramleth. "Now we want to create an environment for applications meant for the Internet, rather than the intranet." Ramleth, who thinks there's a little geek in everyone dying to defy the status quo, has little hesitancy about creating a next-generation IT delivery model. "I'm

Geir Ramleth, CIO, Bechtel, believes that the SaaS model for application delivery will enable the company to deliver new informationbased services.

from an EDS or IBM. They're looking for inspiration from Google and other Internetera titans. The consumer technology focus on simplification, standardization and on-demand applications made available via cloud computing holds some clues for how Bechtel and other corporate IT 32

j A n u A r Y 1 , 2 0 0 9 | Real CiO WORlD

passionate about it because I truly believe that we as a company can do business very differently in the future by changing the way we do our IT service offerings," Ramleth says. There's an old adage, popular in the recovery community: if you always do what you always did, you'll

always get what you always got. Ramleth repeats it like a mantra. "There's too much change in the world on all fronts to accept that things should always be the same."

BeTTer BenChmArks Ramleth and his team dedicated nearly a year, beginning in the spring of 2006, to study 18 companies, including a few nonconsumer companies, which had built their IT infrastructure and applications in the post-Internet era. "We found some tremendous discrepancies between our internal metrics and the metrics these guys were dealing with," Ramleth says. YouTube, serving up videos to the masses, was paying $10 to $15 (about Rs 500 to Rs 750) per megabit for networking. Bechtel was paying at least 50 times that. One Google system administrator was running approximately 20,000 servers; Bechtel's could manage just 100, which was found to be common in enterprise environments. Amazon offered storage to its individual and corporate customers at 15 cents (about Rs 7.50) per gig per month. Bechtel's shelled out nearly 40 times that amount. Salesforce.com upgraded software for its one million users four times a year with minimum downtime and no training. Bechtel couldn't even get all its users on the same version of its software. (For more on Bechtel's benchmarking results, see Bechtel's New Benchmarks) "If they can do it, why can't we do it?" Ramleth wondered. The answers provided a roadmap for PSN. YouTube has lower networking costs because it maintains locations near highbandwidth areas. Google doesn't need hundreds of employees to run its servers because they're standardized to the hilt. Amazon keeps a lid on storage expenses by making sure its servers are highly utilized. And Salesforce.com offers easy upgrades because it runs one application in one location for a million users. Bechtel, Ramleth thought, could do some of that. He and his team came up with a plan to incorporate the best practices of those technology powerhouses by building new datacenters and networks to support multi-tenant applications within

Vol/4 | ISSUE/04


IT Infrastructure Bechtel. By Ramleth's calculation, the majority of the project could be paid for by re-allocating funds set aside in the regular IT budget for refresh and maintenance work. (Bechtel will not reveal how much the PSN transformation will cost.) And Ramleth, a native of Norway who enjoys skiing, motor racing and once held an official powerboat speed world record, wasted no time getting started. "I like speed," he says in a moment of sheer understatement. Between 2002 and 2006, Bechtel's infrastructure group had consolidated

14 datacenters into seven (completely modernizing six of them). Ramleth launched the PSN initiative almost immediately afterward. In 2007, Bechtel built three new standardized datacenters in entirely different locations — one in the United States, one in Europe and one in Asia — and began decommissioning the seven that had just been revamped. The company took 30,000 square feet of datacenter space down to a couple thousand and built out a totally new network between the three new datacenters. "In the past we had brought the network to the data," says Ramleth.

"But with the PSN, we wanted to bring the data to the network. We moved closer to the traffic aggregation points." The IT group also consolidated additional servers, using virtualization to get to 70 percent utilization. (Virtualizing the apps has been a challenge, however. "As we started doing more virtualization, we had to be more sensitive to how applications are designed and developed as well as how we operate them," Ramleth notes. More on that later.) The transformation was tough for the infrastructure team, admits Ramleth. He highlighted the difference

Bechtel's New Benchmarks The company's goal is to bring IT costs in line with today's online powerhouses.

In today's business environment, says Bechtel CIO Geir Ramleth, IT needs to benchmark itself against a new set of peers: successful technology companies that built their IT systems in the Internet era. Doing so is a painful exercise for the ego. "Corporate IT is trying to break the sound barrier, and the Googles and Amazons are supersonic. They're hypersonic," says Howard Rubin, president and CEO of Rubin Worldwide and a Gartner senior advisor. But the exercise can yield big returns. Ramleth researched 18 companies and developed benchmarks against many of them. Among them were: YouTube, Google, Amazon and Salesforce.com.

Company

YouTube

Google

Amazon

Salesforce. com

Technology

BENCHMARK*

WHAT BECHTEL LEARNED

Wide-Area Network

YouTube paid $10-15/ megabit (about Rs 500 to Rs 750)

Bechtel paid $500/ megabit (about Rs 25,000)

It was more than volume discounts from telecom vendors that got YouTube its lower costs. YouTube locates its datacenters in places where there's already a lot of bandwidth, so they don't have to pay as much for infrastructure.

Servers

Google employed one systems administrator for about 20,000 servers.

Bechtel employed one systems administrator per 100 servers.

Bechtel was building whatever the business wanted, whenever it wanted, wherever it wanted. Google standardized its server infrastructure.

Virtualization

Amazon sold storage to external customers for 15 cents (about Rs 7.50)/GB/month (estimated)

Bechtel's internal storage costs were $3.75/GB/ month (about Rs 187.5)

Amazon could sell storage cheaply, Ramleth believes, because its servers were more highly utilized.

Applications

Salesforce.com provided one version of one application for 1 million users. Upgraded four times per year with minimal downtime or training.

Bechtel ran 230 applications, up to five versions of each — nearly 800 different application versions altogether. Upgrades and training were constant. No version management.

"We're so far apart from Salesforce, it's scary," says Ramleth. His team is converting Bechtel's 50 most heavily used apps into single-instance software-as-a-service apps run from a Google-like portal.

*Benchmarked costs for Google and YouTube are based on research and estimates by Bechtel in 2006 and may not reflect current numbers. 34

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -01-IT Infrastructure.indd 34

Vol/4 | ISSUE/04

12/26/2008 5:45:49 PM


between the two infrastructure overhauls for his team and his peers. The first was done to reduce operation costs, pure and simple. The PSN transformation, says Ramleth, "is meant to change the way we can serve business on a global basis." Today, Bechtel has migrated approximately 50 percent to 60 percent of its users to the new environment. "Our total costs are the same, but with a heck of a lot more capacity," Ramleth says. Ten times more, to be exact.

Acquiring the Service Provider Mind Set The infrastructure work, it turns out, was the easy part. Once the new backbone was in place, Ramleth planned to certify Bechtel's most heavily used applications for the new environment. The ones that made the cut would be offered in a SaaS fashion. Those that didn't would be left to die off as employees and partners using them finished their projects. There's only one problem: the external multi-tenant application model, which assumes centralized management of apps and data for all users, isn't an obvious fit for Bechtel or other large enterprises. "The information that we have in our systems is not always ours. We might deal with a partner that has proprietary technology information that they don't want to leave our premises," says Ramleth. "If you have to go to a SaaS provider, you might not any longer know exactly where information is." It's also tough for a big, often Byzantine business like Bechtel to alter its processes to align with an external SaaS offering. "The change would just be too big," says Ramleth. "Because of the highly distributed way we operate, it would be hard for us initially to integrate a third-party SaaS offering with our work processes and embedded applications." In addition, he says, there are industryor enterprise-specific applications, like Bechtel's proprietary suite of procurement 36

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -01-IT Infrastructure.indd 36

applications, that aren't available from a reliable SaaS vendor today. The solution became for Bechtel IT to become its own SaaS provider to Bechtel's project teams. By the end of next year, Ramleth expects to convert and certify 50 of Bechtel's most heavily used applications for operation in the new environment and offer them to users via Internetbased portal technology that includes Microsoft SharePoint.

Google-Like Apps The IT organization studied software usage patterns and found that for any given application, 80 percent of users weren't doing heavy transactions. They were mainly trying to get some information (such as the status of a project) or perform a minimal operation (such as make a purchase). Ramleth's team realized this majority of users could benefit from having access to smaller pieces of big applications via the portal. "You can make a few screens available to a user who otherwise would have had a myriad of applications to go to," says Ramleth. "It wasn't rocket science, but we finally got that." The goal is to create a Google-like experience for enterprise

application users. Log in to the portal, pick a task and get it done in a few simple steps rather than logging in to an assortment of applications. "The portal is really where we'll get the benefits of the consumerization approach," says Ramleth. He expects that new versions of applications and pieces of applications delivered via the portal will lead to increased productivity and reduced training for users. Some users will still need the full version of certain applications — such as computer-aided design software — and IT will continue to support them. "Those designers aren't necessarily nomadic users," says Ramleth. "We'll keep the largerscale deployment models for those stationary heavy users." So far, IT has converted about a dozen applications to the new environment and made parts of many more available via the portal. Microsoft Exchange, which used to run on more than 100 server environments around the world, is being consolidated via the PSN. InfoWorks, Bechtel's workflow and document management system — which used to be deployed in a distributed fashion project-by-project — has been rewritten to operate on a centralized, multitenant platform. The development team has had to keep in mind the requirements of the new, highly virtualized back-end when rolling out new Internet-based versions of Bechtel applications. "You have to use technologies that are already certified for use in the virtual environment. You have to tune your databases differently. You have to write and architect applications that can work in a multi-processor environment and [according to a] dynamic utilization model." In some cases, IT is rewriting the old applications. In others, they're transitioning the legacy systems to the Internet using the virtual application server from Citrix. Ramleth knows that some applications will be harder to convert to the new environment than others. While there are no "show-stoppers," he says that figuring

Il lustratio n by p c anoop

IT Infrastructure

Vol/4 | ISSUE/04

12/26/2008 5:45:51 PM


IT Infrastructure out how to rework Bechtel's in-house procurement application is going to be particularly difficult. "We can't lean on the vendor community for help," he says. What's more, "it's as big an application as a full-size ERP implementation. But we believe that it's a big differentiator for us in the marketplace." Ramleth's team is migrating employees and partners to the PSN portal as they are assigned to new projects. Ten thousand users globally are using services within the PSN today, and Ramleth has the complete deployment wrapping up by the end of 2009. It's not an easy transformation for any company. "If you look at Google or Amazon, they were able to build their infrastructure with no legacy," says Forrester's Staten. "Most organizations just find it too hard to operate in the flat Google environment because they have to completely rewrite all of their applications," the way Bechtel is doing. "To be totally honest," Ramleth says about the apps transformation, "this is where we still have a lot more work to do."

Dealing With Disruption It's been a period of disruptive change for IT. "Without change, life would be boring," Ramleth says, but he realizes that many people in his organization hold a dissenting view. The first issue that surfaced was security. "When you start saying, 'We should think more like an external provider,' the first thing people say is, 'Let's be careful with what we're doing in security.'" Ramleth made a deal with his security team — a hand-shake pact that before anyone spent any significant amount of money on PSN, there would be a clear view of how security might work. By March 2007, when PSN work began in earnest, the security team had embraced a new way of thinking. Bechtel began working with Juniper Networks on a policy-based security model for the PSN. It's not perfect yet, but it's progressing. "It's a big change from having stuff inside or outside a firewall to this model we call any-to-any, secure-when-needed," says Ramleth. 38

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -01-IT Infrastructure.indd 38

Finding a Way to the Cloud

Bechtel has bet its IT future on cloud — or on-demand — computing. But for many IT organizations, the concept remains a pie-in-thesky, according to CIO Research.

Not Yet Business-Critical

Less than half of IT organizations currently use on-demand resources for enterprise applications or infrastructure. Currently using or implementing

Plan to use in 1 to 5 years

On the radar/ researching

No plans

Collaboration tools

50%

15%

18%

18%

Enterprise applications (e.g. CRM, ERP, BI)

35%

12%

19%

34%

Application platforms/ development software

34%

9%

27%

31%

Utilities (e.g. anti-virus spam filters, desktop management)

33%

14%

21%

32%

Servers

32%

11%

18%

39%

Storage

31%

16%

22%

30%

Networks

27%

12%

17%

45%

Personal productivity software

23%

13%

22%

43%

Big Changes for IT Someday

There's potential for the cloud to transform IT. But technology and security must mature, first. Cloud Computing...

Agree

Disagree

Neither/Not Sure

Will cause a radical shift in IT

58%

24%

18%

Will take years to mature

54%

30%

16%

Current offerings are not appropriate for my business

36%

44%

20%

Vendors have not adequately addressed security concerns

60%

19%

20%

Vol/4 | ISSUE/04

12/26/2008 5:45:51 PM


IT Infrastructure "What has been harder is getting our IT people to accept these larger changes," he continues. "IT people are not the risk takers of the world." And for many at Bechtel, the PSN represents big professional and personal risk. Specialized skills they spent years perfecting are seemingly going by the wayside in a more commoditized, cloud-based IT world (although the new

to create business differentiation. It frees up money and it frees up focus."

Everything as a Service If Bechtel is able to get its big applications up and running in the new environment by the end of next year, that will be a success. But it's just a baby step, says Ramleth. "If

“If you say the ideal world is when everything is done as a service — computing, storage, software, X-asa-service — and you look at where enterprises are today, we have a long road to go.” — Geir Ramleth technology, as Ramleth sees it, brings with it additional opportunities as well). Ramleth identifies three ways employees respond to change. "You have some people that just take you on blind faith and say, 'This makes sense, let's figure out how to do this,'" he says. Next, "there are some early followers who say, 'I would like to be there, but tell me that I am not going to get hurt.' They don't need too much convincing." In the third group "are the people who become part of the problem rather than part of the solution." The key to winning over the staff is to look for individuals in the latter group whom you can convert from pointing out everything that's wrong with the new plan to helping you figure out what has to change to make it right. Notes Ramleth: "I often say to people, 'I don't know of anybody that embraced change that ever got hurt by it. Most people that embrace change benefit from it.'" Experts say such a transformation can benefit the larger IT group, "The enterprise can actually start to do things quite differently," says Rubin. "[It can] take all that time and money tied up in technical specialization and leverage that massive amount of new computing power 40

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -01-IT Infrastructure.indd 40

you say the ideal world is when everything is done as a service — computing, storage, software, X-as-a-service — and you look at where enterprises are today, we have a long road to go," says Ramleth. He imagines a 10-step process. Steps one and two were to build the foundation— three new highly standardized and virtualized datacenters. The next few will be to transition the old applications into the new environment. Then comes the hardest part: getting new business value from the PSN. Or as Ramleth puts it, "what it is that you can do now that you never did before." One of those new things will be to offer partners and customers lifecycle information management. Today, there's no comprehensive capture of information on Bechtel's massive, years-long projects. But if the PSN becomes a part of day-today business, says Ramleth, "we can really start doing cross-company integration." For example, Bechtel recently built a polyethylene plant in China. Once the PSN is fully deployed and integrated into Bechtel's business operations (by 2011 or 2012), Bechtel could help the plant owner implement its IT infrastructure and applications so that all of the information that was gathered while Bechtel was on

the job is automatically integrated into the customer's IT systems. If there's a problem with, say, a valve, someone would be able to query the plant's SAP maintenance software and find out who the manufacturer is, what the specs are and how to fix the problem. Better yet, as more viable "X-as-a-service" offerings become available from third-party providers, Bechtel will be in a better position to plug and play. "Could we someday buy storage from Amazon, for example?" asks Ramleth. It's possible, he says. With the in-house transformation behind Bechtel, "making that leap will be easier." "We see what we're doing with the PSN — creating our own internal proprietary cloud — as an enabler and precursor to [embracing] third-party SaaS offerings in the future," he says. "We'll have already broken down our old operating model and reduced internal complexity." Meanwhile, Ramleth no longer gets blank stares when he talks to his executive peers about incorporating the best practices of YouTube, Google, Amazon and Salesforce. com. Not only that, he reports, "I'm getting a heck of a lot more interest from CIOs asking how they can do this. Maybe they're starting to come into some of the same issues we were, or maybe I'm just articulating it better." Ramleth is convinced that IT leaders who wait to pursue similar strategies will be at a disadvantage down the road, as they continue to build more complexity and resource demands into their current environments instead of systematically trying to reduce that complexity and increase efficiency. "You have to start opening up a little to this way of thinking so you can start to transition now, rather than making it an expensive forklift operation down the road." If the day comes when all computing moves to the cloud, at least Bechtel, Ramleth insists, won't have to start from scratch. CIO

Send feedback on this feature to editor@cio.in

Vol/4 | ISSUE/04

12/26/2008 5:45:51 PM


Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM


CustOmer analytICs

mAkIng busInEss A pRIORIty Customer analytiCs

Given the current econonic climate, those interfacing with customers — and therefore in charge of ensuring their loyalty — have to work harder. We asked 148 CIos how important the needs of customer-facing employees were and how they were helping.

In the Line of Fire

How many customer-facing employees do you have?

CROss COnnECt? Despite the fact that increasing customer loyalty is the biggest challenge for customer-facing employees, most CIOs seem to be focusing on data mining projects. IT projects that are meant to increase customer loyalty come second. 42

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

35.4%

1,000 or more

3.1%

800 – 999

2.1%

600 - 799

7.3%

400 - 599

15.6%

200 - 399

11.5%

100 - 199

25%

Less than 100

CustOmERs At thE DOOR

Of CIOs have retail or customer-facing operations.

What's In the Way?

What key challenges do customer-facing employees encounter?

54.6%

Increasing customer loyalty

39.8%

Cross/up selling

42.6%

Creating appropriate offers

48.1%

Mining customer data

53.7%

A lack of predictive analytics

11.1%

Other

Respondents chose all that applied.

Vol/4 | ISSUE/04


CustOmer analytICs

What Are you Focusing On?

Can It help Organizations Increase Customer Loyalty?

Do you currently have projects in any of these areas?

44.8%

Increasing customer loyalty

29.2%

Cross/up selling

38.5%

Creating appropriate offers

53.1%

Mining customer data

51%

Predictive analytics

14.6%

Other

According to CIo o’s survey, increasing customer loyalty is among the hardest jobs in an organization. What can IT play a role in easing this burden? “Technology assists the business in preempting the consumer’s changing needs by analyzing trends. It is not the post-mortem that helps — but the proactive approach that counts. ” RAv A IkIRAn mAnkIkAR Av GM-IT, Shamrao Vithal Co-operative Bank

Respondents chose all that applied.

“One can’t create loyalty; one can only retain customers. We ensure that customers find what they want. With analytics, you understand your strengths and the opportunities for improvement.” ARun O. guptA upt uptA Customer Care Associate and Group CTO, Shopper’s Stop

kEEpIng CustOmERs hAppy

“When over 60 percent of your client base are repeat customers, managing their loyalty becomes all the more important. We routinely capture feedback, which we then analyze to better our products and services.”

of CIos say that increasing customer loyalty is the hardest part of their customer-facing employees' jobs.

CUSTOMER ANALYTICS

Presented by

DAy AyA Ay yA pRAkAsh Head-IT, LG Electronics

“Retaining customers is a top priority. Though we don’t have a BI solution, we leverage several other tools to collate data and provide maximum visibility about a customer’s investment to our users.” ChAItA t nyA tA ny WAgh Director-IT, JM Financial

UNVEILING CHALLENGES IN CUSTOMER ANALYTICS


SCM

Existing methods of haulage, storage, shop inventory and customer delivery are set to be revolutionized. As a result, the information infrastructure to support the supply chain will also undergo a major reinvention. Here’s how to prepare. By Mark Chillingworth

W

et summers and extreme floods, Tesco branded vans darting in and out of suburban streets like minnows in a stream and a conservative party stating it will tax companies on the impact they have on the environment. These issues are indicators of the pressures the supply chain of major retailers and manufacturers in the UK is about to endure from customer consumption habits and regulations. Existing methods of haulage, storage, shop inventory and customer delivery are set to be revolutionized. As a result, the information infrastructure to support the supply chain will also undergo a major reinvention. 44

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -02-Supply Chain.indd 44

Reader ROI:

The new factors affecting the supply chain How to meet the new challenges Why collaboration will play a crucial role

Vol/4 | ISSUE/04

12/26/2008 5:55:57 PM


SCM

Vol/4 | ISSUE/04

Feature -02-Supply Chain.indd 45

the 2007 Bali Treaty, as well as other legislative initiatives, are "challenging the industry to come up with breakthrough solutions by 2020. Preserving energy and raw materials and other resources like water will become a crucial aspect in future supply chains." Organizations are already seeing some of the challenges coming into view. Jane Scott, CIO at food services and supply chain provider 3663 said, "We can be more efficient. We have to comply with supply chain legislation already that fits in with being more sustainable." 3663 Food Services supplies the catering and hospitality industry. Its main clients are companies like Compass which runs the Starbucks, Burger King, Upper Crust and Ritazza chains in the UK. Scott has been CIO for the company for five years having joined the company from Coca Cola. Anthoula Madden, vice president of consumer products and consulting services at CapGemini was involved in the production of the 2016 report, she describes the current supply chain as, "focused at the moment on the replenishment of the

outlets, but not enough on planning and other processes, such as returns or removal of waste and recycling materials. A lot more integrated planning is required." Nigel Bagley, director of customer development at food and household goods manufacturer Unilever agrees and told experts, "We can't continue to operate with a supply chain that was developed decades ago on a historical method of manufacturing and delivery. The world has changed and we have to change our supply chain to adapt to it."

The Shape of ThingS To Come With a focus on keeping retail outlets fully stocked, CapGemini found that the majority of supply chains are also focused on reducing costs and supporting the ROI objectives of the business and its brand reputation, which is, of course, the role of every division of the business. CapGemini says that new targets will be introduced such as a reduction in the energy consumption and meeting targets to reduce traffic congestion. The 2016 report includes a sevenpoint supply chain modernization plan, with these recommendations for organizations to consider: in-store logistics which deals with the shelf ready products, collaborative logistics that takes care of sharing of transport and warehouses, reverse logistics that includes product recycling, packaging and returnable goods, demand fluctuation management with more planning and monitoring, labeling, alternative energy forms and more efficient vehicles and buildings, and last but not the least, joint business planning. "Current KPIs can be used to measure supply chain efficiency, they do not adequately address supply chain sustainability," the 2016 report states. Its seven solutions bring the CIO into the fold. In-store logistics, which REAL CIO WORLD | j a n u a r y 1 , 2 0 0 9

45

IllUSt ratIon by anIl t

Management consultants CapGemini have been studying the future landscape of the supply chain. Its 2016 Future Supply Chain report indicates that the complexities of the challenges facing the supply chain are not the sole responsibility of the supply chain manager. In the report, Roland Dachs, supply chain vice president at packaging manufacturer Crown Europe and Xavier Derycke, director of retail chain Carrefour say, "Until now, the most important parameters for supply chain designs have been related to cost efficiency and on-shelf availability," the duo warn of the challenges to come, "new factors are becoming increasingly critical, such as traffic congestion in urban areas, energy consumption, CO2 emissions and the permanent rise in transportation costs." A raft of legislation has already come into force. In the UK, supply chain managers now have to comply with the London congestion charge, which has drastically reduced the number of vehicles that come into the center of the city. Earlier this year the 'low emissions zone' was introduced, which places a ÂŁ1000 (about Rs 70,000 ) fine on haulage vehicles that do not comply with standards set down by Transport for London. The British Climate Change Bill, which came into force last November, sets a legal target for Britain to achieve a 60 percent cut in its carbon dioxide emissions by 2050. In the near future, CapGemini foresees water consumption regulations and increasing security regulations imposed not only on information, but also on the warehouses the supply chain uses to store its inventory. Consumers embrace these regulations as they believe they improve the quality of life, especially for those living in urban environments. Corporations have to convince their consumers that they are behaving responsibly towards the environment. CapGemini believes


SCM will require greater adoption of radio frequency identification (RFID), reverse logistics and greater use of alternative fuel are self explanatory changes, but sharing transport, warehouses and information between high street rivals is a giant leap forward in business collaboration. CapGemini sees collaboration as imperative to the future supply chain. "Getting products on to the shelves will not diminish as a pressure, but organizations will have to become more dynamic," Madden says. Transport, warehouses

approach to supply chain with shared warehouses on the outskirts of the historic city stocking goods, which were then transported into the center of the city by special cargo trams, before the goods were transferred to electric delivery vehicles for the final leg of the journey. Madden points out that for many goods and types of retailers there is no competitive advantage in having separate warehouses, for example a group of major book publishers share a warehouse in Amsterdam.

“CIOs need to be looking to the future, because collaboration will become more important and also the needs of the organization to reduce emissions. — Anthoula Madden

VP - Consumer Products & Consulting Services, CapGemini

and information will have to be shared between manufacturers, retailers and logistics suppliers, the 2016 report states. "Improving such collaboration demands new ways of working together. "The future supply chain is expected to provide clear benefits for our society, for industry, for individual companies, and ultimately for consumers and shoppers," they report. But they say these challenges are positive for organizations, with transport costs reduced by 30 percent per pallet, handling costs per pallet down by 20 percent and CO2 emissions per pallet reduced by 25 percent, and they confidently predict that on-shelf availability will not be diluted. Scott, who is part of the wider business management team at 3663, said the organization is looking at the shared warehouse and trucks options. "We are already back-hauling, if a vehicle is returning from a customer we look for an opportunity to fill it up from a supplier on route," she says. Amsterdam has already experimented with a collaborative 46

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -02-Supply Chain.indd 46

Nigel Underwood, CIO at logistics supplier DHL says he and his team are spearheading collaboration in partnership with a DHL global consultancy. The procollaborative attitude at DHL has, in part helped it win contracts with Starbucks, Jaguar and Land Rover. Madden also believes the current upward trend of online shopping and home delivery will change the supply chain radically. Deliveries after 7 PM will increase and she even predicts that secure delivery points where a consumer can collect something if they are not at home, these could be Post Offices or local storage points. Already companies such as Ocado fulfill their customer orders direct from a warehouse, taking the shop out of the supply chain. In Sweden, Madden said she has observed the white goods industry embrace post 7 PM deliveries so that it can ensure that the customer is at home to receive their goods.

Technical Demands Scott is currently integrating a new Microsoft Dynamics AX enterprise resource planning (ERP) system into the 3663 wholesale division, which she and CapGemini both believe will improve supply chain management and enable the organization to react to the demands that are to be placed on the supply chain. Scott has already integrated voice-based technology, but is holding back on RFID. "We will sell products in the unit size the customer requires, so not a whole case for example, which makes RFID very difficult to utilize and the cost is prohibitive," she says of the role 3663 plays as both a vendor and distributor of catering food goods. "RFID cannot be used on fresh fruit and vegetables, but I am considering it for roll cages (the wheeled steel crates used for carrying separate goods onto a vehicle and then into the retail outlet)." Scott said her next main focus will be on using technology to improve vehicle routing and is already seeing benefits, she is currently going out to tender for a partner to develop a telematics navigation system for its fleet of 1,200 vehicles. Anthoula Madden at CapGemini believes the greatest technology challenge is the lack of standards in retail supply chain information management. She highlights the global data synchronization standard, but says it has been very slow to be adopted. "The trouble is retailers are still in the process of adopting ERP and removing legacy systems. The adoption of the global data synchronization standard will enable collaboration," she says. In manufacturing, she says the picture is clearer as SAP ERP systems have become de facto technology, and "that is the big difficulty for the two sides of the supply chain". CapGemini believes this new model of a supply chain is only achievable with greater collaboration "among all parties in the supply chain" and it will require "new ways of working together in the physical supply chain". If industry leaders collaborate, they also believe the government will "enact more appropriate regulations". Technically, they believe this

Vol/4 | ISSUE/04

12/26/2008 5:55:59 PM


SCM will require a standardized information infrastructure that is flexible, operates in real-time and uses demand data from the consumers as its starting point to give greater clarity of product demand. For all parties in the supply chain to reap benefits, information transparency is a must as CIOs at retailers open up their information silos to suppliers to see the demand for a product. "Information about the actual status of items in the supply chain, at any moment, is essential to correctly co-ordinate all the combined logistic streams." CapGemini doesn't underestimate the level of trust that will be required between supply chain partners, but sees it as crucial. For the CIO, this means the development of a platform for the exchange of information with the Web as the base. Scott at 3663 sees forecasting as the intermediate answer, "Forecasting integrated with demand so that we can use information and technology to make a decent forecast," she says 3663 is very dependent on accurate procurement decisions. Bagley at Unilever is a great advocate of the role technology and information can play in re-inventing the supply chain. "What our supply chain has today that it didn't have in the past is access to information, and our supply chain is dependent on information. "So if we want to bring innovation into play, we need to start by thinking about bringing in the information that is available and incorporating that into making a more efficient supply chain."

CIO and the Supply Chain "CIOs are currently involved to the point of delivering systems and meeting the requirements of the business. They are looking at today's requirements and they need to be looking to the future," Madden says. "Because collaboration will become more important and also the needs of the organization to reduce emissions," she adds. CIOs becoming involved in the supply chain will need to develop an information architecture that enables 48

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -02-Supply Chain.indd 48

Whose Carbon: Yours or Mine?

F

eeling increasing pressure, both internally from high-level execs and externally from customers, investors, and politicians, companies are taking the size of their carbon footprints quite seriously. Yet, more companies are determining that their own daily operations aren't the sole contributors to their carbon emissions. Rather, they're factoring in the emissions produced by the vendors down their supply chains. No one wants to be a greenhouse gas spewer by association, so to speak. Exemplifying this trend is the fact that an institution like the carbon disclosure project (CDP) exists. The CDP is a collaboration of over 315 institutional investors managing more than $41 trillion ( about Rs 205,00,000 crore) in assets. CDP is working with 11 corporate giants — including IT heavyweights HP and Dell — to develop a standard method to gather carbon-emissions information from suppliers. According to CDP, developing a standard means for suppliers to deliver carbonemissions information "will vastly decrease the burden on [those] suppliers who might otherwise receive several separate requests for similar information." "By bringing together the purchasing authority of some of the largest companies in the world, CDP will encourage suppliers to measure and manage their greenhouse gas emissions,” says CDP CEO Paul Dickinson. “This will enable large companies to work towards managing their total carbon footprint, as the first step to reducing the total carbon footprint is to measure its size." Some of the companies that are participating in the supply chain leadership collaboration include: Cadbury Schweppes, Imperial Tobacco, L'Oreal, Nestle, PepsiCo, Procter & Gamble, Reckitt Benckiser, Tesco, and Unilever. — By Ted Samson

collaboration. "This will mean that an organization will have to have a serviceoriented architecture (SOA) in place for this greater flexibility and the ability to share data. When this is in place an organization can change its KPIs." The CapGemini report breaks supply chain collaboration into four concepts: information sharing, collaborative warehousing, collaborative city distribution and collaborative nonurban distribution, which could include customer pick up. Bagley agrees that collaboration has a lot to offer, "Historically, we have had a manufacturer supply chain and a retail supply chain, but that is not workable today. That has inbuilt inefficiency, so by collaborating with manufacturers, suppliers, and logistics people and working together we can create a

collaborative model." "For IT, the role is getting the most out of what we have already got," Scott at 3663 says, this includes the efficiency of the truck fleet through route planning and re-routing vehicles if necessary. It should provide tools to drivers to ensure they can efficiently complete paperwork and monitoring the temperature of their vehicles. "There is a greater need to drive the efficiency more than ever now." CIO

Send feedback on this feature to editor@cio.in

Vol/4 | ISSUE/04

12/26/2008 5:56:00 PM


Storage InfraStructure

InformatIon Well

A majority of CIOs are firmly convinced that an enterprise-wide information management strategy is important, if not critical, for the success of their businesses. So what are they doing about it? Read on and find out what the 148 IT leaders polled said.

Storage InfraStructure

Game Changing

Is an enterprise-wide information management strategy critical to stay in the game? 12.6% Somewhat agree

1.8%

Not necessary at all

34.2% Absolutely inevitable

51.4% Strongly agree

access‌

Do all employees/users have access to structured data?

10%

Full access to all employees

37.3%

Partial access to all employees

17.3%

Full access to a few employees

35.5% Partial access to a few employees

of cIos are actively looking at outsourcing information management compared to 29% who would rather do it in-house.

Whats the State of your Data? Is your data‌

What is your biggest worry when it comes to information storage?

10.90% Not integrated at all

37.3% Archival and/or structuring

20.90% Fully structured and standards-based

10.9% Storage space

68.20% Somewhat integrated structured and unstructured data

50

What's Scary?

j a n u a r y 1 , 2 0 0 9 | real CIo WorlD

1.8%

Other

5%

Back-up and recovery

VOl/4 | ISSUE/04


Storage InfraStructure

are there Benefits to Heterogeneous Storage architecture?

Is Storage a Priority? 40.4% Yes, a priority

Ease of management or vendor lock-in? CIOs are divided on this issue.

42.2% Somewhat a priority but not the first “I don’t see any benefits in a heterogeneous architecture since it makes maintenance of storage infrastructure a big challenge. I would prefer a homogenous environment any day.”

17.4% Not a priority

What's Your 2009 Plan?

Over the next 12–18 months, where do you plan to spend the bulk of your storage budget? 21.5% Storage area networks

“I prefer a heterogeneous system as it helps me avoid vendor lock-in, especially in a market situation where the demand and supply of storage capacity are disproportionate.”

2.8% Other 14%

Data lifecycle management

tarun PanDeY t VP-IT, Aditya Birla Financial Services

32.7% Storage archival and warehousing technologies 29%

a atul lutHra Head-IT, PVR

Storage virtualization

“I use a homogenous environment because it is better for us to get great service from one vendor, rather than a number of unmanageable ones. There is less risk involved as well.” S.S. SonI Executive Director-IS, Indian Oil

What for? Why would you adopt an integrated approach to accessing and analyzing data? To achieve competitive differentiation

72.9%

To stay in the game

17.8%

For compliance only

4.7%

Other

4.7%

STORAGE INFRASTRUCTURE

Presented by

“We prefer not to have more than two vendors, since support and management of any more than that is a problem. We stick to the best technology offerings.” SuDHIr K. reDDY CIO, Mindtree

UNRAVELING THE STORAGE ROADMAP OF I.T. CHAMPIONS


Storage

Launching a storage virtualization project? Industry watchers offer five key questions you need to ask. By Stacy Collett

N

storage capabilities, and the engineers needed them fast ASA's Infrared Processing and and at a low cost. Analysis Center wasn't shooting for the "We were trying to find a way to step outside of the stars when it turned to virtualization normal storage purchases to meet our to meet its storage needs. Reader ROI: 'high performance and high availability on IPAC's cash-strapped Various levels of a budget' requirements," explains Eugean effort to record images storage virtualization Hacopians, senior systems engineer at IPAC of our universe — up to 30 million objects The importance of in Pasadena. IPAC had already purchased captured each night and 42 billion records knowing why you want to virtualize a shared-storage system from Seanodes in over the life of the project — required big 52

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -05-Storage Virtulization.indd 52

Vol/4 | ISSUE/04

12/26/2008 5:57:08 PM


STorage

What problem are you trying to solve? The term 'storage virtualization' has become a catch-all phrase used to refer to many types of technology that make more efficient use of your storage assets. It can also bring these assets under a single management umbrella with a single point of control. Since storage virtualization comes in all shapes and sizes, first determine what level of storage you're trying to optimize. Is the pain point at the block level, file level or tape library level?

Vol/4 | ISSUE/04

Feature -05-Storage Virtulization.indd 53

For block-level storage, virtualization can help consolidate large, disparate soft assets in the form of storage tiers, or it can simply bring them all under one roof. At the file level, virtualization comes in handy when companies develop too many islands of network-attached storage. "[If] your users are storing data all over the place, and you can't back them all up under a single roof, you use storage virtualization to bring all that under a single umbrella, and everyone accesses it through a common [naming convention]," explains Ashish Nadkarni, principal consultant at GlassHouse Technologies. At the tape library level, virtualization is used for making online storage appear as tape to the backup software.

Do you W Want host-, netWork- or array-baseD virtualization? When deciding what type of virtualization is best, "it really comes down to what problem you're trying to solve and what kind of vendor affinity you have," Nadkarni says. For most IT units, having host-based virtualization is a given, since volume managers run on the host. More often than not, you'll see host-based virtualization in a storage-area network environment. "Array-based virtualization is more of a function of which vendor you're going with for your primary storage," Nadkarni says. For example, with some Hitachi Data Systems storage products, virtualization can be deployed by enabling an existing software key within HDS's Universal Storage Platform or its Network Storage Controller. "So you'll go with array-based if you plan to buy a Hitachi frame for your Tier 1 storage," he says. Network-based virtualization is typically used if you plan to make your SAN a multiprotocol storage network and in doing so are porting the network intelligence — which also includes virtualization. Some products blur the lines between host-, array- and networkbased virtualization. "Products like Seanodes' would be considered host-based virtualization because you're virtualizing over the nodes," Hacopians explains. "You could also think of it as network-based, because you're virtualizing and spreading it across and letting the network take care of itself." Industry watchers agree that virtualization might be easier to reAL CIO WOrLd | j a n u a r y 1 , 2 0 0 9

53

Il lUStrat Io n by UnnIkrIShn an aV

Cambridge to get control of its clusters with multiple compute nodes. But Hacopians soon learned that he could put storage on the nodes and that they could work as compute servers and storage servers — without additional costs or upgrades. "In general, I'm not really fond of virtualizing things," he says. In his mind, "everything has its own place. But it's a solution that fits a need." Indeed, virtualization can offer a solution for many storage challenges. But it can also be costly to buy and complex to implement, and it might require you to purchase equipment you didn't need before, such as new switches or servers. How do you decide on the right approach and choose the right vendor? Industry watchers suggest five key questions to ask yourself and your prospective vendors before selecting a storage virtualization technology.


Storage implement and cost less if IT groups stick with their vendors. "If you're primarily in a Hitachi environment, for example, arraybased virtualization is probably going to make the most sense," Nadkarni says. "If you're a Cisco SAN, and you already have the infrastructure to implement Cisco virtualization, then network-based makes more sense."

How much complexity can you handle? Host- and array-based virtualization are usually the easiest to implement, experts say. Network-based systems are often the trickiest because there is no direct way of virtualizing in a network. Most IT shops use third-party appliances. Cisco's system usually requires users to buy enabler software or an appliance or other third-party tool that sits alongside it, Nadkarni says. "Then you have to figure out whether it's going to be asymmetric or symmetric,"

he says. "Where are you going to store your depository? What services do you want to provide? What arrays are you going to virtualize?" In an array-based setup, "you take your second-tier arrays and just virtualize them behind your existing arrays. It's one view to the whole world — like having one entrance to the office," Nadkarni adds. Gene Ruth, an analyst at Burton Group, says the simplest approach is to choose an all-inclusive system, add appliances and then link them. But beware of diminishing returns. "At some point, it just gets complicated, and it may not be worth it when you aggregate too many appliances," Ruth says. "Then you have to ask yourself, is it better or are you getting this lowest common denominator?" The hardest part is the planning phase, says Roman Perez, systems engineer at Business Technology Partners in New York. "If you have a big company with thousands

4-Step Skills Analysis

Storage staffers can make the leap to managing virtual environments, but not without targeted training. Step 1: Clearly understand what you're trying to achieve with storage virtualization. Is this project part of a broader virtualization deployment strategy? Or is it designed for a specific use, such as tiered storage, disaster recovery or basic resource management? Make sure you fully understand what you want to achieve (or overcome) by deploying storage virtualization.

Step 2: Assess your current skills and identify gaps. Look across your IT staff for relevant and related skills. Is your storage specialist virtualization-savvy? Do you have IT workers with years of relevant mainframe or system virtualization experience? Look at your virtualization project to see whether any specific platform integration will be required (for example, hypervisors, clustering or data sharing).

Step 3: Evaluate independent training and certification. Before conducting vendor analysis, make sure you've addressed potential skills gaps in order to make an assessment of different approaches to virtualization and how they might fit into your organization's existing infrastructure.

Step 4: Consider vendor-specific training. Storage virtualization approaches vary from vendor to vendor, so if you have selected a new vendor or are expanding work with an existing vendor, you will likely need some custom training to ensure that you're taking advantage of all the features the vendor provides.

of servers, you have to do it little by little, and that's a big project," he says.

What's your budget? Your budget will depend on the type of virtualization you need. Block-level virtualization is cheaper if you implement it as part of your upgrade. If you're buying or implementing a new SAN, then incorporating storage virtualization within the SAN is more prudent than buying off the shelf. "It tends to be pricey because you're now trying to 'a-la-carte' it. Do it as part of a larger upgrade so you can bundle some costs into the upgrade itself," says Ruth. He also recommends that IT managers compile a spreadsheet to compare those scenarios. For virtual tape libraries, it's important to correctly estimate virtualization needs — or risk buying much more capacity than you need.

Do you have an exit strategy? Network-based virtualization can get tricky, Nadkarni says. "It can get a little complex over time, so you have to make sure that whatever architecture you're implementing [can be withdrawn from]," he says. "You shouldn't be stuck with it." Most storage virtualization products create metadata from your data. That's how the storage objects they virtualize are managed. "Un-virtualizing means figuring out how to re-appoint your metadata back to original data," Nadkarni explains. "The second problem is, your data could be across multiple storage areas or multiple objects. In that case, you now have a challenge of trying to present the same data, in a committed manner, back to the host again." Storage virtualization isn't an insurance policy against sloppy practices, Nadkarni says. "It's almost like taking a dirty room and stuffing everything that's out of place into a closet," he says. "You really need to put things back into their place. So storage tiering or other good storage practices need to be taken care of first. Then you can move to the next step and implement storage virtualization." CIO

Source: Storage Networking Industry Association Send feedback on this feature to editor@cio.in

54

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -05-Storage Virtulization.indd 54

Vol/4 | ISSUE/04

12/26/2008 5:57:11 PM


Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM


NetwOrk INfrastruCture

Staying connected

Most CIOs are betting on unified communications and are planning to invest in the technology this year. For the rest of what's in store in 2009, read on to discover what 148 CIOs told us.

Network INfrastructure

Reliability Is the attribute that most CIOs are looking for when they outsource network infrastructure.

31.5

What Kind of Spender are you?

Most CIOs have dedicated 10-20 percent of their overall budget to network infrastructure this year.

26 20.5

your budget 12.3 9.5

% of CIOs

0-10 10-20 20-30 30-40 40-50

% of their budget they plan to spend on network infrastructure this year.

How would you describe your network infrastructure budget for this year? Significantly reduced

7.1%

Moderately reduced

19.6%

Marginally reduced

13.4%

No change in budget

23.2%

Marginally increased

19.6%

Moderately increased

13.4%

Significantly increased

3.6%

you Face With

What is the biggest challenge in your current network infrastructure?

On an average, a fifth of a CIO's overall IT budget to be spent on network infrastructure in 2009-10. 56

j a N u a r y 1 , 2 0 0 9 | Real cio WoRld

23.1% Bandwidth 30.6% Maintenance

11.1%

Latency

28.7% Future-proofing 6.5%

Others

VOl/4 | ISSUE/04


NetwOrk INfrastruCture

What's Planned for 2009?

What Would Prompt you to converge your network?

Which networking technologies do you plan to invest?

53.4%

Unified Communications

24.3%

10 Gig Ethernet

35.9%

Wireless LANs

48.5%

MPLS Mesh

35%

Converged Networks

1%

Others

CIOs strongly believe that a converged network can optimize operational costs but at the same time there is some debate over cost-effectiveness. “In the media industry, where data, voice and video usage is high, a converged network helps in centralization and ease of management. It utilizes fewer resources thus increasing cost-effectiveness.” Sunil Mehta Senior VP & Area Systems Director, Central Asia, JWT

Respondents chose all that applied.

“A converged architecture is great but is not affordable. With the huge amounts of investment in existing infrastructure, the cost of converged network is a major impediment.” t anantheSWaRan t.P. Head-IT, Mumbai International Airport

“A converged network enables user collaboration. It also improves security through identity management, for example. We have also seen great value in scaling up to business needs.” b.l.V. Rao VP Networks & Systems and CISO, Infotech Enterprise

The percentage of CIOs who use the offerings of a network services provider.

NETWORK INFRASTRUCTURE

Presented by

"A converged network combined with unified communications is much needed given the current economic climate. It also improves mobility, efficiency, performance and increases efficiency." ajay KuMaR MeheR VP-IT, Sony Entertainment Network

REVEALING TRENDS IN NETWORKING INFRASTRUCTURE


Networking

With ever-expanding networks and companies wanting to increase their bandwidth, network costs are on the rise. Here’s how to control those spiraling expenses. By Karen D. Schwartz

58

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -04-Networking.indd 58

Vol/4 | ISSUE/04

12/26/2008 7:39:35 PM


Networking

The Problem

PCs to mobile PCs. Over the next five years Forrester Research believes corporates will reach an inflection point where traditional PCs are eclipsed by mobile PCs. "Now you have a device that perhaps needs a port or wired drop at the desk and may also need to be supported on a wireless network, so the number of means by which employees can connect to the network drives the size of the network in terms of end points of connectivity," explains Chris Silva, an

According to the Aberdeen Group, network costs continue to rise. In 2008, network spending is expected to increase slightly more than 5 percent over 2007. Telecom management industry association AOTMP of Indianapolis, backs that up, estimating that spending for voice and data services alone averages $2,000 to $ 3,000 (about Rs 1 lakh to Rs 1.5 lakh) per employee. The biggest area for steady cost growth is the ever-expanding network, either as a result of physical expansion or a thirst for connectivity. In the first case, a new branch office could require replication of the security infrastructure through technology like a point-to-point VPN connection. The network may need to add a multiprotocol labeling service to provide that branch office with a wide-area, high-speed connection. And those expenses are in addition to the cost of analyst with Forrester Research. routers, switches and network appliances. Other factors also are contributing to Internally, the need for speed is driving spiraling network costs. Aberdeen Group the increase of network costs. More Reader ROI: found that companies expect to devices, either in terms of number grow their bandwidth by 108 percent Why network of ports for network access or the on average over the next 12 months management number of network-connected costs are high and expect to increase the number devices per employee, is increasing. How to reduce of business-critical apps running on One trend is the shift from standard their networks by 67 percent. these costs

Vol/4 | ISSUE/04

Feature -04-Networking.indd 59

The growth of wireless networking is also increasing IT costs. As companies begin to replace all or part of their networks with Wi-Fi networks to take advantage of newer technologies like 802.11n, they are spending liberally. And don't forget the hidden costs: as new devices enter and new network end points are developed, network management becomes more complex and expensive. For example, you might have your core wired network infrastructure from vendor A but overlay a wireless network from vendor B, which creates two separate management consoles. And as more employees connect to the network via devices like BlackBerrys and phones, IT must manage and secure these devices, too. Clearly, companies must do what they can to manage these costs. AOTMP found that developing a strategy to manage expenses was the top telecom network initiative for companies in 2008, with reducing spending for telecom services and improved asset and inventory management services rounding out the top three.

Reducing Network Costs The first step in controlling network costs, says Aberdeen analyst Began Simi, is to take the network's pulse. That means understanding exactly where the network's performance bottlenecks are and how efficiently the network is performing. "Throwing more bandwidth and money at the problem can be expensive," he says. There are automated network monitoring tools available to measure these metrics. Both sophisticated products from vendors like Cisco Systems and NetQoS and free tools like PRTG Network Monitor and pier can provide a lot of value, such as reducing bandwidth REAL CIO WORLD | j a n u a r y 1 , 2 0 0 9

Illust rat ion by ANIL T

O

f all of the ongoing expenses needed to keep corporate IT running, network costs are perhaps the most unwieldy. New technologies, changing needs and ongoing maintenance keep IT staff on their toes and money flowing out the door. But there are ways to manage network costs.

59

12/26/2008 7:39:37 PM


Networking and server performance bottlenecks and avoiding system downtime. Once you know what's going on in your network, there are many methods to reduce costs or prevent them from rising further. One method is to consolidate physical network infrastructure by finding ways to make the switch that's at the core of the network perform more functions; by doing so, you can reduce the number of appliances and bolt-on solutions your network uses. . Virtualization is a key part of network consolidation. By setting up network infrastructure to be delivered from a pool of shared resources, those resources can be used more efficiently across a network fabric, explains Peter Fetterolf, a partner at Network Strategy Partners, a Boston consultancy. Virtualization can improve network resource utilization, efficiency and agility, helping lower TCO.

What's more, virtualization leads to reduced overhead in areas like power and cooling; real estate; supervision, maintenance and personnel; and telecom services, he adds. And consolidation of service capacity in a single location creates more predictable demand patterns that permit better utilization, while overhead costs are spread over more productive assets like systems administrators per server. Another part of consolidation is adopting technology that allows IT to manage both wired and wireless networks from a single platform via APIs or other types of app integration tools. Most big network vendors are battling to provide functions like these, but third-party vendors also can help. "That means taking one network management console and managing not only just the flow of data bits and bytes, but managing the VPN service, the WAN

Virtualization Infiltrates Midsize Companies Midsize companies have jumped on the virtualization bandwagon to achieve cost savings on hardware, power and space, according to one survey.

M

ore than 75 percent of 519 IT professionals surveyed by King Research have already deployed some type of virtualization technology and about 10 percent intend to do so in the next 12 months. The survey, shows that virtualization isn't just for enterprise IT shops anymore as more than half (55 percent) of companies polled said cost savings on hardware, power and space were the primary drivers for adopting the technology. More than 80 percent of those who have deployed the technology reported experiencing savings from reduced hardware requirements. About 56 percent of the companies surveyed represented midsize companies, or those with between 100 and 5,000 employees. Eighty-five percent of midsize companies have deployed or have plans to deploy some form of virtualization technology in the next 12 months, and about 64 percent of midsize companies report that their organizations have already adopted application virtualization or plan to do so within 12 months. "The idea that virtualization is strictly an enterprise commodity simply doesn't hold — medium enterprises are embracing virtualization technologies and adopting them at a rapid pace, realizing immediate benefits," said King Research's Diane Hagglund. Yet challenges remain. About 37 percent said that lack of virtualization expertise limited their adoption plans and 35 percent cited high costs as a prohibitive factor in adopting the technology. "The other limiting factors mentioned included a lack of vendor support for virtual platforms and the comfort of the application development department with virtualization technology," the survey says. —By Denise Dubie

optimization tool and other things in the network," Silva says. "You want to consolidate your different management interfaces and consoles into one virtual single pane of glass management, where everything is on one screen." And don't forget what you already have in place. It doesn't make sense to invest in more technology if you're not maximizing the value of your current investments, Silva says. For example, you may have spent a lot on a wireless network and mobility technology, but if the network hasn't been configured properly, you're wasting money. If built correctly, the network can probably support technologies like voice over wireless LAN or VoIP, for example. "Most often, you can squeeze more value from what you already have by using the same infrastructure with different overlay technologies," he says. "So in addition to serving data, that investment in a wireless LAN can also work toward cutting down monthly cellular bills of an organization because that network can also support voice. And the same template can be applied to support things like video, using the WLAN for asset or employee tracking and presenceenabling UC systems." And examine the vendors and technologies you are using for best value. If, for example, you have relied on one vendor to develop your entire network, expenses could get very high very quickly. "There are a lot of different ways to build a network, and there are a lot of different options. They are all worth exploring," Fetterolf says. And once you have done that, don't be shy about pitting vendors against each other, he adds. Finally, it can also make sense to look beyond the four walls of your organization for cost savings. Outsourcing network management, for example, can save significant money in some cases. In a recent study, Aberdeen Group found that organizations that outsourced network management reported an average savings of 26 percent when compared with their previous spending. CIO

Send feedback to editor@cio.in

60

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -04-Networking.indd 60

Vol/4 | ISSUE/04

12/26/2008 7:39:37 PM


Green IT

A green-friendly IT strategy is not just a PR move. It can bring substantial cost, energy and governance benefits.

O

By Cath Everett

green IT policies as starting to incorporate environmental ver the next few years, going considerations into their IT strategy. ‘green’ will become the new black. But as cynical as it may sound, the average CIO is unlikely to develop a green conscience. Environmental Drivers Instead they will be looking for ways to “We’re currently driven by two factors — we’ve got contain spiralling energy costs, adhering economic considerations and governance ones relating to to new legislative needs and fulfilling growing social responsibility. And green issues are part corporate social responsibility obligations. of that so we’re certainly conscious of them – it’s Reader ROI: Robert Lee, IT director for the logistics and part of our corporate ethos as a privately-held Ways to save energy marine business of the Bibby Line Group, says company,” says Lee. However, this does not How to put together a most companies will not be so much adopting mean enterprises are going to start “chucking sustainable plan

64

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -03-Green IT.indd 64

Vol/4 | ISSUE/04

12/26/2008 5:59:31 PM


Green IT out bits of tin and putting in biodegradable computers” any time soon, says Jon Collins, principal analyst at MWD Advisors. Rather the focus will be on controlling the overall environmental impact of technology, with energy efficiency being the main concern. While energy efficiency has been at the back of many a CIO’s mind for some time, it will start moving to the forefront in this year. Energy costs have doubled over the last 18 months and are expected to double again. That means that the costs involved in running a datacenter will start raising questions at the board level. Rakesh Kumar, research director at Gartner Group, believes that in a few years, expenditure could leap from about 10 percent of the IT budget to maybe 50 percent. As this year opens, CIOs will have a wake-up call driven by cost. Most CIOs don’t have any more of a green conscience than anyone else but when they do their budgets many see that their power needs for servers have doubled or trebled. The smart ones are going to see that they have to fix the problem, Kumar says. This increase in demand for power is being driven primarily by the widespread introduction of x86-based high-density servers. A traditional rack of servers typically requires about two kilowatts of power but this figure jumps 10 times for a rack of blade servers. The problem is made worse by multiple racks of blades.

GrEEn CrEDEntials The EU is also starting to consider green IT issues. It is currently examining whether to restrict the levels of carbon emissions from computer equipment and is believed to be looking at introducing a tax on datacenter emissions should they exceed certain limits, although such discussions are still at an early stage. All of this is feeding into a general awareness of green matters, which, in turn, increases the profile of environmental

issues in terms of corporate responsibility obligations. The upshot is, as time goes on, organizations are likely to portray their response to economic and legislative necessities relating to the datacenter as social virtues. Being able to demonstrate that they have gone green in an IT sense will become progressively important to their brand and reputation. "Not only do we consider green issues important, we think of them as win/win scenarios. Generally, the environment benefits and our costs go down," says Catherine Doran, director of information management, Network Rail So what can CIOs do to start addressing this situation? Exploring how the datacenter can be run more efficiently in power terms helps, as does undertaking any new procurement with this in mind.

EnErGy G savin Gy s Gs

Cooling is another concern as the same amount of energy is needed to control blade rack temperatures and prevent machines from shutting down. All of this is creating an exponential demand for power and the fear is that, over the next few years, some datacenters may not have sufficient available supplies to cope. To make matters even more tricky, environmental protection legislation is starting to raise its head, which may even result in a tax on those

Ken Moss, IT controller at Allied Carpets, for example, found that consolidating and virtualizing servers and replacing PCs with IGEL thin clients at each of its 220 stores brought it huge energy savings. The main aim of the project had been to centralize its IT systems to improve stock control, speed up ordering times and boost customer service. But Moss says: “One of the drivers for the business case was the fact that we could save £70,000 (about Rs 49 lakh) in energy costs. Fuel costs are adding to the expense of doing business and we’ve seen substantial increases over the last few years. But thin clients only use 15 watts of electricity, whereas a PC’s ambience is 10 times that.” Network Rail, meanwhile, has introduced various initiatives to try and tackle similar issues. The organization, which owns and operates the UK’s rail infrastructure, is gradually replacing monitors with lowenergy TFT screens, a move that

j a n u a r y 1 , 2 0 0 9 | reaL CIO wOrLD

Vol/4 | ISSUE/04

Cool CustomErs Custom

IllUSt ratIo n by MM Shan It h

datacenters that are deemed to waste energy. For example, in a surprise move in July, the US House of Representatives approved a bill that called for a six-month study on datacenter efficiency to be undertaken by the Environmental Protection Agency. Among the goals were to determine what chip makers and systems manufacturers can do to increase energy efficiency and to explore what incentives could be introduced to convince organizations to adopt more efficient datacenter technologies. The bill has now gone to the Senate but if passed would require President Bush’s signature.

66

Feature -03-Green IT.indd 66


Green IT Doran expects will cut energy consumption by two-thirds. It has also rolled out handheld computers to replace the paper-based systems currently used by maintenance workers, while providing signal box operators with tablet devices rather than paper forms to check control procedures. This is expected to save as much as £500,000 (about Rs 350 lakh) in printing costs each year. Printers and fax machines are likewise being replaced with multifunctional devices and print settings are being adjusted to reduce print density to put a brake on toner cartridge consumption.

Easy Wins With a bit of thought, it is possible to pick off ‘low-hanging fruit’ in a range of areas and although this takes “very little effort, it can make a large difference,” according to Matthew O’Neil, group head of distributed systems at HSBC bank. He has been tasked with looking at the environmental impact of the organization’s IT function and to establish what can be done about it. For instance, simply encouraging staff to unplug mobile phone chargers

and unused equipment can reap energy saving benefits as can installing powersaving software. To this end, the financial services giant is in the process of testing 1E’s Nightwatchman applications in its London office, with rollout across its 200,000 UK desktops.

Lights Out The agent-based software makes overnight checks to identify which of the organization’s client machines are still running, before shutting them down safely. If this cannot take place, the system generates an exception report so that suitable action can be taken. The bank has also introduced a three-year virtualization programme to drive up the utilization rates of their equipment. “This a great thing from a cost control point of view. You don’t have to buy new hardware and you draw on the same amount of power and cooling so it becomes self-funding,” says O’Neill. Francis Sullivan, HSBC’s advisor on the environment warns that it is impossible to look at environmental issues in isolation and that sponsorship

3 Apps for Green Datacenters

A

pplications that can help to better manage power and cooling and improve management, automation, load and capacity administration will be in demand across the Asia Pacific excluding Japan, according to new IDC research. "As businesses in APEJ continue to grow, power consumption in energy hungry datacenters also increases," says Adren Lim, market analyst of IDC's Asia Pacific software research. "Green IT has become even more appealing as businesses look towards energyefficient solutions to reduce power consumption and to alleviate the costs." Gartner classifies the apps in three main categories: power monitoring and management tools, asset management and automation tools, and server virtualisation software. The survey indicates Green IT technology gaining strong momentum and mindshare across the region, says IDC. This is largely driven by benefits from cost savings, followed by corporate social responsibility (CSR) and compliance. Over 75 percent of the surveyed population agreed that cost savings was the main reason for them to invest in green IT. "A large portion of green IT practices and supporting software revolve around virtualisation products, but equally important, is the management of these consolidated virtual and physical assets that will bring value through lower power, hardware, and manpower costs," Adren added. — Zafar Anjum

at the highest executive level is required to embed a green strategy into organizational culture. “You have to take a very coordinated approach. If you approach it as silos and departments working independently, it’s not going to have the same impact so IT has to sit at the same table with all the other business areas and work with them,” he says.

Procuring Benefits Nowhere is this more obvious than in terms of procurement, where IT has collaborated with the purchasing department to build environmental concerns into the process. One of the tools that HSBC uses here is the Zero Waste Alliance’s EPEAT environmental certification scheme, which rates electronic equipment from bronze to gold in terms of green performance. “Equipment that makes it on to the central standard product list has to have a silver rating or above. But I’ve made it a policy that I’ll provide support for EPEAT kit only, so if people want to go outside that, they have to ask for approval from the Group CIO and pick up the additional costs of support. So you have to have a compelling reason to go outside and no one does,” says O’Neill. In a similar bid, the IT department at energy supplier Centrica is working towards certification under the ISO14001 environmental management standard, which it hopes to attain by April 2007. The organization has already created an IT environmental policy and is now undertaking an impact assessment to understand how its affect the environment. The next step will be to identify what controls can be put in place to manage risk and, where appropriate, to come up with projects to help improve performance. “It’s much easier to build things in from day one but that doesn’t mean you can’t act later. When your IT kit is at the end of its life, don’t replace it with the same stuff. “Find something that will run more costeffectively because that’s just as important as upfront costs. It’s all about delivering sustainable benefits,” says O’Neill. CIO Send feedback on this feature to editor@cio.in

68

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -03-Green IT.indd 68

Vol/4 | ISSUE/04

12/26/2008 5:59:35 PM


SECurITy

WHAt ARE YOu AfRAID Of?

A majority of CIOs say that malware will create havoc in the coming year. And a majority of you have lost customer data at least once. Our survey of 148 CIOs brings to light all that you and your peers want to know.

SECURITY

How Did You Know?

Double Whammy!

Who alerted you first about a security incident?

Please specify how often these have occurred in the last year. Repeated occurrence

One occurrence

Viruses/worms outbreaks

36.8%

63.2%

Wireless network breach

27.3%

72.7%

Loss of customer data/privacy issues

5.3%

94.7%

Internal financial fraud involving information systems

35.7%

64.3%

Theft or leakage of intellectual property (e.g. customer leakage)

17.4%

82.6%

53.5% Intrusion detection/prevention system 59.4% Analysis of server or firewall files and logs 29.7% Security event correlation monitoring software 33.7% Managed service provider 11.9% Customer or supplier

Accidental instances

18.6%

81.4%

Other form of internal breach

33.3%

66.7%

Ouch..!

How was your organization impacted by the breach?

21.1% Financial losses

Handing It Over

Which parts of your security set up would you outsource?

29.8% Intellectual property theft 29.8% Brand/reputation compromised 22.8% Company home page altered / defaced 5.3%

Loss of shareholder value

5.3%

Extortion

15.8% Fraud 19.3% Legal exposure/lawsuit Respondents chose all that applied.

35%

IDS management and monitoring services

42%

Vulnerability management services

32%

Firewall services

42%

VPN services

24%

Application management services

73%

Audits

Of IT leaders say that their security budgets will increase in this year. 70

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

VOl/4 | ISSUE/04


SECurITy

What Will tomorrow Bring? Which threats do you envision over the next 12 months?

Security is a critical aspect of business and requires specialized technical expertise hence outsourcing security solutions is fast becoming a viable option. But there are some caveats:

38.2% Denial of service attacks (DoS) 62.7% Malware 51%

Should Security be Outsourced?

Malicious remote access

40.2% Theft or leakage of intellectual property (e.g. customer leakage)

“Without in-house control there will be no accountability. And, if there is no external input then there will be no sharing of best practices. A combination of both is best.”

33.3% Loss of customer data/privacy ideas

ALOK KumAR Sr. VP-IT, Reliance Infosolutions

19.6% Internal financial fraud involving information systems

Security Spend

“Only tasks like penetration testing, risk assessment for new systems, vulnerability assessment and monitoring of logs can be outsourced — not responsibility and accountability for information security.”

In 2009, will your security budget… 12.6% Increase by 11% to 30%

S. RAv A ISHAnKAR Av Director-IT & Corporate Services, ING Vysya Life Insurance

35.1% Increase up to 10% 45.9% Stay the same 5.4%

Decrease up to 10%

0.9%

Decrease by 11% to 30% Respondents chose all that applied.

taking Precautionary measures In 2008, did your company review its infosecurity policies and procedures?

C. mOHAn CTO, Reliance Life Insurance

85.6% Yes

14.4% No

SECURITY INFRASTRUCTURE

Presented by

“It is a challenge to retain skilled resources at an optimal cost. It is thus advisable to outsource security solutions to a company that has the expertise and can keep data confidential.”

“An organization should not outsource its core security because it is critical and cannot be compromised. But, peripheral security can be outsourced to whichever extent the company wants.” ARvInD SAKSEnA Group CIO, Consilium Software

ANALYZING CHALLENGES IN ENTERPRISE SECURITY


Essential

technology Protecting against data loss from security breaches requires a combination of tools to secure networks, systems and data.

From Inception to Implementation — I.T. That Matters

Different Ways

[And Their Downside]

To Data Security By Jarina D'Auria

| When it comes to protecting data, there isn't one end-all, be-all solution. That's more true now than ever, when your most likely threat is your own employees. As more workers blur the line that surrounds the workday and bring their laptops, smartphones and other devices home, they are potentially putting their companies' data at risk. In a recent CIO survey, 34 percent of respondents had a security breach where their own current employee was the culprit. Data loss prevention tools provide ways to identify risky data-handling activity and enforce a remediation action, says Jonathan Penn, VP of security and risk management at Forrester Research. Currently available software to prevent data loss addresses three levels of security: protecting networks from rogue devices, protecting systems from inappropriate access and protecting data itself. A modern strategy to keep data secure should involve a bit of each, says Penn.

Security

72

Essentisl Tec.indd 72

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/04

12/26/2008 6:03:23 PM


essential technology

Block Unknown Devices Deputy CIO Jeff Kuhns needed to protect the networks of 24 campuses within the Pennsylvania State University System against rogue devices — that is, any device not expected to be on the local area network (LAN). To address this challenge, the university's CIO deployed software from Mirage Networks. The software offers a traditional approach to protecting data by keeping outsiders at bay. Once installed, the Mirage system locates connected devices. The IT department can set up access policies for each device and for individuals or groups of users. The system protects data by blocking unauthorized devices from accessing prohibited data, thus ensuring that data is safe. Such 'agentless' solutions are good for organizations that have little control over the devices that their many end users choose, says John Kindervag, a senior analyst at Forrester.

says Penn, "but few vendors have rich agent functionality that is unified with network scanning and remote discovery." At Penn State University, says Kuhns, Mirage software is part of "a defense-indepth deployment of multiple systems and strategies." These include traditional security devices and software such as firewalls and anti-virus technology.

From Devices to Databases With limits to network-based protection in mind, some organizations and their CIOs have turned to tools that ensure legitimate users don't access data improperly. That's the problem that Nick Ray, CEO of expressHR, wanted to address and fix. ExpressHR helps companies in the UK manage temporary workers. "Our whole business is this application of sensitive data," including Social Security numbers and passport information. "If there was a security breach, it would be terminal," says Ray, describing a scenario that makes headlines. Before heading up expressHR,

Once you've given someone access, there are granular questions to ponder: Who can edit the data? Or print it?And who can distill it into a different format? Unlike agent-based solutions, which require software on the device itself, agentless solutions reside on an enterprises' network. However, as with any security tools, they can't stand on their own. "Agentless [technology] has been the primary way data loss prevention has been deployed,"

Essentisl Tec.indd 73

he was co-founder and CEO of Prevx, an Internet security company. "The biggest potential risk was from someone on the inside abusing the system and using the information for something other than work," he says. ExpressHR has tens of thousands of users (including

52% Of Indian

CIOs say that ensuring data security and integrity is a priority in 2009. Source: Gartner

recruiters and hiring managers) who access their database. Ray deployed software from Secerno, which provides activity monitoring of databases. "It could learn what were normal requests from the database," says Ray. With the information the Secerno product gathered, the software could automatically build rules to prevent unauthorized usage of expressHR's sensitive data. The software allows systems administrators to define rules that reflect their particular database's activity. The software learns how the customer's application talks to the database — such as how many times a day a file is accessed or whether it's ever printed. Those typical queries become the basis for access policies. If data is accessed in an unusual way, the system notifies IT managers and automatically executes

12/26/2008 6:03:24 PM


essential technology

policies for containing the problem (such as quarantining users or locking down the data). Ray says the biggest downside to a rulebased solution is the potential to block a legitimate transaction if a rule is improperly specified. Ultimately, he says, the risk of blocking a normal transaction is negligible.

Ensuring Usability Once you've given someone access and have established access polices, then what? There are granular questions to ponder: Who can edit the data? Or print it? And who can distill it into a different format? Those are normal workflow questions, so it's important to figure out how people use the data when trying to implement security and usage policies. "You could make your organization extremely secure, but it'll probably be at the expense of the workflow," says Ed Gaudet, senior vice president of corporate development and marketing at Liquid Machines, a provider of enterprise rights management software. Companies such as Goldman Sachs and Dow Chemical use Liquid Machines software to protect intellectual property by defining not only who can use the information but also how they can use it. The software is typically used to encrypt all corporate data and lets systems administrators create access and usage rights to protect against misuse. When unauthorized users access data they don't have rights to, they get a message telling them the file is protected.

Essentisl Tec.indd 74

What's Your Risk Appetite? The whole concept of risk appetite is an understanding of an organization's desire to take on risk when weighed with potential reward. For most companies, this stays at an implicit level. But companies that are leading the way from a risk appetite perspective are trying to make it explicit. Risk decisions range from how an organization invests capital, to budget considerations, to how to implement a strategy, to whether a strategy even fits within the overall risk appetite of an organization. The most urgent need right now is for companies to reconsider what their appetite for risk is in light of the huge changes in the external environment. Based on organization's position, strengths and overall ability to take on risk, do they need to make some adjustment? For some companies that are strongest in their space, this might be a good time to buckle down and take more risk. The opportunity on the upside could be tremendous. Other companies that are border line, or are potentially on the verge or major problems, might really need to dial down risk taking activities to stabilize the organization. Risk appetite isn't an explicit tool. Very few companies are so good at it that they can use a programmatic approach to market conditions like we've seen in recent months. So, for most companies, it's been a very ad-hoc-type approach. Risk appetite and how often a company considers it is really tied back to how much change is going on in the environment — whether its change that is driven by external factors, like in the market today, or if its change being driven by an acquisition, merger, or major expansion. That level of change in and around an organization is what drives the frequency with which you might reevaluate your risk appetite.

Mark Carey is a Partner in the Deloitte & Touche Governance and Risk Oversight practice. — Mark Carey

Controlling information at the data level allows different policies to be set for individual users who travel with the data, even when it leaves the network. This level of control allows security policies to be based on the type of job a person has to do. That approach maps well with collaborative workflow, says Gaudet, because role-based controls can change as workflow changes. Whatever tools

you use, effective data loss prevention requires you to classify your data, a step many organizations often skip, notes Kindervag. "Until companies classify their data correctly," he says, "all data loss prevention efforts will fail." CIO Jarina D'Auria is editorial assistant. Send feedback on this feature to editor@cio.in

12/26/2008 6:03:24 PM


Pundit

essential technology

What CFOs Love

[And You Might Not]

About the Cloud

The benefits of cloud computing could sell your IT department down the river. By Bernard Golden Infrastructure | Forrester just released a report outlining the CFO-ish benefits of cloud computing. The report, entitled Talking to Your CFO About Cloud Computing is aimed at communicating the benefits of cloud computing to him or her. (Someone a bit more cynical than me might say a companion report, to help you communicate cloud computing's benefits to a CIO, is in order as well). A couple of things about the report stood out for me. First, Forrester emphasizes the fact that use of cloud computing matches cash flow to system benefits more appropriately than the packaged software use model. In the old way of doing things, a large investment is made early in the project prior to system

This mirrors use of Open Source software versus proprietary software and, in fact, that's no accident. Cloud computing infrastructures are built, by and large, from Open Source components. After all, the cloud providers don't want to make large investments upfront without knowing the financial outcomes, either. One might say that cloud computing is a proxy for end user Open Source adoption, since it acts as a middleman to ‘civilize’ Open Source for end users. The second thing that stood out for me: the report makes the argument that cloud computing provides a way to outsource noncritical applications to organizations better suited to run them, allowing IT to focus on critical applications. This makes a ton of sense

process than outcomes and therefore insistent on controlling (and running) everything. One thing Forrester does not address is the, perhaps, logical outcome of making a case for cloud computing to CFOs: if cloud computing is so good and more efficient and responsive than central IT, why not bypass IT entirely and use an outside service provider to deliver cloud-based systems? This approach, sometimes labeled ‘shadow IT’ (usually by the disgruntled, bypassed IT organizations) is, perhaps, the biggest IT organization challenge posed by cloud computing. By removing infrastructure ownership from IT, suddenly IT no longer has control over key business resources, making it possible for someone

Cloud computing matches cash flow to system benefits more appropriately than the packaged software use model. build out, and well before the business benefits (presumably financial in some shape or form) are realized. This model is even more troubling given the risk factors associated with IT systems: they are notorious for failing to deliver their promised benefits, and a large percentage of projects end up scrapped due to poor user acceptance. By contrast, cloud computing is a payas-you-go approach, in which a low initial investment is required to get going, and additional investment is incurred as system use increases. In this way, cash flows better match total system cost. 76

ET-Pundit.indd 76

j a n u a r y 1 , 2 0 0 9 | REAL CIO WORLD

and is already applied throughout companies in many different areas. For example, many companies use outside service providers to run their mail rooms and copy centers. Other companies use fleet management services to run their vehicle fleets. Cloud providers, according to the report, are more efficient at IT operations, using fewer manhours for standard tasks. In addition, cloud providers get better pricing on hardware because they buy in such volume. This core vs. periphery discussion is a longestablished one; perhaps the biggest challenge to it is IT organizations are more focused on

attuned to a cost/benefit approach, like, say, a CFO, to cut down IT's power. Cloud computing definitely holds the potential to upend the long-established organizational pecking order and certainly puts IT in a much more precarious position. Any time the case for a technology innovation is made to the CFO, you know things are going to get interesting. CIO Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of Virtualization for Dummies, a best-selling book on virtualization.

Vol/4 | ISSUE/04

12/26/2008 5:29:07 PM


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.