CIO February 1 2009 Issue by Sreekanth Sastry

COVER 4 PRESS.indd 1

1/29/2009 12:55:24 PM

From The Editor-in-Chief

With the bays and workstations at Satyam Computer Services’ headquarters filling

Whither Compliance? Greed Beats Process.

up with auditors and regulators and cops, what amazes me is that there are rules and clauses and statutes and laws that were designed specifically to prevent malfeasance of this kind. The Sarbanes-Oxley Act, drafted in the wake of similar scams at Enron, Tyco and Worldcom and even SEBI’s Clause 49 are attempts to bring in due process, better governance, fiscal control and thus accountability to the system. While SOX requires that “executives take individual responsibility for the accuracy of reported financials, bear civil and criminal penalties for misrepresenting records and sign-off on the strength of the company’s internal controls”, Clause 49 specifies the role of independent directors, the audit committee, and like SOX, requires that the CEO and CFO certify all financial statements. Interestingly, since Satyam is listed on Indian bourses and its depository receipts are listed on Wall Street, it was technically compliant At these levels of governance with both Clause 49 and SOX. risk, why do organizations But do they do much more than help and their CIOs bother with with the finger-pointing and arrests? putting IT-based compliance What happens when the top brass of frameworks in place? an organization are in cahoots and deliberately falsify financial statements? What does it do for investor and employee value when accounting irregularities go seemingly undetected by multiple sets of auditors quarter over quarter? What happens when greed collides with regulation and overwhelms it? Questions for which the answers are neither easy nor without pain. According to the UK-based independent investment bank Noble Group there are “more Satyams in the pipeline”, with as many as a fifth of companies listed on the Bombay Stock Exchange (BSE) experiencing accounting issues. So let me ask another, possibly more relevant, question. If this is the prevalent level of governance risk, why do organizations and their CIOs bother with expending both time and money to put IT-based compliance frameworks in place? What’s also amusing is while a whole bunch of companies have these frameworks, their CIOs tell me that final reporting is still based on MS Excel! In April 2005, Gary Beach, publisher emeritus, CIO magazine, had written about the impact that Sarbanes-Oxley was having on America Inc., with hard fought for IT budgets being re-allocated to ensure compliance. As Gary put it “executives now spend more time with auditors than with customers”, reducing how competitive corporates became. The answer, he said, lay in repealing SOX. What do you feel? Write in and let me know.

Vijay Ramachandran Editor-in-Chief vijay_r@cio.in 2

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2

Vol/4 | ISSUE/06

1/28/2009 6:18:27 PM

cont n ent nt n nt FEBRUARY 1 2009‑ | ‑Vol/4‑ | ‑issUE/06

2 8 Vendor Management

The Strategic CIO

COVER StORY REnEGOtIAtInG REquIREmEntS| 28

POWER fROm YOuR PEOPLE | 18 The CIO of Johnson & Johnson Pharmaceutical Research & Development finds competitive advantage in mentoring employees.

I P hoto B y dr loh lohII a

As economic woes continue to squeeze IT budgets, CIOs are re-opening vendor contracts with a vengeance. Here’s what you should know about renegotiating to ensure both short- and long-term success. feature by Kanika Goswami f

CoVE Co VEr: r: dESIG d ESIG n B y BI BIn n ES h S r EE EEdharan dharan

PLuS:

hOW YOuR VEnDORS LOOK At fInAnCIAL RISKS| 36 Reacting to the economic downturn, technology providers are offering new and aggressive financing options to their credit-challenged customers. But what if customers can’t pay back? feature by thomas Wailgum f 4

f E b R u a R y 1 , 2 0 0 9 | REAL CIO WORLD

Column by Karan Sorensen

IT Organization SAAS AnD thE I.t. StAff | 44 As software moves to the Web, your staff is going to follow. Here’s what the shift may mean for your IT department. feature by C.G. Lynch f

Security WAtCh YOuR POInt Of SALE | 48 Cash, cards, inventory and customer data intersect at the point of sale. Here’s how to keep your defenses up-to-date. feature by michael fitzgerald f

more » Vol/4 | ISSUE/06

content

Essential Technology | 53 RFID | Fishing for New RFID Ideas

Feature by Vlad Krotov Pundit | Making Money from Thin Air

Column by Bernard Golden

From the Editor-in-Chief | 2 Whither Compliance?

By Vijay Ramachandran

NOW ONLINE

3 8

For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. Go to www.cio.in

c o.in

Case File Checking Into the Cloud | 38 Crowded in by the slowdown, the Preferred Hotels Group moved its entire datacenter into the cloud. Why they took the risk is important, but what they will save is more significant.

2 2

Feature by Kevin Fogarty

Career Strategist Running Your Own Technology Company | 22 CIOs-turned-CEOs discuss how to make the transition from one role to the other. Column by Martha Heller

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 6

Vol/4 | ISSUE/06

1/28/2009 6:18:35 PM

ADVISORY BOARD

Advertiser Index

Abnash Singh Publisher Louis D’Mello Associate Publisher Alok Anand

Editor ial Editor-IN-CHIEF Vijay Ramachandran

Resident Editor Rahul Neel Mani assistant editors Gunjan Trivedi,

Kanika Goswami

Correspondents Snigdha Karjatkar, Sneha Jha,

Chief COPY EDITOR Sunil Shah Copy Editors Deepti Balani,

Shardha Subramanian

VP-HR & Process Architect, Britannia Alok Kumar Global Head-Internal IT, Tata Consultancy Services Anwer Bagdadi Senior VP & CTO, CFC International India Services Arun Gupta

Creative Director Jayan K Narayanan

VP & CIO, Mahindra & Mahindra

SENIOR Designers Jinan K Vijayan, Jithesh C C

Unnikrishnan A V Sani Mani (Multimedia) Designers M M Shanith, Anil T, Siju P

P C Anoop, Prasanth T R Photography Srivatsa Shandilya Production Manager T K Karunakaran DY. Production Manager T K Jayadeep Ma rk eting and Sa l es VP Sales (Events) Sudhir Kamath GENERAL Manager Nitin Walia Senior Mananger Siddharth Singh, Rohan Chandhok Assistant Manager Sukanya Saikia Marketing Priyanka, Patrao, Disha Gaur Bangalore Kumarjeet Bhattacharjee, Arun Kumar, Ranabir Das Delhi Saurabh Jain, Rajesh Kandari Gagandeep Kaiser Mumbai Parul Singh, Hafeez Shaikh, Kaizad Patel Japan Tomoko Fujikawa

USA Larry Arthur; Jo Ben-Atar

Events VP Rupesh Sreedharan Senior Manager Chetan Acharya Managers Ajay Adhikari, Pooja Chhabra

Airtel CA Cisco

53, 54 & 55 IFC 8&9

IBM

Microsoft

Novell BC Ashish K. Chauhan President & CIO — IT Applications, Reliance Industries

Vinoj K N, Suresh Nair Girish A V (Multimedia)

Customer Care Associate & CTO, Shoppers Stop Arvind Tawde

Lead Designers Vikas Kapoor, Anil V K

ADC Krone

Alaganandan Balaraman

Des ign & Production Lead Visualizer Binesh Sreedharan

President, IT Operations & Center of Excellence, UCB Pharma

Oracle

IBC

Quest

C.N. Ram Rural Shores Chinar S. Deshpande CEO, Creative IT India Dr. Jai Menon Group CIO Bharti Enterprise & Director (Customer Service & IT), Bharti Airtel

SAS

Tata

20 & 21

Tata

Manish Choksi Chief-Corporate Strategy & CIO, Asian Paints M.D. Agrawal Chief Manager (IT), BPCL Rajeev Shirodkar CIO, Future Generali India Life Insurance Rajesh Uppal Chief GM IT & Distribution, Maruti Udyog Prof. R.T. Krishnan Jamuna Raghavan Chair Professor of Entrepreneurship, IIM-Bangalore S. Gopalakrishnan CEO & Managing Director, Infosys Technologies Prof. S. Sadagopan Director, IIIT-Bangalore S.R. Balasubramnian Exec. VP (IT & Corp. Development), Godfrey Phillips Satish Das CSO & Director ERM, Cognizant Technology Solutions Sivarama Krishnan

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

Executive Director, PricewaterhouseCoopers Dr. Sridhar Mitta MD & CTO, e4e S.S. Mathur GM–IT, Centre for Railway Information Systems Sunil Mehta Sr. VP & Area Systems Director (Central Asia), JWT V.V.R. Babu

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

Group CIO, ITC

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 10

Vol/4 | ISSUE/06

1/28/2009 6:18:36 PM

new

hot

unexpected

It's tIme for mergers potentially competitors, he added. "Because the deal hasn't been closed yet, you really don't want to expose all your internals and secrets to the other side." And meanwhile, ongoing IT projects during this time "become suspect" in the eyes of company workers, Cohen said. "People say, should I keep going, or should we just throw it away? You go to meetings and you've got the whole project team saying, 'Why should we do this? They're just going to throw it away." It is crucial to make sure IT staff members with the deepest knowledge are made to feel secure once a deal is announced, to ensure they stay with the company, he said: "It's about identifying who's important and making sure they understand they're important. You can't lose the talent that knows the system. " — Chris Kanaracus

IllUStratIon by pc anoop

c o r p o r a t e i s s u e s The dismal economy has made many companies ripe for takeovers, so it's important for IT managers and CIOs to be prepared in case their company is involved in a merger, an expert warns. Certainly, more than a few businesses are in a buying mood — at least 100 mergers and acquisitions have been announced since the start of 2009, according to data from Thomson Investors Network posted on CNN's Website. That means IT executives must heighten their preparedness for such transactions, said Fred Cohen, group vice president and head of the global asset management practice Patni Com-

puter Systems. In general, "more of the M&A [related] decideci sions are made on the business side, and there's not a very deep dive on the IT side," said Cohen. Mergers and acquisitions have long had two main goals: gaining customers and market share, and improving efficiency, said Cohen, whose division at Patni focuses on financial services organizations: "In the new world, a lot of M&A activity has resulted from emergency mergers, trying to save institutions, or fire sales of assets, which means even less due diligence [on IT] has been done." The time between — when a deal is announced and closed — can be problematic, since companies are still working as separate entities and

Quick take

Sanjay Mittal on Insider Threats D a t a B r e a c h Security threats, be it external or internal is always unwelcome visitors. While technology heads are always on guard with the external ones, it's the internal ones that tend to take them by surprise. Snigdha Karjatkar spoke to Sanjay Mittal, head-IT & systems, VIP Industries, to see how he tackled the problem:

How do you perceive information security threats within the organization as opposed to external threats? Internal threats are always imminent and will continue till the culprit is caught. Unlike external threats, internal ones are well planned because the culprits know the loopholes in the system. This creates a longer duration impact. How best can insider threat be minimized? The best way to minimize threats is to integrate threat perception with internal processes. An enterprise-wide risk management framework can be implemented effectively and organizations will be better prepared to fight such threats.

Vol/4 | ISSUE/06

How distinct are the efforts in mitigating internal threats from combating external breaches? I think mitigation efforts for any threat are more or less the same. Internal threats are deep in nature, sustained and extremely difficult to trace. To keep a tab on internal threats, along with processes and technology, the HR department of the organization needs to be actively involved. Regular communication between HR and employees could help spot unhappy employees and resolve their issues before they take extreme steps.

Sanjay Mittal

How should organizations implement an effective change management system to ensure a consistently secure ecosystem? The adoption of a GRC (governance, risk, compliance) framework is the best way to have a secure ecosystem. Further, GRC could be aligned with compliance requirements like Clause 49, SOX and HIPAA. Using compliance, it is easier to put in stringent security barriers without annoying or offending end-users. REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

Is IT Still a Cost Center? IT R o l e IT has till recently been seen as a cost center by business. But have more business-savvy CIOs been able to challenge this view by transforming IT into a strategic profit center? And what are the ramifications when they can't? Sneha Jha spoke to your peers and here’s what they had to say:

“IT is a business investment. It should be integrated with the business

trendlines

so that it is merged well with various processes and is not visible as a separate cost. Business leaders should see IT as an investment.” Chaitanya Wagh Director-IT, JM Finanacial

“Most organizations look at IT as a cost center; a necessary evil that helps the business but still takes away the focus from the real business of making money. As long as the business views you as a cost center, you will always meet resistance.” G. Muthukrishnan DGM-IT, Madras Cements

“IT is still a cost center. However, today IT is an integral part of business and we need to change that perception by showing that IT does help to enhance revenue and add to the bottom line.”

Zoeb Adenwala CIO (Global), Essel Propack

Trendlines.indd 12

Best & Brightest Enterprises should cut IT costs now, rather than wait for an official declaration that a recession has begun, Gartner has said in a new advisory. IT departments should not wait for the mandate from management, but should look at creating an IT cost-cutting team now, said the analyst firm. The "best and brightest" IT people should lead IT costcutting programmes, Gartner said. These top performers should focus solely on cutting costs, while other team members take up their day-to-day tasks. To ensure the programme succeeds, IT will need to work with an auditor from the accounting team and a liaison from the legal department. "While there have been only two recessions during the past quarter century, there certainly have been many examples where IT cost-cutting efforts had to be undertaken during challenging times for specific industries and companies," said the missive. "Whenever we have worked with clients on cost-cutting projects, we have found the best results come from those clients who use their most-experienced and highest-performing IT employees to lead the project," Gartner noted. "However, because the best and brightest on an IT staff view such cost-cutting projects to be far too onerous and administrative, all too many clients yield to the resistance offered by their 'stars' and instead assign their lesserperforming associates to lead the cost-cutting efforts." To overcome resistance, businesses should offer a yearend financial bonus based on the amount of money their teams will save. But internal auditors, not IT professionals, are the best cost-cutting scorekeepers, according to the analyst firm. Gartner recommends that the accounting team assigns a relatively senior accountant or auditor to ensure any savings identified by the IT cost-cutting team "not only leaves the IT budget, but actually leaves the expense pool of the entire enterprise." A legal advisor would also be useful to negotiate IT contractual obligations, such as maintenance contracts and penalty clauses. The research note, called Cost Cutting in IT, will be the first in a series of five advisory research notes published by Gartner that are focused on maximising IT investments.

Study

Lend Your

Voice

Write to editor@cio.in 12

Leave Budgets to the

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

—Siobhan Chapman

Vol/4 | ISSUE/06

1/28/2009 3:29:07 PM

Gmail or Just E-Mail? A new Forrester report reveals how much cheaper Webbased e-mail such as Google's Gmail is in comparison to traditional e-mail installed on-premise for businesses with up to 15,000 users. But analysts warn that most enterprises won't be making a wholesale switch to Web-based messaging for years to come. Instead, they might pursue a hybrid model where they move some e-mail services to the cloud and keep some on-premise. For typical information workers, Forrester estimates that it costs a company $25.18 (about Rs 1,300) per user per month for an on-premise e-mail system, including the hardware, labor and other costs associated with managing e-mail in-house. Alternatively, for companies using Google's fully Webbased Gmail, it costs a mere $8.47 (about Rs 430). Microsoft Exchange Online, Microsoft's version of a fully cloud-based e-mail, isn't quite as cheap as Gmail but rings in at $20.32 (about Rs 1016) per user per month. The research was based on a survey of 53 enterprise-sized companies in both

trendlines

Internet

Europe and North America. According to Ted Schadler, a Forrester analyst, many companies underestimate the cost of their on-premise e-mail, which should include staffing, maintenance, storage, archiving, mobile access and financing. All of those costs are typically included when you get the per user per month price with cloud-based e-mail. "The market for cloud-based e-mail will just keep getting bigger as a result," he says. "There is greater transparency in what it will cost because it's pay as you go." But many enterprises aren't likely to go all the way just yet. In fact, most (56 percent) plan to use a hybrid of on-premise and external e-mail services. According to Schadler, under this model, a company might manage servers that host people's mailboxes, but outsource archiving and filtering to a third-party provider. Only 19 percent of respondents said they plan to move to a hosted or managed e-mail provider in full. Even if enterprises underestimate the price of managing e-mail on-premise, the issue of cost is at the forefront of enterprise

IT professionals as they consider a new model for messaging delivery. About 42 percent said there will be an "evolution or change" because "e-mail is getting too expensive." Another 31 percent would change due to consolidation or changing products. One reason to consider switching? Schadler says getting e-mail off your plate allows IT to worry about more business critical projects. "Having your staff keep up with these e-mail upgrades is very labor intensive," he says. "Why would you want to deal with it if you don't have to? Maybe your staff could worry about improving Website analytics, or implementing social software." Schadler expects the vendor landscape to continue to mature in the coming year, in part because of enterprises' need to save money, but also due to Microsoft launching online Exchange a couple months ago, which in many ways validated the fully online e-mail delivery model. — C.G. Lynch

The Cost of Conflict Full-time workers spend nearly three hours a week — or 3.5 work weeks per year — dealing with office conflict. If that isn’t bad enough, consider this:

Infograp hics BY pc an oop

W OR K PLACE

10% report project

failure as a direct result of conflict.

22% report

that it has led to illness or absence from work.

33% say that

workplace clashes led to personal injury or attacks.

Source: CPP

Trendlines.indd 14

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/06

1/28/2009 3:29:09 PM

BY Margaret locher

Mash-Up or Smash Up?

Best Practices

Users can get in over their heads when they try to combine Web-based apps. here's what you need to know.

EStablISh a policy that defines It t support for mash-ups and spells out that users must attend training before accessing the tools and applications to build one.

Don't let the business sneak in mash-ups. "If you do, you'll be sorry because they'll make a mess and you'll have to clean it up," says Gualtieri. Instead, work with users and have your It t organization take the lead on bringing in mash-ups.

USE what you have. Mash-ups depend on the underlying data sources. If you have a service-oriented architecture, the services that make up that architecture are perfect mash-up sources. but be choosy: expose a minimum number of services to users and keep the interface simple.

trenDlines

Mash-ups are coming to an enterprise near you. New tools and services like Yahoo Pipes and Microsoft Popfly make it easy for non-technical users to create and share mash-ups, those custom Web applications that combine and display multiple sources of data into something new. But that doesn't mean CIOs won't need to be involved. Business users can go too far on their own. "The very thing that makes mash-ups so beneficial will likely come back and bite you," writes Forrester senior analyst Mike Gualtieri in Enterprise Mashups: Lead, Don't Follow. Users get started without IT but then hit a road block. Or, their simple mash-up becomes a massive application that is not scalable or built for integration. Forrester projects that adoption of enterprise mash-ups will break 10 percent in 2012, so CIOs need a plan for how to address them within their organization. First, understand what constitutes a mash-up. "The word is used by many companies to describe the combination of anything. The key feature of mash-ups is that they allow users to combine two or more sources of data to create a new view of that data," says Gualtieri. Host a training session before giving users access to a mash-up tool. Help them understand whether a mash-up is what they need. Once users are trained, provide support via help desk scripts and production assistance. Users will rely on their mash-ups, so they need help if they hit trouble. CIOs can assist by making sure the mash-up platform is operational and underlying data services and sources are running. Gualtieri says enterprise mash-up platforms are still immature, but as users become more familiar with Web 2.0 technologies, these capabilities will drive corporate strategies. "Most CIOs have an innovation goal," he says. "Implement enterprise mashups as a way to provide the business with a tool to innovate."

The Market for Enterprise Mash-Ups Is Growing

$39 million

$682 million

Size of the market place for mash-

Forecast for 2013

(about Rs 195 crore)

(about Rs 3,410 crore)

ups in 2007

Source: Forrester research

Vol/4 | ISSUE/06

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

s o f t W a r e

trenDlines

The ongoing global economic crisis may spark a pricing war in the SaaS (software-as-aservice) arena, according to a major vendor in the space. At an investor conference recently, Salesforce.com Chief Financial Officer Graham Smith discussed the company's readiness to lower prices in order to remain competitive. "It won't surprise me if, going forward in these times, we see much more aggressive pricing. That's sort of typical," says Smith. "We are able to match pricing." Smith indicated that Salesforce .com, known for its customer relationship

management (CRM) software, is not about to run a closeout sale. SaaS vendors typically cite a handful of advantages to the model such as no need to buy and maintain new hardware, faster deployment and easier upgrades. So while some price cutting maybe at hand, such factors could also compel more customers to adopt SaaS, according to Forrester Research analyst Ray Wang. But another observer believes Smith's prediction will be borne out in the market. "We were already predicting something of a battle on pricing given how aggressive Microsoft is being around Dynamics CRM Online. I guess the economic doom and gloom just lifts

that," says 451 Group analyst China Martens. "I've yet to hear the same pricecutting story from other SaaS players name-checking the economy, but it's sure to come." Beyond the world's economic woes, SaaS has now reached a certain level of maturity, and customers have had time to measure costs and their return on investment compared to on-premises software deployments, Martens says. Meanwhile, other on-demand vendors acknowledged that pricing could become an issue but, overall, painted themselves as being in a sound position to weather the rocky financial times.

â&#x20AC;&#x201D;Chris Kanaracus

gM bets on Visual Modeling tech t e c h n o l o g y General Motors (GM), facing possible bankruptcy, has been pursuing efficiencies on the desktop with visual modeling technology that simulates an It user's experience of a software application before it is deployed. the technology will speed new tool development, cut project costs and increase adoption of It applications by allowing internal users to weigh in during development, according to GM's chief Systems and technology t officer Fred Killeen. "It's a great way to avoid errors, figure out costs and behavior," says Gartner analyst Jim Sinur. In the current economic environment, It is under cost pressures like everyone else. and GM itself is fighting for its life after losing billions of dollars in 2008. Sinur says that new process technologies allow for the simulation of a process to detect issues early on. older process technologies required a complete development cycle before finding the issues. "you you also had to spend a lot y more time modeling before you had a chance to try it out," he says. Visual models also foster collaboration by expediting the ability for far-flung groups to work together, says Marc halpern, research director in manufacturing advisory

Trendlines.indd 16

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

services for Gartner. GM is using visualization software from irise and a rapid prototyping process developed by capgemini. the automaker has already implemented a number of business applications built from this modeling process for its manufacturing, human resources and dealerfacing systems. Visual modeling reduced project duration, on average, by 10 percent, according to GM. "We use it early on in any project where we are doing sessions with business customers about how they want the applications to behave and look," says Killeen. Killeen plans to incorporate It visual modeling into all of GM's customer-facing applications. "the sooner you deploy, the sooner you get business benefits," he says. "It's less about the development costs and more about the speed to completion." GM has used visual models before to simulate vehicle design and crash testing. It developed the production operations execution test simulator, a tool that simulates the manufacturing plant floor operations and vehicle production.

â&#x20AC;&#x201D;Jarina D'auria Vol/4 | ISSUE/06

IllUStratI on by U nnIKrIS hna n aV

Economic Woes May Lower SaaS prices

Doing Less with Less Forget ‘doing more with less’ — that's the IT mantra of yesteryear. Now IT departments are making better use of their resources, and though they're not necessarily doing more things, they are going about their tasks differently, according to findings from a Gartner survey. "They're working smarter, not harder," says analyst Mark McDonald. The key finding is that IT budgets largely will remain flat, which makes sense; because the average IT budget is 4 percent of sales, a 10 percent cut in IT spending doesn't save very much, McDonald says. But if the IT budget is used to restructure the other 96 percent of revenue, savings can be much higher. That's why CIOs are now shaking up IT resources, instead of trying to squeeze out a little more than before. The Gartner survey found that in 2008, CIOs had spread resources across all divisions, so they could deliver something to everyone. But now, many CIOs are concentrating on only a couple of projects that deliver results quickly, such as retiring old systems, consolidating duplicate CRM or reporting systems, and changing the cost structure within IT processes, per quarter. If this strategy change means some divisions won't receive benefits for a while, so be it. "If I try to pursue five or six initiatives simultaneously in this environment, chances are conditions will change and render half of them irrelevant," McDonald says. Projects that take priority are also ones with an internal focus, such as reducing costs and improving business processes. Externalfacing projects such as attracting and retaining customers and creating new products or services — formerly top IT priorities — are less important. "With companies' ability to predict revenues increasingly challenged, the best thing you can do is get strong operational control," McDonald says. Companies are reprioritizing projects around certain technologies, such as storage, cloud computing, virtualization, security, and niche analytics. The Gartner survey finds that CIOs are looking closely at using technology they already have rather than evaluating new technology to purchase. However, they are also looking at cheap Web 2.0 tools to fill collaboration gaps and even free up middle management's time. "The collaboration, coordination, and discussions that can happen via Web 2.0 normally would have been done in facilitated group meetings with middle management connecting people together," McDonald says. With so much change going on, an IT staff needs to be like a well-tuned SWAT team: adaptive, fast, and able to handle uncertainty. Yet the survey shows many CIOs don't see the need to help their teams act this way. Improving the skills of their staff is only the eighth-highest priority among surveyed CIOs, falling from their third-highest priority in 2008. "We think CIOs are making a significant mistake in believing that they can achieve the kind of results they're looking for without investing in their people," says McDonald. Gartner surveyed more than 1,500 CIOs to find out how they're rising to the financial challenges of 2009. IT B u d g e t

How Snoops Can Snag Your Keystrokes

Il lustrat ion by MM Shan ith

—Jeremy Kirk

Vol/4 | ISSUE/06

Trendlines.indd 17

trendlines

Security Computer keystrokes can be snooped from afar by detecting the slight electromagnetic radiation emitted when a key is pressed, according to new research. Other security experts have theorized that keyboards were vulnerable to such detection, wrote Sylvain Pasini and Martin Vuagnoux, both doctorate students with the Security and Cryptography Laboratory at the Ecole Polytechnique de Lausanne in Switzerland. But Vuagnoux and Pasini believe that theirs is the first set of experiments showing such spying is feasible. They faulted cost pressures on keyboard manufacturers for not making keyboards more snoop proof. Keyboards "are not safe to transmit sensitive information," they wrote in an entry on the school's website. "No doubt that our attacks can be significantly improved since we used relatively inexpensive equipment." They tested 11 different wired keyboard models produced between 2001 and 2008, including some with USB connectors and keyboards embedded in laptops. All were vulnerable to one of four surveillance methods. Videos posted show two different experiments, both of which accurately picked up the typed text. The first shows a white Logitech keyboard with a PS/2 connector that was attached to a laptop for power. It was monitored with a simple one-meter wire cable about a meter away. After typing "trust no one" on the keyboard, the same phrase is returned on the researchers' monitoring equipment. In a second video, a larger antenna picked up keystrokes through an office wall. Various experiments showed they could monitor keystrokes from as far away as 20 meters.

—Tom Kaneshige REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

1/28/2009 3:29:10 PM

Karan Sorensen

the Strategic ciO

Power from y your People The CIo of Johnson & Johnson Pharmaceutical Research & Development finds competitive advantage in mentoring employees.

IllUST RaTIon by bInESH SRE EDH aRan

eveloping people is part of my job. To me, part of our responsibility as executives is to ensure that a pipeline of diverse capabilities exists â&#x20AC;&#x201D; and not just in our own departments. Many CIOs get tunnel vision when it comes to developing their staffs. They may only focus on developing one area at a time, such as technology, project management or business relationship management skills. But it's wrong to go after one competency; the skill sets of employees become lopsided. You need a balanced organization that reflects people's different strengths and covers all your bases. Because I'm nuts about employee development, I've raised the bar for my peers; others can see how I work with employees. Some of my peers come to me for mentoring and coaching advice. As a result, my colleagues' attitude toward me has changed over the years. They look to me as a leader in helping drive employees to fulfill their managers' expectations. I have demonstrated my involvement in company-wide employee development. For example, I help champion boardlevel sponsorship for some of our diversity groups, such as our Hispanic leadership development organization and a group for women's leadership. Because I'm visible as a mentor, I get calls from people ranging from college graduates just entering the company to VPs within and outside of IT who want to discuss their futures or run an idea by me. Since IT has become ubiquitous within the business, developing employees across the organization should be a strong competency for CIOs. The more people know about IT and how their jobs relate to IT, the better the company will be. Becoming a champion of corporate employee development 18

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 01 Power From Your People.indd 18

Vol/4 | ISSUE/06

Karan Sorensen

the Strategic CIO

Developing employees across the organization should be a strong competency for CIOs. The more people know about IT and how their jobs relate to IT, the better the company will be. starts with your IT team. Here's how we set an example for developing staff for the benefit of the entire company.

A Team Effort You can't help everyone on your staff meet their career goals by yourself. I hold my direct reports accountable for developing the employees under them. At least twice a year, my leadership team and I talk about every employee and we all contribute to the conversation about an individual’s strengths, weaknesses and growth potential. Then we set goals for each of them and determine how much help they need to achieve them. We don't just talk about what people need, but also how they are going to get it. Other places may focus on the ‘what’ but not the ‘how,’ which is a key element to our conversations. It puts the managers on the spot because they have to come up with the solution right then and there. My managers and I give employees regular feedback on their progress. A lot of times, managers focus on organizational development once a year and choose performance reviews as that time. But if you compare employee feedback to having quality and process control, you can see why feedback needs to be frequent. You don't wait until your product is finished to test it. If you wait until the end and the product is bad, you have spent time, money, resources and raw materials only to be left with wasted inventory. When we give constant feedback to employees, they're more likely to be able to act on it than they would be if you wait six months to tell them. Being busy shouldn't be an acceptable excuse for skimping on feedback, because focusing on employees should be a priority. That tiny amount of time has huge ROI in the loyalty, growth and development of people who will deliver more for the company. To ensure I make the time, I commit all day every Friday to people development, coaching and mentoring — either one-onone or with a group. It's important for those in the organization to know that leadership is committed to their development. I can see people appreciate my devotion because of the many employees who seek me out for advice. Being a mentor not only helps to develop in-house staff, but also to recruit toptier talent.

How Staff Development Helps Business I've also created developmental rotations, which place technology people in business roles for six to nine months so they can get closer to that business. One gentleman worked in IT delivering database systems for the pharmacogenomics team, which focuses on the influence of genetics on drug

Vol/4 | ISSUE/06

Coloumn - 01 Power From Your People.indd 19

response. We assigned him to their laboratory. He learned how to use their equipment, such as how to run DNA scans. When he came back to IT, he had a much better understanding about what he should be doing with their IT systems. When IT staff do such rotations, we see a whole change in their approach to their jobs because they saw first-hand the sense of urgency that business has and where their real priorities are. Benefits such as cost reductions, increases in efficiency and simplification of processes come out of that experience, helping the company overall. Meanwhile, managers in the company see these employees as prime candidates to export out of IT. Ten years ago, if you were in IT, you were just in IT — not part of the business. But when we focus on developing employees, we demonstrate how their technical savvy, business understanding, leadership and ability to understand and elicit change are critical to business success. I've also had businesspeople come over to IT. We don't just stick them on a computer and make them crunch out code; I like to teach them how to do IT project management so they can understand what it takes to deliver an IT system.

Become a Talent Magnet When we focus on individuals' career development, we lift our organization's reputation externally. People want to work here because they see what we do to develop our employees. When you're competing for the best-in-class talent, our kind of culture is a differentiator. I've had people turn down jobs at other companies with higher salaries to work with our group because they were looking for challenging work and opportunities for growth that would help their careers. We need exceptional talent now to stop business decline. The pharmaceutical industry is going through a tough patch. Some leaders take the pessimistic path, focusing on what they can't do because of their budgets. I see this as the time where we need creativity. We can't afford to do things the way we used to. Employees who are engaged in their careers and whose success is aligned with that of the company will help us reform time-wasting activities, processes or systems. They'll help us figure out which of the things we do that are really very important. CIO

Karan Sorensen is VP and CIO at Johnson & Johnson Pharmaceutical Research & Development and a member of the CIO Executive Council. Send feedback on this column to editor@cio.in

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

1/28/2009 3:30:16 PM

Martha Heller

Career Strategist

Running Your Own Technology Company CIOs-turned-CEOs discuss how to make the transition from one role to the other.

ow many times have you thought, after listening to an awful technology vendor presentation or watching your software partner miss deadline after deadline, 'If I ran that company, things would be different.' It may be time to act on that impulse, if you have the right background and a good deal of drive. CIOs who want to run the show as CEO are finding that technology companies are a natural fit. As longtime customers of IT vendors, they know the products and the development process, they know the business â&#x20AC;&#x201D; from the customer view â&#x20AC;&#x201D; and they've sat through enough presentations to know how (or how not) to sell. And if they've been networking with their peers, they should have a good customer target list as well. These experiences are your price of entry to running a technology company. But as three CIOs who followed this path explain below, you must also decide that this is your career goal and set in place a strategy to make it happen.

Get Cross-Functional Experience

Il lustration by MM Shan ith

"In 1985, I had an epiphany," says Mike Kistner, CEO of Pegasus Solutions, a provider of reservation and distribution technology, and financial and marketing services in the hospitality industry. "I was a senior developer at Super 8 Motels working on a general ledger program, and I realized that the date fields had two digits. I thought, 'this will be a nightmare in 2000' and I vowed to get out of IT before Y2K." This epiphany led to another one for Kistner, that the pursuit of management roles outside of IT could be a 22

f e b r u a ry 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 02 Running Your Own Technology Company.indd 22

Vol/4 | ISSUE/06

1/28/2009 3:31:39 PM

Martha Heller

Career Strategist

critical step on the road to CEO, if he managed his career correctly. Kistner began to build relationships that would pave the way into new areas of the business. As Super 8 was acquired by HFS and then by Cendant, Kistner kept a hand in IT but he also accrued cross-functional leadership experience. At different times, he held responsibility for IT, reservations, guest services, convention planning and other operational areas. During his tenure from 2000 to 2005 at Best Western, he led IT but picked up distribution as well. In 2005, he joined Pegasus Solutions as VP of operations and technology, and then became CEO in June 2008. His advice: "If your goal is to run a company, you need to get out of IT and into other parts of the business. My old boss, David McNicholas [former CIO of Avis] used to say, 'to a man with a hammer, everything looks like a nail.' You need to put down the IT hammer once in a while and pick up tools from other parts of the business."

Fill in Your Skills Gaps Sean O'Neill is CEO of Newmarket International, a sales and catering solutions provider for the hospitality industry. He was the CIO of ITT Sheraton when he realized that he wanted to broaden his aspirations. "I was creating a ceiling for myself as CIO. I wanted to have broader influence over decision making and decided to pursue a different path." During interviews with his next employer, travel vendor Grand Circle, O'Neill talked about "how we had transformed information technology at ITT Sheraton into a business function that was integrated with the business. They knew that while I was coming to them as a CIO, my motivation was to be on the business side." Grand Circle hired O'Neill as a CIO with the understanding that he would soon add EVP of operations to his role. Several years later, in 2001, he joined Newmarket as CEO. "I chose a technology provider strategically," says O'Neill. "I wanted to stay close to what I knew best. I had the experience of being a consumer of these products and could get up to speed very quickly." His advice: "Become a student of the skill sets required to run a business," says O'Neill. "As CIO, you have access to a wide variety of leaders both inside your company and out. Interact with those people and start to understand where the gaps are in your own skills." He found, for example, that while he had a good grasp of functions like accounting, human resources and sales, he needed a better understanding of the financials. "I would risk looking like someone who doesn't get it by raising my

hand in a meeting and asking, 'Why did we use this debt structure?'" he says. "I would anticipate my next meeting with our CFO and prepare questions."

Engage Your Customers In 2006, Trent Gavazzi was a business-line CIO with the capital markets division of the Bank of Montreal in the US. He was implementing risk and compliance systems and realized that he had no way of providing executives with a way to monitor systems and be alerted to urgent events. Gavazzi started looking in the marketplace for what he needed but found that there was no solution that fit his problem. He started floating the idea of a risk-monitoring system to people in his professional networks and received enough enthusiasm that in 2008 he launched QuickWaters Software, a consolidated risk management alert software provider. Having come from a family of entrepreneurs, Gavazzi knew he would wind up launching a business at some point, but found that his CIO background was critical for this venture. "My CIO background helped me reduce the barriers to entry," says Gavazzi. "I knew all of the hot buttons of

To run a software company you have to be able to engage your network, be passionate and believable and creative about how you get attention. When you're CIO, people are calling you. When you're running a software company, you are the one making the calls.

Vol/4 | ISSUE/06

Coloumn - 02 Running Your Own Technology Company.indd 23

a large financial services organization and what slows down projects. My years of installing systems taught me to reduce the complexity of the product and do the right documentation up front. As a CIO-turned-softwarecompany-CEO, you have to learn from the way you tortured your vendors so that you don't make the same mistakes they made," he says. His advice: "Running your own software company is not for everybody. You have to be able to engage your network, let people know what you're doing, be passionate and believable and creative about how you get attention. When you're CIO, people are calling you. When you're running a software company, you are the one making the calls." CIO

Martha Heller is the managing director of the Leadership Practice at ZRG. Send feedback on this column to editor@cio.in

REAL CIO WORLD | f e b r u a ry 1 , 2 0 0 9

1/28/2009 3:31:39 PM

Robert Fecteau

The Strategic CIO

The Next Generation Who will fill your shoes? The CIO of BAE Systems' customer solutions group shares his method for encouraging and training potential succesors.

Il lustration by un n ik rishn an AV

y staff could look at any single day of my professional life and decide based on this that they would never want to be a CIO. They see me as the person that must answer all the hard questions when systems and processes don't work. They think my job is hard and complex, and that it appears to be nearly impossible to succeed at. This perception is widespread in the IT industry, which makes it all the more important for the current generation of CIOs to develop and maintain a robust pipeline of future CIO candidates. Being prepared to rapidly replace people in critical leadership positions is also a business imperative. Thus, we need to make the case for the CIO job to the IT and business professionals who we believe can step into our shoes. I am always looking for IT or business leaders who I think can make the jump to CIO. But it's not enough to identify them; we also have to develop them as leaders. Even when individuals say they want to be a CIO, often they don't really know what the job entails or what it could require of them. I use my CIO office to provide potential CIOs with a formal development process to support our future IT leadership needs. It includes rotational positions on my team and opportunities to serve in business leadership roles. It is also important to look at external talent. A promotion to CIO should not be a rite of passage or an entitlement. Nevertheless, CIOs are responsible for developing talented people, giving them the right experience and then selecting the very best talent for open positions.

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 03 The Next Generation.indd 24

Vol/4 | ISSUE/06

1/28/2009 3:32:27 PM

Robert Fecteau

The Strategic CIO

I start by explaining the core responsibilities of my job: I oversee information resource management and operations for the business. While it is helpful to have IT skills that can be applied to solve problems, the primary role of the CIO is to tie corporate strategy to IT investment in order to improve business capabilities and efficiencies. I believe that the core abilities people need to become successful CIOs are: Analysis skills. The CIO career path should include business systems analyst experience. Such jobs prove that a person can use problem-solving skills and analysis techniques to apply technology in the right place at the right time, in support of the business needs. CIOs also need process analysis experience so they can leverage knowledge of current and future IT capabilities that will improve processes. Financial acumen. Experience in managing financial investments is critical. CIOs are responsible for one of the largest investments the business makes, and we must be able to evaluate the effectiveness of these investments against the business cases that established their requirements. Communications expertise. CIOs must be able to communicate with — and listen to — business leaders, the workforce and the IT industry. This give-and-take is the only way to ensure that the CIO office is making a difference to the company and that systems are working as intended.

People in rotations also study where the business will be in the future, look at the technology infrastructure we have in place today and plan the migration to systems that will represent the future state. Through such experiences, these individuals gain firsthand exposure to strategy and long-term planning from an IT and business perspective. They learn that the systems that are here today are not necessarily going to be here tomorrow. And they learn how to budget for, plan and execute programs that get us to where the business needs to be.

The Well-Rounded CIO After the potential CIOs spend two to three years in the CIO office, I work to provide them with experience in managing a part of the business. They may run a P&L center in one of our lines of business. They may work in functional areas such as human resources or finance. Or they may run an internal

The people who really want CIO jobs are the people who are focused on making a difference in how IT contributes to the success of the business.

How to Teach Them My approach is to teach potential CIOs how the IT department functions within the business as well as provide training in specific business disciplines. I start by using the CIO office as a development opportunity. Most CIOs would agree that exposure to top-level business decision making is essential for people who are interested in becoming CIOs — they need to understand how IT systems and processes interrelate with other business functions. What better place to provide that exposure than within the office of the CIO? My CIO office consists of dedicated and matrixed personnel, with the positions of business systems analyst and portfolio systems analyst identified for rotational development. For 24 to 36 months, we expose the individuals in these positions to the executive level of the business and hone their skills in IT capital planning, business process analysis, communication of IT value and management of large programs. One of their key duties and most important experiences comes in defining the enterprise system plan and architecture. To do this, they interact with senior leadership to collect information about the business strategy and organizational requirements. They use this information to support enterprise architecture development.

Vol/4 | ISSUE/06

Coloumn - 03 The Next Generation.indd 25

IT program such as implementation of a major ERP subcomponent. In these roles, they take and apply the knowledge they have acquired in direct support of the business. These assignments can last for two to five years. Once individuals have sufficient background and work experience — and when they decide that they really want to be a CIO — we provide further development. For example, we might send them to formal training programs that teach the fundamentals of IT capital planning, investment control, portfolio management, IT security or IT leadership — whatever is needed to round out their capabilities and qualify them for a potential CIO role in one of our businesses. Ultimately, CIOs determined to build the leadership pipeline need to consider why today's IT professionals would care to step into our shoes. The people I see who really want CIO jobs are the people who are focused on making a difference in how IT contributes to the success of the business. They also want a job where they have the freedom to contribute to the business as a whole. This kind of freedom to make things better across the business spectrum is not only the key attraction to the job, it's our value proposition. We must work harder to get that message across to those we hope will follow in our footsteps. CIO

Robert Fecteau is CIO of BAE Systems’ customer solutions operating group. Send feedback on this column to editor@cio.in

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

1/28/2009 3:32:27 PM

Charles Beard

Peer-to-Peer

Tapping a Merger's Promise

There's value trapped in legacy systems and business processes. It's up to you to find ways to set it free.

Il lustration by unnikrishn an AV

ame any industry that's challenged operationally or facing an uncertain future. Take financial services. This industry has been acquisitionfocused for years, including during the upheavals of the past few months. But in many cases, such transactions occur in name only. The companies involved may change the signage and the stationery, but they don't change their business processes. The synergies promised to justify the transaction cost show up often as little more than goodwill on the balance sheet. As a result, significant, unrealized value remains locked up in what we might call "deferred mergers." In this economy, there is greater urgency than ever to unlock that value, and I believe CIOs must be the architects who capture it (in partnership with the CEO or COO). CIOs are uniquely positioned for this role because they see the entire value chain, understand the costs of supporting multiple business models and architectures, and remain familiar with the technology road maps required to integrate businesses. But not all CIOs apply this unique perspective in an activist way. Activist CIOs are businesspeople first and technologists second; they are focused on corporate business results and make their decisions through that lens. And they are willing to challenge the status quo as opposed to just asking the functional departments what their needs are every year. Before coming to SAIC (Science Applications International Corporation), I often worked with companies that had deferred the integration of their acquisitions. I would lay out an integration strategy, quantify the costs incurred by the deferred integration and suggest ways to extract the trapped value. In some cases, I did that because the company's internal CIO did not have the will

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn - 04 Are You An Activist.indd 26

Vol/4 | ISSUE/06

1/28/2009 3:32:57 PM

Charles Beard

Peer-to-Peer

You don't have to work for a global conglomerate or consulting firm to develop this business-results outlook. Simply reflect on your own professional development plan and ask yourself whether it aligns with being a business-results CIO. to challenge the status quo or authority to bring these issues to the business's attention. These CIOs had no voice at that table and were not materially involved when costs were originally estimated during due diligence. In these engagements, as well as in my work at SAIC, I've learned several lessons about being an activist CIO in deferred merger environments.

Emphasize Materiality Materiality — a case based on the hard facts — is the best approach to convince the business to attack its unrealized value. Extracting value from a merger or acquisition is a business problem, not a technology problem. By presenting facts, you help people understand this problem from a dollars and cents perspective. It's not an academic exercise. For example, SAIC has grown both organically and through acquisition. Much of our intellectual capital and technical know-how is embedded in the IT infrastructure of those onceindependent organizations. We unlock that value by providing an agile platform for rapid response to the market, asymmetric innovation and collaboration capabilities. To make this possible, the business wanted to get control of the line systems by migrating them to a centralized datacenter. But we in IT offered an alternative — a ‘virtual grid’ that takes advantage of emerging technologies in cloud computing and virtualization. This approach reduces our energy and facility costs and provides enterprise IT governance without impairing line organization productivity. It's less expensive, helps us get to market more quickly and is more consistent with our business strategy than the alternative. The additional value you identify when you emphasize materiality doesn't come just from taking out costs. You may have people in roles that they can't get out of because technology will not allow them to. They may be doing manual processes when they should be doing analytics — but can't move ahead because their systems and processes have become impossible to automate.

Refocus on Results As a consultant, I had great clients who pushed me. I had the opportunity to witness GE under Jack Welch, and Honeywell under Larry Bossidy, and to work with Herb Kelleher and Gary Kelly at Southwest Airlines. All of these leaders taught me about staying focused on the results, applying just enough technology to get what you needed and always developing solutions through the lens of business results.

Vol/4 | ISSUE/06

Coloumn - 04 Are You An Activist.indd 27

One of my clients struggled for years to achieve the synergies of a major acquisition. The company had enterprise systems, most of which were unique to a specific business or location. The systems locked-in legacy business models and created barriers to achieve the business's vision. We rationalized those systems by following a road map aligned with a business vision that was approved at the highest levels of the organization. Instead of reducing the number of systems to cut the operations and maintenance cost of IT, we instead followed a plan focused on improving the company' operating margins. Quarterly deployments demonstrated their value with quarterly improvements in multiple business metrics such as operating margins.

Become an Activist CIO You don't have to work for a global conglomerate or consulting firm to develop this business-results outlook. Simply reflect on your own professional development plan and ask yourself whether it aligns with being a business-results CIO. If it reads more like a series of technical seminars and vendor conferences, then you have work to do. Consider enrolling in an executive class at a business school. There you'll find senior executives from multiple industries actively participating in the debate over IT's role in business, and they will challenge your thinking in a safe environment. Contribute to the dialogue on business challenges in business terms. This is critical training that all CIOs should consider. To be an effective activist — to engage the business when it's wasting money or squandering opportunities — you also have to build relationships of trust. If the business leaders don't see you as someone who can conduct a results-oriented analysis and bring that kind of rigor and discipline to the conversation, it's going to be very difficult to get the opportunity. It's equally important to develop influence. Making people want to change is the secret to making things happen. One of the ways I do that is by making my ideas their ideas — by getting people to adopt and champion the ideas, and giving them the credit. When your colleagues see how you enable success for others, they will stop resisting change and will work with you. Finally, and fundamentally, to be a successful results-oriented activist, you must match your expectations for the role with those of your company. If the business wants a CIO focused on managing the internal IT function, it needs someone who is good at IT administration and keeping things running. An activist CIO would be a mismatch in that job. CIO Charles Beard is a member of the CIO Executive Council. Send feedback on this column to editor@cio.in

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

1/28/2009 3:32:57 PM

Cover Story | Vendor Management

As economic woes continue to squeeze contracts with a vengeance. ensure both short- and long-

“Maybe next quarter...” “Please, stop calling!” — if you find yourself responding to technology providers like they were tele-callers, then you might want to pause and re-look your engagement strategy. Sure, the economic environment is difficult and the business challenges formidable, however, tough times also create incredible opportunities for pruning operational cost and laying a foundation for future growth. Ultimately the choice is yours — hunker down and wait for the storm to pass or go ahead and significantly change the direction of your vendor relationship. Remember, everything is negotiable these days. 28

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/06

PhotoS by SrivatSa S haN dilya imagi Ng by b iNeSh Sree dhara N

IT budgets, CIOs are re-opening vendor Here’s what four CIOs are doing to term success. By KAnIKA GOswAmI

a silver lining — at least for CIOs. IT leaders can’t While CIOs typically re-negotiate remember the last time they could push their vendors contracts annually, this year sees a this hard. slightly different playing field, with both It’s a trend that Ray Wang, vice president and principal vendors and user enterprises feeling the frost analyst at Forrester Research, has been tracking and of the economic slowdown. he’s advising CIOs to make the best of the near future. According to IDC, IT spending worldwide will grow by “The next six to 12 months will provide a only 2.6 percent in 2009, much lower than Reader ROI: unique opportunity to negotiate for new its previous forecast of 5.9 percent growth. Why smart renegotiation deals,” Wang says on his blog. “Expect A study from The Corporate Executive requires a long-term continued discounts until the credit Board points out that 67 percent of IT perspective markets stabilize.” organizations are putting non-essential When, how and how much It’s advice that even CIOs in countries that projects on hold and 57 percent are to push aren’t as badly affected as those in Western reducing their use of consultants and Non-monetary benefits that can pay off markets want to cash in on. contractors. But amid the gloom, there’s

Vol/4 | ISSUE/06

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

Cover Story | Vendor Management For example, the CIO of a large retail organization confirmed that he got a 70 percent discount on fresh licenses. He also got another vendor to agree to expand their scope of work on a multi-year service contract with an annual 10 percent escalation — at no price increase. The overall benefit? About 15 percent of the contract’s sticker price. “And it wasn’t like the earlier deal was terrible,” he says. It’s an experience other CIOs seem to be sharing. “Vendors are showing flexibility, keeping today's economy in mind,” says Hitesh Arora, EVP, head-IT, Max New York Life Insurance. “While, that flexibility may not directly affect pricing, it does have an impact on overall year-onyear payouts.” Technology providers too aren’t hiding the fact that they’re ready to pitch in. Most of them understand the budget constraints on their customers posed by the slowdown. “Contract renegotiations are actually an opportunity for us to provide more efficient and updated solutions which can benefit clients,” says Praveen Sahai, head-marketing and corporate affairs, EMC. In the real world, however, it isn’t as hunky dory

are “vendors exibility, showing fl day's keeping to in mind. economy pact on it has an im r ar-on-yea overall ye payouts.”

Arora — Hitesh -IT, Max New York EVP, Head ce n life Insura

as this sounds. The two camps don’t always meet each other halfway — it is after all part of the job to wring out the best deal, whether you’re a vendor or a CIO. “There is no compromise,” says Johny Paramian, group CIO, GMR Group. “This give-and-take thing…it’s very subtle. Even when we give, we need to show that we have taken more.” That’s a little bit of doublespeak that many CIOs can relate to, what with their management’s mandates to reduce expenses. However, under that cost-cutting blowtorch, it’s easy for CIOs to push their vendors to the point where relationships burn. The trick is to know how hard to push. CIOs from multiple verticals tell you how to get a better deal from your renegotiation and — possibly more importantly — what not to do when you re-open a contract.

How to Renegotiate Like a Man, not Like gengHiS kHan In his blog, CIO senior editor Thomas Wailgum says it’s hard to not feel bad for vendors. “Pity the poor software vendors. The economy is in full meltdown, and buyers of ERP, CRM and supply chain management software have become even more demanding.” Of particular financial pain to vendors, he continues, are software deals that, as a study from Accenture points out, are “being clinched largely on the strength of off-list discounts of up to 70 percent.” Evidently, that isn’t a sustainable way to do business. And smart CIOs look for everyone’s best interests — even their vendors’, says the CIO of a pharma company. He says that he focuses on coming up with alternative options to these discounts that are discussed in a spirit of partnership. That spirit of support, says industry watchers, is also complementary to the way business is done in India, where relationships count. Many CIOs agree that relationships can sometimes be deal clinchers and so it only follows that when it’s time for renegotiations, relationships play an important role. “We stress the importance of the relationship we both enjoy and how it is up to both parties to ensure that it survives,” says Suresh Kumar, Director-IT, KPMG. This, in most cases, sets the stage to open up ironclad contracts. How far you go from there can depend on how sweet you can make a deal. Evidently,

Vol/4 | ISSUE/06

four Techniques for hard Times

here are some ideas to help you negotiate harder with vendors, cut waste, sharpen licenses and get more out of your it assets this year. 1 GIvE BACk ShELfWARE, AnD DOn't Buy MORE. Many enterprises over-estimate the number of user seats needed for a particular software system and end up licensing a lot of shelfware. However, if a customer wants to reduce the number of seats, some vendors typically respond by raising the price per seat. The net result: you pay the same and get less. There are techniques you can use to get around this, says Roy Schleiden, senior manager of IT procurement at YRC Worldwide, a transportation services company. Since July, Schleiden and his team have worked with approximately 300 of YRC's software vendors to park unused seat licenses until the economy improves. Parked seats are set aside and licensed at a price that's significantly lower than the per-user price in the contract. once the economy improves, the parties revert to the original cost structure. 2 ASk, AnD yOu ShALL RECEIvE. In light of the economic crunch, some vendors are coming up with creative financing to entice would-be customers to sign deals, says Schleiden. If they don't, you should. "We have a list of side perks we typically ask the vendor for," says Schleiden. These include cost caps on future maintenance and licensing increases. "We've never been successful in getting them all, but we typically get several," he says. Vendors "always tend to hold back money," says Gartner analyst Jane Disbrow. Your goal should be to not leave any of that on the table. 3 Put MAIntEnAnCE unDER A MICROSCOPE. Eighty-five percent of the revenue oracle derived from software maintenance in fiscal 2008 was pure profit, according to the company's 2008 10-K report. Maintenance is the last thing vendors want to discount. But there are always exceptions. For example, under most vendor-generated software contracts, customers begin paying for maintenance before the ink has dried on the contract— even if it takes a year or more to implement the system. But some IT leaders push hard not to pay maintenance for any software until the system has gone live. Cortese says he's had mixed results in attempting to defer maintenance, but he was successful recently on a seven-figure CRM license. YRC Worldwide's Schleiden tries to get the first year of maintenance free of charge. Though he, too, is not always successful, he says that "lately, the percentage [of vendors that concede] is higher than it's been in the past." 4 Run thE CLOCk. The best time to negotiate a software deal is toward the end of a vendor's financial quarter or fiscal year, when its salespeople are trying to hit their numbers. Disbrow says contracts landed during these periods can include overall discounts of 5 to 10 percent. To gain maximum leverage, experts recommend starting the process 60 to 90 days before the end of a fiscal year, or 30 days before the end of a quarter. —By Thomas Hoffman

Vol/4 | ISSUE/06

the lure of business gets providers to lower pricing. If a CIO can throw in potential business for additional services as a carrot, discounts are easier to come by. There is, however, a thinly-guised carrot-and-stick strategy at play. CIOs normally start a conversation stating something their providers cannot deny: their budgets are under strain. CIOs will typically indicate how much they want to see as a discount by telling their provider that they know the current market rate for discounts, and what other players in their field are offering. “The implied message is that if they don’t consider renegotiating there are others we can go to. Till today, we have been successful in renegotiating,” says Kumar. But a number of CIOs feel that opportunistic tactics like this rarely build long-lasting relationships. Blurring the line between flexibility and arm-twisting, they say, can end badly. "Negotiations can't be conducted at sword point," a CIO observed. In any case, it’s a strategy some vendors say doesn’t work. EMC’s Sahai, for instance, denies that his clients use long-term relationships as a carrot, “The foundation of all customer relationships is transparency and assurance of quality. Our customers respect us for this and there is no way they will rely on relationships to drive a renegotiation. Market fluctuations are not permanent,” he says. Fortunately for vendors, many CIOs agree with Sahai and reject the idea of browbeating their vendors into submission. They say that strong relationships and knowing a vendor’s senior management on first name basis, all help in a renegotiating process, but what really clinches things is having an alternative option before a negotiation. And, all it takes to put those tricks up your sleeve is some homework. Some skillful negotiators will, for example, ensure that they thoroughly understand the market and the product. It’s an approach that P.V. Ramdas, VP-Technology, HCL Technologies BPO Services, says works. “[Vendors] will always put up a fight; they will not readily agree [to renegotiate]. But because they normally inflate prices, if they know that I know about the product REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

ss t h e “We stre ce of t h e importan hip we relations and Cio] [vendor y and both enjo th up to bo how it is ensure parties to rvives.” that it su h Kumar

— Sures KPMG , Director-IT

and its value, they give in easier. It all depends on your knowledge of the product,” he says. Sometimes finding an angle can do the job. GMR’s Paramian, for instance, got creative and used the nature of his business as bait. He realized and used the fact that today, every technology provider worth his salt wants a piece of action as far as the construction of international airports or real estate is concerned. These are niche sectors with unlimited possibilities of business and early entry into one company in these verticals — even at the price of deep discounts — could mean a ticket to other companies. Whatever route you chose, it is important says Mark Grossman, a tech lawyer and founder of the Grossman Law Group, to negotiate. “I represent vendors. Trust me when I tell you that if you're the customer, you never want to accept those form contracts without changes. They're designed to be one-sided in favor of the vendor. I write them. I know. Don't walk into a deal thinking about how big they are. They want your business or they wouldn't be talking to you. Sure, the big boys of the world budge less than the vendor down the road, but they all bend.” But he also advocates fairness. After all, everyone is in business for growth. While EMC approaches renegotiations with a positive outlook and as an opportunity to show value to clients. It is clear about looking at making the most out of existing contracts.

wHeRe to Look FoR MonetaRy BeneFitS “In both the enterprise and the SMB space, recent market conditions point to a lack of available financing for enterprise 32

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

software purchases,” says Forrester’s Wang. “This trend will continue as the credit markets tighten. The result: vendors will be more inclined to discount. Enterprises engaged in contact negotiation with software vendors should take this opportunity to seek additional discounts as the scarcity of new deals will put customers in the driver's seat.” Among the areas he suggests to look for deeper discounts include non-license areas such as implementation, training, and support. He also advices CIOs to urge their vendors to lower maintenance fees. So how much can you ask for without your vendor walking out of the room? CIOs have different opinions. One outlook could be that pricing is a commercial issue. It offers almost unlimited flexibility — provided there is adequate leverage. In short, the question is: how badly does your vendor want your business? As shrewd business people, that's something smart negotiators need to sense quickly. KPMG’s Kumar says that for networking and bandwidth service contracts, the minimum discount a CIO can expect is between 25 percent and 30 percent. CIOs also report that renegotiations with smaller vendors for services and manpower that have yielded 15 percent to 20 percent price reductions over previously agreed rates. With global vendors pushing prices down is much harder, say CIOs. But Indian CIOs also say fresh licenses are an area where in roads to discount can be made. Another factor that helps corner a better price is how long a contract’s term is. However they seem to disagree with Wang on one point: most companies in India, they say, do not seem to have the muscle to renegotiate maintenance contracts.

Vol/4 | ISSUE/06

Cover Story | Vendor Management can offer. Hard cash is certainly not the only allowance up What everyone does agree on is the importance of ensuring for grabs. In addition to driving monetary benefits during a that CIOs don’t lose their vendors over a great deal — a renegotiation, it is also pragmatic to look for non-monetary possible outcome of having a take-no-prisoner’s approach. bargains. Deferred payments are an extremely productive It is not a remote possibility what with top management option, and many CIOs have tried it to their advantage. bearing down on their executives to reduce costs. Being “Understand how non-monetary concessions have flexible and open to new business models is a healthy way value,” advices Forrester’s Wang. “Once you reach the point of getting reductions and maintainging relationships. “We of a price floor, consider asking for the right level of product have been working with our key partners on alternate development and executive sponsors. Other options include models. In addition to having direct financial benefits, this more favorable changes in software licensing clauses such as approach brought more ownership or skin in the game from a set rate of maintenance for the life of the contract.” our vendors and hence better quality output,” says Arora. Obviously, vendors prefer non-monetary concessions To be able to do that, it is good not to forget that despite and will be more ready to co-operate in a renegotiation. their own worries vendors are still playing ball. It is Some vendors, for instance will offer financing. EMC’s interesting to note that while in earlier years there seemed Global Financial Services has operations in India, for a huge difference in pricing or discounting between the instance, and provides financial assistance to organizations, top vendors and the others, this year CIOs say they see lets clients choose from a wide range of programs designed a very small difference between multinationals and the to help preserve cash, match payments to utilization, and smaller vendors. avoid technology obsolescence. Another tactic is to change the length of a contract’s CIOs are also learning to drive a harder bargain with term to take advantage of naturally-occurring market non-monetary chips on the table. One way out could be corrections. It’s something HCL BPO’s Ramdas has had to ask for an increase in the gamut of services for the experience with. He says that he recently reworked a onesame price, and hope it will work, specially under the year contract — with a one-year pricing — to a monthly circumstances, where most technology providers are scheme in order to take the best advantage of a product’s facing more duress than the CIO. falling price. Where service is concerned, Paramian suggests cutting Sometimes there are opportunities for larger-thandown on the number of people onsite. With fewer staffers, usual discounts if a CIO is willing to buy products to fit the manpower rate comes down too. But this needs to be the accounting needs of his or her vendor. But often it means purchasing equipment earlier than an enterprise needs it. In many of these cases, the opportunity arises when a vendor pushes its sales reps to meet a quarterly target of units and they turn to CIOs for help — in exchange for discounts. Most CIOs agree that they would take advantage of the situation, although their reasons differ. They also say that they will only do it for specific products or services like bandwidth for which their organization’s future use can be estimated. Arora, however, says that organizations should avoid being ake e-and-t iv g is pressured into hurried buying just for h “t even subtle. discounts, “organizations with shorter is very in to e give [ sight would certainly end up doing when w we need r], this,” he points out, demonstrating how a vendo at we one CIO’s strategy is another’s poison. show th

PayMent in kind With the intense scrutiny on the bottom line that’s currently in vogue, it is easy to miss other benefits that a renegotiation

Vol/4 | ISSUE/06

to re.” ken mo have ta mian

y Para p — John Io, GMR Grou C p Grou

Cover Story | Vendor Management done intelligently. Earlier the people on site were senior, middle and entry-level profiles. Now CIOs are choosing mostly people with middle-level profiles and as a result of this move the number of man-months they pay for has come down considerably. When nothing else works, some CIOs will look at trimming their contracts as an opening gambit which they then follow up with a spirited push to bring prices down. However, this strategy can be risky and the choice of what to cut is important. It is vital to study usage patterns and be sure that what you’re cutting isn’t vital to the business. A good example is doing away with the clause for 24x7 support. But is it safe to expand that strategy and bring other outsourced pieces back in-house? “We did look into shifting technology

support back in-house,” Paramian says, “but we saw that it would increase headcount, which we did not want.” But other CIOs, won’t even open that door. Giving up support is not a good choice, since it may put the business at risk. If a vendor is ready to renegotiate an existing contract based on future potential or other services which could be purchased by the organization, it may work. But dropping services to reduce cost should not be an option. Neither is the extension of that strategy — switching to a cheaper vendor — an option. “Unfortunately IT products are not like the cars of yore which any garage could tinker with. They are more like today’s cars, they need support from the original vendors,” says a CIO.

keePing UP tHe PReSSURe

Whatever benefits CIOs can manage to wrangle out of their vendor, it is vital that they renegotiate. Especially since market analysts do not see a recovery over the next three quarters at least. More and more forward-looking CIOs are using the slowdown to benefit their businesses with impressive deals. In addition, renegotiating forces the due diligence and the discipline needed to trim an organization — all of which will go a long way in getting enterprises in shape and ready for the market when it picks up. “This [slowdown] is also an opportunity to re-look at priorities,” says a CIO. “There were other aims, too. This gave us the opportunity to look at whether our contract was right in the context of what we were doing. Sometimes, during the good times we add a lot of things which may not be useful in hindsight.” Creating friction it seems, is really the only way to make the best use of the slowdown. And the tug-ofwar between vendors and CIOs is important because it keeps the will not ] s r o d rope up and the game on. It’s n [ve [to e re g a when no one is pulling that there’s y readil ut, b . ] te a a problem. CIO ti renego

ow that if they kn out the i know ab they give product, in easier. amdas — P.V. Rology,

VP-Techn ologies n HCl Tech es ic BPo Serv

With inputs from Thomas Wailgum and Mark Grossman. Kanika goswami is assistant editor. Send feedback on this feature to kanika_g@ cio.in

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/06

How Your Vendors Look at

fInanc fI nancIIng nanc rIsks rI sks Reacting to the economic downturn, vendors are offering new and aggressive financing options to their creditchallenged customers. But what if customers can't pay back? The repossession man might be coming to your datacenter. By Thomas Wailgum

If a car owner

doesn't pay back his car loan, the repossession man usually arrives in the dark of night to take back the automobile. If a homeowner defaults on his mortgage, the bank forecloses on and seizes the house. The car and the house serve as the collateral for the financing organization — they can be cleaned up or cleaned out, as it were, and resold. But what if a company defaults on a loan for a multimillion-dollar SAP ERP software purchase? Or can't repay IBM Global Financing for the hardware, software and services that it bought two quarters ago? Does a repo man sneak into the datacenter and take back the servers and installation CDs? As it turns out, hardware is just like a four-bedroom house or 2008 Toyota Camry: it can be ‘repo'ed’, refurbished and resold by the vendor or, perhaps, put out on eBay. "We can take back equipment," says Fred Clarke, a spokesman for IBM Global Financing. "We can refurbish and resell them on IBM.com or through a broker network, and really recapture the residual value on that equipment." Software, though, is not as tangible as a mainframe: software cannot be resold and has no collateral value. "Software is pretty much a loan," says Clarke. "There's nothing you can do with software once you've taken possession of it." Tech vendors offering their own financing, such as IBM, Oracle and Cisco, and those that rely on financing partners, such

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/06

cover story | Vendor Management

as Microsoft, could soon start to see red numbers associated with their customer financing deals. That's because defaults on technology loans, which allow customers to purchase computers, software and other tech gear, have spiked this year, The Wall Street Journal recently reported. One financing company told the Journal that businesses are now defaulting on loans for tech purchases "all the time." Nearly half of businesses' capital spending is on IT products, and companies and governments annually spend almost US$1.8 trillion (about Rs 90,000,000 crore) on technology, according to a recent New York Times article. Therefore, a sharp increase in IT-related defaults, combined with even deeper cuts in businesses' IT spending, could have disastrous economic consequences consequences. For the software vendors, in particular, the repossession recourse is of negligible value. "If a customer defaults, Microsoft Financing and its finance partners may take appropriate legal action, on a case-bycase basis," says Laurinda Hoffman, who works for Microsoft's public relations firm. (Microsoft Financing is not a financial services company; the software giant uses third-party underwriters to determine customers' credit-worthiness and to facilitate loans.) So while Microsoft and its financing partners, such as CIT, have few options to recoup a loss, their defaulting customer is left with the Microsoft software. "A default may result in the customer holding an invalid license for Microsoft products," Hoffman writes. In other words, while the relationship with Microsoft will surely sour, the customer still has the usable software.

reserved for car dealerships and homeappliance retailers' advertisements. In September and October, IBM announced a series of low- or below-rate technology loans, some that included no payment or interest due for 90 days. Oracle offered a â&#x20AC;&#x2DC;Time Is Moneyâ&#x20AC;&#x2122; promotion in November, with "no upfront capital expenditure" and "no payments or interest for 90 days." Not to be outdone, Microsoft announced in mid-November a "0% financing offer for 36 months for new, qualifying customers of Microsoft Dynamics ERP and CRM solutions." "We are working closely with our customers and partners to proactively enable them to preserve their capital resources to ride out the current economic situation," said Kirill Tatarinov, corporate VP of Microsoft Business Solutions, in announcing the new financing options," while making an important strategic investment in their future."

Power to Lend BILLIons

hardware loans, but "we adjust for that risk based on the interest rates we charge." Clarke stresses that IBM has "a very, very conservative approach to lending. We don't allow ourselves to lend to anyone and everyone," he says. "And that's why we've been untouched by all the different ups and downs" over the years. The Microsoft Financing business accounts for less than 1 percent of Microsoft's total company revenue, according to the company. (Microsoft wouldn't comment on its financing partners' default rates. Oracle Financing public relations declined to be interviewed for this story.) IBM Global Financing's default rate, according to its most recent third-quarter earnings report, increased from 1.1 percent to 1.3 percent. In Q3 earnings remarks, IBM CFO Mark Loughridge said that we "we closely monitor the credit of our clients and adjust as needed. It's important to remember that the majority of the assets we're talking about are in support of critical IT operations and have substantial value." Forrester Research principal analyst Ray Wang says that defaults on technology loans historically haven't been too big a problem for vendors that offer financing options. IBM's Clarke says that "this is not an everyday occurrence for IBM." But with software, especially, it can be tricky business. "That's been the toughest part of software financing: there's nothing to put as collateral." Wang says. "And this is why traditional software financing is a specialized field." Even with economic uncertainties and credit turmoil still unfolding, IBM's Clarke says the financing division has seen a noticeable uptick in customer inquiries about financing options. "We are being more prudent in how we're lending, and we are definitely looking at credit quality of the customer set, which is something that we've always done," Clarke says. "But we have money to lend." CIO

IBM's Global Financing is the largest IT lender in the world, with 125,000 customers and roughly $34 billion (about Rs 1,700,000 crore) in assets. According to Clarke, the division delivers between 9 percent to 13 percent of IBM's overall profitability. The division was "created to push IBM hardware," he adds, "the mainframes, the big servers that cost a lot of money." Global Financing also resells off-lease or retired equipment, as well as any gear that is repossessed because a customer defaults and "where we can't work out a deal," Clarke says. In either case, IBM employees or third-party partners physically take back the equipment, load it on trucks and bring it to one of IBM's 22 refurbishment centers located around the Many tech vendors are sitting on stockpiles world. "That, by itself, gives us the ability of cash amid this historic economic to offset our credit risk in the downturn. Cisco, for example, event that a customer defaults has nearly $27 billion (about Reader ROI: on hardware," Clarke says. Rs 1,350,000 crore). Some What happens when As to the IBM software that vendors that offer financing you canâ&#x20AC;&#x2122;t pay your typically is bundled in an IBM deals have recently stepped vendor back solutions deal, Clarke admits up their sales pitches, with a Why IT financing is booming that "it's a bit riskier" than the level of aggressiveness usually

Send feedback on this feature to editor@cio.in

Vol/4 | ISSUE/06

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

Low-Interest Loan trend

Trendline_Nov11.indd 19

11/16/2011 11:56:19 AM

CheCking-into Crowded in by the slowdown, the Preferred Hotels Group moved its entire datacenter into the cloud. Why they took the risk is important, but what they will save is more significant. By Kevin Fogarty

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/06

Case File

A yEAR

Il lUStratI on by Unn Ik rISHn an aV

in which the economics of the travel and hotel industries are so bad that business analysts keep making comparisons to the months immediately following the September 11, 2001 terrorist attacks in New y york ork is not generally the time most IT people would be comfortable putting together a disaster recovery plan for the first time. Most would be in their offices, sweating over spreadsheets, looking for ways to trim spending a bit more, or push a project to drive down operational costs. The need for disaster recovery — a mandate that came Chad Swartz, senior manager of IT operations at the down after members of the board realized the privately Preferred Hotel Group, spent most of the year planning held company had no backup plans — was the driving force disaster recovery and ended up with a big cost-saving behind the investigation into cloud computing service. But strategy for the Chicago-based firm. it was the cost that sold it, Swartz says. Preferred, which specializes in group-travel sales, That’s not surprising, given the currently dismal booking conventions, conferences and corporate outings economics of the business and luxury-travel markets, both into its network of luxury hotels, is moving its relatively key parts of Preferred Hotel’s business. tiny datacenter into the cloud. The company signed up in early 2008 for The Enterprise Cloud, a hosted server-and-software service from empty Wallets, VaCant Rooms Terremark Worldwide. Under the plan, Terremark will At this time in 2007, only about a quarter of all hotels supply 10 virtual servers — seven on full-time duty and reported they were charging a lower average cost per room three in reserve for spikes in demand — each with a prethan they had at the same time the previous year, according configured amount of disk space, memory and processing to industry benchmarking analysts Smith Travel Research. power, as well as a set amount of bandwidth, Swartz says. Now, more than 40 percent report that they’re charging Actually, Terremark will supply double that eventually; less. Among luxury hotels that number jumps to more than one set for the production environment and an identical 50 percent. And 20 percent of all hotels report that they’re one that is physically located in a different Terremark both charging less and are renting fewer rooms than the datacenter, as a disaster-recovery hot site. same time in 2007. The service will cost about $16,000 (about Rs 8 lakh) Travel-agency bookings dropped 11.6 percent during per month for the whole kit-and-kaboodle. That compares October last year, according to Airlines Reporting, a favorably to the $210,000 (about Rs 105 lakh) Preferred transaction clearing house for the travel industry. Smith was going to have to pay to refresh its aging Dell servers Travel Research predicts demand for hotel rooms will drop this year, plus $10,000 (about Rs 5 lakh) per month in slightly during 2009 and 2010, while the supply of hotel co-location and bandwidth fees, Swartz says. rooms continues to rise at about 2.5 percent per year this “Everyone is checking their budgets now,” year and next. Reader ROI: says Swartz. “If you go to the board, is it an That’s not the kind of environment How moving your easier sell to say we need to spend $200,000 in which most IT executives would try datacenter into the (about Rs 100 lakh) in capital costs and to implement a disaster recovery plan, cloud saves costs $10,000 a month? Or just pay a $10,000 outsource their datacenter and launch a benefits of configuring implementation cost and $16,000 per month? customer relationship management project virtual servers The cloud environment is going to explode, if all at the same time, as Swartz did. Swartz, Why cloud computing is just for the cost savings.” was hired less than a year ago as part of an reliable and convenient

Vol/4 | ISSUE/06

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

Case File

InfoGraPHICS by M M S Ha nIt H

expansion of Preferred Hotel’s IT staff from unique and specifically beneficial to your own one person to seven. He actually went into the business is one of the biggest strategic benefits cloud investigation assuming the company of cloud computing, says James Staten, would shift over to VMware virtualization principal analyst at Forrester Research. environment but continue to use a co-location “The power of the cloud is that you’re being SNAPSHOT service to house the physical servers offered these services by people who view Preferred themselves. When it became clear how much datacenter operations as their business, not Hotels Group lower the capital cost would be, he was sold. something they do as part of the rest of IT,” HOTELS: 185 “With a colo, if something breaks you have Staten says. to go there and fix it, or have someone send Among companies larger than 1,000 FOuNDED: 1968 parts and wait until they get there. Meanwhile, employees, about five percent use cloud everything is pretty much crippled,” he says. computing services, according to a marketHEADquARTERS: Chicago “In a cloud environment, you have a facility survey report Staten conducted and plans to manned 24 hours a day and virtual servers. publish early in the first quarter of this year. So if a piece of hardware goes down, I’ll never even know Among small- and mid-sized companies only about two about it. [Terremark’s] load-balancing takes care of it percent are currently using cloud services, according to automatically and puts [the effected virtual server] onto Staten’s data. another machine. From an operational perspective, the focus shifts away from maintaining the servers and onto the silVeR lining doing other things.” The ability to focus on IT functions Cost will get a company into the cloud-computing arena, Swartz says, but convenience and reliability are what will keep Preferred Hotels in it, at least. Being able to rely on Terremark to maintain the hardware is a big step. Being able to call up a configuration screen in a Web browser to raise the he cloud project has not only provided Preferred Group with or lower the amount of processing power, memory and disk monetary benefits, but also offered another set of perks. space each virtual server gets, lets Swartz tune performance as much as necessary, to keep his users happy. The company uses Citrix software to virtualize its desktop applications onto Terremark’s servers, so performance tuning can be a big deal. Putting Citrix on top of virtualized servers drags performance down a certain degree, because every request from the application has to go through two layers of control software to get to the processors. To compensate, Swartz increased the number of Citrix servers from five to seven when he set up the Terremark deal. So far, there have been few problems, he says. All the company’s standard commercial applications have run fine during the two months Preferred has been testing the cloud-based system. The company is gradually shifting all its homegrown legacy applications over to the new servers, even as it works on a Microsoft CRM implementation that will replace much of the legacy code, By moving its datacenter into the cloud Preferred Group has saved Swartz says. There are two more months of testing some Rs 97 lakh functions of the legacy apps, to make sure they behave while running on virtual servers on a cloud far from the The facility is manned A configuration screen 24 hours a day. If a in the Web browser environment in which they were originally conceived. piece of hardware goes allows users to raise “We hope to have everything fully tested and make the down in a virtual server, or lower the amount switchover by the end of the year,” Swartz says. “Right load-balancing takes of processing power, now we’re paying twice; once for the colo and once for the care of it automatically. memory and disk space cloud, so we’re eager to cut that out as soon as possible,” on each virtual server. Swartz says. CIO

FiVe staR tReatment

Send feedback on this feature to editor@cio.in

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/06

Leadership

Training courses and personality development programs have become even more popular as organizations are trying to equip their employees to cope with todayâ&#x20AC;&#x2122;s complex environment. But are these courses valuable for IT? By John Lamb

Vol/4 | ISSUE/06

Feature -04-Leadership.indd 41

P hoto by Srivatsa Sh an dilya Imaging by ANIL T

fter four days of potholing, moving barrels across imaginary ravines and trying to map-read their way around the Herefordshire countryside, the pressure on the group of trainees was beginning to tell. The military-style program was designed to foster leadership skills and demonstrate the dynamics involved in group working. "Form, storm, reform, perform," the instructors explained. The group seemed to have got stuck in the storming stage, or that is how it seemed when one member, a local authority IT manager, tipped over a table in frustration during a particularly tense discussion and was led from the room by the course leader, an ex-SAS officer. Courses on leadership are more popular than ever as organizations seek to equip their IT bosses with the skills to cope in an increasingly complex environment. Personal development is about helping individuals become effective leaders able to set direction, persuade others to follow and deliver IT benefits. But no matter how inventive the training courses on offer, many CIOs, like the unfortunate delegate

Reader ROI:

Why leadership courses are important How to train your employees Why communication is vital

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

1/28/2009 4:09:47 PM

Leadership in Herefordshire, are struggling to apply them to the practical problems of running an IT department. When IT management organization CIO Connect asked 28 of its blue-chip company members about the importance of training and development, all of those polled said it was critical to have plans in place for both themselves and their teams. About twothirds said that they had benefited from previous development programs. But the survey went on to reveal an alarming gap between these good intentions and the reality of training in these firms. Nearly half of the CIOs polled did not think their existing plans

don't get to be there by being like someone you worked with," he says. "Different circumstances call for different kinds of people. Talking in the abstract is only partially helpful: you also need feedback in the heat of the moment."

CommuniCation, not teChnoLogy Russell thinks that around five percent of a CIO's time should be spent thinking about how he or she is doing their job. He himself spends around an hour each week going over issues in his own working life. "At a senior level you are very pushed for time so development is about making

Personal develo develoPment is about H HelPing individuals become effective leaders. But no matter how inventive the training courses CI are struggling to apply them to are, many CIos practical problems. were good, and 14 percent considered them inadequate. For CIO Connect members, the priorities for personal development were influencing boardroom colleagues and building commitment to IT across the organization, although, worryingly, respondents did not give their own needs a high priority. "Training is not a strong point of the UK economy," agrees Alistair Russell, development director at CIO Connect. "It is an important lever to effect change but, unfortunately, it is not always accepted as a significant one. There is an opportunity for us to do more." Russell runs CIO Connect's program for training the CIOs of the future. "Personal development only has an impact if it changes the way an organization works," he says. "There is no use in building a CV with qualifications just for the sake of it." His program is a mixture of one-toone coaching and group working on real problems. "Leadership is situational: you 42

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

choices about how you spend what free time you have. "There is a difference between a oneshot course and development sustained over a period of time," he says. Chris White, CIO at international corporate law firm Ashurst, agrees. He is putting his team leaders through a program called One Team, designed to foster better communication in his department. The program involves three or four residential sessions. "Often, people come back from a session enthused but then fall back into their old ways. One Team is a way of keeping the initiative going," he says. The program, which is driven by attendees, has paid off by breaking down communication barriers that had built up because the department is split between two sites. It also enabled the law firm to implement a document and e-mail system with far less hiccups than might otherwise have been the case. Communication skills are important to Richard Snooks. When he revamped the IT

department at advertising agency WWAV Rapp Collins, he adopted the organizationâ&#x20AC;&#x2122;s creative approach to business. "The skill a technologist really needs to acquire is how to communicate," he explains. "I have always been quite confident as a communicator." Instead of looking for technically qualified individuals, Snooks sought out bright communicators. Many of those he hired had little or no IT background, and indeed one had just gained a PhD in music. "People coming through university on a computer science course are often least equipped to make a good contribution in the IT world," Snooks says. "The strategy showed in the attitude that the business had toward the IT function. We were seen as an integral part of the business. A lot of good IT teams are now thinking this way." Snooks now sets aside a day every four months or so to meet other CIOs who are members of a network that he belongs to, set up by a training firm called IT Leaders. They spend time exchanging experiences and exploring management tools and techniques. "The more senior you are in a role the more lonely it is, and the more you need people to talk to," he says. On a recent away-day he and his group looked at neuro-linguistic programming, a method of making emotional and behavioral changes in you and in other people. However, Snooks acknowledges that some employers may see personal development as a luxury. That is a mistake, he maintains, since there is always a balance to be struck between doing the job and learning how to do it better. "Personal development is something that's been neglected in the past," Snooks says. "A lot of management is based on intuition, but an effective leader is about psychology: understanding people."

BuiLding ReLationships In his early days, Snooks read self-help books like Kenneth Blanchard's The One Minute Manager, designed to help people like him improve their management skills, but he knew he needed more. "As I became more senior I realized I needed to get away from the office to get a better sense

vol/4 | ISSUE/06

Leadership of objectivity about my work," he says. "I wanted to discuss issues with like-minded people in a training environment." Today, as CIO at property investment company Capital & Regional, Snooks went out and formed relationships with his contemporaries. Personal development has convinced Snooks that “managing by walking around” is the best way to do things. "It is important to make sure that you spend the most part of your time focusing on communications, empowering others and delegating responsibility. More people should be out of their chairs, moving and shaking; talking and influencing people." René Carayol is one person who could never be accused of sitting behind a desk. He acts as a mentor to some 50 people involved in IT. His early career followed a classic path from analyst programmer to CIO and finally chief executive of a dot-com company. The younger Carayol completely lacked business knowledge and leadership skills. So when he joined the board of Pepsi after a 10-year stint at Marks and Spencer, he knew nothing about business and couldn't even read a balance sheet. His first board meeting was a fiery one as the soft drinks company discussed splitting off from a joint venture with Whitbread. "I was intoxicated, but I never said a word," he admits. At the end of the meeting, the chief executive drew Carayol aside and demanded to know why he had not contributed. "I explained that no one had mentioned IT. He told me that I was not responsible for IT; I was responsible for the day-to-day running of the company." Carayol knew he needed to learn fast. He found a business mentor called Donald Harris, who was 30 years his senior, and the pair met each month to discuss Carayol's career and the insight he needed to acquire. One thing Carayol learnt was that while he was good at the big picture he was not so hot on detail. Leadership, he says, is about finding your strengths and weaknesses and building on the strengths. "Don taught me how to be a board director. Everywhere I went after that I found a mentor. These people are flattered to be asked. They will become your critical friend: someone who

Vol/4 | ISSUE/06

Feature -04-Leadership.indd 43

Advice for managers challenged with doing more with less.

he way you manage your IT staff during this economic downturn can make a big impact on the success of your organization, according to a new study from consulting firm The Forum. As layoffs rise the uncertainty can paralyze managers and employees, leaders must adopt certain strategies pertaining to financials, people, and organizational climate. "By looking at past recessions we've identified five steps that can make the difference between success and failure in managing through our current downturn, and they all come back to leadership," said Ed Boswell, CEO of The Forum. "Following these steps will be particularly valuable in organizations that are undergoing cost-cutting and layoffs, which challenge managers to do more with less." Here is some of the advice: Keep and develop top talent. Your stars are most susceptible to being poached in a downturn. Give IT staff development experiences and rotate assignments. Keep everyone on the same page. Frame an agenda, meet with stakeholders to gain support, and build commitment. It’s crucial to have alignment on key goals. Foster collaboration. Seek employee input and empower staff to contribute their ideas. Tell the truth. Strong leaders acknowledge the challenges they’re facing and by doing so, build trust among followers. Create a positive vision. When employees respond to customers’ interests and values, they’re more likely to come out on top when the downturn ends.

—By Amy Schurr

sits inside your tent and says the things to you that other people won't," he explains. David McKean, 10 years a CIO and now head of IT Leaders, says leadership development may be a status thing, but in reality it's about developing existing skills and pooling knowledge.

Lead from the Front IT Leaders is at the sharper end of the development business. McKean teaches project management methodologies such as ITIL and Projects in Controlled Environments 2 (PRINCE 2). "We spend about 20 percent of our time on these tools. They are important, but they are more about training than development. However, there are still a lot of people who don't know about them — about 60 percent of those who attend." McKean introduces delegates to scenarios involving teams, co-workers, innovation and change, crises, corporate governance and strategy. Trainees are instructed in emotional intelligence and are introduced to management techniques such as the balanced scorecard and the McKinsey 7-S model. "Very few have the skill of developing strategy in a step-by-step way," says McKean. "You have to align your IT strategy with the business. We tell people what they should be asking from the business." One of those requests is for the CIO to have a seat at the top table. "The reason IT should be on the board is that constant alignment needs to be made between IT and the business. IT's role is not to lead, but we teach CIOs the interaction points along the way," he adds. One CIO, who was keen to exert more influence in his organization, recognized that his problem lay in being physically too remote from other executives. Then, he spotted an opportunity to move his desk to the top floor. "It's about confidence," says McKean. "You need to look for small victories that will build your confidence. It is still as political as ever and there are still the same number of places in the inner sanctum. If IT is in there, someone else is out." CIO Send feedback on this feature to editor@cio.in

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

1/28/2009 4:09:48 PM

IT Organization

As software moves to the Web, your staff is going to follow. Here's what the shift may mean for your IT department.

SaaS By C.G. LynCh

and the It Staff Tom Clement has reinvented

his career before. In 1984, he realized that working in technology would suit him better than his job as a litigator in Texas. "I came home one day from work, and I was used to being really tense," he says. "But that day, my secretary's recorder had broken. I'd taken it apart, put it back together and somehow, it worked. I was whistling and in a good mood because of it, and my girlfriend heard me and said, 'Tom, maybe you were made for a different line of work.'"

After moving to California and taking a night class at the University of California, Berkeley, in C-programming, he put his law ambitions aside and took a job at a C-compiler company, taking pieces of code and translating it into a language that could work on Motorola hardware. Today, Clement, a senior developer at Serena Software, might be facing a bigger career test: software as a service (SaaS), the movement of software to the Web. SaaS, one flavor of 44

f e b r u A r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/06

that they run on premise and some that today's hot buzzword, cloud computing, are hosted offsite, such as Salesforce.com's refers to applications that users access sales and CRM-related apps. According to over the Web and which live on physical a CIO.com survey on cloud computing, 84 servers hosted by the software vendors or percent of respondents a third party, not servers are currently running owned and cared for by an Reader ROI: How SaaS is changing IT jobs SaaS-type applications. in-house IT department. A survey published by Today, most large Skills IT professionals will need Kelton research found companies use a mix of What it all means for corporate technology organizations that 73 percent of large both traditional apps

Vol/4 | ISSUE/06

companies have already or plan to adopt SaaS technology in the next 18 months. A shift away from on-premise apps has implications for how companies staff their IT departments in the future, according to CIOs and IT industry executives. Change is afoot for developers as well as the thousands of IT support and maintenance professionals taking care of traditional software at companies of all sizes, in all REAL CIO WORLD | f e b r u A r y 1 , 2 0 0 9

IT Organization industries. Case in point: Tim Davis, CIO of Popeyes Louisiana Kitchen, a national fast food chain based in Atlanta, only has six IT people on staff and not one production server on premise. With no production servers or apps to run, says Davis, "Three [people] are dedicated to making sure the restaurants have whatever technology they need. The rest are project managers and manage our relationships with vendors."

Vendors See a Radical Shift In the future, say vendors, more IT professionals will be working for them,

not for CIOs at end-user companies. And they'll all need new skills. That goes for developers as well as support staff. Developers have been through big transitions in computing before (remember the move from mainframe computers to the PC?). Vendors are preparing for a new round of upheaval as CIOs roll out offerings from the likes of Google (with its Google Apps) and Salesforce.com that let users run applications via the Internet. Zoho, a SaaS vendor that does most of its development work in India, offers a plethora of applications, including word processing, spreadsheet and presentation software.

How Fast is the Road to SaaS? Vendor would make it easier to migrate apps to hosted model.

How quickly

can the software industry migrate to a SaaS model? Managed hosting provider Savvis has rolled out a service that it hopes will speed up the process by helping independent software vendors offer their applications as a hosted service. The service allows software vendors to take a single-tenant application and offer it as a hosted service to multiple clients, says CTo Bryan Doerr. It is available first in the United States and the United Kingdom, and will be offered worldwide this year. Savvis partnered with Parallels to use its Virtuozzo Containers virtualization software to offer the service. The product divides a server oS into individual containers, each of which is assigned to a vendor customer and hosts multiple instances of its application. Customers also use Parallels' Automation software for provisioning accounts, billing and linking to payment systems. More and more end customers are turning to SaaS to reduce costs, putting pressure on software vendors to offer their applications as services. CRM has seen the widest uptake, with 15 percent of software revenue in 2007 coming from SaaS applications, according to Gartner. The fastest growing segments are for office suites and digital content creation tools, where SaaS revenue will roughly double on average each year from 2007 to 2011, Gartner says. Some vendors have developed multi-tenant versions of their applications, which allow multiple end users to access a single instance of their software. Savvis hosts applications for some of those vendors, but the new service is for vendors that have yet to develop multitenant products. "We think [vendors] will use this as a quick go-to-market [option] and eventually rewrite their application to be natively multitenant," Doerr says. Savvis competes with other managed hosting providers such as AT&T and Terremark, SaaS hosting specialists such as opSource and platform providers such as Salesforce.com and Microsoft. — James Niccolai

Along with the consumerization of IT — the idea that people expect applications at work to look like the Web technologies they use at home (such as Facebook and Google) — the SaaS trend will force many IT professionals to rethink their skills and the value they bring to their companies, says Jeffrey Kaplan, president of THINKstrategies, a consultancy that helps companies adopt SaaS applications. "Unfortunately, most developers have built enterprise applications to meet their current systems environment and the end user was very secondary," Kaplan says. "Now, the end-user experience is the driving factor, because end users determine whether or not the application is considered successful." In addition, maintenance veterans who handle the plumbing of IT could see their job options start to recede as maintenance responsibility shifts to the vendors who supply the applications. That reality can be both a challenge and an opportunity for the IT industry, says Peter Coffee, director of platform research at Salesforce.com. "If you're in the ecosystem of working on staple, on-premise software, you can take care of feeding and watering those systems," Coffee says. But in a SaaS-based world, "those low-value tasks no longer need to be done [onsite]," he continues. Instead, he adds, you'll want your IT staff "to be the IT equivalent of special forces." Ken Venner, senior VP and corporate services CIO at communications semiconductor company Broadcom, says such IT special forces might build new features that fit a company's specific needs on top of SaaS apps. Such forces can also manage the relationships between two or more SaaS vendors who each provide technology to the same company, making sure their systems talk well with one another. "Working with vendors will really become ever more critical," Venner says. "One of the skills that will start to reduce is core infrastructure skills."

the Post-Modern It department At Popeyes, the idea of a SaaS-driven, plug-and-play IT department is more than a dream. Today, says Davis, not all

f e b r u A r y 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/06

IT Organization of his apps are SaaS-based. Popeyes owns the licenses for some of its software, and worked out a contract with IBM to host and support the servers for those apps. The contract includes IBM's hosting of Popeyes' Microsoft Exchange e-mail system along with its Lawson ERP system, although the ERP app is managed by a business process outsourcing vendor, Convergys, which performs Popeyes' accounting. The three developers on Davis's team who work on restaurant technology support the company's point-of-sale system and are currently leading the search for standard POS systems to be implemented by franchisees. (See Who You Gonna Hire? for more on currently hot IT roles.) Davis notes that his contract with IBM will expire in 2009. When that happens, Davis admits he could pursue more SaaS options, as these would likely cost him less money than outsourcing to Big Blue. Microsoft recently released a SaaS version of Exchange for a mere $10 (about Rs 500) per user per year. Other SaaS applications Davis is eyeing include ERP, an intranet and extranet, and CRM. But how quickly SaaS might change the staffing landscape for many companies is another story. A recent report by Gartner, for example, throws cold water on the concept of ERP as a hosted application. "Because of the complexity of ERP suites, SaaS offerings for administrative and operational functions typically have provided functionality that is confined to one domain, such as sales-force automation or one business process, such as payroll," writes Gartner analyst Denise Ganly. She says it will be five years before SaaS ERP suites are viable options for large enterprises. When it comes to SaaS ERP, Ganly continues, a big driver is the IT staff constraints faced by many organizations. The SaaS model "appeals to organizations because it can free up staff to concentrate on more-strategic, value-adding processes." Part of the appeal is a belief that SaaS ERP is 'instant on,' which means that it can be implemented with little or no intervention. "However," she writes, "the business still must be reengineered, processes redefined,

Vol/4 | ISSUE/06

Who You Gonna Hire? The hottest jobs in IT are for business, architecture and policy experts.

A recent report by Forrester Research says the hottest corporate IT jobs are focused on enterprise-level management and vendor oversight. But the emergence of software as a service (SaaS) probably won't be a significant factor in how IT organizations are designed for at least five years, says Marc Cecere, Forrester vice president and principal analyst. Cecere asked nine colleagues to name the hottest roles within the areas they follow. The report ranks 16 roles according to five 'drivers of heat,' including the business-and technology-specific knowledge required for each role, the level of risk and impact on the business associated with it, the likelihood the role could be outsourced and its consistency with technology, vendor or industry direction. SaaS "never comes up as much of a factor with CIos when talking about the design of IT," says Cecere, although the trend may figure in elsewhere such as through a greater reliance on vendors or focus on processes that influences demand for certain roles. The hottest roles, according to the report, are policy-and security-oriented positions: information and data architects, along with information security experts. Business analysts, business architects, enterprise architects and vendor management experts â&#x20AC;&#x201D; roles focused on information management, process management and vendor oversight â&#x20AC;&#x201D; come next. Then come traditional roles that have been expanded in scope: enterprise applications strategists, IT planners, network architects and enterprise project managers. Finally, technology-specific roles that are in demand include account managers (who interact with business users on specific projects), desktop virtualization experts, mobile technology experts, service managers, business process analysts and storage directors.

â&#x20AC;&#x201C; Elana Varon

integration points defined and so on. The instant-on perception that drives adoption also makes it an inhibitor." Nevertheless, IT staff are starting to adapt to the new environment. Developers, for instance, will have to embrace new programming languages and open Web standards when creating enterprise software. "I've got some learning to do in my 50s," says Serena Software's Clement. In some ways, he's already started, as his company has begun building SaaS applications along side its traditional software development tools. Clement says he has to learn more about Web 2.0 and Java programming, but feels ready for the challenge. "My experience has always been that programming is

programming," he says. "The language is sort of a detail. The environment is changing, and while I have fears, there's nothing more thrilling than working on something that will be relevant for the future." Meanwhile, for IT support people who handle enterprise infrastructure and back-end support, future roles might include working in the datacenter of a SaaS vendor, or helping to ensure that a company can integrate various SaaS apps, says Fred Luddy, president and CEO of Service-Now, an IT service management company that runs on a SaaS model. "Integration will be the main challenge," he says. "IT will be at a higher level." CIO Send feedback on this feature to editor@cio.in

REAL CIO WORLD | f e b r u A r y 1 , 2 0 0 9

Security

Feature -02_SECURITY.indd 48

1/28/2009 4:13:38 PM

Who's Watching Your

Cash, cards, inventory and customer data intersect at the point of sale. Here's how to keep your defenses up-to-date.

IllusTraTIon by pc anoop

By Michael Fitzgerald

hen thieves stole the PIN pads at a cash register in one of his company's stores, Daniel Marcotte was amazed. Not that they'd done it — such thefts can happen once a week during the holiday season. But watching it on videotape later, "I couldn't tell they had it with them when they left" the store, says Marcotte, director of systems and data security at La Senza, a Montreal retailer now owned by The Limited. A couple of hours later, the thieves were back. They'd doctored the PIN pads to let them get customer card data. They got them back onto the point-of-sale system quickly, too. But here's where La Senza's security precautions kicked in: its PIN pads in effect have their own Media Access Control address, and once they're disconnected, that address is no longer available. So the thieves were foiled — this time. The point of sale has always been a target for thieves. While they once went after the cash drawer, retailers often find themselves facing sophisticated networks of thieves intent on the criminal equivalent of volume discounts — reams of credit card data, entire shelves of goods to launder or, in the case of pharmaceuticals like Sudafed, drugs used for making methamphetamines. Retailers, then, operate under the constant threat of having their point of sale either hacked by cyber-thieves or spoofed by real ones. Between them, these various thieves target all the major aspects of a modern point-of-sale system. These include cash registers, bar-code scanners, wireless access, in-store voice or IP networks, and store inventory management systems.

Vol/4 | ISSUE/06

Reader ROI:

Threats to your point-of-sale systems What you can do about them

REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

Security Where once the big scourge was ‘till tappers’ — people who grab money and run — that's no longer a major headache for most retailers, says Keith Aubele, the former loss prevention executive at Wal-Mart and Home Depot, and now a loss-prevention consultant. Instead, they have to contend with sophisticated rings of thieves who've figured out that it's far more lucrative to

systematically steal goods by spoofing the point-of-sale systems, especially selfcheckout systems, which are "incredibly easy to bypass," says Aubele. "You've got one supervisor for four to six registers, and you can easily distract that person and you take merchandise and scan some and hit the deactivator and walk out," he says.

Jewelry store chain Zale corp’s loss prevention Manager Dennis Thomas explains the difference IT can play in retail security. how are the bad guys using technology against companies like yours? dennis thoMas: They use technology and the Internet to conduct countersurveillance on the police departments, they're using Google Earth and they're using GPS technology to get from one place to the next. They'll enter a retail corporation's Web page and use the store locator section to get the various addresses, which they plug into their GPS systems and it allows them to go from location to location to location. how is what you’re doing with it different from the traditional way doing security? Keep in mind, in the old days a crime could occur in a store with the employees there and they wouldn't always notice what was happening. With remote technology our trained operators at the command center can observe a theft in progress and notify the police in real time with important time-sensitive details. The police in turn are a lot more successful in making an arrest than they were five years ago. The real benefit is the increase in time notification. What are the benefits for the business? I'll give you two statistics. First: the corporation has achieved record shrink lows for the last seven consecutive years. Second: a significant reduction in shrink [lost merchandise/revenue] as a result of burglaries. You can directly attribute that to the technology we've put in place. During the days of the old analog systems there was always that window where the thief could break in, steal merchandise and be gone long before the break-in would be discovered. There has been a significant increase in the number of criminals apprehended because we can get three to five police cars out there immediately, because the police know if Zales calls, we are seeing a burglary unfolding before our eyes. We are able to verify to them immediately that it's not a false alarm. What advice do you have for cios creating a system like yours for the first time? The first thing you need to do is determine where your risk is. Is it the employee? Does the general public have access to your merchandise? Where is your shrink occurring and where will those precious dollars get the most benefit? The second thing you should do is go out and look at what your competitors are doing technologically to ensure security. Then you will be able to build your system to meet the specific needs of your organization. —Bill Brenner

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

A bigger problem still is under-ringing, or ‘sweethearting’, where crooked cashiers in cahoots with thieves simply don't scan all the items presented. Retail theft climbed to almost US$35 billion (about Rs 175,000 crore), according to the 2007 National Retail Security Survey. Aubele estimates that between $8 billion and $10 billion (about Rs 40,000 crore to Rs 50,000 crore) of that figure comes from under-ringing. "Under-ringing is incredibly hard to detect, under any system," he says. The major modern method for catching under-ringers is video analytics applied at the point of sale. Companies like IBM, Milestone and an Aubele client, Wren Solutions, all offer video analytics that aim to help store managers see when breaches have occurred. But such analytics are a bit "pie in the sky," cautions Steve Hunt of Hunt Business Intelligence. All the pieces work well, he says — "the cameras work fine, the recording system works fine, it integrates with the point-of-sale system perfectly by tagging every transaction, but the analytics aren't good enough. It's analytics 1.0." Aubele acknowledges that video analytics is "a work in progress," but says "it's light-years today ahead of where it was two years ago," and in two years will be light years ahead of today. Meanwhile, there are new approaches being tried with traditional smash-and-grab techniques, like running off with a rack of leather jackets. Time Domain, a maker of real-time location systems, is putting radio frequency identification (RFID) tags into high-value items, and tracking them via ultra wideband (UWB) wireless technology. Time Domain's technology creates electronic article surveillance that ties into the cameras at the front of the store and will flag the unusual, like an entire rack of leather coats suddenly moving, and pan the cameras on the items — as long as the store uses panand-tilt video cameras. This technology is in pilot right now.

The Flip Side of Capturing Customer Data Missing merchandise is a visible, countable problem for retailers. Stolen customer data is murkier. Compounding the issue is a fundamental problem: point-of-sale

Vol/4 | ISSUE/06

Security

oint-of-sale technology wasn't designed to capture customer data but to help track product information. So data is being captured by a rat's nest of different technologies that isn’t sensitive to data. technology wasn't designed to capture customer data, securely or otherwise. Most retail technology was developed to help companies track product information — what was sold, when and for how much. But retailers now use these technologies to capture customer data. That means "at the place where data is captured, you have a rat's nest of different technologies cobbled together in a way that didn't pay any heed at all to the sensitivity of the data it captures," says Brian Kilcourse, managing partner of RSR Research. Worse, retailers in the last decade shifted away from proprietary networking technologies like IBM's Token-Ring to Internet Protocol, which offers great flexibility but has inherent security issues. Retailers also tend not to encrypt data, and have been aggressive about adopting wireless technologies, which are harder to secure than wired ones. It is perhaps a small wonder that the biggest known data theft to date occurred at a retailer, TJ Maxx, or that high-profile data attacks have happened at Hannaford's, Lowe's, Stop & Shop and other retailers. In the last few years, a series of improvements in process and technologies have improved point-of-sale cybersecurity. Some of these improvements come thanks to the efforts of card issuers like American Express, MasterCard and Visa, which created the Payment Card Industry Data Security Standard (PCI). Some of these standards include compensating controls to manage data flow into and out of the various point-of-sales technologies. PCI includes provisions for such controls for different sorts of retailers; encryption protocols for

Vol/4 | ISSUE/06

Feature -02_SECURITY.indd 51

transmitting data between different parts of point-of-sale systems, like between the bar-code scanner and the credit card swiper for example. It demands better data storage practices, like changing software commands to avoid storing certain types of data. And for data that is stored, PCI stipulates the use of encryption systems. It also requires the use of wireless credit card readers, which include built-in security and reduce potential credit card fraud by ensuring that a credit card never leaves its owner's hands.

There's a Hacker in My Soup But it's a gigantic challenge to get new technology out to the millions of points of sale, which range from the big box retailers to the fitness club to the restaurants to the corner gas station. Each kind of retailer presents its own problems. Avivah Litan, a Gartner analyst, notes that gas stations have a PCI exemption until 2010, in part because credit card readers tend to be integrated into gas pumps, so upgrading the card reader means upgrading the pump, a very pricey proposition. In the meantime, pumps at the gas station feed to a server, which might feed to a regional server and then on to one at a headquarters operation — each a potential point of weakness. Many retailers have flocked to wireless technology, which can create more flexible floor layouts and, for restaurants, can draw customers. But the white-hat hacker Simple Nomad says he was asked by a friend who managed a Bennigan's to check out whether a wireless hub in the restaurant allowed him to gain access to the point-of-sale terminal. He was able to do so. In another restaurant

with a wireless hub, he found he could alter orders at the point of sale. Wireless networks can become insecure even after a retailer thinks it's taken all the right steps to secure them, says Peter Evans, vice president of marketing at IBM Internet Security Systems. Evans says wireless access points are often set to default to insecure settings. So after a power outage or a reset, the security settings would default to off, and the retailers might not know for months that their information was vulnerable to hackers. Evans says it's also simple to put a data skimmer on credit card swipe readers without anyone noticing. In fact, he says that recently, "I was a victim of one of these." In his case, he says he was fortunate that his credit card provider's algorithms were able to detect fraudulent usage when his credit card data was used, and the thief was nabbed. Meanwhile, the PCI Security Standards Council certifies software for use with pointof-sale systems. But Tom Wabiszczewicz, a security consultant at NeoHapsis, one of the six Qualified Incident Response Assessors (QIRA) under PCI's Cardholder Information Security Program (CISP), says issues persist. Over the course of last year, he’s run into situations where companies have secure servers, but Windows-based, point-of-sale terminals sitting directly on the Internet are effectively wide-open to attack. He's also seen companies that were storing Track 2 data unencrypted. Track 2 data can be used to recreate a credit card, and in one case he saw at a US retailer, its Track 2 data was being sniffed and used REAL CIO WORLD | f e b r u a r y 1 , 2 0 0 9

1/28/2009 4:13:41 PM

Security to create fraudulent credit cards that were being used days later in Tokyo. He says some problems are caused when companies upgrade to a PCI-compliant version of their software without getting rid of the old software, or with older, unencrypted data in databases. Wabiszczewicz says that "they're doing things correctly from that point on, but what about the leftover data from the database, or the previous version that didn't encrypt the credit card number or stored Track 2 data?" Wabiszczewicz recommends that any such upgrade should include a complete reinstall of the entire system. Despite these myriad issues, Wabiszczewicz says it is relatively straightforward to protect today's point-ofsale systems. "If you have a correct policy, you train employees, limit what they can do on the front end of the POS system and you're running PCI-compliant point-ofsale software, you are in very good shape," he says.

Point Of Sale Grade-A Upgrades For companies that are installing brand new point-of-sale systems, they have a much better chance of being secure from the get-go. That's the course followed by Original Pizza Pan. A 25-year-old operation, it went through a franchise boom in the last few years, and now has about 100 locations. It had never used a formal point-of-sale system in its stores, and in 2007 decided that it was time to get one. A secure system was one of its priorities, though it was about fourth on its priority list, behind things like ease of ordering, better customer service and building databases of customers, says Edward Rizk, the firm's development director. Rizk says that he picked a vendor, DiamondTouch, that develops systems specifically for pizza stores. But it was a big plus that it offered managed security services and also gave them the option to integrate a surveillance camera with the point-of-sale system. Such systems time-stamp the video every time the cash register drawer opens, allowing store owners to monitor whether money is staying where it belongs. 52

f e b r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

Feature -02_SECURITY.indd 52

The systems don't Economic downturns, cost use wireless at all; obstacles and technology DiamondTouch weaknesses aside, retailers encourages franchisees to will continue to battle the change their passwords on threats they face. And a monthly basis and makes vendors will continue to sure they're encrypting try to make it easier to their data. The franchisees battle those threats. IBM are not expected to send recently announced its data on operations or new SecureStore initiative, customers back to the which aims to help store central office, Rizk says. owners better manage Source: National Retail Security Survey Even so, the system isn't their technology centrally. ironclad. Original Pizza Evans says that part of Pan wants its store owners to save their data IBM's motivation for the announcement is to on a separate computer as a backup. Rizk address the scale problem that retailers face, says, "I recommend to my franchises that when trying to upgrade and monitor systems they download their database to a computer spread out at literally thousands of stores, that does not have Internet access." But with perhaps tens of thousands of points of whether they really listen to him, he doesn't sale. The intent is that companies can use know. "That's their business," he says. IBM server and management technology Rizk is in the enviable position of being to do remote upgrades and monitoring of able to start from scratch. Most established systems to identify situations such as an retailers don't have that luxury, says RSR's open wireless network, and then fix it. Kilcourse. Worse, a large retailer probably "The current model of delivering security has the ultimate distributed computing to customers is broken â&#x20AC;&#x201D; the customer just environment, which makes them a huge wants security to go away," Evans says. headache to upgrade. IBM's management effort is not the first, "If you have 3,000 stores with 10 to but Kilcourse says it was probably more 12 point-of-sale systems apiece, you have holistic than others on the market. a management problem of very large La Senza's Marcotte is a likely adopter of proportion," Kilcourse says. "How do you SecureStore offerings. He's already using safely upgrade so many systems? And if some of IBM's security software, and he's you're going to do it, how do you afford placed a purchase order for IBM's Tivoli the cost?" management system to help centralize He says that it's almost financially upgrades and monitor the company's impossible for a large retailer to go through roughly 1,000 point-of-sale systems across a major replacement of point-of-sale 350 stores. systems. In fact, he says he's heard a retail Being able to monitor and do software CIO say his point-of-sale system was "old upgrades remotely would be a plus, he says, enough to drink." especially since La Senza tends to upgrade The downturn means that retailers will its point-of-sale terminals roughly every likely hang on to technology even longer. three years, which he calls "heavy work" The threat of fines for not complying with for the six people who work on point-of-sale PCI is spurring companies to upgrade. But security at the company. it's hard for retailers to cost-justify many "This centralized approach will be huge," types of technology upgrades. says Marcotte. For instance, chip-and-PIN technology Of course, centralized management for credit cards, prevalent in Europe, is more creates a single target for unscrupulous secure than using classic magnetic-stripe hackers to attack. But in security, like in life, cards. The cost: about $2 (about Rs 100) per there are always trade-offs. CIO credit card and as much as $500 (about Rs 25,000) per reader, multiplied by thousands of readers for a large retailer. Send feedback on this feature to editor@cio.in

175,000

crore

The amount that theft â&#x20AC;&#x201D;including under-ringing â&#x20AC;&#x201D; cost US retailers in 2007.

Vol/4 | ISSUE/06

1/28/2009 4:13:41 PM

EssEntial

technology IllustRatIon by bInEsH sREEDHaRan

From InceptIon to ImplementatIon — I.t. that matters

What gamechanging opportunities exist in RFID and how do your hooks into them?

Fishing for New RFID Ideas By Vlad KrotoV RFID | Wal-Mart and other large retailers have been a major driving force behind radio frequency identification (RFID) adoption, causing it to be viewed merely as a more effective alternative to bar codes where it saves billions through reduced labor costs, out-of-stock expenses, theft, warehouse management costs and inventory levels. However, improvement in supply chain identification may only be the tip of the RFID iceberg — billions of dollars in the form of new business opportunities may lie beneath the waterline. Two research organizations, Auto-ID Labs and EPCglobal, are currently developing standards that can lay the foundation for a network that significantly extends the boundaries of today's Internet. With RFID, not only computers, but virtually any object — be it a human, animal, electronic device or lifeless object — can become a node of a global network. This ‘Internet of Things’ may offer lucrative opportunities to those who can look beyond today's mainstream application of RFID — supply chain identification.

Vol/4 | Issu E/06

REAL CIO WORLD | f E B r u a r y 1 , 2 0 0 9

essential technology

Innovative RFID Applications While probably no one knows what exactly RFID may offer in the future, certain patterns of innovation adoption tend to remain fairly consistent. One of these is that revolutionary applications of technologies are not likely to come from companies like Wal-Mart. According to Clayton Christensen's theory of innovation, large, well-established companies tend to adopt innovations in a way consistent with their existing resources, processes and values. In Wal-Mart's case it adopted RFID to reduce costs associated with existing supply chain inefficiencies. It is smaller, emerging companies that tend to use technology in an innovative way, hoping to create new markets for themselves. Today, there are examples of smaller companies creating innovative RFID applications outside the supply chain. One example is Seattle's cafes and retail stores that use RFID technology for marketing products and services At the core of this new marketing advertisement system are the so-called ‘activation fields’ (areas covered by the field of an RFID reader) and active RFID tags that are carried by customers. Whenever a customer enters an activation field, loudspeakers broadcast a commercial message. The system can also display a video message on a monitor with commercial information. One of the primary target audiences for this new system are visually and hearing-impaired individuals. Or take for example, Exploratorium, a science museum, that uses an RFID-based system called eXport to enhance visitor experience. At the entrance to the museum, each customer receives an RFID tag. When a customer interacts with a particular

Essentisl Tec.indd 54

exhibition stand (one that sprays water onto a refrigerated glass to form and explore ice crystals, for example), the customer's RFID tag triggers digital cameras that take pictures of the customer and the ice crystals that he or she has created. These pictures are uploaded to a customized website together with the related text information. The website can be viewed by customers later. Then there is Negone, a Madrid-based developer of interactive games, that opened a game named La Fuga (The Breakout) at the premises of a former bank. The game simulates experiences of an inmate escaping a high-security prison. Those participating in the game are supplied with a personal digital assistant (PDA) and an RFID tag. RFID readers are placed in doorways and other areas in the former bank's premises. The game system is able to identify gamers and enhance their gaming experience: by detecting users' RFID tags, the system can display questions on the gamer's PDA and also open doors for them.

How to Be Creative If RFID does offer lucrative business opportunities outside of the supply chain, an important question becomes: how does one create new RFID-based business models? There is no simple answer. After all, many innovations are a result of serendipity. But an innovation can also be a result of directed intellectual pursuit, as was the case with many of Thomas Edison's inventions. Given the latter possibility, two starting points for thinking about new RFID applications can be proposed: an ‘objectoriented approach’ and a 'visionary approach’. The object-oriented approach is a bottom-up

$9.8 billion

The value of the RFID market by 2013. It is expected to experience a 15 percent compound annual growth rate from 2008 to 2013. Source: ABI Research

approach — it starts from the basic capabilities offered by RFID technology and attempts to determine how it can be used to create a new RFID application. The core capability of RFID is the ability to automatically and wirelessly identify an object together with its properties. The visionary approach is a top-down approach — it starts by assuming that RFID technology has reached its peak in terms of breadth of adoption and technical capabilities, and it then tries to determine what business models might be possible given this development scenario.

Object-Oriented Approach The object-oriented approach uses the objectoriented programming paradigm to organize thinking toward new RFID applications. The approach requires looking at an object — a human, animal or physical item — in terms of its properties and methods. Properties, in this case, are characteristics of an object that are relevant for a particular transaction. A

1/28/2009 6:15:22 PM

essential technology

method is what an object ‘can do’ — that is, the transactions it may participate in: for example, an object-oriented approach to the ‘smart office’, using Ms. Smith as the object. Let's see how this works. First, select an object. Then think about its properties. Next, determine how RFID can help to extract and use these properties to enhance a transaction that the object participates in or to create a new transaction. New value propositions can be built either by improving existing transactions or creating new ones. Ms. Smith has a property of location — she can be either in or out of her office. If

Starting With a Vision Another way to invent new RFID applications is to start with a vision, like how Microsoft, envisioned a computer on every desk and in every home. This vision allowed Microsoft to profit in an area companies like IBM initially saw no opportunity. In the case of RFID, one can begin by imagining a world where each individual, animal and physical object has an RFID tag. Imagine a ubiquitous wireless network that can identify the location and retrieve properties of every physical, animal or human object. With this vision, answer the following

Don't expect revolutionary applications of technologies like RFID to come from large companies likeWal-Mart. Ms. Smith has a unique RFID tag, then this property can be automatically identified by an RFID reader installed in her office. If the tag is in the reader's range, it means she is in the office; if not, she stepped out. This property can be used to enhance (automate) a number of transactions in which she participates. As Ms. Smith approaches her office, the RFID system can automatically unlock the door, turn on the lights in the office, unlock her computer and log her on. As she leaves, the system can automatically log her out, lock the computer, turn off the lights and lock the door. The location property can trigger a number of other responses from the smart office, such as downloading e-mail, playing voice mail or starting the coffee machine when she enters her office.

Essentisl Tec.indd 55

questions: what new forms of knowledge can this data produce? What improvements to existing business models can be made? Which new business models can be created with this newly available knowledge? If the ‘Internet of Things’ becomes a reality, then you will be able to retrieve information about consumer items you see in your daily life and use it to purchase items on the spot. For example, Mr. Jones sees a tie on one of his co-workers in an elevator. Since the tie has an embedded RFID tag with a unique identification number, he can use his cell phone with an RFID reader to pull information about the tie from an online database and place his order right in the elevator. Sound crazy? Well, not for Accenture. The ‘Real-World Showroom’

prototype developed by Accenture Technology Labs may help to make anywhere, anytime shopping a reality. Here's another example of going from a vision to a concrete RFID application. Imagine every car as a node of a global, pervasive network. Then, a city government could identify and track movement of cars through its freeway system. This information could be used to impose road improvement taxes on vehicle owners proportional to their usage of the freeway system. Similarly, an advertising agency may use this information to position billboards along the freeway. Opportunities are endless if this vision becomes a reality.

The Future of RFID Predicting the future in the rapidly evolving technology domain is an unrewarding task. Historical analogies do not always work. However, it won't hurt to adopt a more forward-looking perspective on RFID. In the long run, RFID can turn out to be a disruptive innovation, capable of destroying existing competencies and creating new markets. Failure to embrace the new challenges and opportunities may threaten the existence of a company, just like the failure to embrace the telephone led to the decline of Western Union. Successful adoption of a disruptive innovation, on the other hand, may transform a company into a new AT&T or Microsoft. CIO Vlad Krotov is a PhD candidate at the Bauer College of Business, University of Houston. He conducts research on IT strategy, innovation and ubiquitous computing. Send feedback on this feature to editor@cio.in

1/28/2009 6:15:22 PM

Pundit

essential technology

Making Money From Thin Air Three ways client virtualization can help stretch your budget. By Bernard Golden

| Could the stretched-out replacement cycles for desktop machines be a boon for client computing? In a Wall Street Journal Business Technology blog post, author Ben Worthen noted that a survey from CIO found that companies will forgo traditional three-year replacement cycles for desktop machines (desktops and notebook computers). According to the survey, 46 percent of businesses will defer replacing machines for the next year or two. Worthen says this will be a problem for people who are already suffering from overloaded machines. I'm not so sure about that. Any machine purchased in the past three years should be capable of holding at least 2 gig of memory, which should be plenty

Infrastructure

There are three ways that client virtualization can help a company that's in a capitalconstrained environment: If the current hardware really is overloaded, presentation virtualization is a possibility. This technology puts the app back on the server and merely shunts the user interface out to the client machine. Instead of having to host the entire app process and store the data, the machine acts as a rich client. If the client hardware is insufficient to run Vista or Windows 7, move to a Virtual Desktop Infrastructure (VDI) environment, with a virtualization server hosting multiple desktops. There's no need to outfit end-point machines with 4 gig of memory and 200 gig

Of course, all three options still need interface equipment at the end user — you still need a screen and a keyboard. For the first option, the current hardware can be left in place. For the latter two options, an existing desktop can be used. However, a thin client is also a possibility. This presents the intriguing opportunity to implement VDI for current users, using their existing desktop machines; when new users join the company (or a desktop machine needs to be replaced) a thin client device is provided. The cost differential between a fully scaled desktop device and a thin client can be very large. There are other factors to be considered. Network capacity must be examined to see if it can handle the traffic between the datacenter

Smart CIOs will be looking at client virtualization with open eyes, particularly in this economic environment. for most people's workloads. On the data side, most three-year old machines should have at least 40 gig of storage, and probably more. It's hard to imagine most work environments requiring more than that. However, I think he's onto something. Specifically, the looming (semi) forced shift to Vista or Windows 7. Both of these versions require a significantly larger hardware footprint than XP. Consequently, there's a collision course between the OS of the future and the hardware of the present — an enormous opportunity for client virtualization. 56

ET-Pundit.indd 56

f eb r u a r y 1 , 2 0 0 9 | REAL CIO WORLD

of storage. It's not even necessary to scale that level of resource onto the server. For power users who can't (or won't) ‘share’ a server, there's a different flavor of VDI available. You still put the client machine in the datacenter, but dedicate a blade server to it. A significant investment for hardware dedicated to a specific user, but the design of blade server systems still reduces overall investment. While you scale the amount of memory linearly for each dedicated blade, economies of scale are still available for resources like power supplies, network connections and cooling.

and the desktop locations. Also, the cooling capacity dispersed to end user locations must be available within the datacenter. On the other hand, client device reliability should go up significantly with centralized administration. Smart CIOs will be looking at client virtualization with open eyes, particularly in this economic environment. Maybe those desktops could be stretched for two-or threemore years. CIO Bernard Golden is CEO of consulting firm HyperStratus. Send feedback on this column to editor@cio.in

Vol/4 | ISSUE/06

1/28/2009 3:48:27 PM