leaderShip
VOL/06 | ISSuE/04
technology
VIeW FrOM The TOp Suvamoy Saha on powering up Eveready with IT. Page 68
BuSineSS
Up In The AIr Hungama Digital Media takes IT to the cloud. Page 60
The First
100 1 days Six stories of change. Many lessons. Page 30
FEbRuARy 15, 2011 | `100.00 ww w.CIO.IN
raj maity, EA to MD & Head-Corporate IT, Hindustan Motors, shares lessons from his initial days.
SIze Up YOUr neW JOb Dr. Michael Watkins breaks down the complexities of difficult transitions. Page 50
2/10/2011 11:46:34 AM
From The Editor-in-Chief
Publisher, President & CEO Louis D’Mello E d i to r i a l Editor-IN-CHIEF Vijay Ramachandran EXECUTIVE EDITOR Gunjan Trivedi Features Editor Sunil Shah Senior Copy Editor Shardha Subramanian Senior correspondent Sneha Jha CorrespondentS Anup Varier, Varsha Chidambaram trainee Journalist Debarati Roy Product manager Online Sreekant Sastry
Easy Come, Easy Go? How do you react when an entire department starts to bypass yours when it comes to IT?
How important is your department to the organization in general and to other departments in particular? No, this is not a harangue on business-IT alignment. Not directly in any case. The reason I’ve been asking a whole ton of CIOs this off late, is because I feel that the changes taking place in the way information is accessed and converted to insight by end-user departments is going to begin impacting your role (if it already isn’t). All organizations have had experiences with tech savvy end-users who have figured out how to do things without the IT department’s help—staffers who come up with ERP workarounds or subvert security controls. But what happens when an entire department starts to push some IT buttons as well? For instance, if your sales head ports market segmentation data on to the public cloud to run analytics without your say or your HR team decides to outsource it’s IT requirements without involving your team or even one of your teams decides to pick up a bunch of tablets without you finding out? Ridiculous, you say? I know of at least six large Indian enterprises where these ‘nightmare’ scenarios have come true. In the case of the HR department, the project stayed out of the IT department’s purview for over two years; the tablets got purchased out of a client project’s budget. A CIO I spoke with recently wanted such departments to feel the Wrath of God till they feared turning rogue more than anything else. And, I know many of you would concur. After all, the organization’s info-security is your responsibility. But are you building your governance structures to factor in departments that turn rogue? Do write in and let me know.
Custo m Pu b l i s h i n g Assistant Editor Kailas Shastry Senior Correspondent Gopal Kishore Correspondent Deepti Balani, Ojas Sharma Design & Production Lead Designers Jinan K V, Jithesh C.C, Vikas kapoor Designers Amrita C Roy, Senior Designers Unnikrishnan.AV trainee designers Sabrina Naresh, Visaka Vardhan Chief Photographer Srivatsa Shandilya Production Manager T K Karunakaran Ev e n t s & A u d i e n c e D e v e l op m e n t VP Rupesh Sreedharan Senior program Managers Chetan Acharya, Pooja Chhabra program Manager Ajay Adhikari Management trainee Ramya Menon Sales & Marketing President Sales & Marketing Sudhir Kamath VP Sales Sudhir Argula General manager Sales Parul Singh AGM BRAND Siddharth Singh SR. manager Marketing Rohan Chandhok Manager Sales Aveek Bhose Dipti Mahendra Modi Kalyan Basu Kumarjeet Bhattacharjee Pooja Nayak Punit Mishra Swati Agnihotri Varun Dev Asst. Manager Sales Ajay S. Chakravarthy Asst. Manager Brand Disha Gaur Associate Marketing Dinesh P Ad Sales Coordinator Nadira Hyder Finance & Admin Financial Controller Sivaramakrishnan T P Deputy Manager Accounts Sasi Kumar V Asst. Manager Credit Control Prachi Gupta
All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.
Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in 2
Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.
IDG Offices in India are listed on the next page
f e b r u a r y 1 5 , 2 0 1 1 | REAL CIO WORLD
Content,Editorial,Colophone.indd 2
2/10/2011 11:43:35 AM
From The governing board
Gov e rn i n g BOARD Alok Kumar VP & Global Head-Internal IT& Shared Services, TCS Amrita Gangotra Director-IT (India & South Asia), Bharti Airtel
Isn't All in the Fine Print One of the architects of the Airtel-IBM S1 outsourcing model, shares what he looks for in an outsourcing deal. Over time, strategic IT outsourcing has gained phenomenal footing in and around highgrowth verticals. It’s only naturally given IT’s ability, especially in sectors like telecom, to differentiate companies and leapfrog or provide ‘next-level’ services and solutions to customers. In India, a landmark example is the Airtel-IBM outsourcing deal. As the then-chief architect for IT at Airtel, I was deeply involved with that model and imbibed many lessons that could help CIOs create successful partnerships. When I look to build a strategic IT outsourcing model, I focus on three areas. First, ensure that contracts and SLAs are lucid and very clearly defined. Proactive scoping is important as frequent change requests in the real world can mess up financials. It is vital to remember that while defining scope, a contract should describe exclusions clearly—and not the other way round. Second, focus on defining an exit strategy. A contract should include clauses for termination depending on convenience, KPIs, SLAs and force majeure, and should state the consequences attached to specific exit strategies. Third, don’t outsource a broken ship. If you have legacy systems that need to transform, do that upfront. Trying to influence a partner to introduce changes, after outsourcing, will break down a deal. Also, take care of enterprise architecture with clearly-defined principles. CIOs need to keep their IT strategy and architecture under tight control. If a CIO leaves it to an outsourcing partner, there could be trouble later. Obviously, CIOs need to develop a very high level of trust with their partners. It definitely needs to go beyond the transactional and into a partnership zone. A taskforce or a committee to conduct periodic reviews—with adequate escalation models built in—can really help in achieving that. Naturally, anything left on its own to happen, will never happen. Hence, it is crucial to preempt strategic implications of IT decisions and keep pushing a partner. Finally, it is always better to have a second pair of eyes like external advisors or consultants to look over a contract before a CIO finalizes on it, given the expanse of strategic IT outsourcing.
Anil Khopkar GM (MIS) & CIO, Bajaj Auto Atul Jayawant President Corporate IT & Group CIO, Aditya Birla Group C.N. Ram Group CIO, Essar Group Devesh Mathur Chief Technology & Services Officer, HSBC Gopal Shukla VP-Business Systems, Hindustan Coca-Cola Manish Choksi Chief-Corporate Strategy & CIO, Asian Paints Murali Krishna K SVP & Group Head CCD, Infosys Technologies Navin Chadha IT Director, Vodafone Essar Pravir Vohra Group Chief Technology Officer, ICICI Bank Rajeev Batra CIO, Sistema Shyam Teleservices (MTS India) Rajesh Uppal Executive Officer IT & CIO, Maruti Suzuki India S. Anantha Sayana Head-Corporate IT, L&T Sanjay Jain CIO & Head Global Transformation Practice, WNS Global Services Sunil Mehta Sr. VP & Area Systems Director (Central Asia), JWT V.V.R. Babu Group CIO, ITC
Bangalore: Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, Phone: 080-3053 0300, Fax: 3058 6065
Rajeev Batra is CIO, MTS India. To comment on this article, go to the online version at www.cio.in/mentor.
Delhi: New Bridge Buisness Centers, 5th and 6th Floor, Tower-B, Technolopolis. Golf Course Road, Sector 54 Gurgaon- 122002, Haryana Phone: 0124-4626256, Fax: 0124-4375888 Mumbai: 201, Madhava, Bandra Kurla Complex,Bandra (E), Mumbai 400 051, Phone: 022-3068 5000, Fax: 2659 2708
4
f e b r u a r y 1 5 , 2 0 1 1 | REAL CIO WORLD
Content,Editorial,Colophone.indd 4
2/10/2011 11:43:39 AM
/
con nten ntts FEBRUARy 15, 2011 | VOL/6 | ISSUE/04
Case Files 60 | hungama digital media Cloud CompuTing Inflexible, expensive, and a barrier to growth. Hungama Digital Media’s IT infrastructure wasn't aligned to business. Then its CTO moved to the cloud. Feature by sneha Jha
63 | indigo Sla managemenT IndiGo airlines just entered the record books with the singlelargest aircraft order in global aviation history. It got there partially on the back of IT. Feature by Varsha Chidambaram
64 | manipal hospitals
COVER: P HOTO GRAPH BY SRIVATSA SHANDILYA / COVER DESI GN BY UNNI KRI SHNAN AV
3 0
auTomaTion Fed up with its errorprone manual processes, Manipal Hospitals turned to an HIS, increasing its revenue by about 20 percent. Feature by anup Varier
more »
30 | My first 100 Days
6 8
Cover STorY | Career About 50 percent of Indian CIOs say 2011 is a good time to move jobs. But they’re about to find out that landing a great job is only the first step. How they can prepare better for their first 100 days. Feature by t team CiO
50 | Sizing up your New job Cover STorY pluS | Career One of the world’s leading experts on accelerating transitions, Dr. Michael Watkins tells you why seemingly small mistakes in the first 100 days could haunt you forever and how to avoid them. interview by debarati roy
more »
6
f E b R u a R y 1 5 , 2 0 1 1 | REAL CIO WORLD
vieW From The Top: “People don't have the inclination to think of better ways of doing business. the CiO has to do that,” says suvamoy saha, wholetime director, eveready industries.
VOL /6 | ISSUE/04
contents
(cont.) departments 2 | From the editor-in-Chief Easy Come, Easy Go? By Vijay Ramachandran
4 | From the Governing Board Outsourcing | It Isn't All in the Fine Print Rajeev Batra, MTS India
11 | trendlines
5 4
Enterprise Apps | BI’s New Avatars Quick Take | The BYOD Strategy Voices | Is ITES consolidation the norm? Innovation | Do You Read Me? Security | Smart Hack Dumbs Smartphone Survey | Full Stop to Virtual Servers Virus | America-Israel Planted Stuxnet Career | New Skills Needed for the Cloud By the Numbers | It’s Raining Clouds in India
18 | alert IT Issues | Tech Scares of the Decade Malware |2010: A Year in Malware History
79 | essential technology
54| friending your Customer
IT Management | Virtual Reality Check Client Virtualization | The New Virtual World
FeaTure | SoCial media
Capturing customer data on Facebook and Twitter isn’t easy. Learn how four CIOs are doing that to deliver better service to their cutomers Feature by kim s. nash
Columns 23
88 | What We’re reading Book Review | Look Within By Vijay Ramachandran
52
| it's not about the Seat
STraTegiC Cio Hankering after a seat at the managing committee of a company will get you nowhere. What CIOs need is a voice at that table. Here’s how to get heard. Column by Gary Beach
25
| The War beneath the Floor
underCover oFFiCer It takes skill and experience for a security leader to convince everyone else that information security can co-exist with efficient business systems. Column by Anonymous
2 8 8
f E b R u a R y 1 5 , 2 0 1 1 | REAL CIO WORLD
Content,Editorial,Colophone.indd 8
alTernaTive vieWS: staff mgt.: serving notice Periods The employees you trained will someday decide to move on. Would you let them off immediately? Two CIOs debate.
VOL /6 | ISSUE/04
Cio online
.in CIO adverTiSer index
bharti airtel Enterprises
[ CI O ZONES ]
Dell India
your information hunt stops here
Hp Storage
Digilink & Digisol
If you're like most people, your interests lie in a few specific areas. That is why we've created interest zones on cio. in. We have six zones including virtualization, BI, cloud, security, datacenter, communications.
IbM India Microsoft Corporation (I)
[ BO O K CLUB ]
should employees serve their notice Periods?
Conversation starter
Chargebacks: Viable Business Strategy? Ayes Vs Nays Freelance CIOs: Can They Exist? Ayes Vs Nays
IfC Reverse Cover gatefold & Pg 17
Oracle SaS Institute (India)
5 IbC 21
Schneider Electric
1
Spectra ISP Networks
7
Tata Consultancy Services Trend Micro
Vodafone Essar
[ DE BATE ]
9 35, 66 & 67
Novell India
Tulip Telecom
We invited two CIOs to kick-start a debate on career strategy. Read all about it in Alternate Views (page 32). Which side are you on? We also have more debates for you on www.cio.in
3 13
71 to 78 19 bC 38 & 39
Books have been known to spark conversations and on page 90 you can find the genesis of one. Learn what your peers think of a book and then visit the all new CIO Book Club section online and join the conversation with your peers.
>>www.cio.in/bookclub
>> www.cio.in/cio-debates
[ CLO UD COMPUTING ] up in the air
Find out how one of your peers, the CTO of Hungama Digital Media, turned to the cloud and aligned better to the business.
>> www.cio.in must read @ cio.in 10
>> Alert: Why you should be glad 2010 is behind us >> Column: Forget the seat. Go for the voice. >> Feature: The downside to virtualization
f E b R u a R y 1 5 , 2 0 1 1 | REAL CIO WORLD
Content,Editorial,Colophone.indd 10
This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.
VOL /6 | ISSUE/04
2/10/2011 11:44:17 AM
EDITED BY SharDha SuBramanIan
new
*
hot
*
unexpected
Coming Soon: BI’s New Avatars
QUICK TAKE:
Gartner says BI and analytics leaders should embrace the technology, market and management trends "that will transform the field within a few years". Gartner has identified four key BI predictions to help organizations plan for 2011 and beyond: By 2013, 33 percent of BI functionality will be consumed via handheld devices. By 2014, 30 percent of analytic applications will use in-memory functions to add scale and computational speed. Applications will use proactive, predictive and forecasting capabilities. By 2014, 40 percent of spending on business
IllUStrat Ion by VISaka Vardhan
What are the challenges of BYOD? Organizations need to tackle security, application delivery and performance issues. USB ports cannot be disabled since the employee uses the device for entertainment. Also, how do we ensure that once an employee has left an organization, access to applications is terminated and all company data is wiped out? Then, what are the best ways to adopt the BYOD concept?
Trendline_Feb.indd 9
—By Antony Savvas
the BYod Strategy
I T M a n a g e M e n T The year 2010 was marked by a flurry of smartphones, tablets and netbooks, promising to consolidate the individual and enterprise needs in the smartest of ways. That's why, organizations are encouraging employees to bring their own devices to work. Sanjiv Dalal, CTO, Firstsource Solutions, talks to Debarati Roy about the Bring Your Own Device (BYOD) strategy.
Vol/6 | ISSUE/04
analytics will go to system integrators, not software vendors. By 2013, 15 percent of BI deployments will combine BI, collaboration and social software into decision-making environments. At the end of last year, Gartner had said CIOs must ensure that business intelligence programs are treated as a "cultural transformation of the business, instead of an IT project". It says leading organizations are using key parts of BI—such as decision modeling and support—to ensure all workers, managers and executives can make the right decisions in a given business situation.
TrendlInes
BI and analytics leaders need to embrace four trends, including the growing popularity of business applications on mobile devices, according to analysts at Gartner. "The market for BI and analytics is undergoing gradual evolution," says Gartner analyst Neil Chandler. "By 2014, the metamorphosis of BI from IT-owned and report-centric will be virtually complete for most organizations." Chandler says these organizations will change the types of BI and analytics they use. They will also modify how information feeds decision making, he says.
enTerprIse apps
Given all the above mentioned conditions and the solutions currently available, I think VDI is the best bet. That’s because BYOD requires a centralized management system that can enforce BYOD-related organizational policies. It also requires users to authenticate in a tracked, centralized manner before making any use of enterprise resources. With VDI, organizations don’t have to worry about mapping and synchronizing data that is residing on the devices. It will also reduce application delivery issues.
Sanjiv Dalal
Does BYOD really relieve IT from support responsibilities? IT departments may not be directly responsible for the hardware in a BYOD scenario, but the support for applications is still their job. But if a user faces a hardware issue, the businesses may not want to hear a ‘that’s-not-my-problem’ from the IT department because, at the end of the day, employee downtime costs the company money. REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 1
11
2/8/2011 5:57:08 PM
Is ITES consolidation becoming the norm? vOICES:
After much speculation, the US-based iGate finally bought Patni. Considering how vendor companies witnessed a series of acquisitions last year, the iGate-Patni deal illustrates the common phenomenon of industry consolidation. There are signs that a fresh wave of consolidation is likely to sweep the IT landscape this year. Will a fast changing industry dynamics drive more ITES organizations to consolidation? Sneha Jha spoke to your peers and this is what they had to say:
BusIness Issues
TrendlInes
“yes, consolidation will be the way forward. Customers are more inclined to do business with the bigger players. So, mid-sized IT companies suffer. Consolidation can rescue them from this situation.”
B.L.v RAO VP and Head-Global IT, Infotech Enterprises “No. The market is expanding rapidly and the business of mid-sized companies is growing both horizontally and vertically. And if they can see a healthy roadmap for themselves in the coming years they need not resort to consolidation.”
R. mURLIDhARAN CIO, Syntel “yes. Mid-sized IT companies are faced with increasing margin pressures. And the struggle against margin pressure will drive consolidation. If companies have to succeed in the market, they have to be either large-scale volume players or niche players. Consolidation is the only way forward for them.”
12
Trendline_Feb.indd 10
f e b r u a r y 1 5 , 2 0 1 1 | REAL CIO WORLD
I n n o v a T I o n Government-funded researchers in Taiwan have developed a vending machine that recommends purchases based on people's faces, one of the inventors says. The machine, designed by the Institute for Information Industry in Taipei, builds a profile after checking characteristics such as complexion and hair color, says researcher Tsai Chi-hang. Those clues help the machine guess a shopper's gender, approximate age and other things that might be helpful in promoting a suitable product. Researchers spent the past year using a grant from Taiwan's Ministry of Economic Affairs to build the first machine, which was rigged up to spit out free cosmetics samples in the institute's lobby. The machine looks for clues like whether a person has glasses, a beard or a mustache, says Tsai. Based on that, it guesses their use of make-up or frequency of shaving. It then might recommend a facial mask, razor, or health products that people in a certain category are statistically likely to buy. "If you stand in front of it, the machine has ways of recognizing your characteristics, though it doesn't know exactly who you are as that would infringe on personal privacy," says Tsai. "It's a new concept, so it's taking some time to catch on," he says, referring to a model machine installed in the institute's lobby. Researchers in Japan unveiled a similar concept in August last year. The Taiwanese machine isn't a copy of that but the Taiwan researchers kept up on what Japan was doing. The machine also attempts to detect any smartphones, e-readers or tablets the buyer might be carrying. That recognition would tell the machine whether the shopper was equipped to download books, music or films. Taiwan's institute aims to tailor-design machines for vendors, with storage capacity and exact features depending on the individual order, says Tsai. Information on what buyers actually choose will be stored and sent to the Internet, helping retailers to analyze shopping patterns. —By Ralph Jennings
Il lUStrat Ion by VISaka Vardh an
WASIm KhAN Head-IT and IS, Mastek
Do You Read Me?
Vol/6 | ISSUE/04
2/8/2011 5:57:30 PM
Smart Hack Dumbs Smartphone
auto-answer feature present in most phones to turn the telephone into a remote listening device," he says.
trendlines
Full Stop to Virtual Servers Four years ago, datacenter server utilization was just 18 percent. To put it another way, on average 82 percent of the server capacity in major datacenters was underutilized. Given all of the emphasis on server virtualization in the last few years, you'd expect utilization to have increased sharply. But it hasn't. According to Gartner research, overall utilization is still at 18 percent—and utilization of x86 servers is one-third lower at 12 percent. One big reason: Server virtualization has stalled. A survey by ESG Research published in November showed that only 39 percent of the VMs currently deployed are in production environments; a survey earlier in the year by Prism Microsystems found that just 30 percent of production servers have been virtualized. Late last year, Gartner put the number of workloads running in VMs at just 16 percent. What's the problem? Talk to analysts and industry insiders about this issue and you'll here the phrase "low-hanging fruit"—that is, virtualization built up quite a head of steam as IT consolidated and virtualized in-house applications like e-mail, Web, and file and test servers. All those applications have a few common characteristics: They are "owned" by IT and, although important, are not generally seen as mission-critical. "Ownership of the apps belongs to the business units; the cloud and virtualization flies in the face of that," says Bruce Milne, VP of product management for CA Technologies. Apps that haven't been virtualized—such as financial transactions, and ERP—tend to be I/O-centric. That means it's much more difficult for IT to monitor performance and availability problems that could develop when they run in a virtualized environment, says Len Rosenthal, VP-marketing, Virtual Instruments. The push for virtualization also halted because budgets stalled as the recession roared in. In a survey by ESG of IT executives in nearly 500 companies that have undertaken some degree of virtualization, budget constraints were the most common reason cited for not using the technology to a greater degree. S u rv ey
—By Bill Snyder
14
Trendline_Feb.indd 12
f e b r u a r y 1 5 , 2 0 1 1 | REAL CIO WORLD
Weinmann says he can do this by breaking the phone's baseband processor, used to send and receive radio signals as the device communicates on its cellular network. He has found bugs in the way the firmware used in chips sold by Qualcomm and Infineon Technologies processes radio signals on the GSM (Global System for Mobile Communications) networks used by the majority of the world's wireless carriers. With baseband hacking, security researchers are looking at a brand new way to get into this memory. "[It's] like tipping over a rock that no one ever thought would be tipped over," says the Grugq—a pseudonymous, but wellrespected, wireless phone hacker, and one of a handful of people who have done research in this area. "There are a lot of bugs hidden there," he says, "It is just a matter of actively looking for them." But hacking a smartphone with a baseband attack is very tricky, to say the least. The mobile phone's radio communicates with a cell phone tower. So in Weinmann's attack, he has to first set up a fake cell phone tower and then convince his target phone to connect to it. Only then can he deliver his malicious code. And even then, the malicious code he writes must run on the firmware that's used by obscure radio processors—something that most hackers know nothing about. "This is an extremely technical attack," says Don Bailey, a security consultant with Isec Partners. He says that while the work on baseband hacking is very exciting—and ultimately a big deal for the mobile phone industry—he doesn't expect any attacks that target the general public to emerge anytime soon.
Illust rat ion by visak a vardhan
S e c u r it y More than three years after the iPhone was first hacked, computer security experts think they've found a whole new way to break into mobile phones—one that could become a big headache for Apple, or for smartphone makers using Google's Android software. University of Luxembourg research associate Ralf-Philipp Weinmann says he plans to demonstrate his new technique on an iPhone and an Android device, showing how they could be converted into clandestine spying systems. "I can show you how to use the
—By Robert McMillan
Vol/6 | ISSUE/04
2/8/2011 5:57:32 PM
America-Israel Planted Stuxnet The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was jointly created by Israel and the US, according to the New York Times. Citing confidential sources, the US newspaper claimed that Israel's covert nuclear facility at Dimona was used to test the worm's effectiveness on centrifuges like the ones Iran employs at its Natanz complex, which has been plagued by technical problems. The Times also spelled out other clues: "suggest[ed] that the virus was designed as an American-Israeli project to sabotage the Iranian program." Stuxnet, which first came to light in June 2010, has been extensively analyzed by security researchers, most notably a three-man team at Symantec, and by Ralph Langner of the German firm Langner Communications GmbH. According to both Symantec and Langner, Stuxnet was most likely
trendlines
Vi r u s
designed to infiltrate Iran's nuclear enrichment program, hidden in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its facilities, then force gas centrifuge motors to spin at unsafe speeds. Gas centrifuges, which are used to enrich uranium, can fly apart if spun too fast. Symantec's analysis gained credence last November after the IAEA, the UN's nuclear watchdog, reported that Iran had stopped feeding uranium hexafluoride gas to its centrifuges for about a week. Speculation quickly focused on Stuxnet as the reason for the shutdown. Iran President Mahmoud Ahmadinejad admitted that a limited number of centrifuges had been affected by software he claimed had been installed by the country's enemies. It was the first time that an Iranian official had acknowledged the worm had struck its enrichment machinery. —By Gregg Keizer
New Skills Needed for the Cloud
CIO.IN
16
Trendline_Feb.indd 14
and the desire for enhanced technical knowledge, selected by 81 percent of respondents. For a majority of respondents, the exposure of confidential or sensitive information, data loss or leakage is of greatest concern, with 85 percent rating this as a top or high concern. This was followed by significant concern over weak system or application access controls (68 percent), susceptibility to cyber attacks (65 percent) and disruption in availability (62 percent). Survey participants were also asked whether cloud computing was likely to impact demand for information security professionals. The results revealed significant optimism, with less than 10 percent believing that the cloud would reduce demand and about half believing the trend towards
the cloud would increase demand for security professionals. Frost & Sullivan lead analyst Robert Ayoub, CISSP, says it was surprising to see such an emphasis on technology and detail, looking at a trend involving outsourcing management. "Professionals, the majority of whom have a technical background, appear to be focusing on the familiar," Ayoub said. "The instinct to develop skills for the new operational dynamic introduced by cloud computing may still be elusive for many." The (ISC)2 survey had over 7,500 certified professionals. (ISC)2, is the world's largest global, not-for-profit organization specializing in educating and certifying information security professionals.
Illust ration by photos.com
Contract negotiation skills are one of the top three required abilities for information security professionals dealing with cloud computing, according to new research. This is one finding highlighted in early survey results from the 2011 (ISC)2 Global Information Security Workforce Study (GISWS) conducted by industry analysts Frost & Sullivan and covering more than 100 countries. According to the survey, 73 percent of respondents say cloud computing requires new skills. When asked what new skills would be required for cloud computing, half of the survey participants identified contract negotiation skills as one of their top three requirements. This came after the desire to develop a detailed understanding of cloud computing, chosen by 93 percent,
Career
—By Ross Storey
To find the hottest jobs in the Indian market visit itjobs.cio.in
f e b r u a r y 1 5 , 2 0 1 1 | REAL CIO WORLD
Vol/6 | ISSUE/04
2/8/2011 5:57:38 PM
CompIlED BY Sneha Jha
It’s Raining Clouds in India Indian enterprises are warming up to the idea of building their cloud computing infrastructures and are proactively firming up their cloud strategy, according to a study conducted by Springboard research. the findings of the survey accentuate the fact that 76 percent of Indian enterprises are inclined to virtualize and adopt cloud computing in the next 18 months. this is the highest percentage as compared to other cloud positive countries in the aPaC region, like Japan and australia. and this also means that over the last 18 months, India has contributed generously to doubling the aPaC region’s figure—to 83 percent—of organizations that view the cloud as relevant to their business. the research study mapped the adoption levels across seven aPaC markets and concluded that India (43 percent) and China (39 percent) are leading the pack of organizations planning to deploy the technology. this could be attributed to the fact that, according to the survey, India’s understanding of virtualization and cloud computing has increased considerably over the last couple of months. In fact, India scored higher than both Singapore and Malaysia in current cloud understanding levels. the survey also revealed that in India, It/ItES, infrastructure and manufacturing sectors are driving cloud adoption and the government and banking sectors are most resistant to the cloud.
Pie in the Sky In the APAC region,
India
(43 percent) and China (37 percent) have the highest cloud adoption rates.
76%
Of Indian enterprises plan to adopt cloud computing in the next 18 months.
83%
Of organizations in the APAC region find the cloud relevant to their business.
StratEGIzInG is the key. Moving applications to the cloud requires a great deal of planning and strategizing. It may disrupt business activity and It’s functioning hence it is critical for enterprises to do a due diligence to ensure efficient and smooth migration to obviate chances of productivity loss.
2
VIrtUalIzatIon is the bedrock to the cloud. It lets organizations decouple critical business applications and information from underlying physical hardware, and in turn, provides a fast and cost effective way to the cloud. hence, a virtualized platform can be a good starting point for CIos if they want to embark on a journey to the cloud.
3
bUIld security nets. CIos cite security as the biggest concern when it comes to cloud computing. because integrated cloud computing involves moving business critical data between the cloud and on-premise networks, it is essential to ensure security. keep in mind that as enterprises move more processes to the cloud, the volume of sensitive data flowing to and from the cloud increases.
TrendlInes
I
breaking their security shackles, a majority of Indian CIos are finally gearing up to move to the cloud. 1
Best practices
SoUrCE: Springboard research
Vol/6 | ISSUE/04
Trendline_Feb.indd 15
REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 1
17
2/8/2011 5:57:39 PM
alert
Enterprise Risk management
Tech Scares of the Decade T
he dawn of the new millennium prompted fears about the future, but so far reality has not quite matched the predictions of catastrophe. The first 10 years passed uneventfully—well, aside from Y2K and a bunch of intelligent computer viruses. Here’s a look back at the past decade, and some of the most terrifying tech scares.
Y2K
IMAGES by PHOTOS.COM
Predicted outcome: End of the world as we know it. | Actual outcome: Accidental alarms, slot machine failures, incorrect dates on Websites. If you were around for the turn of the millennium, you probably know Y2K didn’t live up to the hype when the clock struck midnight on January 1, 2000, and nuclear missiles didn’t start automatically launching themselves. The millennium bug was first mentioned in print as early as 1984. While the fear-mongering media no doubt over-hyped Y2K, it was a real
problem that would have caused some large-scale issues had trusty IT guys not been on the ball.
Mydoom Predicted outcome: Not applicable. | Actual outcome: The fastest-spreading e-mail worm. In January 2004 an e-mail worm began spreading around the Net, appearing as a transmission-error message with an attachment. If you ran the attachment, the worm would send itself out to everyone on any address book it could find and also would attach itself to any copies of Kazaa to spread via peer-to-peer networks. The worm eventually gained the name Mydoom, courtesy of a McAfee employee who was first to discover the virus. Mydoom has resurfaced intermittently since then, and a
variation on the worm was a part of the 2009 cyberattacks on South Korea. The original author of the worm has never been found, but security firms have speculated that it was commissioned by e-mail spammers in Russia.
Anonymous Predicted outcome: Hackers on steroids, “The Internet Hate Machine”. | Actual outcome: Porn on YouTube, DDoS attacks on MasterCard. In 2007, KTTV Fox 11 News in Los Angeles ran a sensational report about a group called Anonymous. The report called the called them the “Internet hate machine” and “domestic terrorists.” Unfortunately, KTTV’s fantastic report was wrong: Anonymous is not a specific group at all, just a name for any random collection of users from various online communities and IRC networks working together. Wired more Continued on Page 20
findings
Cloud Security Fears Uncertain ability to enforce security policies at a provider site Inadequate training and IT auditing Questionable privileged access control at provider site Proximity of your data to someone elses Access across an untrusted network Uncertain ability to recover data Uncertain continued existence of provider Uncertain ability to audit provider source: Global State of Information Security Survey (India figures)
18
Alert.indd 18
f e b r u a r y 1 5 , 2 0 1 1 | REAL CIO WORLD
28.5% 28.3% 12.3% 11.6% 7.1% 6.8% 2.2% 1.9%
50%
The number of information security professionals who believe that cloud computing will drive an increase in demand for their skills. source: Frost & Sullivan
Vol/6 | ISSUE/04
2/10/2011 11:37:05 AM
alert
EntErpriSE riSk managEmEnt
Tech Scares Continued from Page 18 accurately described Anonymous as a group of “supremely bored 15-year-olds.” Crimes—Internet annoyances, really— that have been attributed to Anonymous include DDoS attacks on websites including the Church of Scientology, those that withdrew support from WikiLeaks.
the CIA, and the British Parliament all had to shut down their e-mail systems. Although police in the Philippines arrested two students, the authorities were unable to convict as there was no law, at the time, against writing malicious code.
iLOVEYOU Virus
Technology Crashes Planes
Predicted outcome: Not applicable. | Actual outcome: Over 50 million computers infected; over $5.5 billion in damages. The ILOVEYOU worm spread via e-mail. Similar to other e-mail worms, the virus required that users run the executable file. The worm disguised itself as a text file by putting .TXT into its name; when people saw that the file was called “LOVE-LETTER-FOR-YOU.TXT. vbs,” they thought they were opening a harmless text file. Once opened, the worm would send copies of the e-mail to the first 50 contacts in the user’s Windows Address Book, and then make changes to the system by overwriting a number of files, including all .JPG and .DOC files, with copies of itself). The virus reachd about 50 million computers and caused an estimated $5.5 billion in damages—the Pentagon,
Predicted outcome: Planes falling out of the sky. | Actual outcome: Lies. That’s right, airliners will take away your bottled water and your nail file, but they’ll let you keep your smartphone. There has never been any documented case of a cell phone causing interference with a plane’s navigation system.
Rfid Tracking Predicted outcome: The government will be able to track your every move. | Actual outcome: New passports. RFID, is a technology for tracking objects. Most commonly used for passports, security passes, and store inventory, RFID has been heavily criticized. That’s because even if manufacturers put chips in products
[OnE :: LinEr]
“Enterprises don’t perceive
mobile malware as a significant risk because management understanding on the subject is feeble, and the security community does not distinguish between mobile and other malware in dealing with them.”
without intending to invade people’s privacy, the technology can be exploited easily. In theory, RFID tags could be used to track everything from shopping and spending habits to your exact location.
Witty Worm Predicted outcome: Not applicable. | Actual outcome: First worm to carry a destructive payload; infected 12,000 machines. The Witty worm, first detected in 2004, was an important virus because it was the first worm to carry a malicious payload that slowly destroyed the host computers it infected. Although Witty infected only about 12,000 machines, the worm was still a pretty big deal. It exploited a hole in Internet Security Systems firewall and security software packages, and it spread rapidly just days after the vulnerability was announced. It got its name from its payload which featured the phrase “(^.^) insert witty message here (^.^).”
2012 Predicted outcome: End of the world; end of bad movies starring John Cusack | Actual outcome: Still waiting. The year 2012 is the last year in a 5125year cycle on the Mesoamerican (Mayan) Long Count calendar. More specifically, December 21, 2012, is the last day of the cycle. The date is not only the final date in a 5125-year cycle, it’s also full of ones and twos—and we know how superstitious the world is when it comes to numbers. So naturally, people speculate that everything from the Apocalypse to a spiritual awakening to absolutely nada will happen in 2012, despite the fact that the Mayans themselves are pretty unconcerned. If the world does end, that probably means the end of technology as we know it. If it doesn’t, though, we have plenty of new scares to look forward to. CiO
Deepak RouT, CISo, unInoR Sarah Jacobsson Purewal is a writer for PCWorld uS. Send feedback on this feature to editor@cio.in
20
Alert.indd 20
f e b r u a r y 1 5 , 2 0 1 1 | REAL CiO WORLd
VO l/6 | ISSuE/04
2/10/2011 11:37:10 AM
Enterprise Risk management
2010: A Year in Malware History
M
ore than a third of all malware that has ever existed was created by criminal gangs in 2010 alone according to the latest PandaLabs Annual Report. To be precise, the company found that 34 percent of all existing malware has been concocted by cyber-criminals in the last year, banishing forever the image of the disgruntled geek creating viruses in his bedsit. It’s not all bad news however, there’s been a dramatic slow-down in the rate with which threats are growing: Since 2003 the number of new threats has been doubling every but in 2010 they only increased by 50 percent. An unwelcome trend however, has been the rise in social media malware, in particular Facebook and Twitter, although PandaLabs pointed out that there have also been attacks on other sites like LinkedIn or Fotolog. According to PandaLabs, hackers use several techniques to trick users. These include the hijacking of Facebook’s ‘Like’ button, to make it appear that messages are being sent by trusted sources, and the distribution of fake apps. PandaLabs also pointed out that the year has also seen a rise in activist attacks on websites, so-called hacktivist incidents. Most notably, of course, was the co-ordinated response by the ‘Anonymous’ group in support of Julian Assange of Wikileaks. The DDoS attacks that brought down Mastercard, Visa and PayPal were a reminder of how quickly such attacks could be mobilized. Another trend is the growing interest in Apple Mac as a hacker target. A few years ago, Mac enthusiasts used to boast about their malware-free machines— that’s not the case any more. PandaLabs
22
Alert.indd 22
f e b r u a r y 1 5 , 2 0 1 1 | REAL CIO WORLD
doesn’t put any figures on the spread of Mac malware beyond pointing out that the company’s growing market share means that it’s become more vulnerable to attacks. The banking Trojan remains the most widespread of all malware, accounting for some 56 percent according to PandaLabs. However, there’s a rise in rogueware or fake anti-virus software, a category that didn’t even exist five years. PandaLabs said that about 40 percent of all fake anti-virus programs were created in 2010. Out of the total of 5,651,786 individual examples of fake anti-virus programs, of these, 2,285,629 appeared between January and November 2010, said PandaLabs. The badge of dishonour for the country with the most infected PCs goes to Thailand which has nearly 70,000 infected machines—China and Taiwan are not far behind. The UK does not figure on the list of the worst 20 offenders, although France and Italy do, with about 48,000 infected machines.
Spam Takes a Holiday
alert
Finally, PandaLabs found that Spam has continued to rise alarmingly high levels in 2010 despite the fact that botnets such as Mariposa and Bredolad were taken down. This did mean that the amount of spam dropped from the headline-grabbing figure of 95 percent of all e-mail traffic to the still high figure of 85 percent. PandaLabs believes that many of the trends of 2010 will continue in 2011, with growing examples of cyberactivism, social media attacks. SEO threats, a growing amount of attacks on mobile phones and tablets and more evidence of an attacks on Macs. In addition, new technologies will also be under threat—including attacks on Windows 7 and more hackers looking to exploit HTML 5. CIO
Maxwell Cooter is one of the co-founders of Techworld. Send feedback on this feature to editor@cio.in
Spammers are people too...apparently. They have families and want to take a vacation to spend quality time with them over the traditional holiday break just like everyone else. Or, at least that is the way that it appears if you follow the trends in spam traffic. Spam volume dropped precipitously and inexplicably on December 25. According to blog posts from both Symantec and Proofpoint, spam dropped to virtually zero beginning Christmas day but came back around January 9. “On December 25, 2010, Rustock, the largest of the spam botnets, went quiet. Why this happened, we don’t know but what we do know is that global spam levels dropped massively as a result,” says Symantec’s blog. What does that mean for enterprise IT departments? Well, it means that the spam purveyors apparently gave the world a holiday gift in the form of a brief respite from the constant deluge of pointless, and often malicious e-mails. But, it also means that the death of spam was too good to be true, and that it is still too soon to be scrapping your antispam defenses. I guess we should just be thankful for the holiday break, and keep our fingers crossed that the spammers have big plans for Spring Break as well.
—Tony Bradley
Vol/6 | ISSUE/04
2/10/2011 11:37:10 AM
Gary Beach
Strategic CIO
It's Not About the Seat Hankering after a seat at the managing committee of a company will get you nowhere.What CIOs need is a voice at that table. Here’s how to get heard.
I
Illust ration by p hotos.com
t used to be that the paragon of success for chief information officers was to have a ‘seat’ at the decision making table of the company. That’s yesterday’s news. Along with a primary focus on aligning business and technology strategies. Why so? Seats do not speak. Voices do. And transformational chief information officers have shifted their goals higher. For these executives, nothing less than having a trusted voice among their line of business colleagues at the table will do. So, you ask, how does a chief information officer earn that voice? The answer is straightforward and simplistic: Know your customers. Several months back, I received a telephone call from my 28-year old daughter late on a Friday evening. It seems the slippers her grandmother purchased for her from an e-commerce shoe distributor were one size too large. She returned them promptly and then waited as the distributor wasted time in alerting her as to whether, or not, they would send her a pair in her size. I listened to her rants—why don’t mother’s get these late Friday evening calls—and after the conversation I logged on to the ecommerce vendor’s Internet site, found the e-mail address of the chief information officer, and sent a short note asking for help. The following Monday morning that CIO called me. He was apologetic and said he would make sure that my daughter received her slippers in a day or so. But the important part of the conversation came next. He shared with me that he was very surprised by this incident. I asked him why and he
Vol/6 | ISSUE/04
Coloumn_forget_the_seat.indd 27
REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 1
23
2/10/2011 11:34:42 AM
Gary Beach
Strategic CIO
said, “once a quarter, I order something from our company online, have it shipped to my home, and then promptly return it when it arrives. By stapling myself to an order I find out very quickly about customer pain”. Brilliant, I said to myself, as I listened. And I must share with you I have told that story on stage to thousands of chief information officers since and, every time I do, I look out into a sea of nodding heads. The moral of the story: To get things done—and to hone a trusted voice—chief information officers have to spend less time worrying about ‘aligning’ business and IT strategy and more time out in the market with customers. How much time? I have asked that question, too, to chief information officers I consider to be truly transformational leaders. Bottom line: Nothing less than 20 percent will do. Great chief information officers ones spend close to 30 percent mingling with customers. Now, please let me be clear. ‘Customers’ are both internal (employees, line of business executives, etcetera) and external (customers and partners). The key point is you need to be present in the conversations of both groups. And not hiding out in the water-cooled datacenter.
Future Priorities Index Develop new go-to market strategies/technologies
256%
Study market trends for commercial opportunities
178%
Identify opportunities for competitive differentiation
147%
Drive business innovation
116%
Develop/refine business strategy
81%
Redesign business processes
18%
Lead change efforts
11% Source: 2011 State of the CIO Survey
need to tear down ‘the wall’ that has existed forever in our business. The ‘wall’ where the business used to throw projects over to the IT staff, which worked on the project in isolation and threw it back. Often not on target. There is no such thing as the business strategy and the tech strategy. Leaders threw out tech strategy years ago.” Ok, so how do you do it? How do you become a transformational chief information officer with a trusted voice? I found the answer in the just released 2011 State of the CIO survey. We asked respondents, “Where do you currently spend your time?” and “where do you want to
To get things done—and to hone a trusted voice—chief information officers have to spend less time worrying about ‘aligning’ business and IT strategy and more time out in the market with customers. Speaking of water, here’s another tip. Hang out at the company water cooler! Really, I am serious. About a year ago, I was meeting with Eric Sigurdson, managing partner, for Russell Reynolds, a leading technology executive search firm in America. I asked him what leadership traits are most prominent in top executives he recruits. “They all hang out at the water cooler”, he said. Perplexed, I asked him what he meant. With a smile on he said, “the agendas for most executive committee meetings are formed way before the meeting begins. I just use the water cooler as an analogy to underscore this point: Chief information officers need to do a much better job bonding with their executive peers and be a part of the agenda setting group.” I thought of Eric’s comments Team Player when I was visiting the chief information officer of a large Read The CIO Everyone Hates to financial services company. learn how win your management His retort to the water cooler team. Visit www.cio.in/mustread example was direct and to the c o.in point: “chief information officers 24
f e b r u a r y 1 5 , 2 0 1 1 | REAL CIO WORLD
Coloumn_forget_the_seat.indd 28
spend your time in the future?” The answers—recapped in the chart above are your roadmap to executive success at your firm. Time is money. If your firm is like other global leaders, they expect you, as chief information officer, to drive the top line. As your infrastructure becomes more of a ‘technology as a service’ play, you should have more time to get out and see customers. Find out their pain. Staple yourself to an order. Trust me, it will not hurt! CIO
Gary Beach is publisher emeritus CIO magazine. Send feedback on this column to editor@cio.in
Vol/6 | ISSUE/04
2/10/2011 11:34:43 AM
Feature_Software_deals.indd 50
2/18/2011 1:09:54 PM
Feature_Software_deals.indd 51
2/18/2011 1:10:05 PM