CIO Magazine February 2012 Issue by Sreekanth Sastry

leadership Technology Business Ricoh_Cover_ad.indd 84

VOL/07 | ISSUE/04

leaderShIp

VOL/07 | ISSuE/04

BuSIneSS

TeChnology

SaTyajIT Sarkar, GM-IT, DTDC Courier and Cargo, says a D.I.Y. approach allows DTDC to respond to market changes faster.

DO IT YOUR SELF Breaking convention, a band of CIOs are building their own software—and claim they gain more competitive advantage than you. Page 34

PLUS: Why your

global peers love D.I.y.

FEbRuARy 15, 2012 | `100.00 www.CIO.IN

Cover_Feb2012_DIY_final.indd 84

View from the top Vsevolod Rozanov on how IT helps MTS innovate. Page 50

Springing to Action A spring manufacturer blazes a new path for itself—and its peers. Page 58

2/10/2012 5:25:20 PM

Now that everyoNe’s talkiNg tech, maybe it’s time you started talkiNg Network.

“What’s up with IT? Our opex costs are through the roof!”

“we Need a New Network.” Þ

JN_India_CIO_V1.0.indd 1

2/2/2012 5:24:22 PM

From The Editor-in-Chief

Publisher, President & CEO Louis D’Mello E d i to r i a l Editor-IN-CHIEF Vijay Ramachandran EXECUTIVE EDITOR Gunjan Trivedi Features Editor Sunil Shah Senior Copy Editor Shardha Subramanian Senior correspondents Anup Varier, Sneha Jha, Varsha Chidambaram Correspondent Debarati Roy Trainee Journalists Shweta Rao, Shubhra Rishi Product manager Online Sreekant Sastry

Meaningful Work Why do business leaders fail to tap into the potential of their staff for tactical and strategic benefits? I’m getting so used to referring to the economic slowdown in terms of the first slump and the second slump, that if the import of this wasn’t so chillingly scary, it might even be funny. But let me tell you what scares me more—the way organizations and their leaders allow the economic climate to guide the way they act, allowing themselves to be swayed by the winds of fortune into taking ad hoc, short-term measures. In doing so business leaders often fail to tap into the potential of their staff and even to take their inputs for tactical and strategic benefit. In a recent book, The Progress Principle, authors Teresa Amabile and Steven Kramer, observe that outside of developing strategies for growth, the other key job of senior executives should be to engage with and work for the daily progress of their staff. But as the book points out, with managers misunderstanding motivation, employee engagement slips dramatically. In fact, the research revealed that of all the events that can deeply engage people in their jobs, the single most important one is making progress in meaningful work. Not compensation; not incentives; not recognition. In an article in HBR, Amabile and Kramer argued that “managers at all levels undermine the meaningfulness of work for their direct subordinates through everyday words and actions. These include dismissing the importance of subordinates’ ideas, destroying a sense of ownership by switching people off project teams before work is finalized, shifting goals so frequently that people despair that their work will ever see the light of day, and neglecting to keep subordinates up to date on changing priorities.” Amabile and Kramer’s research revealed that the organizations that managed to sidestep some of these traps took a consistent approach to strategy that was backed to the hilt top-down and then championed bottom-up. These were also companies where senior management did not forget their own days in the trenches and used that experience to tune into the employee perspective on all issues, an approach that made work more ‘meaningful’ and employees more ‘committed’. Now, how tough is that to do?

Custo m Pu b l i s h i n g Principal Correspondents Aditya Kelekar, Gopal Kishore Trainee Journalist Vinay Kumaar Design & Production Lead Designers Jinan K.V., Jithesh C.C, Vikas Kapoor Senior Designers Pradeep Gulur, Unnikrishnan A.V. Designers Amrita C. Roy, Sabrina Naresh, Lalita Ramakrishna Production Manager T. K. Karunakaran Ev e n t s & A u d i e n c e D e v e l op m e n t Vice President Events Rupesh Sreedharan Sr. Managers projects Ajay Adhikari, Chetan Acharya, Pooja Chhabra Asst. manager Tharuna Paul Senior executive Shwetha M. Management Trainees Archana Ganapathy, Saurabh Pradeep Patil Sales & Marketing President Sales & Marketing Sudhir Kamath VP Sales Sudhir Argula Asst. VP Sales Parul Singh AGM Marketing Siddharth Singh Manager Key Accounts Minaz Adenwala, Sakshee Bagri Manager Sales Varun Dev Asst. Manager Marketing Ajay S. Chakravarthy Associate Marketing Dinesh P. Asst. Manager Sales Support Nadira Hyder Management Trainees Anuradha Hariharan Iyer, Benjamin Anthony Jeevan Raj, Rima Biswas Finance & Admin Financial Controller Sivaramakrishnan T. P. Manager Accounts Sasi Kumar V. Asst. Manager Credit Control Prachi Gupta

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in 2

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

IDG Offices in India are listed on the next page

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2

2/10/2012 4:16:12 PM

From The governing board

Gov e rn i n g BOARD Alok Kumar VP & Global Head-Internal IT& Shared Services, TCS

IT’s Governing Principles For IT to be efficient, responsive and proactive, it should be supported by an effective governance process. There’s no doubt that IT has shifted from being a back-office operation to one that actively supports business growth and transforms enterprises. And new technologies like mobility, advanced analytics, and social media are extending IT's footprint beyond organizational boundaries into the enterprise' extended ecosystem. Correspondingly, investments in IT, too, have increased drastically over the last few years. Today, the average annual IT budget of Indian organizations is between one to two percent of overall revenue. That means for large enterprises, IT budgets can run into hundreds of crores. Hence, for IT to be efficient, responsive and proactive, it should be supported by an effective and well-managed governance process. And that starts with laying out organizational structures, systems, policies, and processes. To be able to do that, CIOs must re-organize relevant business stakeholders into an apex body for IT decision-making to ensure business’ ownership of IT initiatives. But this should be supplemented with a framework to measure business benefits from IT investments and reported to the highest executive level of the company. Further, technology selection should be made by a broad-based committee that will ensure company-wide standardization and the compatibility of IT products, technologies, and services. This will eliminate or limit the chances of making wrong technology choices or have obsolescence that can adversely impact an organization. That brings me to the sensitive subject of security. An information security team—headed by a CISO—should be responsible for information loss due to unauthorized access, interception or disclosure. And CIOs should set up internal controls like the segregation of duties, exception reporting, and the use of automated alerts for escalation. Now that IT has graduated from keeping the lights on to enabling growth, I believe that CIOs’ role and responsibility is to help organizations achieve that. And putting relevant management and governance processes in place in an effective and strong IT policy—that has enterprise-wide acceptance—is one way of getting closer to that goal. V.V.R. Babu, Group CIO, ITC

Amrita Gangotra Director-IT (India & South Asia), Bharti Airtel Anil Khopkar VP-MIS, Bajaj Auto Atul Jayawant President Corporate IT & Group CIO, Aditya Birla Group C.N. Ram Group CIO, Essar Group Devesh Mathur Chief Technology & Services Officer, HSBC Gopal Shukla VP-Business Systems, Hindustan Coca-Cola Manish Choksi Chief-Corporate Strategy & CIO, Asian Paints Murali Krishna K SVP & Group Head CCD, Infosys Technologies Navin Chadha IT Director, Vodafone Essar Pravir Vohra Group Chief Technology Officer, ICICI Bank Rajeev Batra CIO, Sistema Shyam Teleservices (MTS India) Rajesh Uppal Executive Officer IT & CIO, Maruti Suzuki India S. Anantha Sayana Head-Corporate IT, L&T Sanjay Jain CIO & Head Global Transformation Practice, WNS Global Services Sunil Mehta Sr. VP & Area Systems Director (Central Asia), JWT V.V.R. Babu Group CIO, ITC

Bangalore: Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, Phone: 080-3053 0300, Fax: 3058 6065 Delhi: New Bridge Buisness Centers, 5th and 6th Floor, Tower-B, Technolopolis. Golf Course Road, Sector 54 Gurgaon- 122002, Haryana Phone: 0124-4626256, Fax: 0124-4375888 Mumbai: 201, Madhava, Bandra Kurla Complex,Bandra (E), Mumbai 400 051, Phone: 022-3068 5000, Fax: 2659 2708

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 4

2/10/2012 4:16:18 PM

contents february 15, 2012 | Vol/7 | issue/04

Do it Your self

Case Files 58 | Stumpp, Schuele

& Somappa Springs

iT eFFiCienCy Why more Indian manufacturers should follow this spring manufacturer's bid to increase efficiency using IT—and the MBA who’s made it his mission to help them . by Varsha Chidambaram

62 | Suzuki motorcycle india auTomaTion Suzuki Motorcycle India takes a hard look at its manufacturing line and weeds out manual processes. by debarati roy

COVER: P HOTO GRAPH BY SHEKAR GHOSH / COVER DESIGN BY VIK AS K APOO R & U NNIKRISHNAN AV

64 | indiaFirst Life insurance

3 4

iT STraTegy By the time IndiaFirst Life Insurance entered the sector, established insurers had already gone online. It did too, but with a twist. by sneha Jha

34 | Do It Yourself Cover STory | IT STraTegy Against conventional wisdom, a band of CIOs are leaving the safety of packaged software and building their own. And they are finding new competitive advantages.

5 0

Feature by sneha Jha and gunjan trivedi t

42 | Do It Right Cover STory inTerview | IT STraTegy Umesh Jain, President and CIO, Yes Bank, shares his insights on what CIOs should watch out for when building their own. interview by sneha Jha

44 | My Way Cover STory pLuS | IT STraTegy If you’re on a D-I-Y path, you aren’t alone. Why your global peers from NYSE, KKR and Alcoa find that building their own software makes sense. Feature by kim nash

more » 6

f E b R u a R y 1 5 , 2 0 1 2 | REAL CIO WORLD

view From The Top: “we need to constantly amaze and amuse customers and that’s where it becomes a game-changer,” says Vsevolod rozanov, President & CeO, mts india.

VOL /7 | ISSUE/04

contents

(cont.) departments 2 | From the editor-in-Chief Meaningful Work By Vijay Ramachandran

4 | From the Governing Board IT Strategy | IT’s Governing Principles By V. V. R. Babu, ITC

11 | trendlines

5 4

18 | alert Hacking| My Career as a Bank Robber Privacy | Indian CISOs Don’t Trust UID

54 | Securing the Daisy Chain FeaTure | Cloud STraTegy Contracts aren’t fail-safe. Here’s how to guard your data as it travels among cloud providers and their subcontractors. Feature by stacy Collett

Columns 23

| Feedback Loops

STraTegiC Cio As we move from an industrial economy to one characterized by real-time feedback, business will need to take a page out of the gaming world if they want to attract and engage employees and customers. Column by Michael Hugos

| Security’s value proposition

underCover oFFiCer If you’re going to sell security to your CFO—and others in the organization—you’d better know what matters to them. Column by an anonymous CSO

| Listen, Carefully

Think Tank If you understood how IT research firms worked you would take the cloud advice of some of its researchers with a pinch of salt. Column by Bernard Golden

f E b R u a R y 1 5 , 2 0 1 2 | REAL CIO WORLD

3 2

aLTernaTive viewS: are CiOs the most Qualified to be business leaders? A holistic view of the organization is often pitched as a qualifier, but is that enough?

VOL /7 | ISSUE/04

Runs Oracle

10x Faster

The World’s Fastest Database Machine •

Hardware by Sun

•

Software by Oracle

* But you have to be willing to

spend 50% less on hardware.

10x faster based on comparing Oracle data warehouses on customer systems vs. Oracle Exadata Database Machines. Potential savings based on total hardware costs. Oracle Database and options licenses not included. Actual results and savings may vary.

Print Ad Resize

22.23 x 27.6cm CIO (1st Right Hand Page Ad)

PUB NOTE: Please use center marks to align page. Job No.: Headline: Date: Project: Type: Live: Trim: Bleed:

312M_EXD_10xFaster_CIO Runs Oracle 10x Faster* 01/24/2012 APAC Regional Fulfillment Magazine 20.32cm x 25.72cm 22.23cm x 27.6cm 22.86cm x 28.26cm

Fonts: Univers LT Std. 75 Black, 65 Bold, 55 Roman, 45 Light, 67 Bold Condensed, 57 Condensed

PRODUCTION NOTES

READER

LASER%

Released

1/24 2012

Please examine these publication materials carefully. Any questions regarding the materials, please contact Darci Terlizzi (650) 506-9775

Cio online

.in CIO adverTiSer index

boston Limited (India)

Dell India

[ CI O ZONES ]

Gartner India Research & advisory Services

your information hunt stops here

HP Networking

If you're like most people, your interests lie in a few specific areas. That is why we've created interest zones on cio. in. We have six zones including virtualization, bI, cloud, security, datacenter, communications.

21 & flap on Cover

IbM India

IfC

Lenovo India

IbC

Mphasis Oracle India Ricoh India

are CiOs Competent to be business leaders?

We invited two CIOs to kick-start a debate on whether a holistic view of the organization qualifies a CIO to take on a business role. Read all about it in alternative Views (page 32). Which side are you on? We also have more debates for you on www.cio.in Will Mobiles Be Taken off the CIOs List of Responsibilities in 2012? ayes Vs Nays a Are Users Ready for Self-Service IT? ayes Vs Nays a >> www.cio.in/cio-debates

41 9 13 & false Cover

Riverbed Technology India SaS Institute (India) Tata Consultancy Services

Tulip Telecom

[ BO O K CLUB ]

1&7

Juniper Networks India

Trend Micro India

[ DEBATE ]

28 & 29

3 63 65 to 72 19 bC

Vodafone India

Conversation starter books ooks have been known to spark conversations and on page 88 you can find the genesis of one. Learn what your peers think of a book and then visit the all new CIO book Club section online and join the conversation with your peers.

>> www.cio.in/bookclub

[ Ca se File ] springing to action

Why more Indian manufacturers should follow this spring manufacturers’ bid to increase efficiency using IT—and the Mba who’s made it his mission to get them to listen.

>> www.cio.in must read @ cio.in 10

>> Alert: an Interview with a bank Robber >> Column: Why yyou Should Take analyst advice with a Pinch of Salt >> Feature: Protect yyour Cloud Data from Sub-contractors

f E b R u a R y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 10

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

VOL /7 | ISSUE/04

2/10/2012 4:16:55 PM

EDITED BY sharDha suBramanIan

new

hot

unexpected

Are CIOs Going the Dinosaur Way?

the Art of Re-negotiation

v e n d O R m a n a g e m e n t With economic uncertainty lying ahead, CIOs are bracing themselves to re-negotiate IT contracts. Shweta Rao spoke to Dr. Selvam K., group CIO of Siva Industries and Holding, to find out how to get a good bargain. Here’s what he said:

When was the last time you re-negotiated? Siva Industries decided to build a private cloud in March 2010 and extend S-Tel’s IT infrastructure to the entire group. We also wanted to sort out scope overlaps between two existing IT vendors. Doing this would provide us with a single point of contact for different technologies and offer cost reductions. This is what triggered a re-negotiation process. I’m preparing for negotiation and I’m clueless. Give me something I can use. Always be prepared with numbers from your market research. And do extensive research on the vendor you are negotiating with.

Vol/7 | issu E/04

Trendline_Feb12.indd 11

Remember to always have a back-up plan if you are unable to reach an acceptable agreement in a negotiation. Your risk appetite must be balanced with the confidence of a back-up plan. Also, ensure you have a nod from your management. You should have a hard copy of the decisions taken in the meeting and ensure a person from the finance department is kept in the loop.

When is it not worth re-negotiating? It’s important to remember that time and energy are key factors—other than financial savings—when re-negotiating. A deal which saves you less than 10 percent of costs but consumes your productive time is just not worth it. Another important factor that IT leaders should keep in mind while re-negotiating is the relationship they share with their vendors. Remember, you are building a bridge of trust for the future. I would never break a relationship because of price. Selvam. K REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

il lustrat io n by p hotos.com

QUICK TAKE:

Other findings in the survey seem to bear this trend out. On one side, CIOs are expected to contribute to improving products and customer loyalty. On the other they are being undermined by business-line colleagues taking control of their own IT requirements. “The most important goals are customer experience, but the worrying thing is that CIOs aren’t geared up to deliver on it. They are stuck managing legacy investment,” said Aron. There may be an increasing level of disaffection for the role, as control over cutting-edge technological developments appears to be taken out of CIOs’ hands. “Our results say technology is back on the agenda this year, but it doesn’t mean that the CIO will be managing it. It looks as if some IT projects will be headed by other senior executives,” said Aron. —By Julian Goldsmith

tRendlInes

Gartner’s CIO Agenda 2012 surveyed over 2,300 CIOs across the world, and found that 55 percent of respondents didn’t think they would be in a CIO role in their next career move. Gartner CIO research group fellow Dave Aron said 20 percent expected to move into a more business-focused role, 18 percent expected to retire and 17 percent expected to be consultants. The survey broke respondents down over self-assessed performance metrics and found that of the 14 percent who considered themselves to be at the top of their game, just under two thirds of them thought they would move on away from the CIO role in their next job change. The metrics suggest that the CIO role is undergoing a substantial redefinition within business, as technology becomes more pervasive.

CIO ROle

How Will the Union Budget Impact Your Industry? vOICES:

It’s that time of the year again. As the government gets set to announce the union budget in March, Indian CIOs across industries are hoping for the best. Shubhra Rishi spoke to your peers from the BFSI, manufacturing and brokerage sectors to find out what they expect from the budget. Here’s what they have to say:

Budget

now, Pork Chops with Barcodes IBM is deploying technology that allows meat suppliers to track a single pig all the way from farm animal to pork chop. If you are a vegetarian or a fan of Miss Piggy, you may want to stop reading here. But, otherwise, what IBM is working on in China may limit or prevent disease outbreaks in animals. IBM is taking supply chain technology it first used in the pharmaceutical industry to track pills from the manufacturer to retail stores and is applying it to the pork industry. Pigs are identified with a barcoded ear tag. The tag is used to track various pig parts as they pass through the slaughterhouse, processing plant, distribution center and finally to the clear plastic-wrapped package in a grocer’s case. If a consumer buys three pork chops in a package, “you know that these three pieces of pork chop came from pig number 123,” said Paul Chang, who leads global strategy for emerging technologies at IBM . The identification coding isn’t on the meat, but on the bins used in the processing plant and then on the store’s packaging. For sausages, the system performs the aggregation that identifies the pigs that were part of the lot number used to make the sausage. China’s interest in the tracking technology stems from an outbreak in 2006-07 of blue-ear pig disease, an infectious reproductive and respiratory illness. The swine disease led to a pork shortage and sent prices soaring as the government worked to control the outbreak. Globally, there was worry that the disease could spread. IBM has built algorithms that can analyze data and assess risk levels to try to quickly identify problems. It could categorize some shipments, for instance, from some suppliers as high risk and then target inspection and testing resources to potential problem areas, “and hopefully prevent an outbreak,” Chang said. Tracking system sensors also record the temperature and humidity of the pork at each step of the way—anything that can affect the quality of the product. “Ultimately the holy grail of this exercise is if you can prevent an outbreak from happening,” Chang said. —By Patrick Thibodeau

AjAy MISRA, General Manager-IT Division, Punjab National Bank

tRendlInes

“It has a huge impact on the banking sector. The government’s fiscal policy could expect banks to re-orient and re-design their credit policies. This year, it should indicate measures to encourage investments and increase consumption which in turn will increase economic activity.”

PARnA GHOSH, Division Head-Strategic Information Systems, Honda Motorcycles “It has a marginal impact on the two-wheeler industry. also, due to rupee depreciation, one needs to pay a higher price for importing materials. I hope the PLR (prime lending rate) is reduced; it will boost sales this year.”

A. BALAKRISHnAn, CTO, Geojit BNP Paribas Financial Services “Our business is heavily dependent on market sentiments. This is the last chance for the government to announce a reform-oriented budget. We expect a market-friendly budget which creates a positive environment for investors and traders.”

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

imagin g by pradE Ep gulur

I n n O vat I O n

Vol/7 | issu E/04

2/10/2012 11:11:48 AM

Ford Cars Play Doctor Ford motors is collaborating with microsoft, healthrageous and bluemetal architects to bring health monitoring into cars, an effort that signals the company’s intent to move away from the in-vehicle “infotainment” systems some auto makers announced at cEs (consumer electronics show). many people suffer from chronic health conditions—far more, in fact, than are involved in serious automobile accidents during their driving careers. and not monitoring chronic health conditions, such as diabetes, can actually be a driving hazard. “think about what happens when someone with diabetes goes into hypoglycemic shock,” said gary strumolo, manager-infotainment, interiors, health and wellness, Ford. “they get dizzy, they’re confused, their vision is blurred—it’s a bad situation. but if your car can monitor your diabetes for you, and prompt you to get food when your blood sugar is dropping, you can avoid this situation.” Ford showed off a prototype of this future health system. it will be able to capture biometric data from devices such as pacemakers and glucose monitors, and will also be able to accept voice input from the driver. For example, the driver can tell the system what pills he or she has taken so far. the system will then upload this data to the healthVault cloud provided by microsoft, and transferred to Windows azure to be processed with other health data. once the driver leaves the vehicle, they’ll be able to access graphs and reports based on this data. —by sarah Jacobsson purewal

Mobile vs net: Battle for Bang C O n n e C t I v I t y Which has more of an impact on the growth of the Indian economy: Mobiles or the Internet? According to an ICRIER report, mobiles do.

2 1 0

1.08 Internet

1.5 Mobile

Growth in GDP for every 10 percent increase in mobile penetration versus 10 percent increase in the number of Internet subscribers. source:icriEr

Trendline_Feb12.indd 14

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

BI Reignites Sporstmanspirit The Indian Cricket team should take a leaf out of Pittsburgh Pirates’ book. After 19 consecutive losing seasons, the baseball team is now turning to predictive analytics to identify customer patterns and trends to help it better retain season ticket holders and attract new ones each season. The Pirates say the SAS Institute tools can predict which fans are likely to either renew or buy season tickets by analyzing their self-professed avidity for the team, their previous purchase patterns, their social media interactions and other demographic factors. (For more way to use BI, turn to pg 83) The goal is to provide the club’s sales and marketing personnel with information that can be used to deliver targeted sales, promotional and advertising campaigns, said Jim Alexander, senior director of business analytics for the Pirates. The Pirates are among a small but growing number of organizations using predictive data modeling tools to improve operational efficiencies and find new ways to generate revenue. Rita Sallam, an analyst at Gartner, said that about 10 percent of enterprises, including multiple professional sports teams, are successfully leveraging predictive analytic approaches. Moneyball, a recently released movie based on a book of the Moneyball same name written by Michael Lewis, tells the story of how the Oakland Athletics built a winning team on a shoestring budget by applying data mining and statistical analysis approaches to find strengths in little-known—and low-salaried—players. “In the case of baseball, the batting average was the gold standard for measuring the value of a player,” Sallam said. What the Oakland A’s did was to “throw away conventional wisdom and look at other measures that were equally valuable in predicting performance.” The Pirates, on the other hand, are extending that approach to improving operations and marketing capabilities. The team has found that fans who profess the most fervor for the team, and those who already hold tickets for best seats are most likely to renew season ticket packages. The fan’s age and the team’s record are other factors. The goal is to combine such information with other data the club already has on its fans to identify those it has the most chance of persuading to buy tickets, Alexander said. The team is using SAS to forecast its 2012 attendance, he added. —By Jaikumar Vijayan

a n a ly t I C s

Vol/7 | issu E/04

il lustrat ion \ inFograp hics by pradE Ep gulur

tRendlInes

COnsumeR eleCtROnICs

Sunderland Weather Forecast: Cloudy

IBM will plan, design and implement the cloud, using as much of the existing hardware and software at the council as possible. The council’s 4,000 users will have a standardized desktop model. The company will also provide network, storage and server hardware,

as well as server virtualization technology and monitoring facilities, under the contract. The cloud will be hosted in the council’s datacenters. In addition, IBM will provide services including business continuity, backup and disaster recovery services.” It was revealed that Sunderland would be the first city in the UK to have “wall-to-wall” superfast broadband. BT has invested significantly in Sunderland to bring its superfast broadband network to 90 percent of homes and businesses in the city by summer 2012. Paul Watson, leader of Sunderland City Council, says: “The City Council is investing in Sunderland’s infrastructure, ensuring the city is the easiest place in the UK to do business— whether you’re a small to mediumsize enterprise, or an international manufacturing giant.

tRendlInes

Sunderland City Council has announced it will create a multi-million pound cloud computing platform that will serve the entire city. Working with IBM, the council plans to use the cloud for its internal needs, but to also make the cloud available to organizations based in the city. Its aim is to support local start-ups and businesses, and to attract investment to the area. Paul Woolston, Chair of the North Eastern Local Enterprise Partnership, says: “[This initiative] raises our game to an international level and will assist the whole of the North East to attract investment and create opportunities for businesses across all sectors.” With the cloud, Sunderland council expects to cut its hardware and software costs, and its opex. Local businesses will be able to use the cloud for increasing their capacity and capabilities without investing in new infrastructure.

teChnOlOgy

—By Anh Nguyen

Researchers Code voIP v

Vol/7 | issu E/04

actually carrying another type. in their proof-of-concept demonstration, the researchers marked real-time transport protocol (rtp) packets as carrying voice that was encoded using a g.711 codec. actually they carried g.726-encoded voice, which takes up less space per packet. the difference in packet payload between what was advertised in the payloadtype field and what the packets actually contained is the space available for the steganographic message. the receiving machines must be configured to know to decode using one codec despite the fact that packets are marked to indicate they were generated with a different codec. the receiving machines must not only transcode the voice traffic, but also extract and reassemble the covert message. so access to machines is necessary ahead of time in order for t steg to work. tran if two Voip phones are the sending and receiving nodes and they use secure rtp (srtp), it is impossible for network monitoring to detect tran t steg, the researchers say. but if any of the other scenarios is used, monitoring at more than one place along the connection could detect tran t steg, they say. —by tim greene REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

il lustrat io n by p radEEp gulur

researchers have devised a new scheme for hiding secret data within Voip packets, making it possible to carry on legitimate voice conversations while stolen data piggybacks on the call undetected, making its way to thieves on the outside. called transcoding steganography or tran t steg, the method calls for setting a larger-than-necessary payload space in Voip packets and using the extra room to carry covert messages. in their experiment researchers could send 2.2mb of covert data in each direction during an average seven-minute phone call. researchers at the Warsaw institute of t technology 's institute of t telecommunications say that depending on how tran t steg is set up, detection can be impossible. but other scenarios make it possible to detect given the right type of monitoring. one big hurdle to the practical use of tran t steg is that it requires modifying the machines that send and receive the steganographic messages, say the researchers led by Wojciech mazurczy, who has developed other Voip steganography techniques. that's because the machines receiving the secret messages must be configured to know that packets marked as carrying one type of payload are t e l e C O m m u n I C at I O n

at cEs this year, vendors showed off their robotic inventions. one of them is the samsung navibot, a robotic floor sweeper, that has a camera and speaker. let’s say you’re at work and you connect, via an app, to your navibot floor sweeper. y you can adjust the camera position on the unit, as well as control its movement via the controller. by shifting the camera’s position around the room, you could discover that the dog is asleep on the couch. y your next step is to shout into your tablet’s microphone “bad doggy”—and presumably the dog will jump off the couch once it hears your voice coming from the navibot. but there is another category of drone-like devices that rely more on human controls and may find a place in the workplace and home, if you can get past their seemingly outof-body experience. in the ocean of vendors at cEs, was mantaro, a firm that’s selling a device that doesn’t sweep floors, but could act as your physical substitute at a business meeting. the company’s just released product is called tele t me. an apple ipad 2, iphone 4 or 4s or an android tablet can be fitted in a holder on the unit. the holder can be adjusted to either standing or sitting height. at the base are wheels, motor and battery.

tRendlInes

ROBOtICs

the remote user communicates via skype over the tablet or iphone but can also control, via a pc, the movement of the unit. it can, for instance, follow an aging parent around the house. that unit costs $1,500 (about rs 70,500) today, but declan murphy, a director of the company and an engineer, believes the price can be dropped to $1,000 (about rs 47,000) by the end of the year. “in two years’ time this is going to be the most popular christmas present for mom and dad,” he said. a more expensive unit from this company is the mantarobot, which has its own camera and more capability to scan an area. it can also be equipped with a laser pointer that can be controlled remotely. both units connect to Wi-Fi networks. on a factory floor, for instance, a manager could guide the mantarobot around and engage employees via the camera and built-in screen. it could also be used at conferences. murphy said the device is being used by a university in chile to allow an instructor in the us to remotely teach students. this tablet sits on a holder that can be adjusted to either standing or sitting height. it also has wheels and a motor for moving around. —by patrick thibodeau

Three Tips to Move up the Ladder in 2012 Here are three tips from two LinkedIn experts to set you on the path to success in 2012. Brand y yourself an Expert With “Answers” One of the most valuable and underused features on LinkedIn is “Answers,” Howes says. This part of the site is a forum where users can propose questions, seek advice and ask for opinions. “So many users are asking questions about their most painful points in their career or businesses,” he says. “If you’re an expert in a topic, then you should be answering more questions in order to pick up more clients and grow your business,” he says. CaReeR

CIO.In

Trendline_Feb12.indd 16

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Refresh y your Profile, Even if y you’re not job Hunting Just because you’re not currently looking for a job doesn’t mean your LinkedIn profile should lie dormant. Keeping your profile updated, Howes says, is essential for maintaining an accurate personal brand, as well as the potential for new business opportunities. “If someone wants to do business with you, they are most likely going to do some research about you on the Web,” Howes says. “It’s important you have everything up to date and portray your profile the way you want it to look. This means keeping it updated, adding new recommendations and advanced apps to enhance it.”

Make new Connections in 2012 The more quality people you are connected to, the more opportunities that could come your way. This year, focus on growing your network and connecting with new people, Howes says. “Businesses grow based on your relationships, so you want to keep expanding and growing connections in your immediate and expanded network,” he says. But be careful when requesting new connections, though. Do your homework on who they are, their past positions and their interests; and find common ground. —by Kristin burnham

to find the hottest jobs in the indian market visit itjobs.cio.in

Vol/7 | issu E/04

illustration by photos.com

Coming Soon: Robot Housekeepers and More

c o m p i l ed by S h w e ta R a o

Best Practices

IT Fraud: Err, Umm, Oh! What’s similar between an alcoholic and Indian enterprises? They both know they have a problem, but neither seem to want to do anything about it. At least that’s what a new E&Y report on IT fraud among Indian enterprises has revealed. According to the report, a full 74 percent of respondents say IT fraud is a more serious threat than any other fraud and 28 percent have experienced an IT fraud incident. But the majority is unprepared to counter an IT fraud incident: An alarming 61 percent said they relied on basic spreadsheet software for IT fraud investigations. Of the 100 respondents—from across sectors—E&Y researchers interviewed, 63 percent claimed that their in-house teams are qualified to perform IT-fraud related investigations—but only 9 percent of them could provide details of what those qualifications were. Only 20 percent of respondents knew what skills are required for digital evidence recovery (a reactionary measure to fraud) and about 15 percent knew what fraud analytics is and how it helps identify red flags, which may eventually lead to fraud. Worse, a third of respondents said they were unaware of the IT Act 2000 and its amendments. They also exhibited very little awareness about the Indian Evidence Act and the new data privacy law. “In the absence of complete awareness, a company may expose itself to a potential lawsuit and/or the data captured by them will not be admissible in the court of law,” said the report.

Get a deeper understanding of the law. Without it companies leave themselves open to law suits or capture data that’s not admissible in a court of law.

Re-skill in-house teams or get outside help. Remember, the requirements of an IT fraud investigation are highly specialized and call for a certain level of qualification and skills.

Invest in the right tools. Investigations conducted with the apt tools help constructing a water tight case. The use of spreadsheets could leave out important details, which could make or break a case.

trendlines

Although most Indian enterprises say IT fraud is a serious threat, very few have the skills, tools or know-how to tackle it.

Indian Enterprises in Denial About IT Fraud

74%

Of organizations say IT fraud is a more serious threat than any other fraud. But

61%

Rely on basic spreadsheet software for IT fraud investigations.

63%

Claim their in-house teams are qualified to perform IT-fraud related investigations. But

Of them could provide details of what those qualifications were.

IT tools or enablers used to perform fraud analytics on structured data: MS Excel

61%

MS Access

44%

ACL

25%

SQL

23%

IDEA

Others

14% Source: E&Y

Vol/7 | ISSUE/04

Trendline_Feb12.indd 17

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/10/2012 11:11:57 AM

ale lert rt

EntErprisE risk managEmEnt

My Career as a Bank Robber J

IMAGES by PHOTOS.COM

im Stickley got his first computer at age 12, and he was chatting with other computer nerds on bulletin board sites by 16. A wannabe hacker, Stickley says his first foray into playing the system was with free codes—codes that would exclude his phone and computer time from racking up charges that would incur the wrath of his parents. As an adult, Stickley channeled his computer and hacking passions into a legitimate career in network security, but soon realized that hardware and software were only part of the security equation. “When I was spending time testing the network for companies, I would see all these people come and go. You’d see the water delivery guy just come and wander around,” he recalls. “It dawned on me I could probably just walk in and steal all the data that they were paying me to secure on the network.”

So when Stickley founded Trace Security, security consultancy, he decided to place an emphasis on securing the network and testing the security of the people around it, too. It was a tough sell when the company first launched. “Ten years ago it was a different world. When we first started talking to people about social engineering, it was like selling ice to Eskimos. No one wanted it. No one cared. No one understood the value in it.” Today, Stickley and his team regularly conduct “social engineering engagements” where he physically robs banks and “steals” potentially vulnerable items and information. Stickley, who says robbing banks is “amazingly easy,” explains how he does it, and why he never gets caught.

findings

the Cloud strides ahead both in terms of understanding and implementation, CIOs in the APJ region are advancing with the cloud.

Cloud Understanding

How often do you “rob banks” as a social engineering experiment for clients? I’ve done over 1,000 locations without getting caught. They run the gamut from very small community banks with just two branches to very large financial institutions; we’re talking about several billion in assets in terms of the size. But regardless of size, all engagements run very similar. You may think “they have more money, they MUST be more sophisticated.” But they’re not when it comes to social engineering. When you are talking about networks and that sort of thing, absolutely. When you have a lot more money, you have a lot cooler toys. But that doesn’t seem to be the case when we’re talking about social engineering.

Cloud Adoption in APJ grows represents respondents who are currently using or planning cloud initiatives.

respondents rated their understanding of the cloud on a scale of 1-10. Australia

7.4

Singapore

6.6

Korea

7.2

Malaysia

6.6

Japan

Thailand

6.4

India

6.8

China

6.2

59%

64%

22% 2009

2010

2011

SOUrCE: FOrrESTEr

Alert_feb2012.indd 18

f e b r u a r y 1 5 , 2 0 1 2 | REAL CiO WORLd

VO l/7 | ISSUE/04

TREND MICRO IS #1 IN VIRTUALIZATION SECURITY*

NAVIGATE YOUR BUSINESS TO NEW HEIGHTS WITH CLOUD SECURITY SOLUTIONS FROM TREND MICRO

Trend Micro allows you to fully capitalize on the operational benefits of virtualization and cloud computing with innovative solutions for security and compliance. These include the first and only agentless antivirus, intrusion prevention and integrity monitoring solutions for virtualized datacenters and desktops. Additionally, our encryption and key management solution for public, private and hybrid clouds allows you to better manage and secure your data wherever it resides. The result is a true business advantage.

Learn more at trendmicro.com/cloud-security For more information, visit us at www.trendmicro.co.in Call: 1800 103 6778 Email: marketing_in@trendmicro.com Delhi: 91-11-42699000 Mumbai: 91-22-26573023 Bangalore: 91-80-40965068 *Sourced from: Worldwide Endpoint Security 2010-2014 Forecast and 2009 Vendor Shares, IDC

alert

EntErprisE risk managEmEnt

You can do training. You could have strong policy. Beyond that there’s not much you can do. You could have guards, but that still comes down to training and policy, because we’ve gotten into facilities with guards and without guards. It really doesn’t make a difference.

Where do you start on a social engineering engagement? They all come down to trying to figure out what is the avenue to get us into the facility. What I find makes it easier is the larger the bank is, the more locations, the easier it is for me to get in—because the employees are not going to know as many people and they’re not to be talking to as many people directly. So, it gives me a lot more room. In one-or-twobranch operations, odds are they know everyone and are talking to everyone. Those are actually, in my opinion, more difficult. If I’m going to rob a financial institution, often they say they want us to steal their backup tapes, which is often a major target because about 70 percent of financial institutions don’t encrypt their backup tapes. That’s a huge number. A lot of times they will want us to simply mark them and prove we could

have stolen them. In those instances, we have stickers that we take in and mark anything we could have stolen. Also, we have cameras that can photograph everything we do. Afterwards if there is any doubt, we have it all recorded. When you’re dealing with sensitive information, you have to have a very solid record of everything you’ve done.

What do you steal? I’ll steal anything. I’ll steal people’s cell phones if they leave them on their desk. I’ll steal any document that looks like it has confidential information on it. Obviously, I’m going for those backup tapes or any disc that is lying around; anything that looks like it could be of any value to me in some way, I’ll steal. Another thing I will do is this: In my little bag, I have a wireless device. And my goal is to be able to put my wireless device in the place where they have their drop for all their network equipment. I plug my wireless device in there and now I’m on their internal network. I can go back out my van and connect to my wireless device and bypass the firewall internal, any external IDS they have, and spend the rest of the day on there,

[OnE :: LinEr]

“Companies are now realizing that expensive security is less expensive than no security. so even if it budgets increase a little, the proportion allocated to security will increase considerably.” — Kaushal Chaudha ChaudhaRy, sVP-IT & GRouP CIso, lanCo Inf InfRaTeCh

Alert_feb2012.indd 20

f e b r u a r y 1 5 , 2 0 1 2 | REAL CiO WORLd

hacking away at everything else and doing additional attacks. If the day has gone really well and I start getting kind of punchy, that’s when I go for really large items. That’s what I try to carry out servers or big equipment. That’s always more entertaining because if you walk out with a big server, there is something really amusing about that. Just so we’re clear, any time we have an engagement where we steal anything, the client must have an employee that escorts us, and they wait in the car. So we have very little time when we’re actually in control of the items that we steal. We want the chain of custody to be very short with us. When we walk out with the stuff to the employee in the car, they are often very shocked because it often seems so unimaginable that you could carry a server off unnoticed.

What about money? Oh God, no. Money is so 1990s. It’s so outdated now. Think about it:If you want to steal $1 million, you better have a pretty big bag or a forklift. It’s just impossible to steal any real cash. The only people that actually steal cash out of a bank with a bag now are crackheads. Anyone who knows what’s going on, any real criminal, knows all the money is in digital now.

What do clients say when you manage to pull this stuff off? Most people hedge their bets when we meet them ahead of time and say they think they’re doing pretty good. I think they know it’s so hard to stop everything. So, sometimes they’re shocked, especially if it’s an engagement where we’ve managed to run off with a lot of stuff. But most of the time, they handle it well, because that’s where they’ve hired us for—they want to find out where they’ve got problems and how they can address it. They’d rather have us doing it than have it happen for real and end up in the media. CiO Joan Goodchild is senior editor at CSO. Send feedback on this feature to editor@cio.in

VO l/7 | ISSUE/04

• • • •

• • • • •

Enterprise Risk management

CISOs Don’t Trust UID With Their Data

n the best of days, India’s UID (unique identification number) program can round up a crowd of opinions—and emotions. The Nandan Nilekani-led UID project has been touted as the world’s largest, most advanced, biometric database of personal identities. And many believe that the UID is more secure than the US’ Social Security Number (SSN). But in the absence of a coherent privacy law, Indian CISOs aren’t buying that. “Even SSNs have been misused by criminals for years. The flaw of any personal identification project is that when you input data into a database, there must be an assured mechanism in place. Fingerprints have inherent inaccuracies as a proof of identification and retina scans make data storage requirements much higher,” says security and privacy expert Deepak Rout. “If you don’t provide enough security, then chaos is inevitable.” Though reports suggest that Nilekani has said that the use of UID cards will be voluntary, it becoming mandatory cannot be ruled out. When all transactions will get linked to a single number, the same may be used by various state agencies to monitor citizens’ activities. This may interfere with an individual’s right to privacy. “Even if owning an Aadhaar card is made compulsory, I’ll stay out of it as long as I can,” says Rout. Pawan Kumar Singh, CISO at Tulip Telecom agrees. “I am still insecure with the idea of entrusting my data to the government. Would I go for a UID card? No, thanks. The government may lay down stringent rules but where is the enforcement mechanism? UIDAI’s security policy will remain like our constitution—on paper—if citizen awareness is not brought up.” Singh believes that India isn’t ready to 22

Alert_feb2012.indd 22

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

consolidate its entire citizens’ personal data on a single card. Both Singh and Rout have reason to worry. In October last year, the UID project saw its first victim of a privacy breach. A citizen from Maharashtra lodged a complaint stating that his address proof was compromised. The incident raised concerns on the vulnerability of personal data being collected by UIDAI. And that’s just one of the many instances of security breaches. Even those close to the UID project are raising questions around the loopholes that may exist in the project. Sanjay Deshpande, CEO and CIO at Uniken Technologies—a security firm that was involved in the initial talks with the UID project team—says that the UID could be vulnerable to insider attacks. “How are they (the government) going to ensure that systems aren’t vulnerable

Bank Theft by Remote

alert

to insider threat? How trustworthy are the people handling a citizen’s personal identity? Also, are the biometric devices used by the government foolproof? You might have heard of losing your e-mail IDs and passwords at an Internet café owing to malicious software in public computers. How is the government ensuring that the data capture device by itself is not malicious?” asks Deshpande. Application level security is another major concern. “My problem as an Indian citizen is that once the UID project starts collecting biometric data everywhere, how are we going to prove our disassociation with a wrong UID and a crime we have not committed?” asks Deshpande. CIO

Shweta Rao is correspondent. Send feedback on this feature to shweta_rao@idgindia.com

Criminals in South Africa have carried off a cunning remote access heist that has left one of the country’s banks nursing a stunning $5.2 million (about Rs 23 crore) loss. After opening accounts at the South African Postbank months in advance, between 1 and 3 January the gang remotely accessed the computers of two employees using valid logins which were linked to the money transfer system. Large sums of money were then moved to the mule accounts before being withdrawn from ATMs across the country as cash. The transfers were apparently not picked up by the internal fraud detection system which might have had something to do with the fact that the period of the theft coincided with a New Year holiday. The Zambian-based Sunday Times newspaper quoted an unnamed source who pointed a finger at poor IT. “The Postbank network and security systems are in desperate need of an overhaul. This [the bank theft] was always going to be a very real possibility,” the source said. “At first glance, you have to say the intrusion detection system on its servers were obviously not working properly. It will be difficult for the post office to detect and stop something like this. But if they had the will and knowledge it could certainly have been prevented.” — By John E Dunn

Vol/7 | ISSUE/04

2/10/2012 10:44:40 AM

Michael Hugos

strategic cio

Feedback Loops As we move from an industrial economy to one characterized by real-time feedback, business will need to take a page out of the gaming world if they want to attract and engage employees and customers.

elcome to the real-time world. It’s a place where cause and effect follow each other so closely it can make your head spin. It’s happening because of the feedback loops generated by the two billion (soon to be four billion) of us all over the world who are online sharing information and opinions via social media that we access through consumer IT devices such as smartphones, netbooks and tablets. This fast feedback real-time world sometimes makes us yearn for a return to simpler slower times, but alas, the genie is out of the bottle and there’s no going back. The way forward is all about harnessing the power of feedback loops. The economy of the industrial world was based on the assembly line: A strict linear process that put everything in its place and maximized efficiency. The economy of the real-time world is driven by the feedback loop, a flexible circular process that maximizes responsiveness to continuous change. And a powerful model for how to harness feedback loops comes from video games. Video games are examples of how to integrate technology, process, and people into operating models that generate the feedback needed to thrive in our real-time economy.

Business Modeled on Games Illust ration by P HOTOS.COM

A game is an engagement engine, it attracts and engages players. You can measure the success of a game by the number of players it attracts and the level of engagement it gets from its players. Games are specifically designed to attract and engage people, and an influential game designer, Jane McGonigal, describes games as having four traits: Goals, rules, feedback systems, and voluntary participation. Looking at these four traits you could say that the combination of the first three traits is what creates the fourth trait. 23

F e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coloumn_feedback.indd 26

Vol/7 | ISSUE/04

2/10/2012 12:19:10 PM

Michael Hugos

strategic cio

The goals of a game are what the game is about; they are what attract people. Rules define how players go about achieving the goals; they are the challenge of the game. And feedback systems are the user interfaces that engage the players. They present a continuous flow of information that shows people how they are doing and whether they are getting closer or farther from accomplishing the goals. The right combination of these three traits is what induces voluntary participation. Maybe the best definition of a business these days is to say that it, too, is an engagement engine: It attracts and engages customers and employees. Perhaps a company in the real-time economy should no longer operate like an assembly line focused on efficiency. Perhaps it should operate instead like a feedback system guided by goals and rules focused on generating voluntary participation as measured by repeat customers and dedicated employees. The driving force for success in the real-time economy is continuous response to change so as to maintain the voluntary participation of customers and employees. Businesses that fail to do this go the way of once-great companies such as Kodak, Motorola, Sears and many other icons of the industrial age. These companies were very efficient at what they did but as the economy shifted from industrial to real-time, they lost the participation of their customers and employees. Their goals, rules, and feedback systems failed to interest and engage people. And their senior managers attempted to address this problem by applying industrial measures to increase efficiency such as cutting headcount, selling off business units and squeezing suppliers. This mostly just alienated people and accelerated the loss of the voluntary participation they so desperately needed.

known as “gamification” and it is only the start of the inevitable merging of games and business. As the saying goes, “You ain’t seen nothin’ yet.”

Building Business Feedback Systems Stanford University business school professor Byron Reeves and venture capitalist J. Leighton Read state, “We believe the highest use of games will be to redesign work so that it is more like a game and to allow work to be conducted within games.” Current practices of gamification will lead to more substantial and deliberate application of game traits and techniques, and at the heart of this trend will be the development of more sophisticated and engaging feedback systems. Engaging business feedback systems will combine in-house and cloud-based systems with social media and SaaS apps and leverage mobile consumer IT devices for their user interfaces. They will be built on top of--and communicate with--existing transaction processing systems that companies already have--systems such as ERP, CRM, supply chain and HR/payroll.

A game is an engagement engine, it attracts and engages players. The best definition of a business these days is that they are engagement engines: They attract and engage customers and employees.

IT and Feedback Systems In the industrial economy the purpose of technology was to increase efficiency and productivity and IT was applied with that end in mind. Many companies still view IT as primarily a tool to increase efficiency (and those that persist in this point of view are headed the way of Kodak, Motorola and Sears). It is not possible to cost-cut and downsize your way to success in the real-time economy. Companies have to find ways to maintain and increase voluntary participation of their customers and employees or they will simply fade away. Feedback systems are the highest and best use of IT. The explosive growth of social media and business networks from Facebook to Foursquare, LinkedIn and Google is fueled by their increasing use of traits and techniques borrowed from video games. An increasing Rave Reviews numbers of companies are using techniques from video games such To learn more about emplyee as leaderboards, progress bars, and feedback read Enhancing User badges as feedback mechanisms to Experience: What They Want, engage people and induce higher visit www.cio.in c o.in levels of participation. This trend is

Vol/7 | ISSUE/04

Coloumn_feedback.indd 27

Real-time business intelligence and analytics will be added to provide data transparency and reporting. Simulation and what-if modeling will be added to support training and decision making. Business process management will enable automation and constant adjustment of business processes as needed. And realtime communication systems using text, audio and video will support collaboration and problem solving between companies, customers and employees. As companies strive to find their way in this confusing real-time economy, the good news is this: Video games already provide a rapidly increasing body of field-tested best practices for using technology to create feedback systems to attract and engage people. So instead of hiring more financial analysts and management consultants to cut costs, maybe companies would get better results by hiring some good game designers to increase voluntary participation. CIO

Michael Hugos is an author, speaker, award-winning CIO and principal at Center for Systems Innovation. Send feedback on this column to editor@cio.in

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/10/2012 12:19:10 PM

Undercover Officer

Anonymous

Security’s Value Proposition If you’re going to sell security to your CFO—and others in the organization—you’d better know what matters to them.

ast week, my company’s CFO, Bob Beancounter, popped into my office and dropped a bombshell. “I need some solid evidence that your security programs are contributing to the organization’s productivity, its competitiveness and ultimately its bottom line,” he said without a hint of apology. “Evidence?” I asked him. And then repeated it, as if auditioning for a role in some cheesy made-for-TV drama. “Evidence? Hmm. You’ve got to help me with this one, Bob,” I said slyly. “I mean, how do you calculate the cost of a bad employee?” I reminded him that we had been steered clear of hiring hundreds of people in the past several years. “Do you think more than a few of those rejects might have cost us some serious money had we hired them?” I asked. “Well, I...,” he stumbled. But I had already started down a path of no return. “Huh. We can demonstrate how our security measures contribute to shareholder value due to lower losses per dollar of sales versus the competition. And, by the way, we have fewer security personnel per employee than any of our competitors,” I added. “And I recall that we were back in business before our competitors were after 9/11 because

Vol/7 | ISSUE/04

Anonimous_colunm_feb2012.indd 3

we had adequately planned and tested business resumption plans,” I cited. “I remember that the CEO made some real hay with that one at the annual meeting.” But I wasn’t done. “Because of our preventive and detective tools, we haven’t had even one minute of downtime due to the increasingly serious viruses and worms that hit us on a regular basis. Has that helped productivity and the bottom line?” I asked. Then I wondered aloud if he had checked with risk management lately. “Our insurance premiums have all been reduced since they reviewed our safeguards,” I told him. “And remember that company marketing wants to hire to manage phone sales? You should have seen the incredible holes we found in their information protection program. Can you help me figure the cost if they had lost our customers’ credit card numbers or other sensitive information as a result?” REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/21/2012 2:51:05 PM

Undercover Officer

Anonymous

Finally, I mentioned how Mrs. Jameson might put a dollar value on the security here: One of our security officers saved her husband’s life a few weeks back by using the defib after he had a heart attack. It took the EMTs 30 minutes to get here, but our guys were there in three. Yup, Mr. Bean Counter, I think we’re doing our part in contributing to the bottom line in this organization. But we also do so much more than that. At the end of the day, I think what we are about is helping the company run its business in a risky world. Maybe it doesn’t end up on your balance sheet as a line item, but I’d bet the bottom line would be a lot smaller if we didn’t do what we do around here. I’d love to have a buck for every discussion I’ve been a part of that wondered how the corporate security team could demonstrate to the bean counters, for that matter that it is far more than just another cost center.

A Case for the Bean Counters All you need to do is look back at the past decade to see that security is a fundamental element of core business processes. Start with all the high-level resignations due to phony experience credentials. Or think about intellectual property theft and product diversion. What about the high-level internal misconduct and criminal activity, and the daily reality of cyber crime and business interruption? Look at any one of those areas, and you’ve got yourself a good case for the bean counters.

Selling Strategy To learn more about convincing management, read How to Sell Security Solutions to Your CXO on www.cio.in c o.in

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Anonimous_colunm_feb2012.indd 4

Yup, Mr. Bean Counter, I think we’re doing our part in contributing to the bottom line in this organization. But we also do so much more than that. Yet I’ve worked for executives who never saw the real value without my persuasion. They thought that any activity that couldn’t demonstrate a direct contribution to the revenue stream and profit margin was an albatross around the neck of the company. They never took the time to understand our mission and its relationship to the protection of the enterprise. I say this with no apologies: CSOs are enablers. We provide services that allow the enterprise to meet business risk with its eyes wide open. Its value is in managing risk. I mean, if you want to own buildings with big rents for tenant businesses, you’d better have good lifesafety systems and procedures. If you want to do social media, you’d better provide a secure means for customers to deal with you. If you handle other people’s money, you’d better have in-depth controls around integrity. If you want to build a business in a risky foreign environment, you’d better have security on your agenda. Global business is going through an evolution of sorts when it comes to security and its growing role within business operations. Thirty or 40 years ago, we moved from the basics of general asset protection to more risk-focused content prompted by negligent security litigation, safe and secure issues of employment law, and increasing notice of workplace violence. As the workplace moved into ever-increasing technological complexity and reliance, the threats became more sophisticated, and remote and business continuity took on a new meaning.

With the ‘90s came the corporation as criminal defendant, Internet connectivity, business conduct issues and the need for secure e-commerce. Then the millennium brought us the reality of terrorism, anthrax, SARS and major concerns for the adequacy of internal controls and ethical standards. In this short period, not only the concept of “corporate security” but the standing, skills and competencies of those who deliver the wide assortment of business protection services have expanded dramatically. We are talking about CSOs these days because the nature of threat, vulnerability and business risk is expanding and the corner office wants a comprehensive protection strategy. Do your own history lesson. Look at the reporting relationship, compensation and senior management awareness of these aspects of operational risk within your company and other organizations with which you are familiar. The business world is far riskier today than 40 years ago, and it isn’t likely to get any easier. So with this evolution in progress and a seemingly acknowledged need for a senior security executive within the management team why do we CSOs continue to find ourselves wringing our hands about the value we bring to the table?

Marketing Security I think we’ve done a lousy job of selling the evolution and central governance roles of a full-service security program to thought leaders in business. I’d also not hesitate to put audit committees even the accounting firms and the Vol/7 | ISSUE/04

2/21/2012 2:51:05 PM

Undercover Officer

Anonymous

so-called consultancies that serve mahogany row and the business schools on the detention list as well. I don’t give a hoot who runs the full-service security program just as long as it encompasses all of the pieces and is directed with a recognition of how the individual parts can cost-effectively contribute. I know security can be a hard sell, not only because it adds cost but because our “clients” see our programs as adding inconvenience or cumbersome steps in business processes. But we all know the rules have changed in these past several decades, and good old Bobby Beancounter knows that as well. Don’t forget that CFOs are risk managers at their core, and they know we live in a much riskier world these days. Every enterprise is different, and the security story is equally diverse. CSOs have to find the hook that works within their unique corporate culture. This

has to be the focus of the products we develop and sell. Big, complex technical environment? Big need for in-depth safeguards and redundancies. Other people’s money? Trust and integrity. We all have a story that matches our company’s risk profile and culture. What some of us have not done well is package the story for the multiple audiences we have. There are hooks for Bobby Beancounter that will ring his chimes, and there are different ones for the audit committee, the CEO, and so forth. If you are at the table, you will know what hooks work with each executive and how to package the story. I think the notion of adding value is a many-sided story in itself. As I said in my pitch to our CFO, we can show how our efforts avoid clearly measurable risk. We can demonstrate in any number of ways these days how we contribute to our firm’s competitiveness. I obviously

had not “sold” Mr. Beancounter prior to his visit. My fault. He’s the guy who whispers in the CEO’s ear on cost management, after all! If your organization is doing its job well, you have tons of data, metrics and risk mitigation stories to support your cost and put the value equation in perspective. Advertise successes. Think of signs at construction sites saying “254 days accident free!” What signs might each of your programs have on the wall? At your periodic meetings with senior management, have some bullets on metrics and a story or two keyed to that manager’s hot buttons. It works. Value is in the eye of the beholder. Our products are often hard for the business to understand and see. Know your clientele and open their eyes with the facts. CIO This column is written anonymously by a real CSO. Send feedback on this column to editor@cio.in

Read More Articles Online Brain Drain: Protecting Your Organization’s IP Virtually everyone interviewed for this story warned that IP is highly perishable. Once the secret is out, it’s out. And the consequences can be dire.

Six Reasons Small Businesses Need Virtualization Server virtualization has been around for more than 10 years and its multi-faceted advantages are real and attainable even if you run a small business.

How to Make IT Irreplaceable We all know that, given the availability of hosted software and cloud options, going around IT is easier than ever.

The Private Cloud Power Why is the concept of the private cloud attractive in the first place? And in the most practical sense, what real-life components do we need to fully deliver on its promise?

www.cio.in/articles

Anonimous_colunm_feb2012.indd 5

2/21/2012 2:51:05 PM

E XECUTIVE

VIE W POINT

Sanjay Jotshi, Director, HP Networking, shares his insights on innovation and explains the crucial role of networks as CIOs adopt cloud and virtualization technologies and support an increasingly mobile workforce.

SANJAY JOTSHI, DIRECTOR, HP NETWORKING, INDIA.

SETTING A TREND HP NETWORKING PROVIDES FODDER FOR INNOVATION How can CIOs lead innovation and drive transformation across the enterprise? CIOs are definitely in a position to drive innovation. They face many â&#x20AC;&#x201D; and often conflicting â&#x20AC;&#x201D; challenges. They need to strike a balance between strengthening security, increasing the speed of delivering IT services, and simplifying access to key applications. To keep pace with competition, they

also need to adopt technologies like cloud and virtualization, and support an increasingly mobile workforce. All this with a limited IT budget. But some CIOs are able to use a portion of their budgets to drive innovation. CIOs should look at investments that can help them become more efficient and shift their focus to innovation to meet new and changing business demands.

At a time when demand for networkintensive applications is increasing, what technologies should CIOs consider? Today, a strong communications infrastructure is an imperative for most enterprises. The workplace is becoming increasingly virtual with employees working remotely. Video collaboration enables employees to participate in face-to-face meetings, and

CUSTOM SOLUTIONS GROUP HP NETWORKING

has proven to be an effective way for organizations to avoid travel costs and eliminate productivity downtime that are typically associated with in-person meetings. However, arming employees with video capability puts extreme pressure on an enterprise’s networks, as applications and video compete for bandwidth. Such pressure can siphon off network resources from critical business applications when you can least afford it, and unique issues can degrade or block video communications. Also, businesses may not get the benefits they seek from a video deployment if the quality of service is sub-optimal. Today, consumers are embracing wireless technology at a practically insatiable rate. An Ericsson study has revealed that at least 50 billion devices will connect to corporate wireless networks by 2020. Hence, businesses need a network that is optimized to deliver video and mediarich collaboration applications from the datacenter to users at the wired or wireless network edge. That’s why HP focuses on innovation across wireless technologies. This enables an effortless, fully-connected experience between mobile devices, heterogeneous network infrastructure and the cloud, to meet an enterprise’s needs. What critical factors should CIOs keep in mind while charting their networking roadmap? CIOs need to ensure that their IT infrastructure is not tied to a proprietary, singlevendor network infrastructure, as this is bound to increase costs. An open, modern, architecture fosters innovation and high performance while reducing the total cost of ownership of a state-of-the-art network. Lower capital and operating expenses will allow CIOs to select products and solutions that are right for the business and suit their budgets. Recent studies show that enterprise datacenters are in the midst of a massive transformation. This is driven by datacenter consolidation, server virtualization, webbased applications and new security requirements, which, according to research, has created numerous network challenges that can’t be addressed with existing legacy networks and manual processes. So, deploying the OpenFlow standard, for in-

stance, enables enterprises to significantly reduce the complexity of network devices and automate tasks using simplified network management. By reducing the time taken to make changes to the network, OpenFlow allows IT departments to respond better to dynamic needs in real-time. Today, HP is the only major networking service provider to offer a complete portfolio of OpenFlow-enabled solutions. How can CIOs exploit the benefits that cloud provides, without making significant changes in the way IT engages with the business? The cloud is no longer a futuristic concept and it is already providing tangible benefits. In a tough economy, the cloud offers some attractive options for saving costs, while help-

OpenFlow holds the promise of breaking the logjam in network flexibility and paving the way for network innovation in the datacenter.” ing organizations stay ahead of the curve. The cloud provides CIOs with an opportunity to integrate different business functions on a common platform, thus reducing cost and complexity. Organizations need to understand where and how technology services can benefit from cloud solutions. Also, enterprises can combine cloud computing with their traditional IT Infrastructure to create an ideal IT model. There are two approaches that CIOs can take while charting a cloud roadmap. One is to test their cloud applications with their employees and get feedback. Another approach is for CIOs to act as cloud service providers to other business divisions. Many CIOs have tried both approaches, but whichever method they choose to follow, moving to the cloud is inevitable. Simply because there are many benefits that are hard to ignore.

The ability to quickly and easily collaborate no matter where people are will transform business processes. How can CIOs ensure that they are ahead of the game? The explosion of social networking provides billions of people with the ability to interact like never before. This transformation is changing the way businesses think about employee communication and collaboration. It is also triggering new ways to use communication and collaboration tools to take advantage of the power of human relationships to increase business value. Effective collaboration, within and outside the organization, is going to be a key differentiator. HP successfully integrates voice, e-mail, voicemail, video/data/audio conferencing, collaboration and mobile technologies on a single unified communication platform. Apart from this, the underlying network infrastructure and the ability to manage are equally important. From HP Networking’s perspective, we create the infrastructure wherein, we have key and unique advantages in terms of scalability, decreased latency and energy efficiency among other things. The HP management platform - Intelligent Management Center (IMC) helps deliver integrated, modular network management capabilities that efficiently meet the needs of advanced, heterogeneous enterprise networks. This is important, as CIOs will have to scale and add new elements to their infrastructures. That is where we play a unique role. The IMC can control not only HP devices, but also about 6,000 other devices that belong to over 220 vendors, offering a single view of the network and thus improving manageability. So, in order to stay ahead of the pack, CIOs should look at the opportunities in the communications market that could transform their business. This Interview is brought to you by IDG Custom Solutions Group in association with

Bernard Golden

Think Tank

Listen, Carefully If you understood how IT research firms worked you would take the cloud advice of some of its researchers with a pinch of salt.

Illustration by P HOTOS.COM

don't know how I missed this, but at the Gartner IT Symposium at the end of last year, Darryl Plummer (chief of Gartner Cloud Research) apparently stated that enterprises should deploy apps in a public cloud provider as a default, and only deploy them in a private cloud if the public alternative is not appropriate. Plummer's recommendation caused quite a stir in the blog world when he first announced it. Naturally, much of the furore over Plummer's pronouncement was a reaction to the quick summary: Gartner prefers public cloud. Wow. That's a big deal, right? Gartner is probably telling all of its clients that they should trim their private cloud plans and instead focus on public cloud providers. And, in response, all of its clients are scrapping their private cloud initiatives and planning a big move to public providers, right? Actually, that's unlikely, for some very sensible reasons. First, people misunderstand the nature of analyst firms. They assume that these firms are corporate in nature and monolithic in their positions. In fact, a better way to look at analyst firms is that they are much like professional firms (law firms, consulting partnerships, among others, for instance). Such firms comprise relatively independent individuals, each with his own opinion. For example, one can present the same issue to two attorneys within the same law firm and get two different recommendations (I speak here from personal experience). Likewise two analysts from the same firm will hold different opinions about the right approach to a specific technology issue. Consequently, even if one or more (or most) analysts at a firm hold one opinion, there are probably others who hold a different opinion. At the very least, when presented with a specific issue,

Coloumn_listen.indd 26

F e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/04

2/10/2012 12:20:28 PM

Bernard Golden

Think Tank

analysts will likely proffer different recommendations, based on their interpretation of the issue. Of course, it's important to keep in mind that every situation is specific and different. If blanket advice were sufficient, there would be no need for analyst firms. Let me be clear, I'm discussing this phenomenon in generalâ&#x20AC;&#x201D;not picking on Gartner specifically. As I have said before, I am not one to gainsay Gartner. Second, as a complement to the fact that opinion at analyst firms differ, clients tend to take their recommendations selectively. Companies tend to have their goals and they seek support and affirmation for them, searching until they find third-party advice that can be cited as impartial evidence for pursuing the direction that they have already decided upon. This is crudely referred to as "shopping for an opinion." By citing an outside party, the client is able to justify to its own management why a particular course of action is acceptable. Some IT executives will search until they find an analyst whose recommendations match what they want. Back to Gartner's recommendation: Does the research firm recommend public cloud as the default deployment recommendation? It's hard to know, as the company hasn't made any announcements about the public cloud. However, the article about Plummer's pronouncement that I came across via Twitter does present his specific recommendations: "While the cloud hype has reached a fever pitch, Plummer points out that there are a number of potential risks. Those include security, transparency, assurance, lock-in and integration issues. If you do decide to start moving apps to the cloud, start at the edges and work your way into the core, says Plummer. The most common apps to start with are e-mail, test and development, productivity apps, and Web servers." This is appropriate advice, but it raises a question: Why is this being reported as news? These recommendations seem extremely mild and unworthy of any particular note. Today, if you're still getting advice that you ought to think about moving test/dev into a cloud environment, it suggests there is something far more worrying than whether public or private cloud should be your default deployment choice. More disconcerting is the fact that this advice is being proffered as something IT executives should do. It implies that moving to the cloud is something they're not yet doing. If that's the case, they are far behind the pack with little hope of catching up. As a CIO, if you're going to a conference and learning that you should be working from the outside in, moving low-risk apps to a cloud environment, it's likely that your company's business unitsâ&#x20AC;&#x201D;your customersâ&#x20AC;&#x201D;have been doing this for six to 18 months. And while you take six months to put together a strategy, and then build out your private cloud, the momentum of the business units toward public cloud computing is only going to grow. We've talked to a number of companies who seem to fall into a trap: They decide to start an internal cloud computing pilot

Vol/7 | ISSUE/04

Coloumn_listen.indd 27

program, get it underway, and then the initiative bogs down in the press of everyday business. While it's understandable that today's needs must be addressed, it seems that the crush of today prevents the critical need of tomorrow from being addressed. In effect, to use Steven Covey's formulation, IT organizations are skewing their efforts toward "Interruptions" at the cost of "Important Goals" and "Critical Activities." The issue of what areas to focus on isn't academic. As Clayton Christensen describes quite vividly, any time there's a major shift in technology, incumbent vendors are in danger. Cloud computing represents such a shift, and IT organizations represent the incumbent vendor. The importance and immediacy of this danger is delineated in another one of Gartner predictions: "By 2014, CIOs will have lost effective control of 25 percent of their organizations' IT spending." Coincidentally, this prediction was issued at the same IT Symposium as Plummer's. The article in which this prediction was summed up also reported: "Mature technologies are code for obsolete," said Peter Sondergaard, senior vice president at Gartner and global head

People misunderstand the nature of analyst firms. They assume these firms are corporate in nature and monolithic in their positions. But they comprise relatively independent individuals, each with his own opinion. of research. "You must dare to employ creative destruction to eliminate legacy, and selectively destroy low-impact systems." One wonders how the Symposium went down with attendees and whether these snippets reflect the general tone of the event. Certainly the recommendations quoted here seem quite forceful and pretty blunt about the need to shift IT attention and investment. If your cloud plans are at the level of researching by attending a conference, you're likely to find this level of advice disquieting, to say the least. Stepping back a bit, it seems obvious that our industry is at a turning point. The traditional approaches to IT management that have worked for so long are colliding with new approaches that are immensely faster. CIOs who react to the new way of doing things at the pace that used to work risk falling further and further behind. CIO Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of

Virtualization for Dummies. Send feedback on this column to editor@cio.in

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/10/2012 12:20:28 PM

Alternative Views

CIO ROle

Are CIOs the Most Qualified to be Business Leaders? A 360-degree view of the organization is often pitched as the reason CIOs are potentially better business leaders than their peers. Is that true? Two CIOs debate.

don’t believe that just having a detailed and horizontal view of an organization’s processes qualifies a CIO to be a good business leader. Sure, CIOs have in-depth knowledge of an organization’s processes and gaps, but is that knowledge sufficient to drive a business? A business role demands much more. A business leader’s competency is in exploring new markets, brand building, figuring what products would fulfill customers’ need, and positioning new offerings accordingly. He needs to know the industry and the competitive environment to be able to engage key decision-makers. He should also have financial acumen. Do CIOs have these skills? Also, a major part of being a good business leader is having a healthy risk appetite. That’s a huge differentiator. Compare that to a CIO’s role which has conventionally been to mitigate risks. The nature of our

work demands that we ensure 99.99 percent uptimes—that can’t be compromised. But this nature has also groomed CIOs to be people who need a beta and then a pilot for their projects. Key decision making doesn’t allow that kind of luxury of time. When it comes to strategy, I do agree that a lot of CIOs have started strategizing and innovating and have are even on the boards of their organizations. But let’s ask ourselves an honest question: How many CIOs enjoy that privilege in their organizations? If business sees the strategic aspect in what CIOs do, then what’s the need for business-IT alignment? From what I have observed, some CIOs who have moved to business roles have primarily been people with a business background and technology acumen. Will it be equally easy for an outright techie to unlearn and relearn all the above mentioned skills? That’ll be a huge challenge.

“Having a detailed and horizontal view of an organization’s processes isn’t enough to be a good business leader.” —Zoeb Adenwala, Global CIO, Essel Propack 32

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Alternative_Views_Feb2012.indd 34

VOl/7 | ISSUE/04

2/21/2012 2:53:46 PM

Alternative Views

CIO ROle

he IT leader is the only executive with a bird’s eye view of an enterprise’s processes and priorities, not to mention its operational strengths challenges, and opportunities. Over the years, CIOs tend to gather secondary levels of expertise, be it finance, HR or operations because they work closely with such business processes. For a comprehensive knowledge of operations and what makes the enterprise tick, the CIO role has no competition. CIOs, in most organizations, have conceptualized and driven large-scale change initiatives—a huge benefit in times when most organizations need people who can seamlessly drive change. They have evolved from technologists to those who proactively contribute to realize and deliver business goals—as much as their business peers. Strategy has become routine for most CIOs and their ability to morph innovative technology into business goals is an advantage that not many other C-level executives have. CIOs are hardwired and naturally more adept at innovation. After all, which other field experiences as many dynamic changes as technology?

“For a comprehensive knowledge of operations and what makes the enterprise tick, the CIO role has no competition.” —Srinivasan Iyengar, COO (former Director-IT & Change Management),Aegon Religare Having been a part of both the roles, I feel that CIOs have a fairly high risk appetite—similar to their business peers. In this day and age, when seven out of every 10 new technologies fizz out in no time, taking a call on what technology to go for is itself a huge risk. And just as it is with business, these decisions need to be made quickly to keep up with the changing business demands. Also, business-IT alignment is a catchy phrase but it’s antiquated. How much a CIO is in tune with the organization, its customers, and environment is purely a matter of inclination. Any C-level person should think beyond his function as his role is much larger. A CIO who only thinks about servers may not be living upto his full potential. CIO

As told to Debarati Roy Debarati Roy is correspondent.. Send feedback to debarati_roy@idgindia.com

GE5BF:CEA=B; 6HF=B9FF

G<ECH;< >H8=7=CHF 5DD@=75G=CB C: =G

IN THIS ISSUE

/` P`[[`u GolT^Jll mk?^lP`k]?mT`^ T^ ?HmT`^ tTlTm www.cio.in/transformers

Alternative_Views_Feb2012.indd 35

61 | IT POWERS INDIA’S ‘POWER HUB’ CSPDCL gets an integrated view of its enterprise work and asset management

66|GETTING INFOSEC ON BOARD Ajit Panicker of Cox & Kings talks about how he met the growth aspirations of the company.

An IDG Custom Solutions Initiative

2/21/2012 2:53:50 PM

Cover Story

IT Strategy

Do it Your

The competitive advantages of building your own software. By Sneha Jha and

P hoTo By ShEKhAR Gh oSh

Gunjan Trivedi

F E B R U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

Michael Porter, celebrated author and Bishop William Lawrence Professor at Harvard Business School, first proposed his theory of competitive advantage in 1985. Three years short of three decades later, his theory still holds true: Competitive advantage occurs when an organization acquires or develops an attribute that allows it to outperform its competitors. Management’s secret was out.

Instinctively, executives have always known the importance of competitive advantage. But Porter’s thesis started an open race to create it. CEOs drove executives to create new ways of performing at higher levels than their rivals. Competitive advantage became the new mantra and part of a leader’s KRA. Soon enough enterprise IT leaders were towed in by the strong current. Businesses increasingly expected CIOs to leverage technology—the new frontier—to bring them the magic of competitive advantage. That’s when CIOs began to be pulled in two opposite Reader ROI: directions. On the one hand were vendors offering mature How D.I.Y. can bring you enterprise-class apps—creating plug-and-play products that competitive advantage— few companies could resist. Yet, these packages became so and keep it yours popular that they turned into commodities—making them Why D.I.Y. doesn’t tie competitive differentiator killers. you down to a vendor’s thinking Over time, CIOs have tended to take a middle path: OffD.I.Y. myths busted the-shelf software platforms, with unique apps bolted on. Vol/7 | ISSUE/04

2/10/2012 4:36:57 PM

The beauty of building your own software is that you arenâ&#x20AC;&#x2122;t limited to the thought leadership of a vendor, says Satyajit Sarkar, GM-IT, DTDC Courier and Cargo.

self coverstory_DIY.indd 45

Cover Story

IT Strategy

But a growing band of IT decision-makers are deciding to go against the grain and are resisting the lure of packaged software. Their reasoning is simple: Building your own IT systems ensures greater competitive advantage and guarantees successful formulae remain a secret. “Building your own software is like driving your own car as opposed to using a COTS package which is like being a passenger. If you have homegrown software you’re in charge of your destiny,” says Satyajit Sarkar, GM-IT, DTDC Courier and Cargo. In this story, we bring you the tales of these maverick CIOs; IT leaders who take D.I.Y. to new levels and have brought their businesses competitive advantage. Whether they’ve given their businesses an early-mover advantage or they’ve built market differentiators, these CIOs are leading the D.I.Y. charge like few others.

“Vendors promise tailor-made solutions but implementation is where the rubber hits the road. That’s when you realize how deeply—or not—they understand your business domain,” says Manish Shah, DGM-IT, Indus Fila.

coverstory_DIY.indd 46

In his 1985 book, Competitive Advantage: Creating and Sustaining Superior Performance, Porter showcases an unusual tool—called Porter’s Four Corners Model—that helps predict what a competitor is most likely to do next. Although the model is meant to understand competition, it can also be used to grasp why businesses decide to do the things they do. Using the first two corners of Porter’s four corner matrix, analysts can foretell what a company is likely to do by applying two parameters: What drives a company (what are its goals), and what assumptions a company’s management makes about itself (it’s own weaknesses and strengths.) This model makes it easier to understand why greenfield operations in a niche industry would choose a D.I.Y. strategy. Here are the facts: Startups tend to have impressive goals and dreams of making it big fast. This makes them aggressive and likely to take more risks in their strategies. Niche companies, in the meanwhile, are acutely aware of the need to trailblaze their own path. In 1990, DTDC Courier & Cargo, fit both categories perfectly. An air express and cargo company based in Bangalore, DTDC started life basing itself on a fantastic new premise: It would use a franchisee model. Until that point, it says the strategy had never been applied by any express distribution company, anywhere in the world. “Like a lot of entrepreneurs I faced challenges of capital, skilled manpower and building a network,” says Subhasish Chakraborty, chairman

F E B R U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

P hoto by foto corp

Ph oto by SRIVATSA SHANDILIYA

Early Mover Secrets

Vol/7 | ISSUE/04

2/10/2012 4:37:08 PM

and MD, DTDC. “The franchisee model gave us a first-mover advantage in terms of reach, which is a key requirement, and a cornerstone of DTDC’s growth and success.” The start-up got full points for thinking outside the box and changing the industry’s rules. Implementing that radical strategy, however, was another ball game. DTDC’s leaders knew that to gain that early-mover competitive advantage—and scale its business—it would need enterprise software. But no one, not even the industry’s big boys like DHL, TNT or FedEx, had established rules and processes to deal with channel partners—forget the software vendors specializing in logistics. “They had not created a set pattern that we could follow. Since global best practices had not evolved, vendors were not ready with mature solutions catering to the needs of this domain,” says Sarkar, who wasn’t with the company then. This became obvious when DTDC began scouting for a solution for their new business. Few of their needs, they realized, were addressed by packaged solutions. “When we began to evaluate the core application software for our operations, we figured that there was no commercial, off-theshelf (COTS) solution available,” says Sarkar. But in a hurry to grow, DTDC wasn’t yet ready to build its own software. Its reluctance to go down the D.I.Y. path is understandable. For CIOs and organizations world over, it’s a foregone conclusion that building is only an option when you have no other choice. “CIOs must build their own software only in special cases when they have a business imperative that is not met with a COTS package. Even in that case, CIOs must try and procure a readymade package and add features to it,” says Niranjan Bhalivade, CIO, CEAT. That’s a thought that occurred to DTDC, but they turned away from it. “If we tried to force-fit COTS in our scenario, it would have to be customized heavily. Rather than pushing the limits of commercial software, it made sound business sense to go the D.I.Y. route,” says Sarkar. But DTDC did try the next best thing: It got a thirdparty developer to build a tailor-made solution. The project quickly derailed, says Sarkar, when the vendor abandoned the endeavor midway due to a lack of reference points. So DTDC decided to take things into its own hands. “We resolved to go against the conventional grain and decided, instead, to utilize our existing development infrastructure and build our own software,” says Sarkar. It helps that Sarkar has D.I.Y. in his DNA. Even as a child, he remembers breaking his toys and reassembling them. “It held a strange fascination for me. I liked building things my own way,” says Sarkar. DTDC’s team of four—which later grew to 18— developed its core operations application called Central Tracking and Billing System using Oracle at the backend and Visual Basic as the programming platform. They also created Vol/7 | ISSUE/04

coverstory_DIY.indd 47

“If DTDC decides to launch a new product then IT can roll out changes within 48 hours. With a vendor, it would have necessitated a protracted product development cycle.” the operation software for their channel partners on this platform, he says. Sarkar’s team also built DTDC’s intranet, website, channel partner portal and an intelligent reporting system, much like a BI system. Over time, DTDC, he says, has migrated from Oracle to MySQL at its backend and its applications are being ported from VB to Java. “We would have spent wads of money on hardware, software, customization, training, helpdesk, modifications, licensing, contract management and legalities. I’ve eliminated these expenses in one stroke,” says Sarkar. Today, Sarkar says, over 2,000 core users directly or indirectly use the app—and over 6,000 channel partners. DTDC’s D.I.Y. system handles nearly 4,00,000 shipments everyday—allowing it to grow into a Rs 600-crore company.

Thinking Outside the Vendor Box Some kilometers away, and at much the same time, Indus Fila, was caught in a similar quandary. Today, the Rs 500 crore, Bangalore-based fashion and textile manufacturing company—which supplies to PhillipsVan Heusen, H&M, Walmart—has diversified plenty. But about a decade ago, its primary business was making labels. As sales volumes soared, Indus Fila’s executives recognized the need for automation and in 1998 the company began searching for a solution that would fit its needs. The problem, they soon encountered, was similar to DTDC’s: The industry lacked templatized, commercial software. The solutions they came across, says Manish Shah, DGM-IT, Indus Fila, were bloated with unwanted features and didn’t match with business needs. “There was an alarming disconnect between our business needs and the features offered by the packaged solutions,” says Shah, adding that they received offers from software vendors to create a custom solution. But like DTDC’s attempt that too went the way of Kodak; it crashed and burned. “Vendors promise tailor-made solutions but implementation is where the rubber hits the road. That’s when you realize how deeply—or not—they understand your business. If they don’t, your project will run into sand,” says Shah. REAL CIO WORLD | F E B R U A R Y 1 5 , 2 0 1 2

2/10/2012 4:37:08 PM

IT Strategy

Indus Fila, says Shah, was more adamant with sticking to a COTS package than DTDC. But by the second time it burnt its fingers with COTS packages, it was ready to change tack. “Ultimately, we realized that since we know our business processes and domain from top to bottom, we were better qualified to design software that we needed. Writing code on top of a COTS product to customize it is not always best-suited to your overall endeavor of gaining competitive advantage,” says Shah.

Hard Choices At Indus Fila, concerns around a D.I.Y. strategy ran deeper than app choices. Shah says they had to factor in domain expertise, capital, organizational commitment, and user acceptance. Plus they needed to study the IT skills available in-house, how to manage cost, and ensure adequate support post-deployment. But it was these same factors, he says, that tipped the balance in favor of a build-your-own proposition. “We hedged our bets on this maverick approach. We had the technical know-how and the domain expertise to create our own solutions. We took user feedback and started working with them to design a blueprint,” recalls Shah.

In order to build the solution ground up, the organization went deep into planning mode. The idea, says Shah, was to obviate the risk posed by cost overruns, attrition and user expectation management. Shah says that his core development team consisted of one lead and four developers. The support team of three also—at first—doubled up as QA. “We used Visual Basic and SQL Server 2000 initially. Later developments were made in C#, .Net and SQL Server 2005. We also used crystal reports and some miscellaneous third-party tools. The modules of our ERP ranged from 10,000 to about 50,000 lines of code. All together, the project is well over 3,00,000 lines of code,” says Shah. Many of the hard choices the company risked have paid off. And if its leaders thought they needed to trade time-tomarket for a perfect solution, they were wrong. Shah rolled out the first module—for marketing—in just three months. The D.I.Y. platform is paying dividends at Indus Fila. According to Shah creating their own software has given them competitive advantages a COTs package couldn’t. “We have better response time to sales orders, respond more quickly to changing market conditions, have better agility,

Photo by FOTOCOR P

Cover Story

Girish Rao, head-IT at Marico, says he’s created software with a vendor— tapping into 19 years of domain expertise—and they sold it, diluting his competitive advantage.

D E C E M B E R 1 5 , 2 0 1 1 | REAL CIO WORLD

coverstory_DIY.indd 48

Vol/7 | ISSUE/02

2/10/2012 4:37:26 PM

flexibility, and enhanced user experience because users are now a part of app development so they embrace change better. And our system is closer to the business realities that the organization is facing.”

Market Differentiation Unlimited If allowing a company to be an early mover in its space is an important benefit of having a D.I.Y. strategy, there’s another benefit that really gets attention from both CIOs and their managements. That is market differentiation. CIOs who have been down the D.I.Y. route say it aids them build innovative functionalities and specialized applications that help organizations emerge as frontrunners. While competition can easily emulate a market leader’s ability to automate business processes—because everyone’s working off the same commoditized software—they can’t do that as easily with niche tailor-made applications. The real benefit of this? Putting together the thought-leadership and an expert team and taking the time to create a special application builds an entry barrier which competition finds hard to overcome. Girish Rao, head-IT at Marico buys into that philosophy. Although Rao works on off-the-shelf platforms, he believes that incremental, specialized apps should be created inhouse if you want to ensure that your best ideas remain just that—yours. Creating market differentiations, as a policy, is not the purview only of the CIO’s office at Marico. Rao say it percolates through every function of the organization. Rao, who has spent 19 years at Marico, says he has seen the company expand its product portfolio with diverse product variants that have muscled their way into the market. Applying that philosophy to IT, Rao realized that despite adopting feature-rich COTS packages to address Marico’s needs, there were some gaps. Bridging these gaps could create market differentiation and competitive advantage for the organization. One of the best examples at Marico of D.I.Y. that brings market differentiation is the Copra Portal project. The project, says Rao, strengthens the organization’s link with its suppliers. But more importantly, the portal redefined the way copra—a key ingredient in Marico’s cash cow, coconut oil—was purchased and went a long way in ensuring a secure supply of the commodity. It also cut the time it took to purchase copra and made the process simpler and more streamlined. The Copra Portal, says Rao, was developed by a team of two business users, an IT project manager, three developers and two testers and it took six man-months to develop. Because such functionality was not possible using COTS, the Copra Portal is a shining example of how CIOs who don’t play by the rules set by vendors can take an organization ahead of its rivals. Not on this project, but along his D.I.Y. road, Rao has learnt—from hard experience—to protect and nurture Vol/7 | ISSUE/04

When Not to t D.I.Y.? “What makes you think you can recreate a product effectively and on your own when millions have already been spent putting certain business practices into a product? Although, there are specific situations and unique business needs where building your own may still make sense. But if there are fairly standard business practices available then it makes less sense to go down this route.” — Rajesh Mohan, Joint President-IT & Systems, Binani Industries “CIOs must build their own software only in special cases when they have a business imperative that is not met with a COTS package. Even in that case, CIOs must try and procure a readymade package and add features to it. A readymade application introduces industry best practices, which helps improve organizational process.” — Niranjan Bhalivade, CIO, CEAT “Fitting in an industry-specific application does not work when you want to quickly deploy IT value for a requirement which does need many fixes and has standard acceptance. Re-inventing the wheel does not work in time-tested environments. CIOs must be guided by specific business needs and a thorough analysis of the time it takes to build, to win acceptance through change management, in-house capabilities and economic scenarios.” — Meheriar Patel, CTO, Head-IT and eCommerce, Globus Stores —By Sneha Jha

such ideas in-house, away from the prying eyes of less innovative rivals. “I would help a vendor design a product specifically to my needs in order to build competitive differentiation. In the process I tapped into my domain expertise. The vendor would then develop a solution after a lengthy development REAL CIO WORLD | F E B R U A R Y 1 5 , 2 0 1 2

2/10/2012 4:37:37 PM

Cover Story

IT Strategy

Writing code on top of a COTS product to customize it is not always best-suited to your overall endeavor of gaining competitive advantage.

cycle of six months or so and then sell it to other customers to justify ROI for the effort he put in. That dilutes my competitive edge, defeating the purpose of the whole exercise,” he says. Another project that Rao ran on D.I.Y. was Marico’s Media Management Portal. The objective was to create more financial and accounting control with regard to payments to media agencies and ensure higher levels of collaboration between multiple internal and external stakeholders. The portal was developed by a team of two business users, a business project manager, an IT project manager, two developers, two testers and two members from a media agency, says Rao. It took them about 12 man-months to develop the portal with 1,40,000 lines of code. The project was developed on ASP.Net and the data was integrated with SAP using ABAP. Today, because Rao refused to be limited by the thought leadership of a vendor, Marico has what few other companies have: A way to effectively control its ad spends. And the project increased efficiency. In the absence of the system, media bills took about 15 days to process. Now, that’s done in less than five days, says Rao. “Consequently, the credit rating of the company in this area has improved,” says Rao.

Myth Busting One of the ways commercial software is sold over D.I.Y. is the latter’s ability to help organizations take products to market faster. If, for example, a start-up needed accounting software, few CIOs would dream of slowing the business down by creating it module, by module. The sad fact is that D.I.Y.’s got the bad rep of slowing down a business. Sarkar couldn’t disagree more. And he draws examples from DTDC. “Our business is highly prone to changes. In each quarter we might need to foray into a new market segment. As new demands arise, we may launch a product to cater to new customer segments. Ours is an emerging business so changes to the systems are inevitable,” says Sarkar. To keep up, DTDC’s systems need to be modified regularly, says Sarkar. If he had to work with a packaged solution, he says that changes would have to be explained to a vendor—which takes time. And often, vendors are too slow or too unwilling to adapt their packages. “They fret over alterations they have to make. Working with them is a long-drawn and prohibitive exercise. So your responseiveness to market forces slows down,” says Sarkar. 40

coverstory_DIY.indd 50

F E B R U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

In comparison, DTDC’s homegrown solution is quicker on its feet. “The code and database structure is developed in-house so we can modify, alter, enhance and fine-tune without much ado. It’s cost effective and business friendly,” he states. And if the business decides to launch a new product then IT can roll out changes within 48 hours, he says. With a vendor that would call for a protracted development cycle. Here’s another example of how D.I.Y. makes a company more responsive. DTDC gives its corporate customers personalized dashboards so they can monitor their billing, payment and delivery histories. Not only did they create this in-house, “contracting roll-out time,” says Sarkar, but going D.I.Y. also allows them to service their customers faster. “If a corporate customer wants any customization to their homepage, we can personalize it within a day. Other MNC players also provide this facility but they seek third-party assistance, which is expensive and time-consuming. They would take at least a week to do it,” says Sarkar. The homegrown software also facilitates integration with newly-acquired customers within a day. Moreover, it fosters better integration with global partners. Whenever DTDC signs a JV with an international operator, a high amount of integration is required between systems. D.I.Y. shrinks that. It helps, Sarkar says, that DTDC’s IT department has an intimate understanding of the business. That’s a benefit that many D.I.Y. believers say is the strategy’s primary selling point. That’s because building your own software forces IT to be tightly linked with business. IT needs to work side-by-side with the business—a process that engenders great amounts of business-IT alignment, and lowers change management needs. “We have fostered Better partnership with business and increased credibility with IT,” says Shah. Best of all, it can raise IT’s standing in the eyes of users and management because D.I.Y. doesn’t limit the needs of either, a challenge CIOs with templatized software are bound by. “This is the beauty of building you own software. There is no dead end. You are not bound by any limits. If you procure packaged software then your scope for development can get limited. Today, our business team can come up with new ideas and we keep scaling up the application. Ours is an ever evolving application,” says Sarkar. CIO Sneha Jha is senior correspondent. Send feedback to sneha_jha@idgindia.com

Vol/7 | ISSUE/04

2/10/2012 4:37:37 PM

CUSTOM SOLUTIONS GROUP MPHASIS

EXECUTIVE VIEWPOINT

KEY FOCUS AREAS FOR BANKS IN A SLOWING DOWN ECONOMY Certain key initiatives at the business and technology level can help a bank beat the melt-down and gain the upper hand over its competitors.

mortar banking. This move not only helps in ccording to the half-yearly Financial reducing customer service costs, but also in Stability Report (FSR) of the Reserve bringing down the process turnaround, thus Bank of India, the overall macroincreasing liquidity and fees among other crueconomic stress has been increasing in the cial business parameters. face of heightened risk that is emanating from the global environment. The current, It is crucial to bring in relationship-based intensified global uncertainty on account of pricing since a core transformation is long lingering Euro Zone crisis has implications and intense. It is also vital to find non-inon emerging market economies (EMEs), vasive ways of doing this, with an aim to inincluding India. crease the loyalty effect of customers. Banks, during economic slowdown, are likely A bank also needs to focus on using risk to foresee a rapid decline on lending requests management techniques such as using in the economy - which, to advanced approaches an extent, is mandated by (IRB, AMA) to gain capital “Outsourcing is the best credits and be ahead of the central bank. In such an environment, when its competitors. option if a third party business transactions take Use business intelcan carry out a process a beating, and customligence and data mining that is not vital to ers control their budgetary to find pockets for opcompetitive advantage spends, banks grapple to timization in processes in a better way than the and product innovation survive, if not thrive. There are certain key initiatives through customer behavbank itself.” at the business level and ior. Opting for the aforeat the technology level that mentioned technologies can help a bank beat the melt-down. also benefits in identifying the blue oceans in the middle of the red ones. What should the banks’ Outsource non-critical processes and noncritical infrastructure technology. Adapting to this priorities be? not only aids in focusing on core competencies, While the obvious answer is to focus on the achieving cost and efficiency optimizations, but top-line and bottom-line, the strategy and also in SLAs and enhancing customer service use of technology must also be taken into through strategic outsourcing. consideration. Value would broadly be created by retaining customers longer, by increasing their loyalty - which in turn, directly impacts In-sourcing these initiatives versus the revenues. Some of the following initiatives out-sourcing would help achieve the needed value creation: The challenge of managing diverse services in a networked environment has caused banks Optimize and re-engineer user experiencto introspect on what should be considered as es to bring in the element of loyalty and ease their core skills and primary roles. It is, thus, of use which helps reduce churn and increase important to carefully pick and choose what loyalty effect. initiatives are best carried out in-house and Focus on moving customers to direct which ones are best outsourced. channels and reduce emphasis on brick-and-

VILAS KANYAL, Senior Vice President and Head-Business Development, Emerging Geographies, MphasiS In his current role, Kanyal is responsible for expanding the business and strengthening client relationships in the region. He has provided strategic leadership to business teams in the areas of telecommunications, computer hardware, enterprise applications, software products and consulting services. Some good yardsticks for deciding what can be outsourced are: If a process is vital to the bank’s business and is a primary source of competitive differentiation, then the best option is to adopt the in-sourcing models. Simultaneously, if a particular process helps a bank speed to market, then in-sourcing would be the ideal strategy to follow. It would also be appropriate to perform certain tasks and processes in-house if the bank has the best-in-class talent. Managing the complexity of the multiple technical components is becoming a challenge to most banks. If someone can perform the process better than the bank itself and if it is not vital to competitive advantage, then outsourcing should be the option preferred. At the same time, if the SLA improves through outsourcing at a comparative cost, then it would be pointless to undertake the process/task in-house.

This Interview is brought to you by IDG Custom Solutions Group in association with

Cover Story

IT Strategy

Do it

Riig gh htt

Umesh h Jai J Jain, President and CIO, Yes Bank, shares his insights on what CIOs should watch out for when building their own. By Sneha Jha

CIO: When does it make business sense to take the do-ityourself route? Umesh Jain First, let me explain when it doesn’t make sense. I believe that for applications that are core to business operations or are complicated or standardized, organizations should go for off-the-shelf products. There is no point building your own software for anything that is commoditized and is going to be nondifferentiating. You’d be wasting your time, energy, and effort by re-inventing the wheel. Also, it would shift your focus from your core competencies. But the moment you want to increase your value proposition or add a market differentiator or a feature to enhance customer experience, CIOs could consider building it in-house.

based platform. So, we needed to create dashboards that cater to different roles and requirements. Third, we wanted an action-oriented BI, which means that I can pump a lot of information that requires action. And fourth, it should provide the right information to the right people at the right time—and in the right form. These are the four broad guidelines we laid out for our BI vision. There was almost nothing in the market that came even close to what we needed. Some of the products that came a shade close were very expensive. So, we built our own platform called Kaleidoscope. Today, if I have to single out one of our biggest achievements in the last five years then building this platform would be the most significant one.

Have you tried your hand at building your own? Of course, we did. Two years back, when we envisioned our BI deployment, we wanted a very strong reporting platform. We built one based on four guiding principles. First, it was going to be a democratic platform, which means it would empower and enable people across the organization. Second, it was going to be a role-

What benefits did it provide? One of the major benefits was cost. We rolled out our BI project in 10 percent of the cost of packaged software. Another was competitive edge. Any technology I deploy—off-the-shelf—can be easily replicated by my peers. But the customer experience that I am providing cannot be emulated. So that’s the differentiator in our

F E B R U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/04

2/10/2012 4:37:43 PM

Umesh Jain, President and CIO, Yes Bank, says CIOs who want to take the D.I.Y. route should do so only if it offers a competitive edge.

service and customer experience strategy. And that happens only when you empower your front-line with the right information and customer insights. This is what our BI initiative delivered. Usually, in D.I.Y. projects CIOs are faced with cost overruns that put competitive advantage on the back burner. Why does this happen? Cost or schedule overrun is a norm in the industry and there are scientific ways to minimize them. But unfortunately most organizations fail to follow that science or they try to be overtly innovative about it. When you are doing a white canvas development (custom-built), there are different types of stakeholders involved. These are business users, business analysts, designers, architects, developers, testers, etcetera. Itâ&#x20AC;&#x2122;s very important to document even minute details of their needs. The problem is, at the requirement detailing stage, users assume that developer will read between the lines to write programs that fulfill their needs. Now, what seems obvious to a user might not Vol/7 | ISSUE/04

ring a bell with a developer. This creates a chain of communication gaps. We donâ&#x20AC;&#x2122;t pay enough attention to all the requirements (control processes, reports required, information security and architecture requirements). So you end up with a very skeletal business requirement document, which then translates to very poor code. This invariably leads to cost and time overruns. What should CIOs do to address this problem? There is a way to manage the delivery and supply side of a D.I.Y. project. CIOs should dedicate enough time to testing their product and employing the right amount of skilled people from the time the requirements are stated to the time the project is delivered. The moment users assume that their requirements will be taken care of without it being communicated, the time bomb starts ticking and eventually it explodes when the finished product arrives. CIO Sneha Jha is senior correspondent. Send feedback on this interview to sneha_jha@ idgindia.com

REAL CIO WORLD | F E B R U A R Y 1 5 , 2 0 1 2

2/10/2012 4:37:46 PM

Cover Story

Strategic IT

My Way If you’re on a D-I-Y path, you aren’t alone. Why your global peers from NYSE, KKR and Alcoa find that building their own sof tware makes sense. By Kim Nash Enterprise software has long been available, neatly packaged, for all core corporate functions. And now, in the age of cloud computing, it can be turned on and off like water from a spigot. Outsourcers run our datacenters; technology is for sale at discount warehouse clubs. And still, some CIOs choose to build major software from scratch. Why? Creating competitive advantage is the goal of many IT innovation projects, and in some cases you can’t achieve that without building your own systems. The New York Stock Exchange Euronext and its fierce rival Nasdaq OMX, for example, run custom-built trading systems that they continually tweak for stability and speed. Other companies elect to build software because they must support unique business processes. That is the case for Alcoa, a company that manufactures aluminum sheets that will become products as varied as beer cans Reader ROI: and airplane exteriors. How building software Still others seek to invent new markets in-house gives you a or ways to operate—business ideas for competitive edge which no ready-made software exists. Not Importance of choosing everything in IT is a commodity like a box the right IT staff for building your own of 500 picnic forks. Consumer products

Feature_DIY.indd 44

For Kevin Horner, CIO of Alcoa, a successful software innovation project requires setting accurate expectations of a projectâ&#x20AC;&#x2122;s scope and regularly communicating with staff.

2/10/2012 3:45:13 PM

Cover Story

Strategic IT

distributor Eurpac, for example, built a logistics system to ensure that items like soft drinks and toothpaste reach customers on military bases in Afghanistan, and that these goods arrive still fresh and in good condition. “The [software packages] we saw are very good at making automated business decisions and supporting efficient supply chains in a typical environment,” says Mike Skinner, Eurpac CIO. A war zone, however, “is not typical,” he says. “Packages don’t understand so many exceptions to the rules.” Sometimes, all three objectives lead a CIO to custom development. Private equity powerhouse Kohlberg, Kravis and Roberts (KKR) wrote a business intelligence system to consolidate, harmonize and analyze monthly financial and operations data from the 70 companies it owns in nine industries. The software also generates metrics that cut across these diverse companies, to show how KKR, on the whole, is doing. No vendor offers this, says CIO Ed Brandman, so he had to build it. In general, Brandman says, “The pendulum has swung very hard to ‘Why would you ever want to build anymore?’ It was a major commitment by the firm to allow us to go down that road.” But the payoff is big. Now top KKR executives call the system a competitive weapon. And that is the primary reason a CEO will approve a risky project to write software in-house, says Louis Gutierrez, a consultant at the Exeter Group. “The only thing they want to invest in is something no one else has.” Building unique software is certainly not the main business of KKR, nor of Alcoa, Eurpac or NYSE Euronext. And they learned lessons along the way, including how to overcome the difficulties of forecasting project costs, how to choose the right IT staff for such strategic work, and how much collaboration and confidence managing a custom software-development project requires. “Building is not easy,” says Steve Rubinow, CIO of NYSE Euro¬next. “If it were, everyone would do it and we’d get no edge.”

CIOs must prove that riskier in-house development is worth it, in cost and time savings as well as in competitive edge. 46

Feature_DIY.indd 46

f e b r ua r y 1 5 , 2 0 1 1 | REAL CIO WORLD

Slippery Cost-Benefit Getting approval for a major custom project requires special handling. CIOs must prove that riskier in-house development is worth it, in cost or time savings as well as in competitive advantage, says Exeter Group’s Gutierrez. “It is on this frontier border where innovative companies will always find the need to develop custom code. Not because they want to return to the days of big application-development shops, but because the stuff just doesn’t exist yet to do what you want to do.” And estimating costs and benefits can be like planning a big home renovation—even when you think you’ve accounted for everything, tearing down that first wall can unveil surprises that take your project, and budget, in unexpected directions. When implementing packaged software, even if it requires many modifications, costs are pretty clear. Just add up licensing and maintenance fees, plus the price of associated new hardware, labor, ongoing support and perhaps outside consulting. In a build-your-own situation, forecasted costs and potential returns are unclear because the project likely stretches a company into new markets or enables it to gain a new competitive edge. As Rubinow notes, it’s hard to predict the value of something you haven’t done yet. NYSE Euronext built its Universal Trading Platform with C and Java development tools in 2008. It now sells the system to other exchanges, but at the beginning, Rubinow says, there was no way to put a number on the new business. “You put some estimates and guesses into ROI, but it’s hard to do that. There’s greater risk and greater uncertainty.” Yet systems at the heart of a business sometimes demand customized work, he says. “You can’t buy those off the shelf and expect to be a leader.” NYSE Euronext doesn’t reveal sales figures for its trading platform, but its revenue-generating IT services group brought in $444 million (about Rs 2,220 crore) in sales last year, up from $363 million (about Rs 1,815 crore) in 2009. The exchange remains the biggest in the world, handling trades of 654 billion shares of equities in the United States last year, ahead of Nasdaq OMX’s 475 billion. KKR also expected big returns from its finished product. Private equity investors certainly monitor the financial health of the companies they own, but KKR wanted to go further by applying analytics and proprietary formulas to that data to come up with a more accurate view of the overall performance of those companies. That is, find new ways to interpret financial indicators that are very different in different industries. For example, while inventory turns are key to toy retailer Toys “R” Us, the magic metric for electricity company Energy Future Holdings may be distribution costs as a percentage of overhead. “There aren’t a lot of mega buyout, top-tier private equity, alternative investment managers in the world,” Brandman says. “There are fewer of them who look to manage information the way we manage it.”

Vol/7 | ISSUE/04

2/10/2012 3:45:13 PM

KKR ended up spending $2 million (about Rs 940 lakh) building the system. To estimate expenses before starting the project in 2008, the IT group worked backwards, building a detailed budget, Brandman says. They worked from an estimate for implementing packaged software that, although it didn’t do much of what KKR wanted, was clearly related to the project’s goals. Then came estimates for modifications. Meanwhile, he projected how much time and effort his staff would need if it started from scratch. The team had built smaller projects with Java, MySQL and Crystal Reports, so Brandman extrapolated. Ultimately, he determined that his team could build a system for the same or less money than heavily customizing a package—and it would do exactly what KKR wanted. While $2 million may seem a pittance for a company that manages $61 billion (about Rs 286,700 crore) in assets, Brandman was concerned. In custom projects that aim to create technology that doesn’t exist in the marketplace, he says, “there’s a real risk costs will go out of line.” To help ward off overruns, he kept the team small: Three highly experienced developers and project leaders who had worked together for more than 10 years. They did no other work during development. More than half of the $2 million, about $1.6 million, went to labor costs, Brandman says, including bonuses and other compensation for making the project successful. “They knew this was going to have significant financial benefit if they delivered it. And if they didn’t, there wouldn’t be.”

Staffing Right No matter how tricky the financials are on a custom project, staffing can be more so. The skills needed to plan and carry out the creation of a large, strategic piece of custom software may have atrophied since the days when IT built most of its own stuff, Gutierrez says. Now, however, because CIOs don’t undertake major inhouse development work unless the end product provides a strategic advantage, developers on the project must know more than C or Java, he says. They must understand enterprise architecture, business process management, and the broad business issues facing the company and its competitors. Brandman was lucky enough to have the three trusted senior developers already on his staff. Other companies have to look for new hires. Recruiter Kristen Lamoreaux, president of Lamoreaux Search and a columnist for CIO US magazine (CIO’s sister publication), recently helped a large publishing company find a team leader with those kinds of skills to work on key mobile computing projects the company has planned. The publisher had contracted with outside companies to build multiple mobile applications. But because the company deemed mobile platforms critical to its business, the leadership decided to move development in-house, she says.

Vol/7 | ISSUE/04

Data Mining for Competitive Advantage Unique business intelligence and analytics systems are a popular choice for DIY projects. When CIOs elect to build software from scratch, analytics systems are a popular project. The hope is that companies can find new insight and competitive advantage using data they already have. Kohlberg, Kravis and roberts oberts (KK (KKr) built such a system. It analyzed the private equity firm’s overall financial health by aggregating data from its portfolio of companies. The new system enables managers to react to current events—like unemployment trends—by adding new metrics. for example, the system can look at employee turnover data from all of KKr’s companies, or just a selected slice, and compare those findings to other data points already in the system, says ed brandman, CIO. “When we were making decisions [about starting this project] three years ago, vendors didn’t understand what we wanted to do,” he says. The system won KKr a 2011 CIO 100 award. The award recognizes projects that advance business strategy through the innovative use of IT. business intelligence and data warehouses were among the most popular technologies used by this year’s winners. Louis Gutierrez, a consultant with the exeter Group and a CIO 100 judge, thinks this shows that sophisticated data analysis can differentiate companies. “The very essence of business differentiation and innovation is doing core stuff in new and value-adding ways,” Gutierrez says. Although KKr started with Crystal reports, a reporting tool, and MySQL, an open-source database, developers used Java to write code for the particular kinds of queries and types of data the company wanted to use, brandman says. Kevin Horner, CIO of Alcoa, says custom code yields the most strategic value from business intelligence. When companies augment templates and report writers with unique analytics tools, “The data is all yours, and so is the way you choose to use it,” he says —K.N.

NYSE Euronext views application development as so strategic that it won’t let even small slices of key projects go to outside contractors. “There are very few things in most industries that are a sustainable competitive advantage. They erode. Smart people copy what you do,” Rubinow explains. “We want to be very cautious and make it hard for our intellectual property to leak into another company.” REAL CIO WORLD | f e b r U A r y 1 5 , 2 0 1 2

2/10/2012 3:45:22 PM

Cover Story

Buy-In

Steve Rubinow, CIO of NYSE Euronet, is careful to keep all aspects of unique development projects in-house. “It’s a competitive edge. Smart people copy what you do.”

Rubinow competes for IT staff with Wall Street companies that offer larger salaries. To tap into different talent pools, the exchange set up major IT outposts in Chicago; London; Belfast, Northern Ireland; San Francisco; Paris; New York; and Orlando. Dispersed developers work together using Microsoft SharePoint collaboration software, videoconferencing and source code control software. “There’s no substitute for two guys sitting shoulder-toshoulder and talking out loud to each other. I would want that if I could have it, but it’s not practical,” he says.

Manage Differently Kersi Tavadia, CIO, BSE When Kevin Horner, CIO Alcoa, decides to do custom says of that CIOs who are ultradevelopment, he makes sure hisorteam understands both passionate possessive theirand ideasthe can expected be the business problem about at hand payoff, labeled ascompetitive glory-seekers advantage and such as financial benefits, or not team players. improved customer satisfaction. For Horner and other 48

Feature_DIY.indd 48

f e b r ua r y 1 5 , 2 0 1 1 | REAL CIO WORLD

CIOs, framing the project appropriately at the start and repeating that message to everyone involved helps the work stay on track. Alcoa prefers to buy as much software off the shelf as it can, in part to keep IT costs at 1.2 percent to 1.4 percent of revenue, Horner says. But it will build in the right circumstances. For example, the company has augmented its Oracle manufacturing systems by building and integrating capabilities for needs such as monitoring the quality of the aluminum sheets it produces for the aerospace industry, which are made by a variety of machines of different ages. “The sheet for beer cans has different requirements than the aluminum that ends up being skin for the Airbus 380,” Horner says. Alcoa also builds software to support aspects of its business where it believes it beats rivals, such as in certain metal-refining processes. IT and engineers code

Vol/7 | ISSUE/04

2/10/2012 3:45:26 PM

algorithms that control refining machines, he says. “You don’t just walk into Oracle or SAP or Honeywell to purchase these things.” “This kind of custom work should be focused only on innovation, not just because some department likes to do things their own way,” Gutierrez says. Owens and Minor, a distributor of medical supplies, manages custom development projects differently from those rolling out packaged applications. In 2006, the time came for Owens and Minor to modernize its core enterprise software. The system, a set of products written in Cobol, ran on outdated IBM mainframes. Rather than replace the ERP suite with packaged software, the company decided to move the system to HP servers running Windows. As Owens and Minor’s CIO Rick Mears explains it, by rewriting existing software, 25 years worth of business processes and knowledge would not be lost or require expensive and time-consuming revamping. Craig Smith, CEO of Owens and Minor, estimates the project saved at least $100 million (about Rs 500 crore). That includes vendor fees and avoiding the disruption to operations that is inevitable when moving to a new vendor’s ERP software, with its attendant business and workflow changes. Following some of the precepts of agile development, Owens and Minor developers and project leaders inside and outside IT held quick meetings, sometimes twice a day, to update each other on progress, Mears says. The idea is to be brief; no one sits down. The development group has also converted individual offices to be more open, public spaces that facilitate collaboration and impromptu conversations, he says. Eurpac’s Skinner also advises that, if possible, companies should send application developers to the scene where the software will eventually be deployed or where data for it will come from. He hasn’t sent anyone into Afghanistan because of the danger and travel restrictions, but IT staff have gone to Kuwait and Germany, key staging locations in Eurpac’s supply chain, to observe loading consumer products onto boats and trucks. Here’s an example of the sort of insight such excursions can bring: Eurpac products move out of Germany’s Rotterdam Harbor on the Rhine River. A recent barge accident crippled traffic on the waterway for several weeks, forcing companies to get products onto trucks for transportation by land. “Until you’ve been over there and have seen how the Rhine is integral to our supply chain, you don’t know how important it is to build software that can handle exceptions,” he says. With packaged software, it’s clear how to schedule rollouts—after this module or that suite is tested, for example. With custom software, Skinner advocates an early launch where improvements are made as soon as users give feedback. After all, the team is presumably building the system to change how well the company works. IT shouldn’t

Vol/7 | ISSUE/04

Feature_DIY.indd 49

Developers are often reluctant to release software until every last zero is paired with its one. This can hurt a project’s ROI. be timid about releasing software, even if developers feel more could be done. Developers can be perfectionists, however, reluctant to let go until every last zero is paired with its one. This can hurt the project’s ROI, Skinner says. “Let’s say you envision software that makes you five times more efficient. But if you encourage the group to launch at the time when you’re two times more effective, then you’re living it. Then from there, decide next steps,” Skinner says. The process of building these critical systems has not wed these CIOs to the idea of custom development— or even to maintaining custom code forever. Horner continually scans vendor products for new modules that could replace those Alcoa built. He already intends to evaluate whether to swap out some custom accounts receivable software, which was built in the early 2000s, for a vendor version. “Ten years later, [packaged] software is more mature. We’ll ask ourselves, ‘Does it make sense to take our customizations out?’” In fact, Alcoa is now replacing several custom-built applications from 15 years ago that monitor safety incidents at its factories in real time. “Now we can get that in standard software.” Even within a custom project, NYSE Euronext might buy common components from vendors if it sees no business advantage in building the module, Rubinow says. And mixing in packaged pieces may get the project finished faster, so the company can ride the wave of benefits from a key custom system that much longer. For Brandman, a highly successful project built in-house carries psychological rewards for the development team. “It’s a boost to the staff when KKR has competitors in to look at what the analytics system can do,” he says, adding that the company has turned down opportunities to sell the software. Company founders Henry Kravis and George Roberts themselves lauded the system in public, crediting the development team by name, he says. “That’s a big deal.” CIO

Send feedback on this feature to editor@cio.in

REAL CIO WORLD | f e b r ua r y 1 5 , 2 0 1 2

2/10/2012 3:45:27 PM

VIEW

from the TOP

Vsevolod Rozanov, President & CEO, MTS India, on the Indian telecom market and how IT is helping the company innovate.

IT and Marketing

Break

Convention By Varsha Chidambaram

It takes great grit to be a telecom player in India. The industry throws up everything business hates: Low profitability, bitter spectrum fights, regrettable infrastructure, an exacting regulatory body, high-profile scandals, and a large number of players. So why do telecom companies keep at it? Because of this treasure trove: 700 million customers who still donâ&#x20AC;&#x2122;t have a phone. In 2008, MTS, led by Vsevolod Rozanov, entered India to pursue the great Indian telecom dream. Flamboyant and ambitious, Rozanov put his single-minded focus on understanding the dynamics of the Indian market. Today, he says, he relies heavily on his IT department to bring out those insights and highlight gaps that could get past him. With dry Russian humor, Rozanov talks about how MTS India has strived to turn disadvantages into advantages, and the lessons in the incredible telecom market that is India.

What do CEOs and other C-level executives expect from you? Read all about it in View from the top. Visit www.cio.in/ceointerviews

VFTT_feb2012.indd 86

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

CIO: Telecom is caught in a myriad of problems. Which one affects you the most?

Vsevolod Rozanov: The problems of the Indian telecom industry are constantly being juggled by the media to suit various

stakeholders. Our greatest challenge is sourcing the right talent. (Editor's note: This interview was done before the 2G verdict).Unlike what most people think, telecom is a hightech industry and needs specialized skills sets. There is a huge talent crunch in telecom.

Vol/7 | ISSUE/04

2/10/2012 12:40:32 PM

Photos by s rivatsa shandilya

Vsevolod Rozanov expects I.T. to:

Drive a deeper understanding of MTS’ customers

Help marketing innovate and serve customers’ unstated needs

We have 15 operators today and the talent pool has stretched thin. Attrition is high because of the multitude of opportunities for employees. To develop the right set of skills for telecom, we need to grow and nurture people gradually. But that’s not happening today. This is the major problem area.

that have signed on with us. There still exists a huge opportunity in the Indian market. Given India's overall growth in terms of GDP and the pace of growth, there is still great potential in the number of new subscribers in less developed areas.

Not at all. Every month, we reach a new high in the number of new subscriptions

clarity around the subject. We have the least amount of spectrum amongst all

Can you tell us the biggest What about the slowdown in challenge facing MTS? new mobile subscribers? Is Our biggest grievance is the lack of India's telecom story done? spectrum allotted to us and the lack of

Vol/7 | ISSUE/04

VFTT_feb2012.indd 87

operators. And currently, we are way above the subscriptions-to-spectrum ratio and yet there is no transparency in getting the spectrum we rightfully deserve. The lack of spectrum is affecting the quality of service we offer our customers. It is unfortunate that we need to spend our capital just to keep up our services in places like Mumbai, instead of spending it on mobile broadband or data services. This is indeed very sad, and we demand that we be allotted the spectrum we’re entitled to. We’re making our case to the DOT.

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/10/2012 12:40:39 PM

View from the Top

the market with a voice-only strategy. We changed that two quarters after we launched. The potential of the data business is still very limited and voice still dominates 90 percent of the market.

What do you expect from IT? We need to constantly amaze and amuse customers and you can only do that by understanding customers and innovating to serve their unstated needs. Here’s where IT becomes a game-changer. At MTS, the key focus of IT is to work together with marketing. Understanding the customer, having in-depth analysis of their behavior and future needs, are our main focus areas. Based on these insights, our product development team can offer better services. Take the MBonus initiative for example. It’s an IT-marketing project. MBonus is like a frequent flyer program that offers attractive discounts to customers encouraging them to talk more. Initially, we went with an external vendor to deliver this. But Rajeev (Rajeev Batra, CIO, MTS India) fought for it and brought it in-house. IT did all the development and delivered a much better result than we would’ve expected from an external partner.

Do you have another example of IT-marketing innovation? They recently came to me with a concept for the personification of dongles. Dongles are very different from cell phones. People love their phones but are quite dispassionate about their dongles. The team suggested that if we could create something that went beyond speed, that could provide a cultural and intellectual experience to the customer, they would be more attached to their dongles. I loved the idea. We are now working on some shapes and forms, which haven’t yet reached the market so I cannot divulge more details. As a new operator seeking its way to profitability, we operate with a higherrisk-higher-return approach. If we go the conventional way, we won’t get past our competitors.

Is mobile data doing badly? We never expected a hockey sticklike growth. At this stage that would be irrational. The market is very niche at 5-6 million customers. The data population is 52

VFTT_feb2012.indd 88

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

“We need to constantly amaze and amuse customers and that’s where IT becomes a game-changer.” —Vsevolod Rozanov significantly lower than PC penetration and even less than voice penetration. That said, our data business is thriving. Today, 35 percent of our revenue comes from non-voice sources. While we don’t expect any groundbreaking changes in the near future, we’re performing very close to our potential.

Are there disadvantages to being a pure-CDMA player? There are no disadvantages to being a CDMA player and, in fact, it has served us very well. The only perceivable downside is the limited range of CDMA-enabled devices. We are working a lot with vendors and this state of affairs has improved significantly. We recently launched, for example, a whole new range of CDMA-enabled phones in partnership with Samsung, Google Android and HTC, among others.

In retrospect, would you do anything differently? Looking back, there isn’t much I would’ve done differently, except perhaps entering

How different are Indian consumers from Asian ones? I don’t see much difference between Indian and other Asian consumers. But there is a marked difference between the Indian and European customer. Indian customers are very focused on tariff plans and always make sure they’re getting the best deal. We have to strive significantly more to offer that extra benefit for them to use our services. The Indian market is driven by value. The Europeans are less value-driven and like to stick with brands. Yes, the Indian customer is fickle, but so are all developing economies across Asia. The churn you see in the Indian market is the same as what you would witness in Indonesia, Bangladesh, Russia, and countries in Africa. Another characteristic of developing markets is that they are still mostly growing through pre-paid. Take for example how 95 percent of our customers are pre-paid customers. It will take at least 10 to 15 years for the market to move towards post-paid, in my opinion.

With analysts predicting consolidation, how do you plan to outlast your competition? Our plan is not to outlast but to win. Many people think if they last longer than their neighbor they are a success. Not us. There will certainly be more than two players in India and I assure you of that. What would be interesting to see, in the next few years, is how the competition will thicken in terms of how companies are able to grow and scale to serve this burgeoning market. That’s where we intend to outpace the others. We’re not worried about outlasting. CIO Varsha Chidambaram is senior correspondent. Send feedback to varsha_chidambaram@idgindia.com

Vol/7 | ISSUE/04

2/10/2012 12:40:43 PM

CUSTOM SOLUTIONS GROUP DELL

CIO 2 CIO

IT is No Longer Seen as

A Cost Centre

Niraj Godiwala from Future Capital talks about how IT has become an integral part of a business and it is essential to optimize IT resource use and increase energy efficiency.

What are the challenges unique to the BFSI sector when it comes to managing data and storage? Increasing regulatory requirements along with concerns over security and privacy are driving financial services organizations to automate their complex business processes to increase operational efficiency, and deliver superior product quality. The sheer volume of data and strict regulations means that there is a need for an effective mechanism to store, deduplicate, and manage rapid data growth without using much storage space. In many financial service organizations documents are stored in different departments and this content is not leveraged across the entire organization, resulting in loss of time in information retrieval, duplication of content, increase in turnaround time etc. For instance, at Future Capital, we deal with hundreds of cases every day and we need to collect and manage content, collaborations, policies, and so on, related to the case throughout its entire life cycle. So having an efficient data storage infrastructure is critical.

programme to achieve this. CFI can load our Dell’s energy smart servers, which help us to proprietary software image onto the system’s reduce server power draw and the resulting hard drive right in the factory, so the desktops system heat. These servers provide additional and laptops come ready to plug in. This helps gains in both power efficiency as well as perour IT staff from configuring individual sysformance per watt, helping us to maximize tems, thus saving resources and time. Also, server resources. Making changes to current having the hardware installed and configured infrastructure is expensive and difficult. Hence at one time, in one place, we wanted to proactively presents many benefits plan and ensure greater such as standardization levels of energy efficiency. Keeping up with and high dependability. the rising costs of What are the trends energy and space that will shape the BFSI inWhat are the yardsticks constraints were two dustry in the near future? that can help CIOs meakey challenges that we It is clear that technology sure IT’s Performance? CIOs are all too familiar hoped to overcome with led innovation has been a key factor in growth and with the difficulty of deterour server refresh. value creation in the bankmining IT’s value. Measureing and financial industry. ment of IT is complicated Earlier, the management by the fact that so much of used to look at IT as a cost centre, but this its value comes from intangible benefits that is not the case anymore. Today, most banks are nearly impossible to quantify. While highly offer internet banking facilities such as payquantitative ROI measures is one way to meament of insurance premiums, phone, elecsure IT’s performance, small benefits such as tricity and other utility bills. The next wave reduction in the number of rack space used would be the enabling mobile and internet in hosted environment can also be used to banking for everyone and giving them easy measure IT’s performance. At Future Capital, access. Also, SMS gateways are also being we optimized to use virtualization technology used extensively to send messages from the to cut down the number of servers from 42 to head office to branch offices and field staff. five. This helps us to save on rack space, for This has helped top executives to communiwhich we are charged on a yearly basis. Intancate easily with the field staff and reduce the gible benefits are elusive and almost limitless, response time for new customers. with examples including enhanced reputation, increased competitiveness, integration across organizational processes, improved customer This Interview is brought to you by IDG Custom Solutions Group relations, higher levels of innovation, and new in association with workforce knowledge and skills.

How has Future Capital increased efficienciy in its IT infrastructure? One of the most efficient solutions that we have implemented is ensuring that all the computers across our branches have the same version of the same software. We have used Dell’s Custom Factory Integration (CFI)

You recently refreshed all your servers. What were your key considerations while doing so? Keeping up with the rising costs of energy and ever present space constraints were two key challenges that we hoped to overcome with our server refresh. Hence we chose to go with

NIRAJ GODIWALA Deputy Vice President, IT Infrastructure, Future Capital Holdings Future Capital is a provider of financial services across consumer and wholesale businesses, with aspirations to grow into a significant financial conglomerate.

Securing the

Daisy Chain By Stacy Collett

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Feature_daisy_chain.indd 50

Contracts aren’t fail-safe. Here’s how to guard your data as it travels among cloud providers and their subcontractors.

Vol/7 | ISSUE/04

2/9/2012 6:15:24 PM

know the data security requirements of large enterprises and are happy to oblige. Executives at one large Fortune 500 company thought they “Most of the larger cloud service providers have gotten SAS knew, but a routine audit of their cloud provider uncovered a 70 audits and ISO 27001 [security] audits in response to large serious problem. “The cloud provider that we thought we had businesses,” says John Pescatore, an analyst at Gartner. became merely a shell, and it outsourced the provision of the Google and others have even established dedicated US-based service to an offshore company that no one had even heard of,” datacenters for government customers in order to comply with federal mandates that require government data to be stored recalls Brad Peterson, counsel for the company and a partner in the Chicago office of Mayer Brown. domestically. The move helped Google win a contract to provide Fortunately, the problem was discovered and there was no harm hosted e-mail service to the US General Services Administration; done, but there might have been serious consequences if it hadn’t been it was the first agency-wide federal cloud e-mail deployment. addressed. “We deal with companies with hundreds of thousands of Still, security and compliance concerns are the top two customers. If a data breach can cost $400 to $500 (about Rs 20,000) inhibitors to the use of cloud-based services, according to a 2010 per customer record and you lose 100,000 records, you’ve got a huge Gartner study. Some 42 percent of survey respondents cited exposure,” says Peterson. security, privacy and compliance as major concerns, though that’s With some cloud computing providers outsourcing underlying down from 49 percent in 2009, Pescatore says. parts of their services to subcontractors, who may in turn outsource Sophisticated providers of software-as-a-service (SaaS) to others, do you really know who has your have clauses dealing with data security in their company’s data? Industry insiders offer advice on contracts, Peterson says. “They understand Reader ROI: how to ensure that every company in that daisy customers’ needs and provide hybrid offerings to How safe is your data in chain is protecting your information. address security concerns better than you might the cloud be able to address them internally,” he says. Better and cheaper options Security Haves and Have Nots Contracts will usually give clients the for cloud security Major cloud computing providers, such as opportunity to do the due diligence and spell When to use a utility vendor and a cloud provider out where data can be transferred and stored. Google, Salesforce.com, Amazon, and Microsoft,

Vol/7 | ISSUE/04

Feature_daisy_chain.indd 51

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

illustrat io n by VIKAS KAPOOR

It’s 2 p.m. Do you know where your cloud data is? Really?

2/9/2012 6:15:26 PM

Cloud Strategy Providers will give customers the right to approve subcontractors that will have access to their data and describe how they will respond to security incidents. They will also agree to give the customer the right to sign off on any changes before they are implemented, whereas a utility service provider may make changes and inform the customer afterward. Cloud service providers will also have procedures for properly destroying data at the end of a contract. They will accept meaningful liability for their own breaches. Finally, the provider will give the customer audit rights “so they can verify that the provider is keeping its promises about your data,” Peterson adds. That’s the best-case scenario. But what happens when a department within your company seeks cloud services on its own? “There’s a tremendous amount of cloud outsourcing going on in major corporations where departments buy a cloud service over the Internet using a procurement card,” perhaps to test new applications, Peterson says. “That sort of sourcing may be the majority. In those cases, it may be an unsecure service [provider], but one hopes that central IT has categorized its data well enough that critical pieces are not going outside.” In such cases, and in situations where a company is dealing with smaller or newer SaaS companies, “you still have [some vendors] who won’t tell you where your data is or who you’re subcontracting to,” Peterson says. In the case of the Fortune 500 company, the fact that the vendor was outsourcing some services didn’t amount to a breach of contract because the cloud provider had cleverly stated that the services would be provided by it and its providers says Peterson. There are ways to use less-expensive, consumer-grade cloud services and keep data safe, Pescatore says. For starters, companies are beginning to deploy cloud-based security-as-a-service offerings to add features such as encryption, Web access and authentication.

The Best Defense

The Cloud Exit Strategy

whether planned or unplanned, say industry watchers. “Some of the big cloud providers feel like once they ‘onboard’ you and they have your data, they kind of have you by the back of the neck,” says Lou Guercia, CEO of Scribe Software, a Manchesterbased provider of hosted and on-premises data integration systems. “When it’s time to renew, that’s a piece of leverage

Standard cloud service contracts often don’t require the vendor to return your data to you at the termination of the agreement, says attorney Brad Peterson, a partner in the Chicago office of Mayer Brown. “If you rely on that data, it’s a real problem. If you think about some of these small companies 56

[that run their entire IT systems in the cloud], they could go out of business tomorrow,” he says. And if a service provider goes bankrupt, “the courts could take months to decide whether to give back your data.” Companies need to keep data secure—and accessible—until its exit from the service provider,

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Feature_daisy_chain.indd 52

Industry watchers agree that encryption is the best way to secure data no matter where it goes. Even the most sophisticated service providers can’t prevent attacks by determined hackers, but encryption could help. Pescatore points to several recent incidents where hackers infiltrated servers and stole passwords and then tried those same passwords on Gmail accounts. “By hacking your password in one place, and [discovering that] people were using that same password in Google mail, they were able to publish tens of thousands of corporate e-mails on the Web,” he says. “If I want to use Amazon’s cheap S3 storage service, but I don’t trust them to protect my data, I can feed my data through [a cloud security provider]. It’s encrypted in the cloud, and then it’s stored at Amazon in the cloud,” Pescatore says. “Amazon never sees the keys, and there’s no risk of the data ever being exposed at Amazon.”

Access Denied When an employee leaves the company or a contractor’s engagement comes to an end, you need a way to completely discontinue their access to your data. New cloud-based identity and access management tools are designed to do just that. Cloud-based services from vendors such as Okta and Symplified federate identities across all of an enterprise’s hosted services. If an access change is required, the service makes the change across all of the cloud providers. For example, these tools can be used to terminate Contractor A’s access and grant access to Contractor B. In the near future, more and more cloud providers will offer this as part of their service, says Jonathan Penn, an analyst at Forrester Research. “Salesforce.com already allows you to encrypt certain columns of data, but they still aren’t managing that,” he says. “If you want to manage the keys, then that will be another level [of service].”

that a service provider has— because they have your data.” With data integration services such as Scribe’s, enteprise customers get local, real-time updated records of everything that’s happening in a cloud application. To make it possible for users to see those records, cloud software vendors can write a “connector”—a task that should take one developer

Vol/7 | ISSUE/04

2/9/2012 6:15:28 PM

Cloud Strategy In a 2011 Forrester survey, more than 2,300 US and European companies were asked how they would prefer to handle data security for the cloud or SaaS. Some 29 percent of the respondents said they would prefer to have security embedded by the service provider, and 11 percent said they would prefer to seek an addon service from a security-as-a-service vendor. And 24 percent of respondents said they would like security tools that they could implement themselves.

Web Security Many companies use multiple cloud service providers, and their employees and even customers may be able to access all of their data via browsers on their home PCs or smartphones—creating a potential security risk. Smaller vendors offer Web security in the cloud to control data access. These services sit in front of the cloud services a company uses. If an employee tries to access a SaaS site, the information flows through the Web security service, which authenticates it and can audit the data the user is sending out or retrieving. This type of service is becoming more common, says Pescatore.

Cost Considerations Procurement costs may look lower when buying a commodity cloud service and then adding one or more security layers, but don’t forget to account for manpower and management time. Gartner reminds its clients that procuring IT systems in the cloud involves many of the same challenges as any other method of acquiring IT tools. “The more vendors you have to manage, the more management time and mature management process you will need,” Pescatore says. “Many smaller organizations without mature vendor management processes are better off looking at a specialty provider than commodity storage. Your people time and management time are going to be lower with a specialized service provider.”

about a month. With a connector, “whatever data is running in their cloud can run on top of [the data integration service]—and get that local copy of their data regardless of the application,” Guercia says. Today, vendors are more concerned about their reputations than they are about “squeezing a little revenue out of somebody” by

Vol/7 | ISSUE/04

Feature_daisy_chain.indd 53

holding data hostage, Peterson says. But that could change. The cloud is a new phenomenon, and most contracts haven’t been up for renewal yet. “But as the industry matures and begins to consolidate,” says Peterson, “people might start to think they’ve got to grab every bit of revenue they can. It could get ugly.” —S.C.

Easy Tips Finding a cloud vendor that can keep data secure doesn’t have to be a complex or expensive process. For instance, just look for a SaaS provider that has substantial assets or stands to lose a lot if its reputation is compromised, Peterson says. “At least they have a big name, and they care about their reputation,” he says. You should also look for service providers that have security certifications such as SAS 70 or ISO 27001, Pescatore advises. Then ask questions to learn, for example, where they store data and where they keep backups of data. And read the contract. “If it specifically disclaims things like ‘data security’ or makes specific statements such as ‘user shall not place highly confidential or private data on this system’… that means they’re not intending to protect it,” Peterson says. Once the decision is made to use a hosted service, “be highly conscious of what data will be part of what you’re sending to the cloud provider,” he says. Don’t send test data to an unsecure provider and then add production data to the site without considering security. Even with smaller vendors, it doesn’t hurt to ask for extra security guarantees. “If you have a sufficiently large deal, these contracts are negotiable and providers are willing, because they know it’s a key to greater revenue with large clients. Most are willing to offer valuable protection—but not all of them,” Peterson says. “Use [utility] service providers when it’s appropriate” for less sensitive data, “and pay a little extra for a service when a utility service is not appropriate.”

Down the Road As the cloud continues to mature, so too will security standards. New standards for cloud security are emerging with help from organizations like the nonprofit Cloud Security Alliance, ISO and other groups, Pescatore says. Gartner believes that by 2015, companies will start to see many more cloud services that are “business strength” and secure enough for the most regulated users, including government agencies and banks. However, between now and 2013, Pescatore cautions, “any enterprise that’s putting customer, financial or other sensitive data out in the cloud is going to have to add some additional security capabilities to the mix or use some very specialized cloud service providers that offer that specialized cloud security.” Forrester’s Penn offers some encouragement. “[SaaS providers] may not be perfect, but your own environment isn’t perfect. Let’s not try to compare it to the ideal but to reality,” he says. “We’re not outsourcing it specifically for security, although eventually I think that security will be a driver because those big providers are going to have better security than you have. We’re looking at a lot of other business drivers here—agility, flexibility in terms of TCO and pricing models. It’s a matter of understanding all the risks but also putting them in context to the business value.” CIO

Stacy Collett is a Computerworld contributing writer. Send feedback on this feature to editor@cio.in

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/9/2012 6:15:29 PM

casefiles real people

* real problems * real solutions

Springing to

Action

Why more manufacturers should follow this spring manufacturer's bid to increase efficiency using IT—and the MBA who’s made it his mission to help them. By Varsha Chidambaram

Ph oto by sujith sujan

Complacency is a vice Stumpp, Schuele & Somappa Springs can afford. It is, after all the Schumacher of spring manufacturing in India, with a market share of over 50 percent. But as its executives like to say, SSSS didn’t get to the top of the heap by being complacent— and it certainly wasn’t going to start slacking now. For the unfamiliar, the Rs 250-crore company manufactures springs for the auto industry that go into everything from suspension valves to seat belts. The company produces the critical components which ensure your brakes work when a lost puppy wanders into your path or that your daughter is firmly strapped to her seat when your car goes over a ditch. Ones of the earliest spring manufacturers in India, SSSS’ client list—ranging from Hyundai to Harley Davidson—reads like the who’s who of the auto world and extends to textile and white goods manufacturers. Yet, the truth is, the big daddy of Indian springs wasn’t entirely ready to take on the future. The company, which represents the wisdom of old-school values, was also enslaved by them. Underneath its hood lay process inefficiencies, an over-dependence on manual processes, and a 30 year-old IT set-up in dire need of a do-over. If SSSS wanted to keep leading the industry, it would need to take IT more seriously.

Bouncing Forward on IT The wood-paneled corporate headquarters of SSSS, in Bangalore’s posh Koramangala district, sits adjacent to its sparklingly clean manufacturing unit. It’s easy to be

Case Files.indd 56

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/04

2/21/2012 2:58:31 PM

impressed by the company’s buildings, but Sri Karumbati, CIO, SSSS, knows where the company’s real money spinners are located. “Our machines are our assets. They are the ones making us money, not our buildings. It was important to monitor their efficiency, because what gets measured, gets managed,” says Karumbati. While the productivity of SSSS’ expensive machines was measured, there was a large scope for improvement—which also meant SSSS wasn’t using its machines optimally. Before Karumbati came along, SSSS kept track of the productivity of its machines manually. During a shift every operator was tasked with monitoring his machine on what SSSS called a yellow card. Information like how many times a machine was stopped, for how long—and why—found it’s way on the yellow card. But with several tens of machines in each of its 12 plants, that added up to a lot of paper. Which made it close to impossible to monitor how long a machine—even the ones imported at great cost—was idle and unproductive. Neither did this approach allow SSSS to fix recurring downtime problems. There were a number of reasons why a machine was idle, including power outages, an operator forgetting to line up enough raw materials, or a machine being reset. But without the ability to collate data easily, executives weren’t able to tell—often and accurately—the major reasons for downtime—and therefore weren’t able to fix chronic issues at regular intervals. Worse the business with the yellow cards allowed machines to stay offline longer than was necessary, because an operations manager couldn’t rectify a problem until someone picked up the phone and told him there was one. “We could add more machines to keep up with demand—at huge capital expense—and not be sure whether we really needed to. We knew there was idle capacity in our existing plant, but we didn’t know precisely how much,” says Karumbati.

Vol/7 | ISSUE/04

Case Files.indd 57

“What separates good companies from the rest is the importance they give to IT,” says Sri Karumbati, CIO, Stumpp, Schuele & Somappa Springs, who admits he doesn’t have an IT background.

What SSSS needed, Karumbati knew, was an MES (manufacturing execution system), which would ensure its spring machines were monitored by a software. The solution counted the number of springs manufactured and when it was off and why. The system consists of a piece of hardware that sits on a spring machine, through which machine data is fed into a software backend. The device on the

spring machine allows an operator to choose from a short list of reasons for downtime, ranging from a tea to a power break. The application is browser-based and can be accessed via the Internet using any device. It can tell supervisors, operational heads, and senior management—in real time—which machines are not online— allowing them to fix problems faster. And

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/21/2012 2:58:35 PM

Case File | Stumpp, Schuele & Somappa Springs

it can create longer-term reports which could help executives pick out machinesthat weren’t being used optimally—and, more importantly, why. Within a month of the project’s launch, Karumbati began to see patterns emerge. Of the three shifts SSSS runs (6AM-2PM, 2PM10PM, 10PM-6AM), the third—the night shift—almost consistently produced lower numbers. This was something management had suspected but the numbers were worse than they had expected. “The reports helped us make some very pertinent decisions relating to the shop floor and the operators,” says Karumbati, who is not comfortable getting into the reasons behind the lower productivity numbers. As a result of those decisions, Karumbati reports, that the MES project has improved machine uptime at SSSS by 20 percent. “The system has brought in a new degree of accountability and transparency and weeded out some inefficiencies like extended periods of downtime,” says Sudhakar M., VP-Operations, Stumpp, Schuele & Somappa Springs. “The MES had significantly improved the uptime which has helped us service our customers better. Our goal is to achieve 75 percent uptime.”

(L) Sudhakar M., VP-operations, and Sri Karumbati, CIo, Stumpp, Schuele & Somappa Springs, say they have a long road ahead of them—together.

Case Files.indd 58

f e b r u a r y 1 5 , 2 0 1 2 | rEAL CiO WOrLD

“the system has brought a new degree of accountability and transparency and weeded out inefficiencies like extended periods of downtime.” —Sudhakar M., VP-operations, Stumpp, Schuele & Somappa Springs

It also begun to help management make proactive decisions that directly affected the bottom-line. For example, on a day SSSS was producing a low number of orders, operation executives could plan which machines to run for just two shifts, doing away with a third shift and its associated costs. “Today, I can sit in my office, browse through these reports and take necessary actions,” says Sudhakar. The project is only in its first phase covering 30 machines in the Bangalore plant. But there’s a lot more to come, says Karumbati, both in terms of the number of machines MES will cover, and the benefits it can bring SSSS. For example, says Karumbati, MES numbers could be the basis on which incentives are created. Or it could help SSSS create more traceability among the 1.5 million springs—in 4,000 variants—that it produces everyday. (Traceability is an important offering in the

auto sector and especially useful if an OEM is forced to recall a specific batch of cars with defective batch of springs.)

Follow Up, Follow Through The MES project was a technological challenge, given that Karumbati and his team had to find ways to plug into the expensive machines without the help of the original vendors. But, although Karumbati plays it down, there were leadership challenges too. First was building respect for an IT system in a hard-core manufacturing set-up—in which the same project had failed before. The last time SSSS had decided to try something similar, says Karumbati, it had backfired. Although the project was before his time, Karumbati asked enough questions to figure out that the failure was due to a flawed solution and a lack of follow-through— mistakes he vowed he wasn’t going to make. So the first thing he did was pick out a suitable solution and partner. The last project had failed, he says, because of the halfhearted commitment of the vendors and SSSS’ inability to extract better service. “Most mid-tier vendors behave like technology providers—not solution providers, says Karumbati. “They come in with their tools, put in a product without understanding what the company needs, and walk off before the benefits are realized.” Karumbati insisted on a long-term commitment from his vendor. The partner he chose, Optibiz, was someone Karumbati had worked with from his time in the US. He convinced Optibiz not only to set up shop in India, but to also tailor its solution to meet the specific needs of SSSS. His relationship with Optibiz also ensured that SSSS avoided significant cost and complication associated with engaging

Vol/7 | issu E/04

2/21/2012 2:58:41 PM

Case File | Stumpp, Schuele & Somappa Springs

an external consultant. To lower the cost of the project further, Karumbati spent months scouting for a local hardware vendor with the right offering and the right price-point. Karumbati also ensured that the reports the MES project produced were taken seriously at executive meetings and that improvements were made based on them— putting operations in the limelight. “I was both scared and excited,” says Sudhakar. But this couldn’t have been easy for Karumbati either: He was new and could easily be seen as someone overstepping his boundaries. Yet he persevered, encouraged by the support he received. “The technology is just a tool. What we do with these reports and the insights we derive are what will impact the top line,” he says. “For example, the reports pointed out that 18-20 percent of our capacity was being underutilized. That was a clear sign that our sales guys needed to get out there and bring us more business.”

Indian Spring For Karumbati, the MES project represents only a small first step. But it’s in the right direction and he’s ecstatic it’s been made. Ecstatic isn’t a term you would associate with the mild-mannered and composed Karumbati. But then the MES project is the start of a larger dream he’s been chasing for some years: To improve Indian manufacturing’s efficiency using IT. “What separates good companies from the rest is the importance they give to IT,” says Karumbati, who openly admits he doesn’t have an IT background. Karumbati is an MBA who spent years working with auto power houses in the US. During his time there, Karumbati says he heard first-hand the poor reputation Indian manufacturers suffered from, especially when they compared to their counterparts from China and Brazil. "Indian suppliers operated at lower productivity and had challenges with quality, cost and delivery. Besides, many processes were still paper-based,” he says. That was a reputation he wanted to fix.

So when he returned to India, he was dismayed with the general lackadaisical attitude towards IT that Indian manufacturers had. That’s until he met Ravi Machani, joint-MD, SSSS, at an ACMA meeting. An ex-SAP expert, Machani shared Karumbati’s vision to uplift the industry using IT. Soon enough, he asked Karumbati to join onboard and start the process of change beginning with the MES project. Karumbati isn’t stopping at SSSS. As an active member of ACMA, he’s a recognized face in auto forums; championing the need for IT-enabled business transformation. Following the success at SSSS, he is determined to spread the story across the industry volunteering to help them make a similar shift. “Today, IT is being limited to an e-mail service and a rudimentary ERP. Everything else is considered to be too complicated and expensive. We need to step out of this mindset and embrace change,” he says. CIO Varsha Chidambaram is senior correspondent. Send feedback to varsha_chidambaram@idgindia.com

Read More case studies Online Raheja Group Simplifies a Tricky Virtualization Project A case study on Virtualization in Hospitality

Genotypic Technology Puts its ERP on the Cloud A case study on Public Cloud in Pharma & Healthcare

AstraZeneca Empowers its Sales Force with 800 Netbooks A case study on Wireless Security in Pharma & Healthcare

SevenHills Healthcare Gets a Digital Dose A case study on IT spending in Healthcare

Dial, Listen, Play on the Cloud A case study on Cloud Computing in IT Services

www.cio.in/casestudies

Case Files.indd 59

2/21/2012 2:58:41 PM

casefiles

Suzuki Motorcycle India

Suzuki Motorcycle India takes a hard look at its manufacturing line and weeds out manual processes. Angshuman Roy, Manager-IT, Suzuki Motorcycle India, cut frame and engine number mismatches from 10 a day to zero.

Case Files.indd 60

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

The Organization: Suzuki Motorcycle India is riding hard on a growth highway. But if it wanted to do better than the 40,000 twowheelers it manufactured in 2011—and still keep customers happy—it would need to do away with some manual processes. The Problem: Every Suzuki bike comes with a unique frame and a unique engine number. Once these numbers are paired, they become part of a bike’s identity, and hence, have to stay linked. The problem was that, sometimes, engines needed

By Debarati Roy

to be dismounted from a frame and sent back for repairs—after they were paired at the invoicing stage. And because Sukuzi relied on a manual process to couple the two, when an engine came back from repair an operator could mistakenly mount it on the wrong motorcycle. “The finished product is a perfect bike, but a customer wouldn’t be able to register it (because of a frame and engine number mismatch),” says Angshuman Roy, manager-IT, Suzuki Motorcycle India. The Solution: To get around that problem and other manual processes, Roy and a team from production, quality, and dispatch put their heads together. “After three months of brainstorming, we divided the production process into six steps and decided on the level of automation and integration needed,” says Roy, adding that this was a larger project meant to bring multiple benefits. They also figured that an operator re-mounting an engine depended on a piece of paper—or his memory—to ensure that the right engine was paired to right frame. Although both engines and frames had barcodes on them, these were not used for the manufacturing process but for the invoice team, which used them to couple an engine to a frame. They decided that engine

and frame numbers needed to be coupled earlier in the manufacturing process—at the point when an engine was actually mounted on a frame. This would safeguard the engine-frame identity downstream— including when engine was dismounted and sent back for repair. The team also decided that the barcodes should be used by operators within the factory. Then by introducing a scanner at the point when an engine was mounted on a frame, Roy ensured that a pairing was created early in the manufacturing process. He also gave scanners to operators who were responsible for re-mounting engines. So now if an operator wanted to know which frame an engine belonged to, all he had to do was scan the engine’s barcode and he would be pointed to the right frame. The Benefits: The project had an immediate effect. The number of compliants from the production team because of mismatches reduced from about 10 a day to zero. “The human intervention and error factor has been reduced to zilch and we have cut out any possibility of losing, misplacing or damaging information by cutting out the dependency on checklists,” says Roy. CIO Debarati Roy is correspondent. Send feedback on this feature to debarati_roy@idgindia.com

Vol/7 | ISSUE/04

2/21/2012 2:58:50 PM

ANALYTICS Build on your future.

SAS® Analytics help you discover innovative ways to increase profits, reduce risk, predict trends and turn data assets into true competitive advantage. Decide with confidence.

Scan the QR code* with your mobile device to view a video or visit sas.com/india/build for a free Harvard Business Review report.

For more information please contact Jaydeep.Deshpande@sas.com.

*Requires reader app to be installed on your mobile device

SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. © 2011 SAS Institute Inc. All rights reserved. S75378US.0611

casefiles

IndiaFirst Life Insurance

By the time IndiaFirst Life Insurance entered the sector, established insurers had already gone online. It did too, but with a twist. The Organization: As the country’s 23rd insurer, IndiaFirst Life insurance has had a lot of catching up to do. And catch up it has. Within 500 days of launch it roller-skated its way to cross the Rs 900 crore mark in new business premium—a key indicator in the industry. Launched in November 2009, the company today covers over 1.2 million lives across 1,000 cities and towns in India. The Business Case: Initially, the insurer focused on the bancassurance model but it realized that in a fiercely competitive insurance sector, that strategy wouldn't suffice. For the company to hold its own, it would have to cast a wider net and improve customer satisfaction. Getting online, like every other insurance company, would only get IndiaFirst so far. But providing its customers with a never-hadit-before experience could set it apart.

Case Files.indd 62

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

So when the company’s CTO, Vinayak Khadye scripted an online strategy, customer experience featured as its protagonist. He launched LifeStore—an online platform where customers can understand insurance policies, buy them, and also get serviced. But that would only make IndiaFirst join the bandwagon—not give a competitive edge. The Project: To do that, Khadye decided to enhance customer experience. He designed LifeStore as a do-it-yourself platform where customers compare insurance policies, pick the one they want, and buy it online. That means, at no point do customers have to deal with intermediaries or insurance agents—a luxury most players don’t offer. Also, for most insurance companies, the online medium is an alternative channel to sell insurance. Not for IndiaFirst. “LifeStore is not an offshoot of our brick and mortar. We treat it as a standalone entity and hence it is focused on providing end-to-end sales and service support to customers,” he says. To provide that end-toend support, Khadye has introduced an online live video chat facility with the company’s representatives. These reps act like insurance advisors and guide customers to pick a policy that suits them—a feature that’s soon going to be available 24/7.

* By Sneha Jha

Vinayak Khadye, CTO, IndiaFirst Life Insurance, gave his organization a competitive edge by setting new benchmarks for online insurance.

That's unlike most insures who only have text chat. The Benefits: LifeStore has offered a plethora of benefits to IndiaFirst. It has helped the private insurer bring a unique value proposition to its customers. “We wanted to bring three core values to the table—simplicity, efficiency and transparency. LifeStore has helped us attain these three business values and weave them into our philosophy of customer centricity,” says Khadye. Another benefit is the amount of information available online for the customer. "Customers can view important data and

statistics which will give them an insight into the company’s internal BI. They can now know, for example, which IndiaFirst product is leaping high in premium collection.” One of the biggest benefits is that because there are no intermediaries, the company saves costs on distribution commission. And, over the next six months, IndiaFirst hopes to witness a five-fold increase in the number of policies it is selling online. It's evident that IndiaFirst hasn’t just caught up, it has gone a few steps ahead. CIO Send feedback on this feature to sneha_jha@idgindia.com

Vol/7 | ISSUE/04

2/21/2012 2:58:59 PM

AN IDG CUSTOM SOLUTIONS INITIATIVE IN ASSOCIATION WITH

TRANSFORMING BUSINESS THROUGH JUDICIOUS APPLICATION OF IT

PLUS In order to be at the forefront of the ‘power revolution’, Chhattisgarh’s power utility companies needed to adopt an integrated view of their enterprise work and asset management. This helped them increase efficiencies, reduce costs and deliver substantial value to its customers.

INTERVIEW Ajit Panicker, Global Head for IT Infrastructure, Cox & Kings says a sound infosec policy is a must to support the growth aspirations of the company.

TRANSFORMERS CASE STUDY

Company

Chhattisgarh State Power Distribution Company Limited (CSPDCL)

Industry

Power Utility Company

Offering Power distribution

IT POWERS INDIA’S ‘POWER HUB’ In order to be at the forefront of the ‘power revolution’, Chhattisgarh’s power utility companies needed to adopt an integrated view of their enterprise work and asset management. This helped them increase efficiencies, reduce costs and deliver substantial value to its customers. Here is how they did it.

CUSTOM SOLUTIONS GROUP TATA CONSULTANCY SERVICES

he Swami Vivekanand Airport, just 15 Kms from Raipur City, is set amidst what looks like a dense forest. This would not surprise anyone who knows CSPDCL that almost fifty percent of Chhattisgarh is covered with forests. This makes it among the was the greenest states in India, contributing to 12 percent first Power Distribution Utility in of forest cover. Apart from being a green state, Chhattisgarh also ranks second in coal production the country which implemented by contributing over 18 percent to the total national SAP Solutions for billing, and production. As a result, the state can now boast WAN across the state.” of having one of the most reliable power supply systems. The state has, therefore, become the SUBODH KUMAR SINGH most favorable destination for entrepreneurs to set Managing Director, CSPDCL power intensive Industries. These facts were both - a cause of concern as well as pride for the management of the erstwhile Chhattisgarh State Electricity Board (CSEB). While other states faced acute power shortages, CSEB, centralized server based-IT Solution. This involved was among the few state electricity boards that was creating a wide-area network covering all the not only profitable but also had a power surplus. offices spread across the length and breadth of This was because it had large coal reserves, and the the state. The management decided on an ERP fact that it is situated in the middle of the national solution to integrate all available modules and power grid, made it an ideal location for settingto computerize its business functionalities. This up coal pit-head based thermal power plants. The made it the first Government Power Distribution management was aware that, for Chhattisgarh Utility in India which implemented SAP Solutions to be at the forefront of the ‘power revolution’, for billing. However, this journey was not easy. it had to provide quality power on-demand to all its consumers, and to develop electrical infrastructure in remote areas as well. To achieve NEED FOR CHANGE this, the company needed to adopt an integrated According to Subodh Kumar Singh, Managing view of its enterprise work and asset management Director at CSPDCL, the board was previously using to increase efficiencies, reduce costs, enhance software developed on COBOL and Sybase for its regulatory compliance and deliver substantial billing, stores and finance accounting, and pay-roll. value to its customers. The software was running on In the event of Power Sector a de-centralized, standalone reforms, Chhattisgarh State mode and was operated from Electricity Board (CSEB) a few circles and division was unbundled to five power headquarters. This resulted in companies in January 2009. accumulation of billing data at Square KM is the area This was the Generation the billing centers which led served by the power Company, Transmission to delay in issuance of bills. utility company. Company, Distribution Also, the various modules Company, Trading Company, were operated without any and, for the supervision, mutual integration. Patch coordination and facilitation Management, such as of the above four companies, incorporating tariff directives villages covered under the Holding Company. The and other software changes distribution company, which o n a l l t h e co m p u t e r s intensive was called the Chhattisgarh simultaneously, was also electrification State Power Distribution extremely difficult for the IT scheme. Company Limited (CSPDCL) team at CSEB. They were not decided to implement a able to make any changes in

1,35,191 9942

TRANSFORMERS CASE STUDY

the legacy software as the source codes were not available with CSEB, after the state was bifucirated from Madhya Pradesh. “Lack of security was also a major concern as the legacy system did not have role-specific security features leading to malpractices by the users. Other limitations included data backup being limited to only a couple of months. It was time for a complete overhaul as the hardware and software were obsolete. We decided to go in for an integrated solution in a centralized environment. ERP-SAP was the best solution to integrate all available modules and computerize its business functionalities,” he added. CSPDCL implemented SAP in the year 2005 with the implementation of modules such as IS-U/CCS (LT & HT Billing and Customer Care), MM (Materials Management), FI-CO (Financials – Controlling) and HR.

CHANGE MANAGEMENT AND OTHER CHALLENGES For many, starting almost from scratch can be a blessing in disguise. But for CSEB, this meant that they had to set up their IT infrastructure, and their foray into unknown territory was going to be difficult. CSEB, along with TCS, charted a roadmap, which included creating a state-of-the-art data centre for hosting the servers and migrating from a de-centralized system to a centralized one. This involved developing a huge WAN network across the state, connecting all the divisional head quarters in the first, and Sub-Division offices later. The IT hardware at the distribution centers had to be expanded as most of the processes earlier were manual. “With CSEB being the first utility to have adopted ISU-CCS System, tailoring the

Implementation of an integrated billing system was a challenging job as it had to cater to about 18 Lakh consumers.” L S CHAWLA Chief Engineer (EITC) Energy Infotec Center, CSPDCL

SAP system as per the billing logics was a major challenge. This was achieved by involving the users directly with the developers of SAP system. The major task was process-mapping and blueprinting for all customer services processes such as metering, billing, collection, disconnection among others,” says Singh. However, the biggest challenge was not technical. CSEB had to create skilled manpower within the organization by changing the mindset of the user. However, the management was up to this task. Initially CSEB was short of IT personnel therefore, a few engineers from the field were grouped together to form an Energy Infotech Centre (EITC) which took on the challenge of implementing the modules in Chhattisgarh. These Engineers travelled throughout the state to educate the users at the grass root level. The management has now strengthened the EITC with the work force comprising of 72 employees. “Undoubtedly, without the support of the field workforce this uphill task could not have been achieved,” says Singh. “Implementation of an integrated billing system was a challenging job as it had to cater to about 18 lakh consumers in the domestic and industrial segments and the users were spread across the state. However, several innovative solutions were linked to the Core SAP IS-U implementation, which helped CSEB overcome these challenges,” he adds.

INNOVATIVE MEASURES Some of these innovative measures included spot billing and automatic meter reading. In normal reading and billing system, there is a gap of about eight days between meter reading and bill delivery. But in spot billing those delays were eliminated, hence a reduction of eight days was obtained, resulting in the reduced cycle time and early revenue realization. Also, previously, large quantity of stationery was consumed to print the documents such as master data and all monthly billing documents of 18 lakh consumers, as compared to 32 lakh currently. Transporting these documents the concerned distribution centre was a recurring expenditure. This process was now eliminated. The centralized billing system has also eliminated all the issues pertaining to implementation of the revised tariff in the decentralized mode. Timely implementation of tariff has helped the organization recover the enhanced revenue without any delay. The Material Management module had to be implemented at “one go” all across CSEB, which was a considerable challenge. “However this had

CUSTOM SOLUTIONS GROUP TATA CONSULTANCY SERVICES

paid off, with the procurement to reduce the cost of meter and inventory processes now reading and bill distribution While other states being conducted through the by sixteen percent. Cash MM module. Procurement collection was facilitated face acute power is now more manageable as through any time payment shortages, CSEB, was stock position of all the storage (ATP) which included online locations is accesable through payments, through ATMs, among the few state a mouse click,” says Singh. money transfer using RTGS electricity boards Additionally, records of the past and cheque drop boxes procurements are available in among others. There was the MM system itself. a reduction in consumer CSPDCL engineers also complaint regarding nondeveloped a multi-functional delivery of bills, and the software called Pragati. It chances of wrong reading caters to the preliminary reduced, thereby enhancing requirement of ‘Management customer satisfaction. Information System’ wherein Another customer the data from the distribution satisfaction measure was the centre and zones were available at the headquarter e-Sampark Sewa. The services that were available level. The information transfer, which otherwise under this project included bill notification, used to take around two months, is now available at reminder, payment confirmation and so on through the click of a button. The data is submitted online in SMS, to provide billing information to the consumer the Distribution centers and Zonal offices. Besides on-demand, and implement push SMS-based providing data compilation at Sub Division / Division services. CSPDCL also ensured that New Service / Circle / Region and Company level, this software Connection (NSC) requests were fulfilled within provides Information of the officer responsible for three days for load up to 10kW in urban areas and the work at each level. seven days for 5kW in rural areas. CSPDCL is in the The management can now monitor expenditure advanced stage to fully computerize ‘City Central as well as budget for better utilization of resources. Call Centers’ at Raipur, Bilaspur, Rajnandgaon, This has helped them stream line material codes, and Durg-Bhillai-Charoda to facilitate Consumer and control inventory in a better manner. They can Services. “The existing call centers will also be also view all store transactions on a real-time fully computerized and connected to the above basis. Maintaining employee records , personnel City Central Call Centers. The in-house developed management and pay roll processing has also software is being used for registering and monitoring become easier. There is a drastic change in consumer complaints,” says Singh. working and functioning of the establishment with The CSEB website, www.cseb.gov.in helps the focus on keeping the number of officials to the the consumers view their current electricity bill, minimum and effective time management, hence, make payments, view electricity bill and payment cutting down on personnel expenses. history for lats twenty four months. There is also The distribution company has also set up a an electricity bill and consumption calculator. local intranet for the employees of the electricity board. The employees now have online access to REACHING FAR AND WIDE training documents, company profile, file sharing, Currently, all the regional, circle, and division head user manuals, and a telephone directory among quarters along with power plants (73 locations) others. Other value added services such as video have been connected through LAN I WAN using the conferencing, VolP telephony, corporate e-mail, BSNL point-to-point with 2 Mbps, 128kbps and 64 and corporate internet gateway for all offices had kbps leased lines in the year 2006. The networking been implemented. was further extended up to Sub-Division level in year 2009, whereby the total sites covered have gone up to 150. In the next phase, the networking at ENHANCING CUSTOMER 250 locations, covering all the remote distribution SATISFACTION centers is under process. “Being the first energy Other advantages were that CSPCDL had to visit utility company to implement SAP Solutions for the consumer’s premise only once, as against billing shows our commitment to provide the best twice earlier, one for meter reading, and the service for our customers,” concludes Singh. other for delivering the bill. This helped CSPDCL

that was not only profitable, but also had a power surplus.

TRANSFORMERS INTERVIEW

Getting

Infosec On Board Cox & Kings’ Global Head for IT Infrastructure, Ajit Panicker, must weave his game plan to support the growth aspirations of the company. And a sound infosec policy must be a constant companion.

AJIT PANICKER Global Head – IT Infrastructure, Cox and Kings Group

CUSTOM SOLUTIONS GROUP TATA CONSULTANCY SERVICES

Do IT leaders get to lead company-wide initiatives often? How often has it happened in your case, and how do you prepare for such opportunities? In our company, it is generally the business unit heads who are the primary sponsors of new business and strategy initiatives. Some of the strategic initiatives are driven by business owners; for example: a centralized buying group works toward developing a purchasing plan, ensuring long term competitive pricing and service for our customers. Some organization-wide initiatives are driven by the IT organization; for example: IT infrastructure virtualization, information security policies and procedures etc. All our processes are very tightly coupled with IT. We sit across the table to share the business team’s vision. Recently, we coordinated on a project for providing new means of managing web content along with workflow management. Do you think vendors have delivered on the promises on video conferencing helping collaboration? We use collaboration techniques for different purposes to engage with our extensive network of branch offices, franchisees and other strategic business partners who are external to our organization. We plan to deliver training content for our extensive franchisee network via e-learning supported by video conferencing. We have not yet moved to the tele-presence mode, but we are experimenting. We are taking our time learning what works and what does not for our specific needs. You have had a considerable stint in an IT services. How different is it working in a packaged tours company as compared to an IT services company? In a services company, IT is the core function, while here, in the travel industry, it is not. We need to provide services that each of the business functions need and so we need to feel the pulse of what is happening in every department. Unlike in an IT services company, there is more freedom to bring in new ideas. Using IT solutions, one has the opportunity to change the manner in which business operates. More importantly, one moves from playing an advisory role to complete ownership and accountability. We recently collaborated with one of our business units to bring in process automation using barcode scanners and passport readers, which increased operational efficiency manifold. An opportunity to raise productivity is a reward in itself!!! Is customer data privacy becoming a boardroom issue? What do you think should be the CIO’s role in that? Yes it is. Some of the procedures we follow with respect to our customers’ data have to adhere to specific compliance requirements, while in case of others, we have to set our own hygiene levels. I believe that much more attention needs to be paid to issues that appear peripheral but are, in fact, very important. For instance, there is a case for a thorough privacy assessment, starting from educating employees on the confidentiality level of the type of information they are holding. We are in the process of refining our existing frameworks and implementing new and robust governance mechanisms to ensure customer data protection and privacy, at all costs. Considering the nature of our business operations which involve access to personal information (passports/SSN’s etc.), a robust data privacy and protection mechanism is extremely important.

If you had to make a business case for cloud service, what would your migration journey be? There is an excellent case for a private cloud as it makes it easier to account for consumption of computing resources. While managing a particular project, a business sponsor can add the computing resource consumed to his TCO. We have successfully designed, built and deployed our private cloud over the past year; this has led to significant benefits from the TCO/ROI perspective. The public cloud has raised certain concerns about the security of data. A business head who has to abide by compliance requirements may find it difficult to embrace the cloud. What do you think are going to be some of the biggest challenges in the IT workplaces of tomorrow? One of the biggest challenge for IT is balancing information security and the legitimate need for access to customer information. Information is what gives a competitive edge, so it is critical to have it. The situation is getting increasingly complex with employees desirous of bringing in mobile computing devices and smartphones. There is a need to differentiate between personal and official spaces. Employees want to bring different types of mobile gadgets into the workspace, but tying them into the network without compromising data takes effort. We also need to be vigilant about the dangers posed by social networking; unsuspecting users are potential candidates for identity theft and phishing attacks. It is essential to educate the workforce on these latent issues and protect company confidential information. 2011 saw a big spurt in the number of IT security breaches. How do you plan to prepare for such an assault in 2012? IT security strategies should be as flexible as business needs, while still maintaining the proper measure of security protection and control. As a travel services management company, we do not have access to or store critical personal information like credit cards etc and thereby have limited liability in case of fraud. As part of our evolving business needs and growth strategies, we plan to augment our current information security environment with a best practices approach to risk management and mitigation. These would include elements like quantitative risk assessments, deployment of appropriate monitoring and control mechanisms which would enable us, as an organization, to employ a proactive approach for managing information security. For example, a strategic approach to information security controls, which would comprise of a blend of content aware DLP (Data Loss Prevention) along with IRM/DRM (Information Rights Management/ Digital Rights Management) solutions with minimal impact to business users, is one of the key areas which we are currently working on.

Transformers is brought to you by IDG Custom Solutions Group in association with

Enabling the Reserve Bank of India to automate its Treasury Management Operations for transaction processing for managing Foreign Exchange Reserves.

That’s certainty

The Central Bank of the Republic of India, the Reserve Bank of India (RBI) began operations in 1935 and has stood at the centre of India’s financial system ever since. With a fundamental commitment to maintaining the nation’s monetary and financial stability, the Reserve Bank of India plays a crucial role in the Indian economy. It also manages the country’s foreign exchange reserves where safety, liquidity and return are of paramount importance. At the turn of the century, with growth in foreign exchange reserves, RBI felt the need for a treasury management software and selected TCS BaNCS Treasury to automate its front-, mid- and back-office operations. Ever since, TCS BaNCS Treasury is being used by RBI for handling transactions related to its reserve management operations.

To learn how your business can experience certainty, visit www.tcs.com

PARTNERS

Bend AheAd For CIOs in the auto sector, 2012 is going to be dominated by two important questions: How will GST affect their companies and should they be preparing for a slowdown. A CIO roundtable helps see around the corner.

"The GST will help India's GdP grow by more than one percent year-on-year. It is a great inclusive move.” Pratik Jain, Partner, kPMG

Is 2012 goIng to be a lousy year for

"I am cautiously optimistic that in the second half of 2012, India will observe a reasonable growth rate." kuMar kandaswaMi, senior director & india ManufacturinG leader, deloitte

VOl/7 | ISSUE/04

Event Report_Power_Shift.indd 39

the Indian auto sector or not? If you are one of those thinking that it’s hard to tell, you are not alone. On the one hand the Auto Expo saw the launch of over 50 new vehicles, Bajaj Auto’s net profit jumped by 19 percent in the December quarter, Hyundai India did well and so did commercial vehicles. On the other hand, Maruti Suzuki’s profit fell a stunning 64 percent, TVS Motors reported a marginal dip in sales and macro-economic headwinds are telling auto makers to prepare for a slowdown. And then there is the new GST (goods and services tax), whose full impact on the IT department of an auto manufacturer is not yet clear. With state tax holidays no longer an important REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/10/2012 5:12:17 PM

Event Report I Powershift factor under the GST, for instance, will auto companies have to re-think their supply chains? To bring more clarity on these questions, CIO Magazine brought together possibly the only and the largest gathering of Indian auto sector CIOs in an event called Powershift. The platform brought together experts in the auto sector and auto CIOs from all over the country. Here are some of the highlights of that event. Indian Auto Sector Will Boom in 2012 If the huge number of launches by automobile manufacturers at the Indian Auto Expo 2012 is not enough proof of the sturdiness of the Indian auto growth story, now new research from Deloitte also points in the same direction. According to Deloitte, the automotive industry in India isn’t going to undergo the slowdown other Indian industries are expected to see in 2012. The consultancy believes that car sales are going to boom during this year. That radical view was at the core of a presentation by Kumar Kandaswami, senior director and India manufacturing leader, Deloitte, at CIO’s Powershift event held in Mumbai. The event is the only one of its kind that focuses on the Indian auto sector from a CIO perspective. So what about the slowdown in auto sales at the end of 2011? According to a Deloitte report Driving Through BRIC Markets, released in December 2011, this slowdown is a reflection of poor macroeconomic variables that are primarily driven by continuous price revisions in fuel and persistent inflation. Digging deeper into fuel as a factor for a slowdown in car sales, he noted that until recently car sales were immune to the vagaries of fuel prices since they were subsidized by the Indian government. But, in 2011, petrol prices were trading at a record high and have started impacting car sales for the first time, according to the report.

On the bright side, the other driver of car sales, inflation, is expected to hurt car manufacturers less during 2012. The RBI expects inflation to moderate to 7 percent in 2012, Kandaswami said. He added that a moderation of interest rates will also make conditions more attractive for automobile buyers and automakers, which are used to seeing India registering a double digit growth. “Car sales in our country are impacted by inflation in petrol prices. Inflation has the potential to come down to 6.5-7 percent, and interest rates will come down by 2 points,” said Kandaswami. “We are seeing a trend of inflation easing now. With state elections in February and a couple of strong policy announcements, I am cautiously optimistic that in the second half of 2012, India will observe a reasonable growth rate.” Another factor driving growth is the increased number of auto players in the market, he said. India has the highest concentration of manufacturers with four to five players contributing to around 80 percent of the market. Going forward, the Indian market is expected to actively accommodate more players. “The dilution of the market is likely to happen in India as five to six players are likely to become Source: Deloitte mainstream manufacturers,” he said. He says that Deloitte also reached its radical conclusion based on comparisons with other BRIC countries undergoing similar circumstances. For example, urbanization was a major driver of car sales in BRIC markets through the decade, he said. In India, urbanization levels of 30 percent are likely to continue driving sales. There is a strong correlation between income categories and car sales, he said. In India, $5,000-$10,000 (Rs 2.5 lakh- 5 lakh) income households—a category that is growing at a CAGR of 24 percent—would gain significance, he said, and become the key drivers of sales growth post 2015. “Vehicle density in urban areas can, to some extent, help us predict whether the sales of cars will accelerate or decelerate in a specific country. Thus, with further urbanization, India will observe a huge growth potential in terms of car sales,” he said.

34% The amount

by which petrol prices have shot up since it was deregulated in 2010, directly affecting car sales.

Sharangapani Sachin, Sales & Market Leader, Atos Origin; Subu Subramanian, MD & CEO, Defiance; Vittal VaShiSt, VP, Mphasis

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Event Report_Power_Shift.indd 40

GST: A Tectonic Shift? If there’s anything that’s going to impact the auto sector in 2012, it’ll be the introduction of the GST (goods and services tax). Touted as one of the biggest taxation reforms in India, the GST—a comprehensive, value-added tax that’ll be levied concurrently by the Centre and the VO l/7 | ISSUE/04

2/10/2012 5:12:26 PM

Alternative Views

CIO Role

Are CIOs the Most Qualified to be Business Leaders?

High-Density, 3U Independent Modular Server System Optimized for Cloud Computing with 8 Hot-Pluggable High-Performence Nodes

Each Node Supports: A 360-degree view of the organization is often pitched as the reason CIOs are t Intel® Xeon® Processor E3-1200 Family; Socket H2 (LGA 1155) potentially bettert business leaders than their peers. Is that true? Two CIOs debate. 32GB DDR3 ECC 1333/1066MHz UDIMMs t t 2 Hot-Swap 3.5” SATA3 HDD Bays t Dual Gigabit Ethernet LAN Ports t IPMI 2.0 + KVM with Dedicated LAN don’t believe that just having a t detailed and horizontal view of an

work demands that we ensure 99.99 percent uptimes—that can’t be compromised. Redundant 1620W Platinumprocesses Level Power Supplies organization’s qualifies a But this nature has also groomed CIOs to CIO to be a good business leader. be people who need a beta and then a pilot for Sure, CIOs have in-depth their projects. Key decision making doesn’t knowledge of an organization’s processes allow that kind of luxury of time. and gaps, but is that knowledge sufficient to When it comes to strategy, I do agree drive a business? A business role demands that a lot of CIOs have started strategizing much more. A business leader’s competency and innovating and have are even on the is in exploring new markets, brand building, boards of their organizations. But let’s figuring what products would fulfill ask ourselves an honest question: How customers’ need, and positioning new many CIOs enjoy that privilege in their offerings accordingly. He needs to know the organizations? If business sees the strategic industry and the competitive environment aspect in what CIOs do, then what’s the need to be able to engage key decision-makers. He for business-IT alignment? should also have financial acumen. Do CIOs From what I have observed, some CIOs have these skills? who have moved to business roles have Also, a major part of being a good business primarily been people with a business leader is having a healthy risk appetite. background and technology acumen. Will That’s a huge differentiator. Compare that it be equally easy for an outright techie to to a CIO’s role which has conventionally unlearn and relearn all the above mentioned been to mitigate risks. The nature of our skills? That’ll be a huge challenge.

“Having a detailed and horizontal view of an organization’swww.supermicro.com/MicroCloud processes isn’t enough to be a good business leader.” PLATINUM

Tel: +91 22 395 30897 E-mail: sales@bostonindia.in

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Alternative_Views_Feb2012.indd 34

Intel®, the Intel® logo, Xeon®, and Xeon® inside, are trademarks or registered trademarks of Intel Corporation in the USCIO, and other countries. —Zoeb Adenwala, Global Essel Propack All other brands and names are the property of their respective owners. Vol/7 | ISSUE/04

2/21/2012 3:39:21 PM

Event Report I Powershift states—will replace all forms of indirect taxes (like sales tax, excise duty and VAT). That means, every transaction—be it sale of goods or services or even stock transfer— will consist of two taxes: State GST and Central GST. Pratik Jain, Partner, KPMG, threw light on this new form of taxation and explained how it will impact the auto sector. “If VAT was a major improvement over the preexisting central excise duty at the national level and the sales tax system at the state level, the GST will be a further significant Shoaib ahmed, President, Tally; Jackie chin, Lead Business Solution Advisor-MS Dynamics breakthrough and the next logical step CRM,Enterprise Services,HP- APJ; SanJay agrawal, Country Presales Manager-Enterprise, HP India towards a comprehensive indirect tax reform in the country,” said Jain, who was instrumental in drafting the VAT legislation in India. The rate of taxation would be 20 percent in the first year, 18 More than 140 countries have introduced GST in some form percent in the following year and 16 percent going forward. “For or the other. It has been a part of world economics for half a an automotive company the smallest car costs the business an century now and is fast becoming the preferred form of indirect overall tax of 26 percent per car. So an inclusive common tax is tax in the Asia Pacific region too. “The GST is a broad based good news for the industry,” Jain said. legislation and is a great inclusive move,” Jain said. But an import tax of 20 percent would mean a six percent Currently, the power to levy tax on a manufactured product upfront increase in charges on all imports. Auto companies’ (excise duty) and an imported product (custom duty) lies with dependence on CBUs (complete built units) and spares will be the central government, while the VAT is under states’ purview. affected and it will also impact cash flow on stock transfers— “The current Indian tax system is complicated and deters foreign which is currently tax-free. investment. The GST will help Indian GDP grow by more than one percent year-on year. It is also GST’s effect on Compliance believed that Indian exports will be benefited Jain said that with GST most internal as embedded taxes in India’s export prices compliances will get centralized. “State levies will be eliminated. And hence, India will now will come under the same law. This will have a competitive edge against China, which lead to two things: We will have centralized incidentally subsidizes exports,” Jain said. compliances and companies will focus on process automation. As the tax system will be GST’s Impact on the Supply Chain fairly uniform across all states, people will try There’s no doubt that manufacturing companies to remove major manual intervention in ERP need to gear up for GST as it will impact their processes,” Jain said. supply chains. “The supply chain has been Organizations would also have to revamp driven by tax in the auto sector. For example, their accounting systems as taxes will be Maruti has vendors concentrated in Haryana— considered as costs. The key parameters that for business as well as tax reasons,” said Jain. will require CIOs to look at their IT systems But GST will do away with area-based exceptions and also levy are: Input taxes and purchases, state and Central GST, and tax on destination instead of origin of goods. “Taxes that an integrated GST. organization pays to its vendor (irrespective of his location) will “Developers in your IT teams will need to look at addition or be allowed as a set-off. This will reduce the output tax liability,” modification of certain data fields in programs. Although ERP said Jain. Hence, pricing of the products will hopefully lower as vendors will pitch their altered systems, about 50 to 60 percent effective rates go down. of customization will have to be done in-house,” he said. Also, with CST (central sales tax) out of the equation, auto And that could easily take six to eight months, according to manufacturers will reduce the number of warehouses they need Jain. On top of that, “There will be a lot of dealer and customer to operate efficiently. This will also involve re-negotiating with communication which will be required to justify and educate their vendors. “You might want to calculate if your vendors them about the changes that GST will bring,” Jain said. benefited with the transition and negotiate to pass on those benefits in terms of price,” Jain said.

The number

of GST models that are currently in force in over 140 countries.

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Event Report_Power_Shift.indd 42

VO l/7 | ISSUE/04

2/10/2012 5:12:39 PM

SPECIAL COVERAGE Partners

Presents

3 & 4 February, 2012, Bangalore

THE SKY'S NOT THE LIMIT

Lt. Col. H.S. Bedi, Chairman and MD, Tulip Telecom, on building India's largest DC.

Over 150 CIOs from some of India's most prestigious organizations graced the event.

ig things don’t come in small packages. Ask Tulip Telecom. On its way to building Asia's largest and world's third-largest data center, the company has set new benchmarks. Leaving its more established competitors behind, Tulip has changed the definition of superlatives in the IT industry. And to share its moment of glory—as it unveiled Tulip Data City on 3 February in Bangalore—Tulip (in association with CIO) invited over 150 influential IT leaders. Spread over two days, the event—titled Imagineering India—witnessed thought provoking panel discussions, an eclectic mix of inspiring speakers, and an exotic art exhibition. As the guests networked over wine and cheese, VJ and anchor Cyrus Broacha kept them entertained. And in celebrating its remarkable feat— that perhaps only a few can boast of—Tulip Telecom has lived up to its tagline: Making it possible.

Key Glimpses from the Symposium Leading into the Future Begin with great expectations from the future of your business. Your future

is only limited by the quality of your thinking today.”

I Anton Musgrave, Futurist and Joint CEO of FutureWorld SA, shared tips on predicting the future.

n business there is no power greater than knowing what the future holds. But as IT leaders, CIOs need to develop the ability to create the future, according to Anton Musgrave, futurist and joint CEO of FutureWorld SA. Addressing CIOs at the opening of Tulip's landmark datacenter, Musgrave said that to be able to predict the future, IT leaders must believe in the ‘art of the possible’. “Begin with great expectations from the future of your business. Your future is only limited by the quality of your thinking today,” he said.

Designing an Elastic Datacenter

Steven Sams, VP-Global Site and Facilities Services, GTS-IBM, explained the tenets of a new age datacenter.

SPECIAL COVERAGE

In his presentation, Steven Sams, VP-Global Site and Facilities Services, GTS-IBM, showcased the tenets of a new age datacenter that’s flexible to dynamic business needs. “How do you design a datacenter that grows with your requirements, minimizes both capex and opex, and takes on new capabilities 20 years from now?” he asked the audience. He said that a datacenter strategy should follow four drivers: availability, flexibility, cost efficiency and environmental responsibility.

Datacenter Co-location will Help Cut Costs

A.S. Rajagopal, CEO, Tulip Data Center Service, emphasized the need for datacenter co-location.

The number of Internet users and websites has increased to unimaginable proportions in the past decade. "Similarly, India’s growth story presents unprecedented opportunity to leverage IT for business expansion. The irony is that datacenter management expenses are high, whereas IT budgets are relatively low," said A. S. Rajagopal, CEO, Tulip Data Center Service. It is, thus, imperative to efficiently manage business data and cut costs at the same time. Rajagopal said that datacenter co-location would help organizations achieve just that.

An Initiative By

ITaaS: Driving New Standards of Business Value The business imperative of cloud-as-a-service is to ensure that data is secure and confidential, SLAs are met, and there's a

A panel of service providers and CIOs discussed the pros and cons of IT-as-a-service.

In a panel discussion held at Imagineering India, IT executives discussed how ITas–a-Service (ITaaS) can help drive new standards in enterprises. The panelists were unanimous about the platform's benefits including scalability and flexibility. But CIOs on the panel felt that security was still a major concern and that service providers need to create stronger SLAs that focus on security.

proper response time in terms of bandwidth.” S. Ramasamy, Executive Director-IS, Indian Oil

Orbit Shifting Innovation Innovation is fostered by people who dare to challenge the world order. Their

inspiration is not meeting benchmarks but creating new ones.”

Rajiv Narang, Founder, Chairman & Managing Director, Erehwon Consulting, shared how great ideas come out of dreams.

ajiv Narang, founder, chairman and MD, Erehwon Consulting, said that to become truly innovative CIOs need to break a few myths. “We need to break away from the romantic notion that innovations start with one big idea by a man sitting in a glass room and trying to create something new,” he said. Narang said that the best innovations have come out of a dream. The challenge is to build a team with people who believe in that dream and are determined to bring it to life, he said.

Detailed coverage on: www.cio.in/imagineering-india

Inaugurating Tulip Data City

01 Lend a Hand: To commemorate India's largest datacenter, CIOs were asked to leave the imprints of their hands on clay tiles which will find their way to the Wall of Fame inside Tulip Data City.

The Visionaries: A small part of the Tulip Telecom team that made India's landmark datacenter possible. On the far right is Deepinder Singh Bedi, Executive Director, Tulip Telecom.

03 The Heart of the DC: At the data center's NOC, not a server can boot or nor a mouse move without Tulip Telecom knowing.

04 State-of-the-Art: CIOs at the datacenter being shown the facility's state-of-the-art telepresence room powered by Polycom.

05 In the Limelight with Cyrus: CIOs enjoying the evening entertainment with Cyrus Broacha. 05 SPECIAL COVERAGE

An Initiative By

Stirring Up a New Revolution At a time when enterprises are holding back, Tulip Telecom has gone ahead and built India’s largest datacenter. Lt. Col. H.S. Bedi, Chairman & MD, Tulip, shares what it takes to create a first-of-its-kind. From a software reseller to the builder of Asia's third largest datacenter, Tulip Telecom has come a long way. How has the journey been? Right after I quit the army, I had set my mind on becoming an entrepreneur. I started out as a software re-seller, but considering the low margins in the business, I added hardware to it. That's when I built some of my long-lasting relationships that ultimately led to the wireless business. We grew through small opportunities and small wins. Wireless was a low-revenue but high profitability market, but there were very few players. BSNL had copper, the large telecom players had fiber, but no one had the last mile. I was quickly able to capture the low-bandwidth wireless market. Today, I have one of the largest last-mile networks in the country with over 20,000 kms of fiber.

Lt.Col. H.S.Bedi

Chairman & MD, Tulip Telecom Lt. Col. H.S. Bedi’s entrepreneurial journey began in 1994 after his 22 year-stint in the Indian Army. His zest for growth and belief in innovation helped him build Tulip Telecom. Under his leadership, the company has become India's leading enterprise communications services player.

How does one determine whether a datacenter should be outsourced or managed in-house? I think whatever the case be; it makes more sense to go for a hosted datacenter than running your own. If you’re a bank, your job is to do banking and not manage a network. A cloud service model provides enterprises with the relevant expertise at a price, helps convert high upfront costs to manageable opex, and a secure infrastructure, which they don’t need to manage.

I think, whatever the case be; it makes more sense to go for a hosted datacenter than running your own."

Despite the debate over public clouds, you have built one of Asia’s third largest datacenters to deliver just that. How do you balance risk and opportunity? I believe one should start small with a low-risk profile; once the business model is proven you can expand it. I did not start by rolling out a country-wide network. We have always started small and have grown as per demand and opportunity. Before we built this datacenter, we invested in four small datacenters. This datacenter combines all our learnings from our previous endeavors. If you try 10 things, maybe nine will fail, but there are always lessons to learn.

How do you see Tulip revolutionizing the datacenter services landscape in the country? The Bangalore datacenter has incorporated the best and the latest in datacenter technologies with built-in capacity to service many years of business needs. With our cloud business model and managed hosting services, we’re hoping to redefine the standards of datacenters. Some of our big clients like IBM and HP have already moved in. I’m expecting to sell a fourth of the datacenter by the end of March. I have invested Rs 900 crore in this datacenter and I expect to make Rs 1,000 crore by the end of this year.

Detailed coverage on: www.cio.in/imagineering-india

Tulip extends a warm gratitude to the partners and attendees for making the

Imagineering India summit a grand success!

Essential

technology A CLOSER LOOK AT business intelligence

Crime Scene Intelligence Business intelligence has been touted as the next big thing for way too long, sadly it hasnâ&#x20AC;&#x2122;t had many takers. But those who have deployed it are reaping rich benefits. Vol/7 | ISSUE/04

Essential_Tech_feb2012.indd 81

Predictive analytics | Capt. Sean Malinowski of the Los Angeles Police Department (LAPD) has just done something once unimaginable for a commanding officer: He's given up control of deploying his beat officers to a computer. Malinowski, commanding officer of the LAPD's Foothill Community Police Station, is a pioneer in the field of "predictive policing." That means using predictive analytics to analyze data, such as the times and locations of past crimes, to forecast where and when certain crimes are likely to happen in the future so police can stop them before they occur. "We're doing a rigorous examination, an experiment, for the next three months of predictive analytics and for the first time we're going to rely 100 percent on the computer to forecast property crimes, which are the lion's share of our crime," he says. Malinowski says he's willing to make some sacrifices in terms of control if it means reducing crime in his jurisdiction."That's unusual for me to do because, as a [commanding officer], I like to be in control of things, especially the mission," he says. "But I'm going to give that up and I'm going to let the computer generate the geographic assignment of the missions." Across the country, police departments must fight crimes in the face of decreasing budgets and manpower. But in Los Angeles and Santa Cruz, California, the police departments are turning to new technologies like predictive analytics to help them save time and money by enabling them REAL CIO WORLD | f ebr u a r y 1 5 , 2 0 1 2

image by ph otos.com

By Linda Rosencrance

2/10/2012 5:06:52 PM

essential technology

to prevent crime by more effectively deploying patrol officers. The LAPD and the Santa Cruz Police Department are using a crimefighting tool developed by researchers— social scientists and mathematicians—at the University of California Los Angeles (UCLA) to target property crimes such as home and business burglaries, as well as vehicle thefts and break-ins.

Like Predicting Earthquakes The tool, which identifies criminal hotspots, is modeled on a mathematical algorithm used to predict earthquakes and their aftershocks because the researchers discovered that, just as aftershocks are in close proximity to the initial earthquake, criminals tend to commit crimes in close proximity to past crimes. The technology grew out of a longstanding UCLA-based project looking at the mathematics of crime, says P. Jeffrey Brantingham, one of the UCLA researchers and an associate professor of anthropology

the individuals committing these crimes tend to have predictable patterns—usually they commit them somewhere near their homes or near familiar locations. Additionally, property crimes are not displaceable crimes, which means if police departments target these crimes in particular areas, the criminals won't simply move two miles to another location. Zach Friend, a crime analyst at the Santa Cruz Police Department, says his department is the "operational test case agency" for the system, although Santa Cruz didn't set its program up as a controlled experiment, as did the LAPD. Data from the department's records management system is fed into the computer program, and then transferred to Microsoft Excel software where it's cleaned, ordered, and geocoded. Next, the data is combined with a master Excel of all pertinent crimes for the past seven years and run through the UCLA algorithm.

The point of predictive policing is not to make arrests but rather to reduce the numbers of the targeted crimes from happening in the first place. at the school. For the first six years of the seven-year project, researchers focused on trying to figure out what models do a good job determining how and why crime patterns form in the way they do. Now that they've developed those models, the researchers are putting them into practice. The theory is that predictive analytics might work better on property crimes because the targets are stationary and the nature of the targets doesn't change that much over time, he says, unlike crimes where the victims are mobile and change their behaviors. Criminologists find it's easier to predict these types of crimes because there are patterns regarding where and when they occur. For example, burglaries tend to be clustered in terms of time and location and 84

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Essential_Tech_feb2012.indd 82

"We recalibrate on a daily basis and the algorithm produces 10 Google hotspot maps every day of approximately 500 feet by 500 feet where burglary or vehicle theft is likely to occur in our city on that day," says Friend. Officers are given the hotspot maps at roll call. The officers check those areas during their "free" patrol times, when they're not obligated on other calls, and they document their activities for tracking purposes. Because the city of Santa Cruz is only 13 square miles, the hotspot maps significantly reduce the area that officers need to patrol. "Law enforcement in the past has taken a reactive approach to enforcement—if crime occurs in one place you need to go to that place," Friend says. "This is breaking that mold. You don't necessarily have to go there.

65%

The number of CIOs in the Asia Pacific region who consider predictive analytics as their top priority in 2012. Source: IDC

Maybe it will send you to a separate location to prevent the next crime from occurring." The point of predictive policing is not to make arrests but rather to reduce the numbers of the targeted crimes from happening in the first place. And it seems to be working in Santa Cruz. "In the first month, July 2011, the only variable we introduced was the application of this model and there was a 27 percent reduction year-over- year of the targeted crime types, because there was a police presence in the area where maybe there wouldn't have been a police presence at all," Friend says. The SCPD just finished it's three-month analysis of the algorithm and learned a couple things: There was a correlation between the number of extra checks the officers ran in the hotspot areas and a reduction in the crime types the department was targeting.

Accurate Predictions "So for every extra 50 checks we ran in the city per week we found a two percentagepoint decrease in the targeted crime types," Friend says. "The predictions [based on the algorithm] where crimes will occur are 10 times more accurate than if you let an officer go where he wants to go." Malinowski isn't impressed with the Santa Cruz department's methodology. "Santa Cruz will have a difficult time making a scientific

Vol/7 | ISSUE/04

2/10/2012 5:06:52 PM

User Experience

essential technology

More Power to Consumers | Power NI, an electricity company in Ireland, is piloting a BI tool, normally used in enterprise, to give consumers better visibility of their power usage and bills. The QlikView BI tool from QlikTech currently allows the power company's domestic customers to compare their bills on a quarterly basis, and with their bills spanning two years, via Power NI's 'Energy Online' service.Customers can also compare their electricity usage with other consumers in the same circumstances in the area, for example, those with the same size property and number of occupants. Power NI hopes to be able to use QlikView to offer personalized offers to customers, as well as enable them to take control of their power usage and reduce their bills. While the data is only available on a quarterly basis for a pilot set of 260 domestic customers at present, Power NI's business customers can already see their half-hour usage data the next day. This will be possible for the domestic customers as soon as smart meters providing half-hour usage visibility are rolled out. "We are ready when they have the smart meters in," says Eugene Maguire, strategic development manager at Power NI. A total 5,000 customers are currently involved in the pilot, and the company's goal is to roll the technology out to an initial 250,000 customers. Power NI has 800,000 customers in total, which includes those on pre-paid metering systems. Power NI has been using QlikView in the business for three-and-a-half years. It has deployed it "almost like" an enterprise solution, to enable more "timely" decision-making and improve service in areas from customer service to finance and sales, says Maguire. Some 800 million rows of data are fed into the tool, which is currently based on a legacy system. Power NI is currently migrating from this system, and by May this year, after a two-year programme, will be using QlikView on Oracle Utilities Customer Care and Billing system. It also uses QlikView for its Cisco system for managing call center call volumes. Innovation

image by photos.com

claim that the [computer] forecast contributed to a reduction in crime, because I think they had very little in the way of crime analysis before," he says. "And they didn't set it up as an experiment. It takes a little more time and effort to do it the way we're going to do it." Malinowski, who explains that his station is the only one in the LAPD currently engaged in the experiment, wants to be able to tell his counterparts at other LAPD stations that he went strictly by the computer forecast and realized, say, an additional 2 percent, 3 percent or 4 percent reduction in property crimes. "We're experimenting and we'll see how it goes and if it will answer the questions: 'Does the forecast add value to the process of assigning missions for patrol?' and 'Will it give us some information on how many officers we need in a certain part of our jurisdiction and for how long?' and 'Will it make an impact on property crime in a certain very small geographic space like a block?' We're going to be collecting data as well so we'll be able to track that," he says. Malinowski says his bosses support using predictive analytics to inform the department's decision-making in fighting crime because they know that it's getting harder and harder to slash crime rates. Crime is down so dramatically in the Foothills "that we're victims of our own success in some way," he says. "Take burglary of a motor vehicle: [We're] down 25 percent year-to-date, so what else can I do? I've pretty much exhausted my arsenal, so if I want to eek out a couple more percentage points, then it looks like I have to use the data to do that." Malinowski says at some point he may think about using a commercial product, but for now the easiest thing to do is work with the UCLA researchers because they come with their own government funding. The bottom line for Malinowski is to deny the criminal the opportunity to commit crimes. "He doesn't get arrested and we don't spend time booking him," the commanding officer says, "and someone doesn't get his laptop stolen out of his car." CIO

â&#x20AC;&#x201D; By Anh Nguyen Send feedback on this feature to editor@cio.in

Vol/7 | ISSUE/04

Essential_Tech_feb2012.indd 83

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/10/2012 5:07:02 PM

essential technology

Spread It Out At these organizations, a top-down commitment helps business intelligence efforts spread throughout the enterprise. By Beth Schultz

pervasive bi | If 1-800-Flowers. com CIO Steve Bozzo had his druthers, even the online retailer's mailroom clerks would have access to business intelligence. "There's valuable information at every level of the organization," he says. Clearly, Bozzo sees the power of pervasive BI. "Business intelligence needs to be part of the business fabric: Not an afterthought

Vesset, an analyst at IDC. Rather, he says, pervasive BI is about ensuring that everybody—front-line employees, middle managers and executives—can make decisions using the right information at the right time. Achieving BI ubiquity takes considerable time and effort—10 years and counting in the case of 1-800-Flowers.com. "Pervasive

image by p hotos.com

Everybody from the top down must understand the importance of data, even individuals who never use an analytics tool or see a business report. layered on top of a business initiative, but part and parcel of the overall process from the get-go," Bozzo says. "And that's what it is for us—it's a part of our culture." But pervasive BI doesn't mean everybody in the company has sophisticated analytics tools to use as they wish, cautions Dan 86

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Essential_Tech_feb2012.indd 84

business intelligence is something that we have and continue to work very hard at—and we think we're really successful at it," Bozzo says. Over time, the company has learned the imperative of having a BI/analytics practice within IT as well as having corresponding

liaison groups in each business unit. "These liaisons are experts in BI, but they major in business and minor in IT, whereas the analytics group in IT majors in IT and minors in business," Bozzo says. "The groups complement each other perfectly, and this has made a huge difference in the way we roll out BI." At 1-800-Flowers.com, a family of 20 brands, IT asks each business group to identify who needs access to BI and to classify each designated individual as either a basic, intermediate or super user. A basic user can generate basic queries and pull ad hoc reports, while a super user can write macros and generate his own reports; the capabilities of an intermediate user fall in between the two, Bozzo explains. These are not static designations, he adds. "Our goal is to turn basic users into intermediate users and intermediate users into super users. Ultimately, someone defined by the business as somebody who has a need for BI information will go through that process, with IT taking the responsibility and accountability for facilitating the training," he says. Thirtytwo 1-800-Flowers.com employees recently attended a training class run by its BI vendor, SAS Institute, he adds. "Our basic goal is that we understand everything we can about our customers, so it's important to get increased numbers of people involved in business intelligence. That effort cannot hurt as long as they have the appropriate training and can use the tools that we give them," Bozzo says. Aberdeen Group has seen the correlation between training and the success of pervasive BI programs, says David White, an analyst at the research firm. "Bestin-class companies on pervasive BI are

Vol/7 | ISSUE/04

2/10/2012 5:07:08 PM

essential technology

making sure users understand not only the capabilities of the BI tools, but also the data, statistics if necessary, and analytical techniques, and how these help in decisionmaking. They have broad educational efforts around pervasive BI," he says.

Democratizing Data Training is a critical success factor in achieving pervasive BI, which is, in turn, essential for better business excellence, agrees Bobby Nix, director of business intelligence and analytics at Allconnect, an Atlanta-based consumer services company. "We want to be a data-driven company, so we are democratizing data and making sure everybody has access to it," he says.

corporate or tactical, Vesset says. "Each type of decision has a different requirement for the type of technology a company needs to apply to support it, and they're different in the way that people interact with the data," he adds. Businesses can typically handle tactical decisions with rules-based automated systems that kick out exceptions for more in-depth human analysis, for example. Corporate decisions typically entail collaborative BI, so users involved in those decisions will require more than analytics capabilities—they'll also require tools that enable effective communication with colleagues should they need advice on the intelligence, Vesset explains. At the

First and foremost, companies with a commitment to pervasive BI need to look at the types of decisions being made and determine whether they are strategic, corporate or tactical. Toward that end, Nix's team has equipped all corporate employees with SAP BI tools so they can conduct their own day-to-day analysis of how the business is performing. "That means we spend a lot of time training and mentoring them on how to use reports and pull analysis together, as well as on analysis techniques—but we don't create the analysis for them unless it requires really complex analytics," he says. For this effort to succeed, the BI team has to fully understand the company's business needs, Nix says. "This isn't just me making decisions about what they need. It's an exchange, a gathering of business requirements and a coming to an understanding of how they run their business and what their biggest obstacles are," he says. First and foremost, companies with a commitment to pervasive BI need to look at the types of decisions being made and determine whether they are strategic,

Vol/7 | ISSUE/04

Essential_Tech_feb2012.indd 85

strategic level, where users are making decisions for the longer term, tools are less important than experience. "One of the primary reasons for BI failure is that IT never really understood why business users needed the information they requested. All it heard was, 'We need this data point,' and that's it," Vesset says. Everybody from the top down must understand the importance of the data— even individuals who never use an analytics tool or see a business report, agrees John Lucas, director of park operations at the Cincinnati Zoo & Botanical Garden. "In achieving success, the key has been allowing our project to be steered by the people who are influential in the organization—those who can make budgetary decisions and set strategy and vision, as well as people who are directly responsible for the success or failure of the business, specifically revenue," says Lucas. "But the pervasiveness is core."

He spearheaded the decision to foster an enterprisewide culture of BI at the zoo. The zoo was one of the first visitor attractions to take on such a deep BI project, and Lucas frequently shares his experiences in speaking engagements around the country. "The No. 1 thing I tell people is, if you don't succeed on making everybody understand, embrace and participate in the process, you really shouldn't do analytics," he says. "The cultural buy-in is key to reaching your full potential with analytics." Lucas says he likes to tell zoo employees, "If you can imagine it, we can measure it," and he has hosted companywide meetings to drive home that message. Even front-line cashiers, who are typically college kids working summer jobs, have to know that the data they gather—patrons' ZIP codes, for example—is critical to the zoo's success. And because the BI team has taken the time to convey that message, he says, "almost literally every day, somebody comes up with an idea on how we can use business analytics to drive the needle for us." Ongoing efforts to make BI pervasive do pay off, White agrees. "At the companies we survey, we see pervasive use of business intelligence being tied to better business performance. So those business functions that have access to business intelligence are able to make better-quality and timelier decisions in a way that impacts the business in a positive way," he says. But you have to remember that making BI pervasive involves constant learning, says 1-800-Flowers.com's Bozzo. "We're always learning and discovering new tricks," he says. "That's not to say we're not already getting enormous benefit from our BI efforts, because we are—day in and day out. We're just greedy—we want even more." CIO

Send feedback on this feature to editor@cio.in

REAL CIO WORLD | f e b r u a r y 1 5 , 2 0 1 2

2/10/2012 5:07:08 PM

bookclub what we’re reading

by Vijay Ramachandran

* HBR’s 10 Must Reads on Strategy

Master Course Learn how to marry strategy, tactics and goals and move toward successful execution in this superb compendium. All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved. —Sun Tzu IN SUMMARY: Anthologies can be a mixed bag. My experience with them always reminds me of the Curate’s Egg— excellent, but only in parts. So, you can appreciate my concern when I picked up HBR’s 10 Must Reads On Strategy. Yet a few articles into the compilation made it clear that this was no ordinary tome. What’s also remarkable is that for a compilation of articles on strategy that appeared in the Harvard Business Review from 1996 till 2008, it still retains its freshness. In fact, given the economic climate, its insights are especially relevant, since the authors essentially go over what qualifies as strategy (and what doesn’t), how to formulate it and, finally, implement it effectively. The 10 articles are not encyclopedic in their coverage of business strategy. Not by a long shot. Personally, I don’t think it’s within the scope of any single book or person. But what these articles will help you with is competitive differentiation; with figuring out what your organization should and shouldn’t do; with creating a vision when the future remains fuzzy; with zeroing in on priorities; with speeding up decision making; with being able to marry strategy and tactics and goals and

Book_Club.indd 82

f e b r u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

move towards successful execution. I don’t recall any other book that puts this across better, or provides more advice, or even explains it as well. Porter, Christensen, Kim, Collins, Rogers, Mankins are not only among the world’s foremost experts on strategy, but they also convey their thoughts supremely (well, I’ll admit that the article on Balanced Scorecard wasn’t the easiest of reads, but it still stayed within the realm of the exceptional as did the others). Truth be told, I would have gone for it just to read the first two seminal articles by Michael Porter (See how his theory of competiitve advantage applies to Indian CIOs. Turn to page 34) and the one on Blue Ocean Strategy. If you are serious about having a strategic vision, do pick up a copy. Better still order up a bunch and present them to your colleagues. And, if you don’t want to take my word for it, read on for why one of your peers thinks it’s worth a read. One low-cost airline flourishes while another fails in the same environment. A modest trucking company takes on truck titans in Detroit and Europe, thus creates a formidable reputation. A single organization represents the leap in quality for an entire country. How does all this happen? These issues are compellingly taken up in this compilation of Harvard Business Review articles, an illuminating guide on how brands or

HBR’s 10 Must Reads on Strategy

Publisher: Harvard Business Review Press Price: Rs 550 companies succeed. In the first half, arguments are advanced by gurus such as Michael Porter to look beyond current business for long term survival. In the latter half, Robert Kaplan and others articulate the art of effective execution. If over-used jargon like five competitive forces, core ideologies, blue oceans and balanced scorecards have become blind spots for you, the examples in the book will help make sense of why we should care to understand and implement them. Therein we find the true meaning of muddied terms like strategy, decentralization and decision making, all of which have been made frustratingly generic through hype and overuse. Backed by actual corporate cases and persuasive logic, the book leaves a deep impact and is a comprehensive and valuable guide for all business strategists. Definitely worth a read. S. SRINIVASAN, CIO, Sundaram Fasteners

Sounds interesting? We invite you to join the CIO Book Club. CIO Send feedback to editor@cio.in

Vol/7 | ISSUE/04

2/10/2012 5:00:00 PM

SUB-ZERO TEMPERATURES. ANALYSING GLACIAL MOVEMENTS. NO TIME FOR COLD FEET. THE LENOVO® THINKPAD® IS BUILT TO TAKE ON ANY CHALLENGE. REASON WHY THE CENTRE FOR SEVERE WEATHER RESEARCH (U.S.) RELIES ON IT FOR ITS CRITICAL MISSIONS. ■ ■

■ ■

Passes 8 military-grade tests Built-in innovations like Active Protection System™ and spill-resistant keyboard Boots up in under 10 seconds with RapidBoot Technology Powered by 2nd gen Intel® processors

WWW.LENOVO.COM corpsales@lenovo.com This image is a creative representation and not an actual shot. † IDC's worldwide Quarterly PC Tracker, November 2011, for shipments in the Jul. – Sep. 2011 period to businesses of 500 employees or more. © Lenovo 2012. All rights reserved. Lenovo, the Lenovo logo, For Those Who Do and ThinkPad are trademarks or registered trademarks of Lenovo. Microsoft and Windows are registered trademarks of Microsoft Corporation. Intel, the Intel logo, Intel Inside, Intel Core and Core Inside are trademarks of Intel Corporation in the U.S. and other countries. Lenovo reserves the right to alter product offering and is not responsible for photographic or typographic errors. Product images are just for reference and might not resemble the actual products.