CIo Magazine January 2012 Issue by Sreekanth Sastry

leadership

VOL/07 | ISSuE/03

Business

TechnologY

Vinod siVarama Krishnan, Jubilant Life Sciences, is involving more users as he readies for the slowdown.

Taming the Eight trends that will impact you in 2012 and how to tackle them. Page 38 PLUS: The year Ahead Survey 2012

jAnuARy 15, 2012 | `100.00 ww w.CIO.IN

Cover_Jan2012_Taming_Terror_final.indd 84

View from the top Sam Ghosh on ITâ&#x20AC;&#x2122;s role in a slowdown. Page 80

Cloud by design Applied Materials takes CAD to the cloud. Page 88

1/13/2012 6:21:24 PM

From The Editor-in-Chief

Publisher, President & CEO Louis D’Mello E d i to r i a l Editor-IN-CHIEF Vijay Ramachandran EXECUTIVE EDITOR Gunjan Trivedi Features Editor Sunil Shah Senior Copy Editor Shardha Subramanian Senior correspondents Anup Varier, Sneha Jha, Varsha Chidambaram Correspondent Debarati Roy Trainee Journalists Shweta Rao, Shubhra Rishi Product manager Online Sreekant Sastry

Pedal to the Metal

The IT departments that will see the slowdown off will do so by tempering their caution with a fair bit of aggression. New Year, the oldest holiday in the world, dates back almost 4,000 years to the Babylonians. To them it signified regeneration, much like it does to us. To me, the New Year’s about making determinations and resolutions. In my case, they revolve around fighting the battle of the bulge (for the Babylonians this was a time for more prosaic issues like returning borrowed farm equipment and just having a good time). There is something about this time of the year that goes well with renewal and change and new directions to take. Given today’s economic climate, I believe it’s time to fundamentally shift our actions to reflect this reality, but not in any fearful, oh-what-is-coming-next way. I’m convinced, more than ever before, that waiting for the economic environment to set your agenda for you is hardly the way forward. In fact, quite the opposite. I believe that organizations that will see the slowdown off, and even prosper, will do so by tempering their caution with a fair bit of aggression. It’s these teams that will make a compelling case for continuing investments in IT by first empowering their organizations to work smarter and be more productive within the current framework. But where do you begin? And with what? That’s one of the reasons for this special issue. It takes a hard look at the eight trends (Page 38) that we feel are going to impact you as IT leaders this year, and what some of your peers have done about them. To zero in on these trends, we surveyed 304 CIOs and brainstormed with 207 other CIOs, CEOs and domain experts. And, that’s how we came to Economic Uncertainty, Strategic Outsourcing, BYOD, Enterprise Social Media, Cloud Computing, Advanced Persistent Threats, Enhancing User Experience, Big Data & Analytics. They’re not all about technology, but then neither is your role. Some interesting bonds connect them. For instance, we believe that the economic climate with change the way you source and deliver IT fundamentally this year. And, once you go down the seemingly unconnected paths of BYOD, Enterprise Social Media, Enhancing User Experience, the realization that they are so tightly coupled is incredible. Do let me know what you think of 2012, our predictions and this issue. Salud!

Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in 2

Custo m Pu b l i s h i n g Principal Correspondents Aditya Kelekar, Gopal Kishore Trainee Journalist Vinay Kumaar Design & Production Lead Designers Jinan K.V., Jithesh C.C, Vikas Kapoor Senior Designers Pradeep Gulur, Unnikrishnan A.V. Designers Amrita C. Roy, Sabrina Naresh, Lalita Ramakrishna Production Manager T. K. Karunakaran Ev e n t s & A u d i e n c e D e v e l op m e n t Vice President Events Rupesh Sreedharan Sr. Managers projects Ajay Adhikari, Chetan Acharya, Pooja Chhabra Asst. manager Tharuna Paul Senior executive Shwetha M. Management Trainees Archana Ganapathy, Saurabh Pradeep Patil Sales & Marketing President Sales & Marketing Sudhir Kamath VP Sales Sudhir Argula Asst. VP Sales Parul Singh AGM Marketing Siddharth Singh Manager Key Accounts Minaz Adenwala, Sakshee Bagri Manager Sales Varun Dev Asst. Manager Marketing Ajay S. Chakravarthy Associate Marketing Dinesh P. Asst. Manager Sales Support Nadira Hyder Management Trainees Anuradha Hariharan Iyer, Benjamin Anthony Jeevan Raj, Rima Biswas Finance & Admin Financial Controller Sivaramakrishnan T. P. Manager Accounts Sasi Kumar V. Asst. Manager Credit Control Prachi Gupta

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company. Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

IDG Offices in India are listed on the next page

J a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2

1/13/2012 4:48:40 PM

From The governing board

Gov e rn i n g BOARD Alok Kumar VP & Global Head-Internal IT& Shared Services, TCS

Time to Innovate The slowdown is an opportune time to pitch those out-of-thebox ideas you’ve been holding back for long. So people are talking about another slowdown. I believe a slowdown, like the one we are experiencing right now, is a great opportunity for growth and innovation. This is the time when CIOs can sit down with their senior management and get into a strong wicket by advising them on how to extract better efficiencies and improve the organization's productivity. Innovative resource planning is one way to get there. Today, people are scared to invest in large projects. If you’re delaying investments, then this is the time to re-look your resource planning. Through cost detailing and statistical tools CIOs can help companies control spends and enhance resource optimization. Also, when a client cuts his or her advertising spends, it has a cascading effect on advertising agencies like us, on channel partners, and the media as a whole. But if you’re well-prepared you’ll look at alternative strategies to manage that shortfall. This is a great time for companies to go out and acquire new businesses, to grow both horizontally and vertically. This is also an opportune time to pitch those outof-the-box ideas you’ve been holding back for long. One of the ways to do that is to tread into untapped areas. In advertising, you’re not allowed to have more than one client from a particular industry. However, that does not stop us from reaching out to new and emerging industries which have never been a part of our clientele. Ideation also helps us come up with new offerings and ways of delivering service. Also, digital media is growing phenomenally opening many new doors for innovation. I believe CIOs also need to invent smart strategies to renegotiate with vendors. If you’ve been hit by the slowdown, chances are your vendor has been hit too. I’ve seen that during tough times, you need to strengthen your association with partners. It has huge pay-offs in terms of better service and a host of value-adds which you realize in the long-term.

Amrita Gangotra Director-IT (India & South Asia), Bharti Airtel Anil Khopkar VP-MIS, Bajaj Auto Atul Jayawant President Corporate IT & Group CIO, Aditya Birla Group C.N. Ram Group CIO, Essar Group Devesh Mathur Chief Technology & Services Officer, HSBC Gopal Shukla VP-Business Systems, Hindustan Coca-Cola Manish Choksi Chief-Corporate Strategy & CIO, Asian Paints Murali Krishna K SVP & Group Head CCD, Infosys Technologies Navin Chadha IT Director, Vodafone Essar Pravir Vohra Group Chief Technology Officer, ICICI Bank Rajeev Batra CIO, Sistema Shyam Teleservices (MTS India) Rajesh Uppal Executive Officer IT & CIO, Maruti Suzuki India S. Anantha Sayana Head-Corporate IT, L&T Sanjay Jain CIO & Head Global Transformation Practice, WNS Global Services Sunil Mehta Sr. VP & Area Systems Director (Central Asia), JWT V.V.R. Babu Group CIO, ITC

Sunil Mehta is Sr. VP & Area Systems Director (Central Asia), JWT Bangalore: Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, Phone: 080-3053 0300, Fax: 3058 6065 Delhi: New Bridge Buisness Centers, 5th and 6th Floor, Tower-B, Technolopolis. Golf Course Road, Sector 54 Gurgaon- 122002, Haryana Phone: 0124-4626256, Fax: 0124-4375888 Mumbai: 201, Madhava, Bandra Kurla Complex,Bandra (E), Mumbai 400 051, Phone: 022-3068 5000, Fax: 2659 2708

4 j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 4

1/13/2012 4:48:41 PM

Middleware #1 in Application Servers #1 in Service-Oriented Architecture #1 in Identity & Access Management #1 in Enterprise Performance Management

Oracle Middleware Trusted by 100,000 Customers Worldwide

For more information, email salesinquiry_in@oracle.com or call 000 800 100 7789 / 080 4029 1298

Copyright ÂŠ 2011, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Print Ad Resize

22.23 x 27.6cm CIO Magazine (Full Page Ad)

PUB NOTE: Please use center marks to align page. Job No.: Headline: Date: Project: Type: Live: Trim: Bleed:

411M_CRP_No1Mdw_CIO #1 Middleware 10/07/2011 APAC Regional Fulfillment Magazine 20.32cm x 25.72cm 22.23cm x 27.6cm 22.86cm x 28.26cm

Fonts: Univers LT Std. 75 Black, 65 Bold, 55 Roman/Oblique, 45 Light, 67 Bold Condensed, 57 Condensed

PRODUCTION NOTES

READER

LASER%

RELEASED

10/07 2011

Please examine these publication materials carefully. Any questions regarding the materials, please contact Darci Terlizzi (650) 506-9775

contents january 15, 2012 | Vol/7 | issue/03

Taming The

Case Files

TERROR

88 | applied materials Cloud CompuTing How Applied Materials enabled users to access CAD applications from the cloud. by shweta rao

92 | vodafone india Web Crm Every minute of CRM downtime cost Vodafone India over 6,500 customers. In a fiercely competitive industry, that’s a number its CIO knew the company couldn’t afford. by debarati ebarati roy oy

COVER: P HOTO GRAPH BY K AP IL SHRO ff / COVE OVE R DESIGN ESIGN BY VIK AS K AP OOR & U N NIKRISHNAN AV

94 | dhFl

3 8

diSaSTer reCoverY When a fire breaks out in DHFL’s headquarters, head-IT, Satish Kotian’s disaster recovery strategy keeps the business afloat. by sneha Jha

38 | Taming the Terror

8 0

Cover STorY | Trends 2012 2012, by any measure, is going to be a hard year. But despite all the discouraging economic indicators, it doesn’t have to be a flashback of 2008—not if you’re forearmed. In that spirit, here are eight trends that will impact the Indian CIO this year. by t team eam CiO

75 | The year ahead Survey 2012 Cover STorY pluS Our first-ever Year Ahead survey, reveals what’s coming your way in 2012. From your salaries to your budgets and from the biggest tech buzzwords to your biggest challenges in 2012, our survey reveals all. by shardha subramanian & sunil shah

vieW From The Top: “it innovation is absolutely critical to us. it shrinks our cost base and improves access to end customers,” says sam ghosh, group CeO, reliance Capital.

6 J A n u A R y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 6

VOL /7 | ISSUE/03

contents

(cont.) departments 2 | From the editor-in-Chief Pedal to the Metal By Vijay Ramachandran

4 | From the Governing Board IT Strategy | Time to Innovate By Sunil Mehta, JWT

13 | trendlines

5 9 4 6

22 | alert

96 | Hacker, Stupid Hacker FeaTure | SeCuriTY Taunting tweets, provocative pics, iPad-spam chats—the stupid slip-ups that lead to high-profile hacker arrests. For the new year, we present you some of the most idiotic hacker blunders. Feature by Jr raphael

83 | Five Tech Projects to Boost your Career 52

CSO Role| You’re an IS Leader? Really? SME Security | The Asterix Complex

FeaTure | CIO Career Take the reins of any of these five forward-looking initiatives and become an IT hero in the eyes of upper management. Feature by dan tynan t

Columns 32

| The Cloud Cost illusion

Cloud CompuTing An eye-opening look into the cost ramifications—both those you have thought of and those you have not—of moving to a private cloud. Column by Bernard Golden

| a rogue’s gallery of CSos

underCover oFFiCer What makes a good CSO? Or, maybe more importantly, what makes a bad one? Column by Anonymous

8 J A n u A R y 1 5 , 2 0 1 2 | REAL CIO WORLD

3 6

alTernaTive vieWS: will it lose its hold Over mobiles? As more staffers use personal mobiles at work, will IT’s reluctance to play ball force businesses to officially work around it?

VOL /7 | ISSUE/03

Cio online

.in CIO adverTiSer index

Atos India

[ CI O ZONES ]

Bharti Realty BMC Software India

your information hunt stops here

Cisco Systems India

If you're like most people, your interests lie in a few specific areas. That is why we've created interest zones on cio. in. We have six zones including virtualization, BI, cloud, security, datacenter, communications.

[ BO O K CLUB ]

[ DEBATE ]

will mobiles be taken off the CiOs list of responsibilities in 2012?

We invited two CIOs to kick-start a debate on the role of the CIO in regard with mobile phones. Read all about it in Alternate Views (page 36). Which side are you on? We also have more debates for you on www.cio.in Who Should Lead Social Initiatives: CIOs or CMOs? Ayes Vs nays Are Users Ready for Self-Service IT? Ayes Vs nays >> www.cio.in/cio-debates

Ctrl S Datacenters

14 & 15

Dell India

IBM India

IFC & 1

Lenovo India Mphasis

IBC 35

Oracle India

Ricoh India SAS Institute (India)

7 79

Tata Consultancy Services

67 - 74

Toshiba India

11 & 12

Trend Micro India

Tulip Telecom

Tyco Electronics Corpn. India Wipro Infotech

9 46 & 47

Conversation starter Books have been known to spark conversations and on page 122 you can find the genesis of one. Learn what your peers think of a book and then visit the all new CIO Book Club section online and join the conversation with your peers.

>> www.cio.in/bookclub

[ Ca se File ] Cloud by design

How Applied Materials enabled users to access CAD applications from the cloud. seemed insurmountable.

>> www.cio100.cio.in must read @ cio.in

>> Alert: The Asterix Complex >> Column: The 5 Stages of IT Grief >> Feature: Five Tech Projects to Boost yyour Career

1 0 J A n u A R y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 10

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

VOL /7 | ISSUE/03

1/13/2012 4:49:29 PM

EDITED BY sharDha suBramanIan

new

hot

unexpected

Cut Better Deals with SAP It’s crunch time for many SAP customers looking to hammer out new software deals and contract renewals. Experts acknowledge that it might be difficult to persuade SAP to budge on certain things, such as annual maintenance fees for its applications, but

Vendor ManageMent

customers can take steps to improve their chances of getting strong returns on their investments in SAP software. Here are nine tips to help SAP users secure the best possible deals for both the short term and the long term.

illustration by photos.com

Take stock of your existing SAP investments. “If you’re in the middle of [negotiations], the best thing you can do to arm yourself is figure out your usage,” says Ray Wang, CEO at Constellation Research and a veteran SAP contract negotiator. You could drop unused licenses or move them to other applications.

Make SAP’s salespeople earn their money. “You want an account manager focused on ensuring your success and solving problems, not searching for new revenue opportunities,” says Forrester Research analyst Duncan Jones in a report. Contracts should compensate SAP salespeople for “aspects such as product adoption.”

(continued on page 16)

QUICK TAKE:

the Rupee’s Rollercoaster Ride

I t B u d g e t According to Gartner, IT spending in India is projected to increase by 9.1 percent in 2012. But, the rupee’s fluctuating fortunes is worrying Indian organizations. Shubhra Rishi spoke to Atul Kumar, deputy GM-IT, Syndicate Bank, to find out how currency fluctuations affects his business.

How is the fluctuating rupee affecting your business? This fluctuation in the exchange rate can create a substantial difference in the performance of a company. A major part of my role is to procure IT peripherals for managing the corporate network. We also buy close to 20,000 PCs a year. Now, since PC prices have gone up, and most of the high-end servers and routers are imported, we are paying 20 percent more than we paid earlier. Will it impact your investments in 2012? We are already over-running our existing budget. Our bank has 300 branches all over India and on top of that,

Vol/7 | issu E/03

Trendline_Jan012.indd 11

we are in the process of opening new branches for financial inclusion. Thus, it is impossible for us to postpone our decision to buy PCs. It’s a necessity. Will the sliding rupee adversely impact your IT budget in 2012? Our IT budget for the last year was around Rs 125 crore. And with the cycle completing in March, it has already over-run its actual cost by Rs 25 crore, thanks to this fluctuation. We will have to pay more than what we have been paying. Also, some vendors take advanatage of this instability and quote higher prices— much more than they have been impacted.

Atul Kumar

Which other sectors are likely to be impacted? I believe that pure IT organizations will be impacted the most. Unfortunately, consumer-driven companies can increase their cost during this fluctuation. It creates a massive impact on the consumer. Similarly, the automobile sector could also be affected. REAL CIO WORLD | J A n u A r y 1 5 , 2 0 1 2

EXECUTIVE VIEWPOINT

The Need is to Design Data Center

for Tomorrow but Deliver Today Most data centers are built for regular servers and equipment, but this is no longer sufficient. The rapid growth in business has meant that infrastructure is at a premium and most companies with captive data centers have already run out of space, power or cooling. P SRIDHAR REDDY, Chairman and Managing Director, CtrlS Sridhar has been recognised as the ‘Outstanding Enterprenuer of the Year by APEA, and has also won the ‘Karmaveer Puraskar’ from Icongo.

Having understood the data center business for many years now, what do you feel are the challenges confronting CIOs, with respect to datacenters? In the past few years, I have spoken extensively to CIOs from across business segments and understood that they all have almost the same concerns. Most data centers are built for regular servers and equipment with under 4kva per rack, but this is no longer sufficient. The rapid growth in business has meant that infrastructure is at a premium and most companies that have captive data centers have already run out of space, power or cooling. Connectivity, in a majority of data centers, is the monopoly of a few large telecom operators, resulting in difficult financial and service terms. Also with captive data centers, the problems of high capex and a constant drain of finances due to maintenance and manpower retention is a key concern. But customers have issues with third party data centers as well. What in your opinion, is the way forward? These issues stem from the fact that CIOs believe most third party data center vendors do not quite understand the

managed-service business very well or they have entered into unfavourable contracts that could also be very expensive. That the promise of managing data flawlessly, taking ownership and guaranteeing peace of mind is rarely met. Customers are looking for more. For instance, our data center in Mumbai offers a TIA Tier 4 certification along with the latest lean ‘Six Sigma’ model of operation. We maintain a constant bench strength of 50 people to handle all emergencies, and our services framework is such that we are never caught unawares. Accountability will always be top priority.

and issues with availability. How can this be avoided? The need is to design for tomorrow but deliver today. Gartner forecasts data center capacity in India to surpass 5 million square feet by 2012, a growth of 31% between 2007 and 2012. But the critical need will be to invest in technologies and plans that ensure that this growth is fed by constant power. By maximizing the utilization of space, incorporating in-built efficiencies and investing in technologies, we can make sure that no matter what the situation, the safety of data and uptime in businesses is always assured.

Is the need for green data centers and changing the way we run existing data centers a valid concern or just a trend that everyone is catching on to? Data centers do consume a lot of power but what we can do is plan and build them effectively to keep it to the minimum. For instance, in our Mumbai data center, we have invested heavily to create a highly efficient and green datacenter. We have done that by planning for double walls, BTU material, highly efficient glazing, centralized cooling, energy efficient transformers and UPS, LED lighting among others. Infact, our Mumbai data center is built for a PUE of 1.42 - the lowest rating offered in the country. While investing in these technologies is cost-intensive, the rewards and savings are worth it in the long run. And with governments and customers actively pushing for green solutions, we have long passed the phase of ‘green’ being just a trend.

As we usher in 2012, what do you believe are some of the drivers for the data center industry, both captive and third party, in India? That we are growing is a fact. India’s IT revenues amounted to $76 billion in 2011 with data centers taking a share of $2.2 billion. This year, third party data centers are estimated to make $671 million, registering a growth of 36.5%. However, the real growth will come from creating paradigm shifting propositions that bring a lot of business value for the clients. Take, for instance, the ‘DR on demand’ and ‘Private Cloud on demand’ services pioneered by CtrlS. These propositions enable clients to size their operations based on the actual need - which, in today’s business environment, is a huge advantage. With over 2 lakh sq. Feet, our Mumbai data center offers scalability for at least a decade without the huge capex burden that businesses dread. Our services framework adds in-depth knowledge of technologies like cloud computing and virtualization. I believe that CtrlS is very uniquely placed vis-à-vis our competition.

It is believed that 90% of companies will see a disruption in data center operations in the next 5 years due to power failures

CUSTOM SOLUTIONS GROUP CtrlS

EVENT REPORT

CtrlS Mumbai Data Center

Launch Event

The Mumbai data center offers the latest state-of-the art facilities to clients to host their mission-critical applications.

“We are usually very skeptical by nature, and never enter into a new venture especially with data centers, but having seen what CTRLs had made here, I am completely floored.” RAJEEV SENGUPTA VP-Infrastructure, HDFC Bank

“Our journey together has lasted more than a year now and we are extremely pleased with CtrlS. The support they have provided is phenomenal, considering that we are based close to this location and we have used their servers in Hyderabad.” BHARTI LELE CTO, L&T Infotech

trlS recently launched its new data center facility in Mumbai. This facility is India’s largest datacenter, spread across a huge 2 lakh sq. ft. (5000 racks). This state-of-the-art facility is in line with CtrlS’ vision of steady expansion of its infrastructure into the fast-growing cloud computing space which IDC predicts will grow by 40% annually through 2014 to a US$ 4.9 billion industry in the Asia Pacific market. With this data center, CtrlS has augmented its delivery network while providing additional geographic redundancy to new and existing customers. Presenting a detailed view of their efforts on setting up the Mumbai datacenter, Sridhar Reddy, Chairman and Managing Director, CtrlS, said that the Mumbai data center is built around four key thought processes. “First, we decided to be humble and visit the best data centers around the globe, meet with the experts who built them and incorporate them into our design process. Second, we wanted to set new benchmarks in energy consumption to save money for our clients and give back to society in the form of lower pollution. Third, we have built a product that eliminates the pain point associated with scalability in terms of space, power and cooling; a datacenter that customers can benefit from for the next 10-20 years. And finally, we want our data center to be a symbolic representation of the most impor-

tant asset of our knowledge economy – data. By building everything around a rack, including the pillars, spacing between and dimensions of our building, we want to showcase the importance we give to data, security and safety.” The data center offers the comprehensive set of facilities to its clients to host their mission-critical applications. “A new and unique feature of this data center is that it provides all CtrlS’ customers the flexibility to customize and set up their own datacenters as per their specific requirements. Also, given its immense scalability potential, clients don’t have to change their data centers every 3-5 years to accommodate their progressive growth plans,” he said. “With the launch of this data center in Mumbai, we have also taken a significant step ahead in consolidating our market share and establishing leadership position in this space in India”, said Sridhar. This data center is based on internationally recognized standards and boasts of ultra-modern facilities. It is India’s first and only data center to run on captive gas-based power plant and dual power sources, and boasts of Tier-IV standard availability of 99.995%. Apart from this, the data center is built like a fort and is protected by an 8-zone security layer which ensures maximum security and space for CtrlS’ clients. Its key

“We have seen CtrlS since their inception and we have been their customers for close to three years now. Their data center in Hyderabad and what it is today in Mumbai, are fabulous. The way they are scaling up is fantastic.” V. SRINIVAS CIO, Nagarjuna Group

safety features include its beamless design and double-layered heat-reducing walls, its crash-proof compound wall that can withstand impact of vehicle collision at 60 kmph, its high resistance to big earthquakes, its 5-layered, 2-hour fire-rated partition cross server rooms with thermal insulation, and its load bearing capacity of up to 2,100 kg/sqm. In all, this data center is built to take care of its clients business in a far secure and safer way than any other data center in the country, says Sridhar. This section is brought to you by IDG Custom Solutions Group in association with

How to Cut Better Deals with SAP (continued from page 13)

Harpoon

nasa is cooking up something new to help it research comets, those elusive balls of rock and ice: a cannon-fired harpoon. it sounds like something early sci-fi writers came up with before they thought up tractor beams, but it’s actually an ingenious idea. unlike planets and moons, comets and asteroids are relatively small objects that move quickly, so landing on them is pretty impossible. Even if you were to find an area on one that’s large and flat enough to land on, the astronaut or a space probe would almost immediately push off the surface again because of the space rock’s extremely low gravity. so instead of dealing with an overlycomplicated landing sequence, why not just fire a longrange harpoon to collect subsurface samples? nasa is currently testing the feasibility of using a harpoon with a six-foot tall crossbow at the Goddard space Flight center in maryland. the crossbow is technically a ballista—the sieging weapon (used to invade castles) used by the ancient Greeks—made of truck springs and halfinch-thick steel cable. nasa’s testing rig points downward into a 55-gallon drum filled with mixtures of sand, rock salt, and ice to simulate the surface of a comet. the crossbow setup allows nasa’s scientists to test-fire the harpoon again and again until they figure out how much launching energy they will need to penetrate a variety of surface compositions. the harpoon itself is comprised of two parts that are entirely hollow. the outer shell penetrates the comet with a hollow tip that fills with sediment as it digs down. the inner section is a sample-collecting chamber that is designed with a closing sample door. after the harpoon retrieves its sample, the chamber retracts from the outer shell—like a sword pulled from its sheath—and returns to the spacecraft by a wire. so far, this comet harpoon is just a poc that scientists are experimenting with, and there are no planned missions yet. however, the first space harpoon will be fired some time in 2014. —by Kevin lee

trendlInes

PoPular scIence

J A n u A r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Consider à la carte deals. If you buy on a product-byproduct or site-by-site basis, you might end up paying double the amount you’d pay in an enterprise deal, but the expanded choice and flexibility could make it worthwhile, Jones says.

Don’t lose sight of the big picture. If you’re hammering out a new deal, secure contract terms that address the application’s full life cycle, from purchase to implementation to eventual replacement, Wang says. You should even think about what-if scenarios, such as mergers and acquisitions.

Don’t use the L word lightly. Threats to leave SAP only work if you’re serious. “To get out of a contract, you need to be ready to leave,” Wang says.

Consider becoming an early adopter to take advantage of discounts—but be wary. SAP has been rolling out many new products recently, and sales reps are no doubt pushing those offerings hard, hoping to get customers with stable core ERP systems to open their wallets. But you should be aware that heavy discounts offered by an eager salesman might be offset by hefty annual maintenance fees over the long run, Wang says.

Have heart-to-heart talks with SAP. A strong relationship involves more communication than yearly contract talks. You should line up “strategic alignment” meetings that include top executives to “help clarify stakeholders’ opinions of SAP” and “enhance SAP’s opinion of you as a potential enabler rather than merely a negotiation adversary,” Jones says.

Get ready for 2012. According to Jones, it’s important to get a real handle on how crucial SAP is to your business overall before starting negotiations. —By Chris Kanaracus

Vol/7 | issu E/03

illustrat ion s by ph otos.com

NASA’s Comet

Think about bulk purchases. “We would [get] the best deals by accumulating multiple product purchases and negotiating hard down to the last minute,” says Tim Birnley, director of enterprise applications at SAP user Bentley Systems. Birnley also says users will “likely get a better deal in November than December.”

Google Currents: Electrifying! Google has released a free mobile app that pulls content from different websites into one place and lets people build what looks a bit like their own personalized online magazine. Google currents was released one day after a similar app called Flipboard was released for apple’s iphone. Flipboard has already been a hit on the ipad worldwide, and many people had trouble getting started with the iphone version when it came out, presumably because its servers were overloaded. one big difference is that currents runs on both android and apple ios devices, while Flipboard is only for ios. a common thread is that they allow people to select content from around the Web, such as news, photos, or their own Facebook and t twitter accounts, and arrange it on the screen in a way that lets them flick through the content. Google posted a video demo of its app in a blog post. it partnered with 150 publishers, including Forbes, al Jazeera, pc World and Zagat, to bring articles and other content to its app. it has all been formatted for the mobile devices to make it easier to navigate, watch and read. Google also launched some self-service tools to help smaller publishers, who might not have their own mobile software developers, to convert their content so it can be viewed through Google currents. —by James niccolai

CIOs in 2012: Bogged Down I t M a n a g e M e n t IT leaders from seven countries— including India—say increasing complexity of the business environment was their top concern in 2011.

Difficulty in achieving IT integration

47%

Shortage of time for strategic thinking/planning Overwhelming pace of technology change Risk and uncertainty due to volatile economic conditions 39%

45% 42%

72% Increasing

complexity of the business environment

source: state of the asian cXo 2011

Vol/7 | issu E/03

Mapping the African Safari e n V I r o n M e n t The Rainforest Foundation UK has unveiled a new open source tool to help prevent the destruction of African rainforests. The new website MappingForRights.org provides accurate interactive maps showing the location of communities living in the forest, and how and where they are using forest resources. It also includes the boundaries of strictly protected areas. The website, which is backed by a database of digital maps, builds on the results of many years work to map the existence of forest dwellers in the forests of the Congo Basin. The website was developed with the support of Oil Internet which specializes in the planning and production of information-rich websites. The database was developed by Faunalia, which specializes in providing open-source support and expertise to environmental and community-driven initiatives using geographical information systems. Simon Counsell, director of the Rainforest Foundation, says: “It is now widely understood that helping indigenous peoples and other local communities to protect their land is one of the best and cheapest ways to conserve tropical rainforests. “But the problem is that there are often no records even of where these communities are, or of which areas of forest they use or wish to protect.” The MappingForRights.org interactive website and database is built on free open-source software and allows access to hundreds of detailed digital maps, most of which have been prepared by forest communities themselves with training and support from the Rainforest Foundation. Multi-media content such as photos, videos and music provides insights into the lives of the communities, while the maps show areas important for activities such as subsistence hunting, gathering, fishing and cultural activities. The maps also show how inhabitants of the forest are threatened by logging, mining, and industrial plantations. MappingForRights.org will also allow communities spread throughout forest areas to relay geographically accurate reports or images straight into the map database, using smartphones or GPS devices and locally available computer services, to provide real-time monitoring of alleged illegal logging, poaching or land-grabs. —By Antony Savvas

REAL CIO WORLD | J A n u A r y 1 5 , 2 0 1 2

il lustratio n by p hotos.co m

trendlInes

a P P l I c at I o n s

vOICES:

NeW YeAR ReSOlUTIONS

trendlInes

as the new year dawned, team cio wanted to find out what some of india’s most forward-looking it leaders were planning in 2012. so we went to the cio Governing board and asked them what was the one thing they wanted to change at work—or in life—or one thing they wanted to see in 2012. here’s what they said.

ALOK KUmAR, VP & Global Head-Internal IT& Shared Services, TCS

ATUL JAyAWANT, President Corporate IT & Group CIO, Aditya Birla Group

“I would like to unleash the power of technologies such as mobility and enterprise social networking backed by big data to see my organization stay ahead of the curve.”

“The one thing I would like to change in 2012 is to make each one of us do one thing each day that makes the life of someone better and to appreciate, help, and make a difference without any expectations.

AmRITA GANGOTRA, Director-IT (India & South Asia), Bharti Airtel “I wish for a healthier year— both for the world and Indian economies, and for myself!”

ANIL KHOPKAR, VP-MIS, Bajaj Auto “I would like to see change in teams along the theme of the movie Zindagi na Milegi Dobara. Taking off from a line in the movie: Dil mein agar betabiya hai to zinda ho tum. Processes mein agar innovation ka discomfort hai to zinda ho tum!

J A n u A r y 1 5 , 2 0 1 2 | REAL CIO WORLD

DEvESH mATHUR, COO, HSBC “At the cost of sounding hackneyed, I’d like to make HSBC India a far more agile organization and make our bank the most preferred international bank for our customers.”

mANISH CHOKSI, Chief-Corporate Strategy & CIO, Asian Paints Considering the opportunities that India’s growth will provide in the next five years, I look forward to being a part of creating something that takes advantage of it. A new enterprise? Maybe. Or a new idea that grows within the enterprise.

Vol/7 | issu E/03

mURALI KRISHNA K, Senior VP and HeadComputers & Communication Division, Infosys

S. ANANTHA SAyANA, Head-Corporate IT, L&T “I would like to spend a larger percentage of my time at work in conversation with my end users in business and spend less time speaking with technology people.”

“nothing in this digital world is a closed caption! I’d like to promote a security conscious culture, at work and in the community. And work at leveraging collective intelligence.”

trendlInes

NAvIN CHADHA, IT Director, Vodafone Essar “I will focus on relationship building both at a personal and professional level this year. Alignment with business is very critical to a CIO. I think focusing on this will help dealing with perceptions, which is necessary to bring respect to the IT function.”

SANJAy JAIN, CIO & Head Global Transformation Practice, WNS Global Services “In 2012, I want to focus on helping my organization build new capabilities and service offerings that addresses our clients’ untapped transformation needs and help them outperform in their market place.”

RAJEEv BATRA, CIO, Sistema Shyam Teleservices (MTS India)

SUNIL mEHTA, Sr. VP & Area Systems Director (Central Asia), JWT

“I would like to improve my position as a trusted business partner. I hope to achieve this by fostering operational excellence and undertaking projects that create tangible business value and bring in revenue enhancing insights.”

“Think globally, uniquely and strategically and spend more quality time with the family.”

RAJESH UPPAL, Executive Officer-IT & CIO, Maruti Suzuki India “Instead of adopting a conventional approach to IT projects I’d like to take a different approach to managing the expectations of Gen y because our work force is transitioning from Gen X to Gen y.” y

Vol/7 | issu E/03

v.v.R. BABU, Group CIO, ITC “The bring-your-owndevice trend is becoming a reality. One big change that I would like to implement would be allowing individual-owned devices to connect to the corporate network and ensuring that enterprise security is not compromised.”

REAL CIO WORLD | J A n u A r y 1 5 , 2 0 1 2

researchers have developed one of the smallest electronic circuits, which could pave the way for smaller and more powerful mobile devices. scientific teams from mcGill university and sandia national laboratories said they’ve built a circuit that has two wires that are separated by the distance of 150 atoms. the circuits are built at a 15 nanometer level. researchers esearchers and industry analysts say the tiny circuit could lead to computer chips that produce less heat, along with more powerful and even smaller devices. “smaller maller circuits, if they can be brought costeffectively into production, mean smaller chips and [systems on a chip],” said patrick moorhead, oorhead, principal analyst at moor insights & strategy. trategy. “our “ devices, like phones, tablets, pcs pc and living room devices, can either do a lot more and provide a better experience or use even less power and become even smaller than they were before.” the he researchers focused on solving one of the biggest challenges in designing and building computer chips—the amount of heat generated by integrated circuits. Dan olds, lds, an analyst at the Gabriel consulting Group, said,“this kind of research also uncovers other potential problems arising from ever smaller shrinks. Getting to 15nm or 16nm will mean

trendlInes

deVIces

smaller and more powerful devices that are more energy efficient. but when we’re talking about such a small scale, designing chips that can be mass-produced with decent yields is quite a challenge. there will also be challenges for the design of devices that will use these processors.” on the positive side is the fact that these smaller circuits should offer considerably better performance than today’s chips and also should use less power, olds said. “Devices based on 15nm processes will pack more performance and functionality into much smaller form factors,” he said. “Functions that used to take two or more chips will be accomplished by one transistor-jammed processor.” olds and moorhead oorhead agreed that this kind of development could help extend moore’s law, the more than 40-year-old prediction by intel founder Gordon moore oore that the number of transistors on a chip will double every two years. “iff you can lower the power and heat, this allows more circuits to be populated in the same space versus prior designs,” moorhead oorhead said. ““this effectively extends moore’s law ... and nd by shrinking die size and power within the same performance band, this could effectively enable performance levels of a tablet today to be brought into a device like a watch or even jewelry.”

—by sharon Gaudin

LinkedIn: Break the Glass Ceiling with a Mentor career According to professional social network LinkedIn, mentors play a key role in helping women “shatter the glass ceiling.” In a new study, however, LinkedIn found that nearly 20 percent of respondents never had a mentor. “Tooting your own horn is just one of the many ways you can increase the likelihood that you’ll shatter the glass ceiling and snag keys to that corner office,” says LinkedIn’s Connection Director, Nicole Williams. “If you’re uncomfortable speaking up about your accomplishments, then often times, your best bet is to seek out a sponsor or a mentor in your office who can vouch for you.”

CIO.IN

Trendline_Jan012.indd 16

J A n u A r y 1 5 , 2 0 1 2 | REAL CIO WORLD

For people seeking a mentor, Williams offers these four tips to set you on the right path. 1. What are you looking for? Be sure you know what you’re looking for in a mentor, whether it’s having the insight of an expert to help answer questions or finding someone you want to emulate. Williams says to start with a goal in mind because the better you’re able to define what you’re looking for, the more apt you are to find it. 2. Think outside the box. Mentorships don’t have to be formal, Williams says. In thinking that way, people tend to miss out on potential mentors that may be right under their noses.

3. Just ask. Williams says that unless someone is actively seeking a mentee, you have to be proactive and set the grounds for the relationship. “Don’t make it sound like a death sentence,” she says. “Mentorship is responsible work but if there isn’t a promise of fun or initiative on your part don’t expect your would-be mentor to embrace the opportunity to help you.” 4. Reciprocate the relationship. Mentorship is a two-way street. Don’t expect them to do the heavy lifting for you—be sure to make it easy on them, and make sure you show that you’re grateful for their time and guidance. —by Kristin burnham

to find the hottest jobs in the indian market visit itjobs.cio.in

Vol/7 | issu E/03

illustration by praDEEp Gulur

Tiny Circuit, double Power

c o m p i l ed by D e b a r at i R oy

Best Practices

Security Still Sucks

trendlines

Significant number of Indian enterprises aren’t taking their security seriously enough, leading to huge losses. After the sophisticated series of security attacks we’ve seen in 2011 (Sony, RSA and Citi, to name a few), you’d figure that Indian organizations would take their security more seriously. But some things don’t change. That’s according to the Indian results of the PricewaterhouseCoopers Global Economic Crime Survey 2011, which unearths sad acts of negligence. The survey shows that a quarter (26 percent) of Indian organizations say their CEOs and boards review cyber-crime related risks on an ad hoc basis only, another 26 percent have no clue whether such reviews are done. Worse, 35 percent of fraudulent activity is only detected by chance, like tip-offs for example. Unsurprisingly, 24 percent of Indian respondents say that they have experienced cyber crime in the last 12 months, and 12 percent have suffered losses more than $5 million (about Rs 22 crore). The survey also points to the growing number of Indian organizations—6 percent in 2009 compared to 10 percent in 2011—that are blissfully unaware whether their organizations had been victims of a crime in the last 12 months. The low level of security preparedness also manifests in other metrics.Forty-six percent of Indian respondents say that they don’t have a process for controlled emergency network shutdowns. Only 43 percent have a PR plan to deal with damage control. Almost 35 percent have not had security training in the last 12 months.

Get in their face. A full 51 percent of respondents say that face-to-face security training works best for them.

Move beyond run-of-the-mill methods like flyers and e-mails to interactive mediums such as short films and cartoon strips to raise awareness.

Embed a culture of cyber awareness by recruiting personnel with relevant skills. These staffers can then share knowledge with other employees and create ‘cyberawareness’ to protect your organization.

Security: Just Going Through the Motions Frequency of risk review by senior management 40%

26%

Annually or more often

Ad hoc basis

Financial loss due to economic crime 56%

Upto Rs 45 lakh

20%

Between Rs 45 lakh and Rs 22 crore

12%

More than Rs 22 crore

Types of training received to prevent cyber crime Human-based events (presentations/workshops) Computer-based training

26%

Not at all

Don’t know

50% 40%

E-mail announcements/posters/banners

35%

No training in last 12 months Source: Global Economic Crime Survey 2011

Vol/7 | ISSUE/03

Trendline_Jan012.indd 17

REAL CIO WORLD | J A n u a r y 1 5 , 2 0 1 2

1/13/2012 3:19:16 PM

alert

Enterprise Risk management

You’re an IS Leader? Really? A Ahead of the Bell Curve

IMAGES by PHOTOS.COM

surprisingly high— unreasonably high, in fact— number of organizations think their security program is part of the ‘vanguard’ of risk management. That was one unusual finding of this year’s annual Global Information Security Survey, conducted by CSO and CIO magazines in partnership with PricewaterhouseCoopers. More than 9,600 business and technology executives from around the world took the survey (350 from India). A full 43 percent of those surveyed believe their organizations are IT security leaders. The other categories respondents could choose from were strategist, tactician and follower. Obviously those enterprises, by definition, can’t all be at the forefront of security. “Most of these ‘leaders,’ in my opinion, have a false sense of their level of security,” says Mark Lobel, a principal in the advisory services division of PwC.

In an attempt to identify the organizations that might actually be information security leaders, PwC filtered the results according to four conditions it felt would qualify a company to deserve the label. First, the CISO had to report directly to a senior executive. Second, the organization had to have an IT security strategy in place and the ability to execute that strategy. Third, it had to have reviewed its security policy in the past year. And finally, if the company had suffered a data breach, it had to know the breach’s cause. Not too much to ask for, right? But under those criteria, less than 5 percent of respondents’ organizations actually made the cut.

The Wild West of the Enterprise findings

More organizations are insecure about the risk their endpoints represent than they have been in the last two years.

59%

Non-IT executives are not supportive of endpoint security operations

55%

Don’t have the resources to minimize IT endpoint risk Don’t secure mobile devices

42% 66%

About half of respondents reported suffering one or more breaches, and a third said they weren’t breached in the past year. Another 8 percent couldn’t tell whether they had been breached or not. The good news from those figures is that a growing number of companies believe they understand the security events happening on their networks, and know what applications or systems were infiltrated. However, that confidence doesn’t align with the increased sophistication of malware in recent years. “In our engagements and my conversations with peers, we are dealing with more organizations that are grappling with international infiltration,” says Shawn Moyer, practice manager of research consulting at Accuvant Labs. “Every network we monitor, every large

40%

The number of organizations say that collaboration between IT operations and IT security is poor or non-existent.

IT network security is not more secure than 2010 (or are unsure)

Source: 2012 State of the Endpoint Survey

Alert_Jan2012.indd 18

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/03

1/13/2012 1:21:52 PM

TREND MICRO IS #1 IN VIRTUALIZATION SECURITY*

NAVIGATE YOUR BUSINESS TO NEW HEIGHTS WITH CLOUD SECURITY SOLUTIONS FROM TREND MICRO

Trend Micro allows you to fully capitalize on the operational benefits of virtualization and cloud computing with innovative solutions for security and compliance. These include the first and only agentless antivirus, intrusion prevention and integrity monitoring solutions for virtualized datacenters and desktops. Additionally, our encryption and key management solution for public, private and hybrid clouds allows you to better manage and secure your data wherever it resides. The result is a true business advantage.

Learn more at trendmicro.com/cloud-security For more information, visit us at www.trendmicro.co.in Call: 1800 103 6778 Email: marketing_in@trendmicro.com Delhi: 91-11-42699000 Mumbai: 91-22-26573023 Bangalore: 91-80-40965068 *Sourced from: Worldwide Endpoint Security 2010-2014 Forecast and 2009 Vendor Shares, IDC

alert

EntErprisE risk managEmEnt

customer, has some kind of customized malware infiltrating data somewhere,” Moyer says. “I think there are a lot of executives out there with a false sense of security,” says one security manager at a Midwest manufacturing firm. “In our company, many upper managers simply choose to believe the reports that come in from the different regions. If those reports say that the systems are tight and secure, then that is management’s working assumption.” So it seems many organizations are over-confident about their security posture. What attributes, then, does an IT security program need to have to truly be ahead of the pack? “From a maturity perspective, if you have a senior manager or a junior executive who is designated as a security lead, that’s my number-one criterion,” says Eric Cowperthwaite, CSO at Providence Health and Services. Before you can consider your organization on the leading edge, “you have to have a security front-person, who’s recognized as such in your organization, and is high enough up in the organization to have actual authority,” he says. “Number two is to have a strategy, not just a road map

for what technologies you are going to deploy, but a strategy for how you are going to secure and protect your systems and data,” Cowperthwaite adds, an assessment that largely parallels PwC’s definition. The semantics of titles aren’t a major concern. Andy Ellis, CSO at Akamai Technologies, says, “I don’t think it matters what title you have. What matters is that you are efficiently reducing your risk according to your organization’s business requirements.” That’s hard to argue against, but few survey respondents could pass Ellis’ litmus test because so few are actually testing their security efforts. Consider this: While 63 percent of respondents have an overall IT security strategy and 85 percent employ a CISO or CSO, half or less of those surveyed are evaluating their efforts. For example, while 63 percent said they have an overall information security strategy, about 40 percent said they’ve established security baselines for external partners, and only 43 percent have centralized security information management processes. Similarly, low percentages of surveytakers have identity management strategies (41 percent), business

[OnE :: LinEr]

“the fact is, if you are dealing with BYOD, you are dealing with fire. You will end up burning your fingers, your hands, your clothes, everything. BYOD is an invitation to suicide.”

continuity or disaster recovery plans (39 percent), or risk-based authentication systems (34 percent).

Business impact Companies that don’t have a security leader, a strategy, and the ability to execute that strategy and measure their execution are likely to suffer more breaches than others—that seems obvious. But they may also be losing more business. That’s the argument made by Douglas Davidson, president and CEO of security services provider Jacadis. “Clearly, they miss [business] opportunities. We have small businesses that we work with that have been driven to follow a [standards]based security program by their bigger customers and business partners. They’ve actually gained revenues because they’ve created a competitive advantage through the security they put in place,” he says. How can security drive revenue? By using secure processes to gain partner and customer trust, and even to deliver new services to clients. Davidson cites a recent example: “There were several banks that needed the ability to send paper statements for printing, but most of the printers in the area were not able to secure the necessary processes. This one printer was able to build proper security around their services. They then won the banks’ business and were able to go out and sell that capability to other customers,” Davidson says. That anecdote shows that IT security isn’t a discipline practiced within a business; it’s an integral part of the business. “For any significantly-sized company, information security is a critical business function because information management is a critical business function,” says Cowperthwaite. Now if only more businesses would act as if IT security is critical to their business—or at least live up to their own mental images of their security efforts. CiO

Pavan DuggaL, aDvocaTe, SuPReme SuP couRT of InDIa George V. Hulme writes for CSO magazine, a sister publication to CIO. Send feedback on this feature to editor@cio.in

Alert_Jan2012.indd 20

j a n u a r y 1 5 , 2 0 1 2 | REAL CiO WORLd

VOl/7 | ISSUE/03

join the

In a connected and ever-changing world where technology-led business innovations are gaining momentum, companies that choose Cisco choose success. An organizationâ&#x20AC;&#x2122;s IT network is becoming more critical than ever before to accelerate business growth and reduce operational costs while dealing with an increase in demand by the workforce for video communication and use of any device, anywhere. At Cisco, we leverage on our unique Intelligent Network platform to deliver the most advanced and innovative Borderless Network Solutions for mobility, pervasive video communication and energy saving. Here is where everything works. Seamlessly, Intuitively and Securely with architectural scalability, bringing business benefits like superior stakeholder experience, greater productivity, investment protection and lower operating costs. It is the platform built to keep your business on the edge of innovation, now and into the future. And it is transforming how organizations of every industry and every size are doing business. Want to know how the Intelligent Network can enable you to overcome your business challenges? Visit ciscointelligentnetwork.in/cio to set up a meeting with a Cisco expert.

EntErprisE risk managEmEnt

The Asterix Complex

o small to midsize businesses (SMBs) think they’re somehow immune to security threats? It sure seems like it. If that sounds like Asterix, that’s the impression you could get from the results of a Symantec global survey that asked 1,900 SMB professionals responsible for IT what they know about security threats and how their companies prepare for them. While about half of all SMB managers who took the survey exhibited knowledge of threats such as keystroke logging, distributed denial of service (DDoS) attacks, website vulnerabilities and targeted attacks, exactly half—yes, a full 50 percent—indicated that they need not be concern about any of it. “We are a small business and are not targets for these types of attacks,” seemed to be the consensus. “They’re saying these things happen to other people, not them,” said Kevin Haley, director of Symantec security response, who admitted that he was surprised by some of the results of the SMB Threat Awareness Poll Poll, which defines the SMB as between 5 and 499 employees in size. Symantec, which sponsored the poll conducted by Applied Research, wanted to get a sense of how SMBs across the world and in many industries viewed security and how they combatted specific threats. Here’s what they found: While their understanding of risks was apparent, much of the time SMBs saw their organizations as somehow exempt from actual attacks, which they view as a problem mainly for big corporations. They didn’t spend much time preparing for potential problems. “Only 39 percent use anti-virus on every desktop,” Haley noted. “That’s striking right there.” He said malware, such as the banking Trojans used in cybercrime to compromise computers to make unauthorized funds transfers, are hitting smaller businesses. But SMBs see the news

j a n u a r y 1 5 , 2 0 1 2 | REAL CiO WORLd

headlines that show the Stuxnet worm hitting nation states and hactivist group Anonymous striking large companies, and they think, “That’s not me, I don’t need to worry about any of this.” They also don’t worry much about smartphones used in business being lost or stolen. Or take this for example: Only 20 percent think that a targeted attack would drive customers away, 36 percent believe that hackers could gain access to proprietary information, and only 46 percent say that a targeted attack could cause revenue losses. Other startling results of the survey show that only 67 percent of the SMBs bothered to establish login and password restrictions for online banking purposes, and 63 percent didn’t lock down machines used in corporate banking. SMBs vary widely in terms of the levels of expertise about security, Haley said, noting sometimes the individual

Cia’s tweet snoops

alert

in charge of security is also the person in charge of the phones. Sometimes it’s the business owner running the IT operations and security. The IT security industry in general has long been subject to hand-wringing over SMBs, fretting about how to build products specialized to suit smaller businesses sensitive to price points. Setting up hardware and management have been particular barriers where IT departments may be small, too. But the tide may be starting to turn with the advent of cloud-based security services, which typically alleviate the need for on-premises equipment, becoming more ubiquitous. Indeed, Gartner recently predicted that SMBs would be a big contributor to the growth of security services market over the next three years. CiO Ellen Messmer is senior editor of network etwork World (CIO’s sister publication. Send feedback on this feature to editor@cio.in

Twitter and f facebook are enabling the Central Intelligence Agency (CIA) to get reliable, real-time assessments of public sentiment during rapidly changing events around the world. According to the Associated Press, the CIA is monitoring up to 5 million tweets a day, poring over f facebook and blog posts, and watching other social networks from a nondescript facility in a Virginia industrial park. A CIA team known internally as the ‘vengeful librarians’, which numbers in the hundreds, gathers information in multiple languages to build a real-time picture of the mood in various regions of the world. The analysis is “sought by the highest levels at the White House” and ends up in the President’s intelligence briefing almost daily, the AP quoted doug naquin, director of the CIA’s Open Source Center, as saying. When a US navy SEAl l team killed Osama bin laden in Pakistan, for instance, analysts monitored Twitter to give the White House a quick view of world reaction, the story said. The tweets were broken down and analyzed by language and quickly showed that a majority of the tweets in Urdu, the official language in Pakistan, were negative, it added. A similar analysis of Arabic and Turkish Twitter traffic after the president gave a speech on Mideast issues a few weeks after the raid showed that a majority in the region thought that Obama favored Israel while Hebrew tweets expressed the opposite sentiments, AP said. — by Jaikumar Vijayan

VOl/7 | ISSUE/03

CUSTOM SOLUTIONS GROUP DELL

EXECUTIVE TALK

BREATHING EASY

AFTER TEST RESULTS To reassure its customer, Dell piloted UST Global’s virtualization applications with actual workload patterns, allowing the customer to select servers of his choice.

RINOSH JACOB KURIAN Enterprise Architect (IT Applications), UST Global Kurian has over 14 years experience in IT spanning from IT infrastructure, application development, project management to account management. In his current capacity, he heads Global Software Asset Management and reports to the CIO.

Why did you choose Dell as the technology partner for your datacenter consolidation journey? When we first designed our datacenter, eight years ago, it was done using the best practices of that time. However, there was constant demand to add infrastructure equipment. The datacenter was not able to accommodate servers in a way that optimized utilization. Some time ago we took the decision to design a new datacenter that would cater to the requirements of a development environment for UST. We also had to factor disaster recovery scenarios in the design. In our discussions with Dell, we found that they were willing to partner us through the whole journey, rather than look at it as an one-time opportunity to pocket the gains. Did you do a test the virtualization environment before the migration? A lot of our application owners were skeptical when Dell first mentioned virtualization. Dell conducted a scientific study on the servers we were using and brought in specialized tools to assess how servers in a virtualized environment would support our workload. A pilot test with a sample size of 120 servers was also carried out. The virtualization pilot also included simulating an environment with servers of different

brands. We were able to compare models with servers of brand A versus servers of brand B. Some of these tools were vetted by VMWare. Such a brand-agnostic partnership strengthened our faith in Dell. Since 2010, we are on VMware, having virtualized our 400 servers to around 1000 virtual machines. Our four datacenters are located at Trivandrum, Chennai, Los Angles and Denver.

storage provisioning is now significantly faster. We have quite clearly seen the benefits of server virtualization though. Earlier, an average server cost us US$2500 to US$8500, excluding software licenses. Now, a Virtual Machine costs, on an average, less than 2000 dollars including the VMWare and Microsoft licences. What is more, provisioning the servers takes less then 30 minutes.

How important is it for Dell did a scientific a global IT service proComplexity in the study of the servers vider like you to have a datacenter is resulting and used specialized robust datacenter? in slower deployment Datacenter requirements cycles. Comments? tools to assess in our industry are very Yes, complexity can inthe virtualized complex. Most of the times crease even with virtuenvironment” we log in directly to our clialization. The storage ents’ systems through our infrastructure that supdatacenter. Also, all our ports virtualization can internal processes are hosted over our four have highly complex requirements. Earlier, datacenters. A high level of uptime is, thus, the storage administrator had to calculate critical. We also have some of the best storour storage requirements for level 2 and level age replication devices with us. These invest3-storage, which was quite cumbersome. ments are a result of our commitment to With Dell Compellent Storage Center, the provide value add to businesses. task was automated to a great extent. Currently our server volumes are manageable, but over the next two years we may With a high data growth, how can a good consider Dell’s Virtual Integrated System datacenter strategy make a difference that (VIS) architecture to help improve datacenreflects on the balance sheet? ter efficiency. Requirements from clients for provisioning new servers can be very sporadic. We found that virtualization was the only option for a This Interview is brought to you by viable environment to provision new servers IDG Custom Solutions Group within four to six weeks. in association with Furthermore, we have evaluated the public cloud service providers but found that the necessary security safeguards are not yet in place. So we have decided to add Virtual Machines in our datacenter till the market is mature enough to handle our requirements. You have only recently embarked on storage virtualization. What are the benefits? Though we are not yet reaping the benefits,

Undercover Officer

Anonymous

A Rogue’s Gallery of CSOs What makes a good CSO? Or, maybe more importantly, what makes a bad one?

t takes all kinds, as they say, and believe me, I’ve seen ‘em all in the past 30-plus years. I’m talking about CSO-types. You know, the guys and gals like you and me who make a living out of measuring risk, protecting data and securing the enterprise. You’ve heard all the clichés before. Our personality types become cliché as well. Remember Wilfred Brimley in The Firm? A wholesome, ethics-laden pillar of the corporate community, he made a great poster child for Sarbanes-Oxley. And then there are the yahoos who keep the security role in the blue-collar ranks. The B-school executives see these security types and roll out the pigeonholes, while some CEO cop buffs think that hiring their local federal agentin-charge is the answer to modern security risk management. I can’t say that I blame them, though. It’s easy to create the stereotypes that inundate this profession. Where are the role models for businesses to follow when trying to establish the CSO position? And more to the point, who are the role models for our own up-and-coming CSOs to follow? Other Chief Whatever Officers seem to understand their own profiles. What’s wrong with us?

J A N U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

Anonimous_colunm.indd 2

If we truly want to help promote the value of the good CSOs, we’re going to have to cultivate some of the bad seeds:

The Chief Sympathy Officer This whiner complains to anyone who will listen that he “doesn’t get no respect.” It’s true, but is it any wonder why? He doesn’t know anyone in the corner office of the parking garage, let alone someone on Executive Row. As a result, his department gets handed every menial task imaginable.

The Knuckle-Dragger This CSO is intellectually uninspired and wonders aloud how some of his counterparts in other local Vol/7 | ISSUE/03

1/25/2012 12:55:02 PM

Undercover Officer

Anonymous

companies “do that.” By “that,” he means getting connected to business processes and being seen as a player in the corporate risk management scheme. He has reported to three different managers in the past three years, each time falling lower and lower in the pecking order. And no one in his company will know they’re in trouble until something hits the fan.

This guy is right out of central casting. He’s the sleazeball who got canned at a prior security gig for planting cameras in the women’s locker room in the company exercise facility. Tanned and fit, he dresses to the nines and starts every sentence with the word “I.” And if you dare to call him after hours in the event of an emergency, you have to yell to be heard over the bar crowd.

he has connections. Heavy lifting is limited to double martinis. He travels a lot in fact, his expense account seriously challenges the line-item for rent at our headquarters facility. The Golfer goes to every security conference, where he makes sure to have a tee time (with at least a half dozen of his former fed colleagues), while everyone else is back at the hotel learning from the academic programs. He thinks Sarbanes-Oxley is a rash you get in Thailand. Lucky for him (and his company), his number-two person is a great guy who gets it all done behind the scenes.

The Field Commander

The Geek

Former military with a capital M. Evidence of his rank however irrelevant to those around him can be found all over the walls of his office. His résumé spans five pages in seven-point type and reads like a study in national security. He petrifies the “troops” in HR with talk about “body count” and “intel.” And he refers to the CISO as “an educated idiot who has never heard the sound of gunfire.” He is the brother-in-law of a retired general who serves on the company’s board of directors.

Speaks a language with which I am not familiar. He lives in abject fear of a sort of techno Armageddon, and when you ask, innocently enough, “Hey, how’re ya doin?” he’s likely to blurt out, “We’re doomed! We’re all doomed.” He tends toward intellectual arrogance and fails to see security as a collaborative process “because nobody around here understands how really dangerous it is out there.” The geek writes off the physical security types as insignificant in the security scheme and really acts out when one of his techy contractors is led away for passing customer information to the competition (for whom he also works after hours).

Mr. Spandex

The Golfer Retired from some big federal law enforcement job, and he’s here because

The Spy

Security Mask To learn more about the CSO’s role read Broken Windows in the Boardroom on www.cio.in

c o.in Vol/7 | ISSUE/03

Anonimous_colunm.indd 3

Who are the role models for up-andcoming CSOs to follow? Other Chief Whatever Officers seem to understand their own profiles. What’s wrong with us?

Plays to the dark side of the CEO, and a brass plaque on his desk admonishes that you “Trust No One!” This guy makes Rasputin look like a choirboy. He’s sneaky, manipulative and more

than creative with the truth. He seems to fancy himself as the only honest person left in a world of liars and eventual felons. His biggest threat is that he has the ear of the CEO, and he has singlehandedly destroyed any vestige of trust and credibility in the security function. By the way, the reporting of potential internal misconduct has dropped to next-to-nil in his time here.

The Certified Expert in Everything Grandfathered into every discipline remotely related to security, this guy lives for the learning of the new professional association. His business card looks like the typesetter was on steroids. He attends at least one annual society meeting per month and now requires his team to take certification by exam.

The GunSlinger This is your consummate criminal investigator. He’s typically the first security executive ever in his particular company, having been recruited by the head of HR from the local police department. He’s not really interested in the business, nor does he have much time for “the suits.” The concept of “prevention” barely enters this CSO’s strategic plan. He lives for the chase and knows it will come someday.

The Raconteur He knows how to play to the prurient interests of his audience. He hasn’t met a security incident he couldn’t embellish with you-know-who in the starring role. REAL CIO WORLD | J A N U A R Y 1 5 , 2 0 1 2

1/25/2012 12:55:02 PM

Undercover Officer

AnOnymOUs

Ironically, he fires people for failing to label confidential material but brags about our corporate safeguards on airplanes, in bars, at conventions and wherever he can get an ear. When asked if he can do something to address an executive’s concerns, The Raconteur volunteers a history of accomplishments that rival Winston Churchill’s during WWII. Known in smaller circles of colleagues as The B.S. Artist, our storyteller is a reckless big-mouth who is being examined by outside investigators for libel and defamation arising from several prior internal investigations. You can probably mix and match the characteristics of several of these types to form your own assortment of characters. Some may be the butt of employee jokes, but that’s where the humor stops. These people are sending the wrong message to our general auditors and counsel, to human resource departments and

the corner offices. Worse, they may be putting companies at greater risk because of their shortcomings. In short, these fellow security-types are coloring the perceptions and expectations of an already fragile CSO position. We in the security arena are sometimes afraid to diss our brothers and sisters. A colleague asks us to support a new member of the club, and we ask no questions about his or her competency or ethics. (God forbid a former cop or federal agent trashes the application of a fellow alumnus.) Look at the number of corporations that have made the CSO job an automatic incumbency for one agency or another. And we call this raising the bar? Our information security brethren have done far better from what I have seen. That fraternity is just as strong as the CSOs’, mind you. But it tends to live in a more measurable world

ordered by physics, mathematics and the evil sciences. They have a common vocabulary and a clear set of accepted standards. Don’t get me wrong. I admire that order and respect their technical competence. It’s their narrow perspective on security that bothers me. At the end of the day, a lot of this stuff is self-correcting. My poster kids depicted above tend to get theirs at some point. But what damage they can do in the meantime to a corporation, its shareholders and the employees! They play to the dark side of corporate ethics or constrain demonstrations of what value security can really bring to the enterprise. Happily, in my long experience, I’ve found that there are a hell of a lot more of the ones I try to emulate than the ones who hold us back. CIO This column is written anonymously by a real CSO. Send feedback on this column to editor@cio.in

The Year Cloud Computing Shook the Data Center In a year of surging private cloud activity and major build-outs in public cloud capacity, the cloud’s promised simplification remains elusive.

Server Hosted VDI has Under-delivered: Virtual Computer

READ MORE ARTICLES ONLINE

Organizations have realized that VDI may not be the answer to all of their requirements. There is a demand in the market for Intelligent Desktop Virtualization over server hosted VDI solutions.

China racing to expand data center capacity China is building data centers at a rapid pace, but it may struggle to become a hub for international business.

From the Editor-in-Chief: Downpour Ahead

WWW.CIO.IN/ARTICLES

Anonimous_colunm.indd 4

The cloud, far from representing a radical shift, is just a way of sourcing and delivering IT to the business.

1/25/2012 12:55:02 PM

CUSTOM SOLUTIONS GROUP ATOS

EXECUTIVE VIEWPOINT

A NEW WAY OF WORKING A move towards more effective communication will need a re-thinking of the current communication modes.

MILIND KAMAT Chief Executive Officer of Atos India Milind has over 31 years of experience in the IT services industry in India. In 2007, he took over as the Chief Executive Officer of Atos Origin. The current company, Atos, is formed by the integration of Atos Origin and Siemens IT Solutions and Services on 1st July 2011.

How will Atos’ ideology of ‘zero email’ help businesses perform better? Employees receive so many emails today that it affects their productivity. A staggering 20 hours are spent weekly on email alone and our research proves that only 15% of internal emails are useful. In our view, email is on the way out as the best way to communicate and collaborate in business. We believe that by stopping all internal emails we will create a better working environment for our employees and free up the time managers have on hand. Both of these benefits will help Atos to better perform as a company. As an IT solution provider for the London Olympic Games, what are some of the challenges Atos has faced? Are the Olympics different from other assignments? In many ways delivering IT for the Olympics is much like any other project. The big difference is that you have the whole world watching you. Also, unlike other

Recently your company helped build an ecoefficient data center that provided the city of Helsinki with energy that is based on heat recovery. Are you working on sustainability projects in India too? Can you tell us about your consultancy with Sustainability is at the core of the Atos corAir France KLM where you will provide moporate strategy. Our second Corporate Rebile technology to keep its customers insponsibility report - published in line with the formed about their flight status? guidelines from the Global Atos is supporting KLM Reporting Initiative (GRI) to implement its new AIR “We believe the international standard FRANCE KLM Connect that e-mail, as for sustainability reportservice. This service ening - was rated Level A+. ables all of the Group’s the best way to Atos’ carbon neutral passengers, all over the communicate hosting services are the world, to receive realand collaborate in result of three key actions. time information about business, is on Firstly, addressing its their flights for a simpler, the way out” Power Usage Efficiency smoother journey. (PUE); secondly applying Atos is implementing global Carbon Audit the automated CRM platprogram applied to all its data centers form which provides a real-time marketing worldwide and thirdly engaging The Carbon mechanism that is completely customerNeutral Company, recently named Best oriented. The platform has a real-time arOffset Retailer by Environmental Finance, chitecture based on web services and into help compensate the carbon footprint terlinked to about 15 partner applications produced by its datacenters — 117,000t CO2 (customer databases, specific events such — through investment in a windmill turbine as baggage progress, changes to deparproject in the Thar Desert, India. The project ture gate, etc.). has been validated to the Voluntary Carbon The newly implemented platform alStandard (VCS) and the credits have been lows the airlines to inform customers by verified and registered on the Voluntary SMS and/or email, wherever they are in Carbon Standard registry, hosted by APX. the world, of any issues, such as delays and changes in departure gate, that might arise during their journey. The main techniThis Interview is brought to you by IDG Custom Solutions Group cal and functional challenge of this project in association with was to organize all of the communications in a secure manner, taking into account the full set of parameters to allow personalized contact with each passenger. projects, the other technology partners are chosen by the IOC and the London 2012 Organizing Committee.

Bernard Golden

Cloud Computing

The Cloud Cost Illusion An eye-opening look into the cost ramifications—both those you have thought of and those you have not—of moving to a private cloud.

ne of the topics most associated with cloud computing is its cost advantages, or lack thereof. One way the topic gets discussed is ‘capex vs. opex’, a simple formulation, but one fraught with meaning. At its simplest, capex vs. opex is how compute resource is paid for by the consumer of those resources. For example, if one uses Amazon Web Services, payment is made on a highly granular level for the use of the resources—either time (so much per server-hour) or consumption (so much per gigabyte of storage per month). The consumer does not, however, own the assets that deliver those resources. Amazon owns the server and the storage machinery.

The Current Argument

Illust ration by ph otos.com

From an accounting perspective, owning an asset is commonly considered a capital expenditure (thus the sobriquet capex). It requires payment for the entire asset and the cost becomes an entry on the company's balance sheet, depreciated over some period of time. By contrast, operating expenditure is a cost associated with operating the business over a short period, typically a year. All payments during this year count against the income statement and do not directly affect the balance sheet. From an organizational perspective, the balance sheet is the bailiwick of the CFO, who typically screens all requests for asset expenditure very carefully, while operating expenditures are the province of business units, who are able to spend within their yearly budgets with greater freedom. Summing this up, it means that running an application and paying for its compute resources on an ‘as-use’ basis means 32

J A N U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

coloumn_Controvercy_of_cloud_Computing.indd 26

Vol/7 | ISSUE/03

1/13/2012 6:02:34 PM

Bernard Golden

Think Tank

Private cloud will require that IT organizations be more sophisticated about managing load and shaping use. This is typical of any capital-intensive industry—think of airlines and the sophisticated yield management measures they implement. the costs run through the operating budget, while running the same application and using resources that have been purchased as an asset means the cost of the resources is a capital expenditure, while the yearly depreciation becomes an operating expenditure. It might seem obvious that the opex approach is more preferable—after all, just pay for what you use. By contrast, the capex approach means that a fixed depreciation fee is assigned no matter what use is made of the asset. However, the comparison is made more complex by the fact that cloud service providers who charge on an ‘as-use’ basis commonly add a profit to their costs. An internal IT group does not add a profit margin, so charges only what their costs add up to. Depending upon the use scenarios of individual applications, paying a yearly depreciation fee may be more attractive than paying on a more granular basis. The logic of this can be seen in auto use—it's commonly more economical to purchase a car for daily use in one's own city, but far cheaper to rent a car for a one or two day remote business trip.

The New Argument There is an enormous amount of controversy about whether the capex or opex approach to cloud computing is less expensive. We've seen this in our own business--at one meeting, when the topic of using AWS as a deployment platform was raised, an operations manager stated flatly "you don't want to do that, after two years you've bought a server." Notwithstanding his crude financial evaluation (clearly not accounting for other costs like power and labor), his perspective was opex vs. capex—that the cost of paying for resources on a granular basis would be more expensive than making an asset purchase and depreciating it. The move to private clouds added to the complexity of this. Heretofore, most organizations worked on the basis of one application, one server, so the entire depreciation for the server was assigned to one application, making the calculation of how much the capex approach would cost relatively straightforward. This became complicated with the shift to virtualization, in which multiple applications shared one server. Now yearly depreciation needed to be apportioned among multiple applications—and this could be even more complex if one attempted to apportion the cost according to something other than assigning cost by dividing the cost by the number of VMs on the machine. Trying to assign cost on the percentage of total

Vol/7 | ISSUE/03

coloumn_Controvercy_of_cloud_Computing.indd 27

memory used by an application, or processor time requires instrumentation and more sophisticated accounting methods, so most organizations just work on a rough "X dollars, Y number of VMs, each one costs X divided by Y." Today, though, organizations using compute resources don't want to pay a flat fee; after all, they may have transitory use, spinning up resources for a short-term test or a shortlived business initiative, why should they commit to a fiveyear depreciation schedule? Resource consumers expect to pay on an operating expenditure basis; after all, that's what's out there in the market. They want to pay only for what they use, no matter who the provider is. IT organizations are intrepidly preparing for this world, implementing private clouds and moving toward granular pricing of resources, a task made difficult, it must be admitted, by the fact that most IT organizations do not have accounting systems designed to support detailed cost tracking. So it will be the best of all worlds—resource consumers getting granular, use-based costing, IT organizations providing private cloud capability with support for sophisticated cost assignment, and no provider profit motive imposing additional fees beyond base costs. Or will it?

A Private Cloud Makes You an Airliner Here's the thing—for every opex user there is a capex investor. For every user who delights in only paying for the resources used, there must be a provider who stands ready to provide resources and offer them on an as-needed basis—someone must own assets. (For more on how your peers see this, turn to pg 54) For that asset holder, a key variable in offering prices is utilization—what percentage of total capacity is being used. To go back to that crude pricing formula, an example of cloud utilization is what percentage of a server’s total available processing hours are sold. The crucial factor is to sell sufficient hours—i.e., generate sufficient utilization—to pay for the asset. This means that IT organizations need to become much more sophisticated about managing load and shaping use. This is typical of any capital-intensive industry—think of airlines and the sophisticated yield management measures they implement. I have heard some people assert that utilization won't be much of a problem because most applications are not very volatile; that is, their resource use doesn't vary much. REAL CIO WORLD | J A N U A R Y 1 5 , 2 0 1 2

1/13/2012 6:02:34 PM

Bernard Golden

Think tank

Therefore, high utilization rates can be achieved in private clouds by building a cloud to support typical use plus some spare capacity to support occasional spikes in demand. I think this misreads likely experience—and extrapolates the past inappropriately. This belief underestimates this outcome: How application groups will react once they have absorbed the capability of cloud computing. For one, now that highly variable loads can be supported, application groups will begin creating more of these types of applications. Until today, because it was extremely difficult to get sufficient resources for these types of applications, people didn’t even bother thinking about them. Now that a highly variable load application is possible, people will start developing them. A second way this perspective underestimates future outcomes is that it fails to understand behavior changes as organizations learn that they can reduce costs by squeezing application capacity use during low-demand periods. James Staten of Forrester characterizes this as ‘down and off’, meaning cloud computing cost is reduced as ways to scale applications down or turn resources off. This cost reduction benefits uses, but causes problems for providers. Finally, the perspective that the cloud will be like past infrastructure use—mostly stable and low growth—fails to understand how price elasticity will affect demand. If cloud is cheaper, people will use more of it. We at HyperStratus, for instance, predict a coming explosion of applications. Again, this will affect utilization and capacity planning. Not everyone agrees with us, but the evidence is right before us: Datacenters bursting at the seams. No one would have predicted that when the first client-server applications were installed in a departmental computer sitting under someone's desk that we would live in a world with corporate datacenters running out of capacity—but we do. Cloud computing will result in the same explosion of demand. Count on it.

Private Cloud Will Change IT What are the outcomes of this shift to opex and utilization risk? Here are a few: Yield management will become a core IT skill. If users no longer bear utilization risk, the organization that does will have to carefully manage use to ensure sufficient utilization and financial viability. Buying equipment on behalf of someone is vastly different than buying equipment and selling it to someone and carrying the risk that insufficient sales occur. By the way, the historical 5-15 percent utilization rate of IT is scandalous; in 2009 A Private Matter people were decrying the historic low manufacturing utilization To learn more about how to rate as evidence of an economy in implement a private cloud read deep trouble? Ans manufacturing Road to the Private Cloud on www.cio.in c o.in utilization was at 69 percent! IT must do much, much better. 34

J A N U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

coloumn_Controvercy_of_cloud_Computing.indd 28

When the first client-server apps were installed, no one could have predicted that datacenters would run out of capacity. The cloud will result in the same explosion of demand. Count on it. We can expect some examples of high-profile IT disasters as cloud initiatives implemented on the basis of 70 percent utilization struggle to achieve 25 percent, with accompanying financial bloodbaths. Of course, high-profile IT disasters are nothing new in the industry, so perhaps this won't raise a ripple in an industry seemingly inured to failure. The important point is that pricing is directly related to utilization, so low utilization rates can pose one of two unpalatable outcomes: Going back to users and asking for much higher rates, or absorbing a large writeoff for spare capacity.

IT financial talent will be crucial for organizations operating private clouds. Being able to track utilization, set prices, market to raise demand, and implement pricing (and collection!) are skills most IT organizations do not currently need. That will change in short order. One might say that with the oft-predicted move to IT operating like a business, it will need to put all of the elements associated with running a business into place.

Risk management will be in a category of its own. The risk exposure of operating a capital-intensive business with financial exposure based on utilization is high--very high. Figuring out a way to manage that risk will be vital for IT organizations in the future. I recently ran across a startup called Strategic Blue that provides the equivalent of insurance swaps--protection against utilization risk by paying a fee to an intermediary. Just the fact that an entrepreneur has focused on this area indicates that the issue is present, perhaps more so than most appreciate. It's too early to tell how the company will do, but it's safe to say that cloud computing presents more risk to IT than traditional one application, one server ever did. As always, I continue to be fascinated by this development in technology, and convinced that more change—and benefit—lies ahead of us than we've seen over entire history of computing. In a sense, IT is moving to its next stage, where it operates as a core capability of companies, rather than a back office support function. That, however, will require it to operate with the same discipline and financial management of other core groups, so the issue of utilization risk is entirely appropriate for a more important IT role. CIO Send feedback on this column to editor@cio.in

Vol/7 | ISSUE/03

1/13/2012 6:02:34 PM

CUSTOM SOLUTIONS GROUP MPHASIS

EXECUTIVE VIEWPOINT

THE NEW PARADIGM IN OUTSOURCING With mounting revenue and cost challenges, finding the right partner is crucial in bringing about a transformation. sourcing industry, in terms of Tier 1 players, Are businesses that outsource their IT focusing is still geared mostly toward the large, comenough on strategy and risk management? prehensive multi-year deals. While some partnerships are truly strateMid-market companies can overcome these gic, where service providers genuinely share and other challenges by launching a successrisks and rewards of implementation, others ful relationship with an IT outsourcing provider. remain mere deals delivering straightforward One favorable development for mid-market objectives. Majority of the companies are carvcompanies is the emering outsourcing strategies gence of sourcing options based on informed deci“SLAs evolve into a such as cloud computing sions. A thorough research service management and software-as-a-serand study of the current sitapproach tracking vice (SaaS). These are uation of the company’s infunctionality, giving mid-market busihouse IT department, vis-ànesses new alternatives vis the cost benefit and RoI availability, and to manage their own IT reaped from outsourcing, is applicability that infrastructure, process vital during decision makare meaningful to and applications. ing. Simultaneously, most business.” MphasiS is one of the companies are applying key players offering endactive risk management to to-end solutions including any IT outsourcing project process, application, and infrastructure that starts with the scope and complexity of services across small, mid-tier, and large the solution itself. companies in and outside India. What can organizations do to develop an efHow can businesses exercise caution while fective sourcing environment? drawing up SLAs? There is a need to move from traditional outService level agreements (SLAs) are a critical sourcing relationships to value-based ones. component of value-based outsourcing as they The advanced approach can include mature determine responsibilities within the business service level agreement and program govrelationship. Value-based mature SLAs are ernance, and a value-focused methodology based on business drivers rather than technolto have a meaningful dialog with the client to ogy. They focus on measuring results based on help them achieve business goals. a Value Scorecard, linking IT service delivery Organizations today want to consider outto business requirements. SLAs evolve into a sourcing vendors that offer international experiservice management approach tracking funcence in areas such as application management tionality, availability, and applicability that are and IT value management programs. meaningful to the business. How can mid-market companies get Tier 1 How important is cultural compatibility for service without Tier 1 pricing? two parties in an outsourcing agreement? One of the biggest challenges mid-market Most major companies acknowledge the companies face today is that they operate in fact that the success of the outsourcing an ambiguous world of outsourcing. The out-

P A KRISHNAN, Executive Vice President, Emerging Geographies, MphasiS P A Krishnan has more than 28 years of experience in successfully managing business P&L, strategy, sales, services, manufacturing and acquisitions. He is responsible for spearheading MphasiS’ efforts in becoming the leading provider of IT-based business solutions in key emerging geographies - India, Sri Lanka, Indonesia, Philippines, Hong Kong and the Middle East.

project depends on quality management of the outsourcing relationship. Cultural compatibility between the company and the service provider is critical when it comes to outsourcing. There must be recognition within both organizations that this is a business relationship, and not just a project. The interactive and longer-term nature of outsourcing engagements requires the service provider’s staff to work at customer sites and involves significant interaction with the client’s employees. Organizations need to have values and norms of behavior that complement each other’s moral standards in order to maintain cultural alignment. Any culture clash can result in unhappy staff, which leads to unacceptable staff turnover, affecting service quality, delivery times, and overall costs.

This Interview is brought to you by IDG Custom Solutions Group in association with

Alternative Views

IT MAnAgeMenT

Will Business End IT’s Hold Over Mobiles in 2012? As more staffers expect to use personal mobiles at work, will IT’s reluctance to play ball force businesses to officially work around it? Two CIOs debate.

n my opinion, mobile devices are already out of IT’s bucket of responsibilities. This is a trend that’s been in the making for sometime. In the past, enterprise use of mobiles was restricted, mostly, to BlackBerry phones. And IT governed every aspect of mobile use, including the type, the model, and the kind of applications which could be used on mobile devices. Mobile policies, too, for the most part, were dictated by IT. But today, enterprises have a more mobile-agnostic approach; they are willing to embrace any type of mobile phone users bring. In fact, some enterprises are willing to look beyond—at other types of devices. That represents a considerable shift in IT perspective: From control to enablement. We’ve allowed employees to bring personal devices within the enterprise over 12 months ago, while carefully controlling

information access and processes. Currently, our IT usage policy allows devices to be used interchangeably: Official devices can be used for limited personal use, and personal devices can connect to enterprise applications with some boundaries. I believe IT needs to adopt a progressive approach—rather than a restrictive stance— regarding how information assets should be used. The truth is mobile devices have been more helpful in moving information quicker—and to a larger set of users—than any other end-user device. This has created the ability to act expeditiously; an ability some enterprises have begun exploiting. Importantly, the policy of those enterprises allows the use of diverse mobile devices, even those not deployed by IT. Security shouldn’t be a barrier. If the security stance of an enterprise is welldocumented and understood by users, a workable solution can be crafted.

“Mobile devices are already out of IT’s bucket of responsibilities. This is a trend that’s been in the making for sometime.” —Arun Gupta, CCA and Group CTO, Shoppers Stop

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Alternative_Views_Jan2012.indd 34

VOl/7 | ISSUE/03

1/25/2012 12:50:42 PM

Alternative Views

IT MAnAgeMenT

believe mobile devices will always be a part of the IT department’s responsibilities, and a part of the business organization’s architecture. At Radico, we buy mobile devices for our employees. In the future, we plan to equip our employees with iPads. For us, it’s not a headache to provide software or hardware maintenance services because that’s taken care of by the manufacturer. We don’t need specialized skill-sets to maintain these devices; it is easy to use since support is available. But proper workflow management needs to be devised if such devices are to be allowed. And that’s only possible under IT’s control. The reason is information security. This will always remain IT’s biggest concern given the proliferation of mobile devices. In my opinion, if you allow employees to access critical business applications on personal devices, security will be compromised. Organizations can benefit from a policy that allows users to take advantage of the increased productivity that mobiles offer in a safe manner. In general, a good bring-your-own-device (BYOD) policy acknowledges that the enterprise doesn’t own a device but does own the data. It is reasonable to require that this data be protected effectively.

“Mobile devices will always be a part of the IT department’s responsibilities, and a part of the business organization’s architecture.” —Farhan Khan,AVP-IT, Radico Khaitan A BYOD policy should include terms and conditions that cover data when an employee leaves the company, for lost or stolen devices, for a device configured to receive and transmit corporate data, for password authentication, encryption standards and technology framework, and also a list of devices to be allowed. Enterprises need to focus on adding value to core business capabilities through the tactical use of mobile solutions—but only where it makes sense. Blindly implementing a new trend will only put information at stake. Therefore, it is a good idea for IT to take responsibility of BYOD and encourage staffers to use an organization’s devices in order to keep an organization secure. CIO

As told to Shubhra Rishi Shubhra Rishi is trainee journalist. Send feedback to shubhra_rishi@idgindia.com

GE5BF:CEA=B; 6HF=B9FF

G<ECH;< >H8=7=CHF 5DD@=75G=CB C: =G

IN THIS ISSUE

/` P`[[`u GolT^Jll mk?^lP`k]?mT`^ T^ ?HmT`^ tTlTm www.cio.in/transformers

Alternative_Views_Jan2012.indd 35

67 | ENSURING ACCESSIBLE HEALTHCARE Aarogyasri is a unique community health insurance scheme formulated by the AP Government, under the Aarogyasri Health Care Trust, to bring quality medical care within the reach of the poor in the state. The Trust realized that the success of this scheme depended upon a web-based solution that would utilize IT to provide visibility, robustness, speed and transparency in operations. An IDG Custom Solutions Initiative

1/25/2012 12:50:48 PM

Cover Story

Trends 2012

Taming The

Terror 2012, by any measure, is going to be a hard year. But despite all the discouraging economic indicators, it doesn’t have to be a flashback of 2008—not if you’re forearmed. In that spirit, here are eight trends that will impact the Indian CIO this year. By Team CIO

Reader ROI: How the economy will impact your organization What strategies you need to deal with new tech and new threats The importance of focusing on both sets of customers

j a n u a r y 1 5 , 2 0 1 2 | reAL CIo WorLD

coverstory_tech_trends_2012.indd 44

VO O l/7 | ISSUE/03

Economic Uncertainty Heading Nowhere The economy is worse than it seems. Hear it from some of India’s top economists.

Strategic Outsourcing Hand in Hand Strategic outsourcing takes the center stage in 2012, here’s what to watch out for.

Bring Your Own Device Going to Work BYOD is going to be the next big thing. Here are three approaches to making it work.

Enterprise Social Media Vox Populi Why a growing number of your peers are planning for enterprise social media platforms.

What’s Coming Your Way 54

Cloud Computing Coming of Age Efficient, flexible, reliable. Here’s why 2012 is going to be the year of cloud computing.

Ad vanced Persistent Threat Taking It Down APT has arrived. CSOs share ways to defend your organization.

Enhancing User Experience What They Want End-users are going to want smarter apps, more intuitive interfaces, and increased control.

Big Data Big and Bold Big data is the newest star in the tech firmament. How you can tame the big data beast and tap its potential.

Brace yourself. 2012 isn’t bringing any good tidings. And if you thought the worst was over post 2008, you ain’t seen nothing yet. With each passing day, as the rupee hits a new low and inflation touches new heights, more and more organizations are running on reserve. And that means your job just got tougher. As CIOs you’ll be expected to deliver new products at a short notice, work on numerous small projects, and provide your organizations with that competitive edge. But here’s some reason to rejoice. To help you beat the odds, we present eight trends that are most likely to impact you and your organization in 2012. Economists, analysts, and CIOs from some of India’s most prestigious organizations share ideas and experiences that will come handy this time around. Here’s hoping you have a good one.

coverstory_tech_trends_2012.indd 45

1/13/2012 5:47:53 PM

ear

Ahead

Cover Story

Trends 2012

SPECIAL

Economic Uncertainty

StaticQuo Growing depression in Europe and the US, coupled with a spiraling rupee crises, inflationary winds, and poor governance, predict a gloomy economic climate for the country. By Varsha C hidam baram

Dharmakirti Joshi Director and Chief Economist, CRISIL, says financial troubles in the West have created a reduced demand for Indian products.

Ritesh Kumar Singh Subject Matter Expert (Economic & Trade Policy), Aditya Birla Group, says the weakening rupee should have made India’s exports more attractive but some of India’s exports need raw material imports, and their price is rising.

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 46

“2012 may mark the beginning of a new and

more frightening phase of the world’s worst economic calamity in three quarters of a century,” prophesized Joseph Stiglitz, renowned economist and Nobel laureate, blithely crushing faint hopes of a happy new year.

For corporate India, the 2010-11 recovery will seem like a mirage, vaporizing just as they get closer. This year will be a painful jolt back to reality as Indian GDP slips below 7 percent, the world economy teeters on the brink, and domestic challenges continue.

Foreign Exchange Desert Just over a third of the country’s $480 billion export industry is marketed in the US and Europe, and troubles there are having a ripple effect in India. “The Euro crises and the US gridlock have created a generally reduced external demand for Indian products,” says Dharmakirti Joshi, director and chief economist at CRISIL. Particularly affected industries, he says, are garments, textile, chemicals, software goods, and policy-dependant industries like mining and iron ore. Vol/7 | ISSUE/03

1/13/2012 5:47:56 PM

“FDI in retail would’ve been a welcome move. By withdrawing the proposal, we’re sending bad signals to foreign investors.” — R.K. Singh, Subject Matter Expert (Economic & Trade Policy), Aditya Birla Group “On top of that, India’s exports themselves are import-oriented,” says Ritesh Kumar Singh, subject matter expert (economic & trade policy), Aditya Birla Group, meaning that many of the products India exports are dependant on imported raw materials. This negates the advantage India’s exports should have given the weakening rupee. He points to copper goods as an industry which imports 99 percent of its raw materials. India’s imports however, are seeing no such drop in demand, given that most of India’s imports are inelastic. India, for example, depends on imported crude to meet 80 percent of its needs. And this year India imported a whopping 42.7 percent more oil than it did last year. The result? With less foreign exchange flowing in and more flowing out, India’s coffers are parched for foreign exchange. To make matters worse, India’s running a precarious current account deficit—made worse by an unscheduled borrowing the government made in the last week of 2011, of Rs 11, 000 crore. “India has to repay a total external debt of $137 billion that matures within 2011-2012. India runs a vulnerable current account deficit. Any shrinkage in the supply of dollars has a large impact on the rupee,” says Joshi.

The Weakening Rupee and Domestic Challenges Like Joshi says, the poor state of India’s foreign exchange has an impact on the rupee, which has dived by over 17 percent since July 2011. The rupee witnessed a low of 53.3 rupees per dollar in December making it the worst performing Asian currency in 2011. That in turn drives up the prices of India’ imports, which affects foreign exchange levels, creating a vicious cycle. At the same time, India is fast losing it’s reputation among foreign investors as a great place to park money. The Sensex, which has been the worst performing index globally, crashed 25 percent from its peak this year. And according to Bank of America Merrill Lynch, India is the least favored BRIC nation among global investors. “Given the nature of problem in the Euro zone, the risk appetite of foreign investors has come down; capital has flown out and fresh inflows are weak. The rupee, as a result, has depreciated and the access of our business’ to foreign capital has reduced,” says Shyamal Roy,

professor of economics and social sciences, IIMB. Part of the problem is the slow pace of India’s industrial expansion, turning off investors. “Industrial production is down, minus 5.1 percent overall and minus 6 percent for manufacturing,” says Joshi. None of this bodes well for India’s fiscal deficit. The finance ministry now expects India’s fiscal deficit to reach around between 5.5 and 5.8 percent of GDP this financial year, against a budget estimate of 4.6 percent. Given that the acceptable limit is 3 percent, India will need $50-55 billion to plug that hole—once again affecting its foreign exchange reserves. But not all of India’s woes can be blamed on the West’s uncertain economy. “The 2008 slowdown was the result of a global shock. The current slowdown is more because of domestic bungling,” says Roy. “If inflation is due to supply-side factors, like a shortfall in food production, mismanagement, waste, a lack of supply chain, cost and time over-runs the responsibility lies with the government,” says Roy. The burden of controlling inflation has fallen on the RBI. And it’s done a fairly good job of controlling the demand side of inflationary pressure (reducing the amount of money available in the market)—through aggressive interest hikes. “Everywhere in the world, if a central bank has to choose between price stability and growth, it will go for the former. RBI is doing what it should. It is the government which has failed in addressing supply side hurdles,” says Roy. That thought has made the phrase ‘policy paralysis’ very fashionable. In the face of such consuming worries, it appears that the government of India doesn’t have what it takes to introduce reforms the economy requires. The FDI in

The external debt that India has to repay in 20112012, possibly, impacting the rupee.

Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 47

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

P hoto by FOTO CORP

$137 billion.

1/13/2012 5:48:04 PM

Cover Story

Trends 2012

“India has to repay a total external debt of $137 billion that matures within 2011-2012. Any shrinkage in the supply of dollars has a large impact on the rupee,” says Dharmakirti Joshi, Director and Chief Economist, CRISIL

retail fiasco is one example. It is the same story with GST. “There are many reform bills pending with the government. However, the opposition is playing such an obstructionist role that nothing is getting tabled, forget being passed. Politicians mustn’t try to gain mileage at the cost of the economy,” says Roy. It would have been nice to see the FDI retail bill cleared, agree both Joshi and Singh, if nothing else but to signal that something is being done to attract more FDI in the country. The amount of attention—and government apathy—that the Lokpal Bill is garnering and upcoming assembly elections in five states including UP, will only push important reforms on the back burner. 42

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 48

When are things likely to look up? It’s hard to say, given the overlapping complexity of the problem and the multiple factors and stakeholders involved. The economy has reached this point due to a combination of bad policies and poor political will coupled with corruption and greed. But one thing is for sure, the way out of this hole will require government will. “Remember, the blissful run in the 2000s were largely due to the tough reforms taken in the 1990s,” says Singh. CIO Varsha Chidambaram is senior correspondent. Send feedback on this feature to varsha_chidambaram@idgindia.com

Vol/7 | ISSUE/03

1/13/2012 5:48:11 PM

ear

Cover Story

Ahead

Trends 2012

SPECIAL

Strategic Outsourcing

Hand in

Hand

Rajeev Batra CIO, MTS India (Sistema Shyam TeleServices), says a strategic outsourcing contract

Strategic outsourcing is taking the center stage in 2012. Here’s why your peers think so and what they suggest you watch out for. By Sneha J ha

has to be flexible enough to accommodate technology and business changes occurring during the period of the agreement.

Shailesh Joshi, head-IT, Godrej Industries,

says strategic outsourcing will help his company grow 10-fold in 10 years.

Vijay Sethi VP IS and CIO, Hero MotoCorp, believes that the maximum tenure for a strategic outsourcing contract is five to seven years.

Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 49

Joshi has just the strategy for that: Strategic outsourcing. It’s a practice, he believes, whose time has come. “In 2012, strategic outsourcing will witness a big leap. The business landscape is going through a sort of structural shift. As organizations chalk out aggressive growth plans they need to re-engineer their business operations and they cannot beef up their in-house teams to meet this objective. It’s a combination of the need to procure specialized talent and business agility that will lead to a spurt in strategic outsourcing engagements in 2012,” he says. REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

Photo by K apil shroff

Shailesh Joshi Head-IT, Godrej Industries,

is a very busy man. He is sketching out the operational blue print to buttress the ambitious growth plans of the group, which wants to grow 10-fold in 10 years. To meet this objective, the group, he knows, will need to notch up its business agility.

1/13/2012 5:48:14 PM

ear

Ahead

Cover Story

Trends 2012

SPECIAL

Joshi is not alone in his belief. According to CIO research, there’s been a jump, between 2010 and 2011, in the number of Indian CIOs who are outsourcing larger amounts. That’s a trend Vijay Sethi, VP-IS and CIO, Hero MotoCorp, says will only grow in the coming year. “The global economy will see some interesting times ahead. As the economic crisis deepens, organizations will have to move swiftly to restructure operations, disrupt the competition, and position themselves for future growth. If companies want to maintain a consistent growth trajectory they must boost their business agility, bolster their core competencies and build differentiating capabilities. Strategic outsourcing is the way to do that,” he says.

What’s Strategic? In his book, Strategic Outsourcing: A Structured Approach to Outsourcing Decisions and Initiatives, Maurice Greaver II says that an outsourcing initiative becomes strategic when it’s aligned with an organization’s long-term strategies, and when typical outsourcing benefits emerge over several years. “Strategic outsourcing takes outsourcing to a higher level by asking fundamental questions about outsourcing’s relevance to the organization and its vision of its future, and its current and

“If companies want to maintain a consistent growth trajectory they must boost their business agility. Strategic outsourcing can do that.” — Vijay Sethi, VP-IS and CIO, Hero MotoCorp

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 50

future core competencies, structure, costs, and competitive advantages,” he writes. Forward-looking outsourcing observers say that with strategic outsourcing, business strategy enters the equation and the corporate ‘big picture’ has to be considered, rather than individual projects or the required skill sets. This form of outsourcing also presents a company’s senior management to do some serious reengineering on the products and services offered. They also say that such an outsourcing model can be a wellspring of strategic business advantages. For one, it allows organizations to use their own teams to play a more business-oriented role. “Strategic outsourcing engagements free up in-house resources from the task of managing the nuts-and-bolts. The organization can then focus on improving its top-line, bottom-line, foray into new markets, chase growth in new segments, improve product quality, and maximize the wealth of its shareholders,” says Sethi.

Bridging the Difference But organizations who want to outsource strategically, need to be warned that it requires a change in mindset. Unlike tactical outsourcing, for instance, strategic outsourcing isn’t meant to lower costs. “Strategic outsourcing begins not with cost analysis but with value analysis. Strategic outsourcing sees a value map. The purpose of the map then switches from identifying processes that can be done more efficiently to identifying processes that yield the greatest business benefit to the company as a whole. The rationale behind the value-oriented approach is more complex then cost-efficiency math, but the results can be far more compelling,” says Sid Pai, partner and MD, TPI India, a global sourcing advisory firm. Sethi agrees. “Organizations should tap into the specialized skill sets of service providers to propel business transformation. The service provider should undertake innovative projects that promote change and drive business transformation that supports corporate objectives, enables new business models, and exploits new opportunities,” he says. A strategic outsourcing engagement also requires more deliberation. “A company must first take stock of the entire gamut of services and functions which are suited for outsourcing, and figure out which will offer quick wins, and which long-term benefits. Then it must establish realistic goals that will satisfy the best interests of the organization,” says Joshi. Even the way a strategic outsourcing contract is drafted is different. A strategic outsourcing contract must be comprehensive, clearly-defined and yet flexible enough to accommodate inevitable changes that will occur in technology and the marketplace during the period of the agreement, says Rajeev Batra, CIO, MTS India (Sistema Shyam TeleServices) who was intimately involved with the landmark Bharti AirtelIBM deal, as chief architect for IT at Bharti Airtel. Vol/7 | ISSUE/03

1/13/2012 5:48:16 PM

His view is endorsed by Sethi. “Strategic outsourcing is a long-term partnership. So you need to think a few moves ahead. The contract should have a clause stating that it should be reviewed every two years. In case you miss out something or there is a change in market conditions there should be a scope to modify the contract,” he says. He adds that the ideal tenure of an SO deal should be five to seven years because there will be significant advances within technology and cost structures during that time frame. Batra suggests seeking the help of an external advisory agency to understand the intricacies and nuances of a strategic outsourcing deal. “Enlisting the service of an outsourcing partner only after a series of consultations with an experienced thirdparty advisory agency makes business sense,” he says. Since strategic outsourcing needs to go beyond a transactional relationship, it is also important for CIOs to gauge the level of resource commitment of their partners and their risksharing capability. Batra has another piece of advice: “Sometimes, in their enthusiasm, organizations draw up a long list of SLAs. My suggestion to them is to create only five-10 SLAs that are business critical and easily measurable. The clauses need to be very tight and Rajeev Batra, CIO, MTS conditions foolproof,” says Batra. India (Sistema Shyam Another best practice, say CIOs, is to define TeleServices), advises an exit strategy. The contract should specifically CIOs to create only mention clauses for termination depending on five-10 SLAs that are business critical and convenience, breach of SLAs and force majeure, easily measurable—not and should state the consequences attached to a laundry list. an exit. Finally, in order to create a robust governance model, CIOs must identify the right set of people from their teams. People who have persuasive skills and are adept at vendor management, are a first choice. In addition, Sethi advises CIOs to set up a Program Management Office “As organizations focus on building core (PMO); a group of three or four people who manage the entire competencies they will have to play in an ecosystem relationship with vendors. “The PMO should have a wellof alliances with partners to provide scalability and business defined charter,” says Sethi. “The team should be a conduit agility,” he says. between the service provider and end-users.” Just the thing Joshi’s looking for. CIO All useful advice says Pai, who believes that slowing industry growth in 2012 will force companies to re-evaluate Sneha Jha is senior correspondent. Send feedback on this feature to sneha_jha@ their businesses and make them look at strategic outsourcing. idgindia.com Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 51

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 5:48:20 PM

EXECUTIVE

VIEWPOINT

THE FUTURE of IT ADOPTION Anand Sankaran, Senior Vice President & Business Head, India, Middle East and Africa IT Business, and Head, Global Technology Infrastructure Services, Wipro Ltd, shares his advice on how organizations can ride the high tide in a highly competitive and rapidly-evolving business environment.

ANAND SANKARAN Senior Vice President & Business Head, India, Middle East and Africa IT Business, and Head, Global Technology Infrastructure Services, Wipro Ltd Apart from carrying the P&L responsibility for Wipro Infotech, he also leads the Global Technology Infrastructure Services business for Wipro Limited. In this dual role, Anand is responsible for managing the 2.3bn USD business of Wipro Limited.

he only way organizations can have an upper hand over competition is by keeping pace with current developments and trends and using those developments to their advantage. The possibilities and developments are quite huge in number and hence, it is not feasible to get into specificities. However, there are four trends that are rapidly picking up and widely followed by industry leaders, ensuring them business rewards.

Innovation to Win in a World of Constraints The world of tomorrow is going to be built around constraints. As the world population has already touched 7 billion, with maximum incremental growth in countries which are resource-scarce, the world of constraints is very real. Application of effective technology will profoundly reshape strategy and business models across a wide range of industries. Businesses will have to rapidly redesign value chains to not only find the right customers, but to also reduce consumption and dependence on the constrained â&#x20AC;&#x2DC;resourcesâ&#x20AC;&#x2122;. The ability to spot trends, assess and apply IT to overcome these emergent challenges will determine the consistent success of various global organizations. Hence, successful enterprises will stand out for their ability to innovate in the constrained world.

Manufacturing: Increasing concerns about the scarcity of natural resources have combined with pressure from consumer, government and regulatory bodies to reduce consumption, and this is casting a spotlight on the need for manufacturers to improve efficiency and innovate new products. Networked smart assets can be utilized to manage and analyze use of these natural assets most efficiently. Smart controls can make machines in factories more efficient, thereby, reducing energy consumption. Energy and Utilities: Utilities around the world are deploying smart meters that can help customers shift electricity usage away from peak periods, thus, reducing the amount of power generated by inefficient and costly peak-load facilities. Smart grids can also improve the efficiency of the transmission and distribution of energy, and when coupled with energy storage facilities, could store electricity generated by renewableenergy sources such as solar and wind.

Financial Services: Financial and capital markets play a key role in economic and industry development. The growing concerns about natural resource crunch now dictate that financial service firms evaluate the environment risk factors of businesses in managing their credit flows. There is an increase in the number of compliance and legislation norms concerning environment-related li-

CUSTOM SOLUTIONS GROUP WIPRO

ability. Financial companies have to factor in all externalities into their internal trading, investment and lending activities. They will be significant catalysts in the growth of a sustainable economy. Sustainability risk assessment and financial flow control will become one of the core practices of financial institutions. This demands a lot of analysis for risk management and research that require comprehensive data integration and management, enabled by robust IT systems.

Business Agility through Variabilization of Operations and Technology As the pace of business change accelerates and organizations respond to shifting market conditions or more frequent M&A, IT leaders are often constrained by in-built investments and complex systems. Organizations have long recognized the adverse effects of complexity, but replacing these systems involves a substantial commitment of resources: hardware, new applications, and staff and vendor time. This means tangible benefits are often realized only in the long term. The imperative to maximize IT’s potential has led to increasing focus on new management models in variabilization of IT, enabling more differentiating investment for IT-based innovation. Variabilization of IT encompasses the bulk of an organization’s IT activities, applying proven management tenets – scale, standardization, and simplification – to drive efficiency, optimize delivery, and lower unit costs. In addition, other proven practices such as lean-management techniques have highlighted the value of IT in reducing waste and increasing productivity.

Benefits of Variabilization: Variabilization offers immense flexibility in outcome-based models, SLA-driven engagements, pay-peruse models and high-level engagement metrics aligned to strategic goals of customers. While customers leverage these principles based on their business needs and culture, service providers believe that embracing variabilization leads to a complete winwin situation for both themselves and customers. The potential of variabilization to increase efficiency, reduce costs, maximize responsiveness and benefits delivered to business users will be compelling for organizations to invest more in IT-based innovation. The combination of functional

productivity and business value creation will likely be a major competitive differentiator for customers.

Consumerization of IT Fueling Business Value Technology innovation is an important trend driving the global economy today. There is a lot of excitement around newer technology adoption. The excitement is more prevalent as it is sensed by the society and individuals rather than being limited to the walls of the enterprise. Increased acceptance and value realized by consumers through consumer gadgets, mobile apps, social media channels and the immense popularity of user-driven internet services are influencing technology vendors’ investment in taking innovative consumer

“ The potential of variabilization and the benefits delivered to business users will be compelling for organizations to invest more in IT-based innovation.” technology to enterprise products. Highend gadgets such as the iPad double up as personal devices, as well as enterprise devices because they are capable of supporting both simple apps for personal use and complex apps for professional use. Also, the fast-gaining popularity of the BYOD trend stands as an evidence for the inevitability of consumerization of enterprise IT, especially in the hospitality, medical care and manufacturing verticals. Thus, we see the advances in consumer market drive enterprise technology and its deployment today. There are two major drivers of consumerization. First is the fact that consumer spending for IT exceeds that of business spending, and second is the provisioning of IT services designed for consumers. The world’s largest data centers now service consumers, not enterprises. So, more innovation and technology resource deployment is occurring for consumer technology. Consequently, both consumers and the companies that build the best products for them, along with leading companies who realize the immense

innovation opportunities by integrating these solutions in enterprise systems will benefit from this tactic

Business Performance through Analytics Business leaders today need an insight into processes and results that will drive the right decisions to deliver sustainable business performance. Business leaders who master the process of capturing, storing, integrating big data into actionable business insights will continue to outperform competition. The incremental intelligence gathered by organizations traditionally has progressed at a slower pace than the information growth itself. However, what will help leading organizations to be better prepared for unpredictable scenarios in the era of information explosion is their ability to effectively use advanced analytics and performance management. Thus, the art of doing business in a better way needs continuous fusion of advanced science. We have observed that using insights derived from advanced analytics and performance management as a discipline has enabled organizations make more effective decisions. It delivers better outcomes to the bottom line and drives growth as well. In the case of a leading fashion retail client, Wipro’s predictive analytics tools helped them increase their sell-through rate and increase revenues by 16%. For the same retailer, we also helped reduce lost sales by an average of 31%. Many other models of taking effective decisions are emerging now, and organizations that have the vision to apply new approaches - such as advanced analytics and performance management - stand to gain competitive advantage.

This feature is brought to you by IDG Custom Solutions Group in association with

ear

Ahead

Cover Story

Trends 2012

SPECIAL

Bring Your Own Device

Going to

Work

Neena Pahuja CIO, Max Healthcare, has a BYOD project that allows most of Max’s doctors to view radiology images and lab reports on the device of their choice.

With more staffers and senior executives demanding the right to access work on their own machines, BYOD is going to be the next big thing. Here are three approaches to making it work. By Shubhra Rishi

Sudhir Reddy VP and CIO, MindTree, standardized his offerings to a 10-inch screen after a survey revealed that no one travels on work with just a phone.

Tushar Kasbekar VP-IT, Century Enka, says allowing the use of BlackBerries, tablets, and Android-based smartphones to senior executives allows them to working out of office.

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 52

Pop Quiz: What do you do with BYOD?

You could: A) Deal with it like the four-letter word it has become; B) Allow staffers to use their own smartphones / tablets / notebooks thus help reduce your hardware headache; C) Create a framework that leverages the power of user-centric collaboration; D) Do nothing, after all these trends come and go. If you answered ‘A’ or ‘D’, then you’re staring at one of the fastest spreading developments in enterprise IT, from the wrong side of the barrel. ‘B’ gets you marks for acknowledging some of the options, though it’s likely you only have an ad hoc strategy. And if you’re voting ‘C’, it’s going to pay off big, but will require a ton of planning. Vol/7 | ISSUE/03

1/13/2012 5:48:23 PM

Cover Story

The Bring Your Own Device (BYOD) juggernaut has been steadily gathering pace, but our research reveals that this year is when we’ll start to see separation between organizations that really want to nurture collaborative thought and those that are merely allowing employees to cart along their own compute devices. Truth be told, BYOD goes beyond policy or devices. It’s about acknowledging that the way staffers interact with apps and information is changing; and, it’s realizing that CIOs have been given a chance to change, quite fundamentally, how organizations communicate, collaborate and create value.

Trends 2012

Consider three organizations—Century Enka, Max Healthcare and MindTree. They all have different business imperatives, and, thus three distinct approaches to BYOD. Yet, all three embraced it to make life simpler for their employees, while taking productivity to a very different level.

Photo by FOTOCORP

Sudhir Reddy, VP and CIO, MindTree, has a bring-your-own-device strategy that’s been two years in the making and that dovetails with a larger standardization push.

Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 53

1/13/2012 5:48:28 PM

ear

Ahead

Cover Story

Trends 2012

MindTree has had the longest journey down this path, since its VP and CIO Sudhir Reddy flagged it off to senior management two years ago. While, Reddy wanted to simplify access to data, and reduce the gap between information and insight, his blueprint was also very ambitious. Reddy’s vision was to make the organization more employee-outward instead of corporate-inward. The first step was a consolidation exercise, which shrank MindTree’s app portfolio to 48. The process was itself a collaborative one, because Reddy’s team had to discuss the relevance of legacy apps with specific departments, build added functionalities into some apps, and jointly press the kill switch on others. The next step was to build PeopleHub, a single-window that allowed MindTree’s Minds to access all apps, be they transactional, communicational or social. It integrates all apps from mail, collaboration and discussion forums to HR and ERP, and does so with data continuing to reside in the datacenter and not on a client device. PeopleHub wanted to mimic the way people have gotten used to interacting with technology. “Search-enabled apps were becoming a reality and we wanted to make sure that we included that expertise,” says Reddy. Search for ‘holiday’ or ‘travel’ and PeopleHub will systematically pop up the holiday list for the year, travel policies, a leave or travel submission form, and, a list of seasonal deals that MindTree’s travel agents have brokered.

“We didn’t want to impose standardized mobile devices on our employees.” — Tushar Kasbekar, VP-IT, Century Enka

Based on a survey his team conducted, Reddy deduced that employees never travel without a laptop or a tablet. Referring to it as a ‘meet-meat-the-browser’ implementation, Reddy says, “We knew that smart devices were going to permeate the enterprise. So we standardized on a 10-inch screen—whether that’s a tablet, notebook or netbook—and pushed HTML5-based browsers.” PeopleHub’s framework integrated risk optimization from scratch whether it was putting a resolute NAC in place to ensure malwarefree end-points or it was about content-filtering to ensure that security and risk policies were not breached. Like Reddy, Neena Pahuja, CIO, Max Healthcare, also wanted to increase employee productivity. But, timeliness was equally critical. As she points out, in healthcare speed equals life. “We had a large number of doctors who were comfortable using an iPad or a BlackBerry,” she says. So Max Healthcare implemented a cloudbased solution which was initially rolled out for BlackBerries to view radiology images and lab reports at all 13 locations of the hospital in February, last year. “The idea was to be able to help a doctor serve a patient quicker,” say Pahuja. Her reasoning was that the productivity of doctors is highest on a personal device. Currently being used by 241 doctors, Pahuja facilitated the app on all models of BlackBerry, iPhones, and iPads. But it wasn’t possible without robust backend consolidation. “The job at the backend was to collate radiology images from all mortalities of the hospital to our two compact servers,” says Pahuja. But Pahuja says, “The main challenge of implementing BYOD is security.” Secure login to the app in a SaaS environment enabled a second level of security. Plus, radiology images and reports are only hosted for 48 hours. Her idea was to move towards hosted/cloud apps which bring in the right kind of security for any kind of device. “Since our implementation just touches a hosted application; end-point malware don’t touch our network,” says Pahuja. Tushar Kasbekar, VP-IT, Century Enka has also leveraged the cloud. With all of Century’s critical apps like CRM and ERP already on a private cloud, Kasbekar wanted to go further. “We wanted to encourage our employees to bring their own device,” says Kasbekar. Allowing the use of BlackBerries, tablets, and Android-based smartphones, senior executives, and Century’s extended enterprise, have the advantage of working out of office. “We didn’t want to impose standardized mobile devices on our employees,” says Kasbekar. His team developed an in-house security software called Celsoft and installed it on mobile devices used by over 100 senior executives. Kasbekar says, “These mobile devices give them access to only specific information which cannot be downloaded.” In order to make this viewing easier, Kasbekar and his team created a java application which served up the information according to screen size. “It’s a win-win situation,” says Kasbekar. BYOD, as you might note from these cases, is not just about policy or devices, it goes well beyond to leverage the twin trends of consumerization and collaboration in an enterprise. CIO

Photo by FOTOCO RP

SPECIAL

Shubhra Rishi is trainee journalist. Send feedback to shubhra_rishi@idgindia.com

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 54

Vol/7 | ISSUE/03

1/13/2012 5:48:32 PM

ear

Cover Story

Ahead

Trends 2012

SPECIAL

Enterprise Social Media

Vox Populi

Dhiraj Trivedi AVP, Revenue Management & Electronic Distribution, Royal Orchid Hotels, says enterprise social media has reduced communication

A growing number of Indian CIOs are creating enterprise social media platforms—and for good reason. It helps build internal efficiency, boosts collaboration, and increases customer satisfaction. By D ebarat i Roy

cycles from 24 to two hours.

Director and Global Infrastructure Practice Lead at Sapient, enables staffers to connect earlier and better, increasing productivity.

Sebastian Joseph EVP and Head Technology, Mudra Communications, built an enterprise social media platform that feels a lot like Facebook.

Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 55

‘The customer is king’ is so passé. The new

business mantra is: The customer is king and he better be on your Facebook page. And as a corollary to that, your internal customers better be part of your company’s social media strategy.

P hoto by Kapil shroff

Mohammad Wasim

That’s a reality Indian CIOs are beginning to realize. If they want to help their companies reach the next level, they need to harness people power for internal collaboration. Some are already on the path. According to CIO’s The Year Ahead Survey 2012, 24 percent of Indian CIOs are planning to implement collaboration tools for the enterprise in 2012, and 11 percent plan to do so in the next six months. “The ability to share and disseminate ideas and information, review work processes and have absolute visibility into what’s going on in the enterprise—at REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 5:48:35 PM

Dhiraj Trivedi, AVP, Revenue Management & Electronic Distribution, Royal Orchid Hotels, integrated the company’s Facebook and Twitter feeds into its Salesforce Chatter, so that front desk staffers know a customer’s food and drink preferences— before they check in.

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 56

The New Need How many great ideas can you recall that disappeared into oblivion because they were not actionable at that point, and lacked a place to hibernate until their time came? Now factor in the increasing number of people moving in and out of your organization. Where have all their ideas gone? Sebastian Joseph, EVP and Head Technology at Mudra Communications calls this ‘the loss of organizational memory.’ “Even the best of ideas need time to be nurtured. This

P hoto by Sujith Sujan

one go—is too tempting an idea to ignore,” says Dhiraj Trivedi, AVP, revenue management and electronic distribution, Royal Orchid Hotels. Mohammad Wasim, director and Global Infrastructure Practice lead at Sapient, agrees. “[Enterprise social media] is everything that an ideal enterprise should have. It’s replete with easily connected apps, and collaboration channels with the power to harness and harvest the possibilities of collective effort,” he says.

Vol/7 | ISSUE/03

1/13/2012 5:48:40 PM

“If CIOs want users to buy into their enterprise social media platforms, they need to let go of the top-down approach they are used to.” — Sebastian Joseph, EVP and Head Technology, Mudra Communications

takes time,” says Joseph. In the meanwhile, he says, e-mails don’t provide safe harbor for ideas. Neither is it the best communication channel to nurture ideas given the bureaucracy and lack of speed e-mail is associated with. This is what’s leading more CIOs to turn to enterprise social media. These platforms, say a growing contingent of CIOs, also helps elicit more ideas than traditional ways of collaboration. “We have noticed that shy people are more comfortable sitting behind a machine and sharing ideas rather than raising questions during the stipulated time frame of a meeting,” says Wasim. But enterprise social media is more than just a means to gather, store and nurture ideas; it can actually help drive business. At Royal Orchid Hotels, for instance, Trivedi empowered front desk staff by integrating the company’s enterprise Facebook and Twitter feeds into its Salesforce Chatter, creating happier customers, who return more often. “Now when a customer checks into any of our hotels, our employees know their preferences regarding food, beverages and other requirements,” he says. At Sapient, Vox (Latin for voice), Sapient’s social media platform, has ushered in a cultural change within the organization, says Wasim. “People traveling to other countries can now seek advice from colleagues who have been there about its work culture,” he says, adding that Vox is allowing staffers to collaborate and team-build even before they take off. That’s introducing some bottom line benefits. “We have noticed a significant change in people’s travel expenses and productivity gains,” says Wasim. Trivedi says that Royal Orchid’s enterprise social media push has increased efficiency. He points out how just by being able to assign, re-assign, and approve tasks on the move, enterprise social media has reduced communication cycles from 24 hours to two hours. It’s also given senior management the ability to assign tasks, and monitor which employees are working on it and how much progress they’ve made—all on a single platform. Trivedi’s roadmap for Royal Orchid now includes using iPads or iPhones for meetings, where a PPT can be uploaded on Chatter so that even executives sitting at airports can attend a meeting through a conference call. “If an executive isn’t comfortable speaking in a public forum, he can raise his points via chat, which is a component on the same meeting screen,” says Trivedi. Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 57

Taming the Shrew For all its benefits enterprise social media has its challenges. For one, it takes time to put together. Ask Joseph who built his social media platform in-house. He says he started sketching the outlines of the project two years ago. The project, which incorporates blogs, wikis, work groups, huddles and ideation apps and is designed to have a Facebook feel, is scheduled to go live in April of 2012. Today, the platform, which is in pilot, provides Mudra employees with a one-stop shop to create ideas, tag people, invite peers for group huddles, or keep tabs on tasks assigned to them and progress on a team project. Jospeh says that if CIOs want users to buy into such a platform, it has to work the way they want it to—a significant shift for CIOs who are used to top-down, centralized control of traditional software implementations. CIOs also have to be on board with being in a perpetual state of beta. That’s because like Facebook, enterprise social media systems need to be highly iterative, creative, and with users driving most of the change and innovation. “Building an application like this needs constant renovation, in look and feel and new features, which might require considerable in-house skills—not just technical but creative as well,” says Trivedi. Wasim advices CIOs to look for a person within their enterprises who can look beyond technology and into human behavior. “Companies that offer such tools have invested considerable amounts of time and research into understanding what works for employees,” says Wasim. “With feedback from your employees, you can integrate features to give them a more customized feel.” And that’s important because the customer is king. CIO

Debarati Roy is correspondent. Send feedback to debarati_roy@idgindia.com

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 5:48:46 PM

ear

Ahead

Cover Story

Presented By

Trends 2012

SPECIAL

Cloud Computing

Coming of

Age

Anil Khopkar

Efficient, flexible, reliable. Cloud computing has been pitched as the next big thing, but is yet to get its due. 2012 is going to be the year of the cloud.

VP (MIS), Bajaj Auto, believes that the public cloud can eliminate the limitations of

By Shweta Rao

the private cloud by providing capacity-on-demand.

Dharmesh Rathod Project Lead-cloud implementation, AEGIS-IT Infrastructure Project Group, Essar India, says 2012 will witness cloud projects of large magnitudes.

R.D. Malav VP-IT, Jindal Polyfilms, says the cloud has the ability to provide enterprises with benefits of cost and time.

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 58

If you’re still skeptical about that cloud SLA

lying on your table, you risk being left behind. That’s a message your fortune cookie is most likely to read in 2012. It’s a fact that more companies are choosing Internet-based services like the cloud over internally managed servers. And more organizations are moving to hybrid clouds than they ever did. This isn’t just based on gut. According to CIO’s Cloud Computing Survey 2011, the number of enterprises that didn’t have cloud implementations as a part of their technology roadmap has shrunk considerably since 2009. While 19.7 percent of companies were disinterested in the technology in November 2009, the same number reduced to 13.2 percent at the start of 2011 and degenerated to the statistically insignificant 1.3 percent by November 2011. That’s a clear indication of the fact that more CIOs are recognizing that the cloud has come of age. “The cloud has definitely moved beyond just virtualization and Vol/7 | ISSUE/03

1/13/2012 5:48:49 PM

Dharmesh Rathod, project lead-cloud implementation, AEGIS-IT Infrastructure Project Group, Essar India, says that the company already has four of its business apps running on a public cloud and VDI on a private cloud.

has now matured to encompass all major setups in the horizontal plane—be it virtualized or not,” says Dharmesh Rathod, project lead-cloud implementation, AEGIS-IT Infrastructure Project Group, Essar India. And that’s increasing the number of cloud implementations in enterprises. According to CIO’s cloud survey, in 2009 only 4.2 percent of Indian CIOs had cloud projects running in their organizations. But that number jumped to 29.2 percent in January 2011—and to 63.6 percent last month, according to CIO research. Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 59

Rush Hour There’s more than one reason why CIOs are quickly queuing up to get their enterprises on some form of the cloud: private, public or hybrid—and why they are keen now. The fluctuating economy has put IT departments under pressure to deliver new products and IT services throughout the year, rapidly, and at short notice. That’s why CIOs are turning to the cloud to provide businesses with that edge. REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 5:49:02 PM

ear

Ahead

Cover Story

Trends 2012

SPECIAL

Then there’s the regular churn at the mid-tier level that leaves a gap in terms of competency within IT departments. Moving to the cloud could help organizations make these problems more irrelevant. Also, as more and more companies opt to focus on their core business, they will turn to outsourcing and managed services. And this, in turn, will encourage the public cloud. “Advertising, marketing, media and campaign management, for example, are global favorites to be introduced to public hosting,” says Biswajeet Mahapatra, research director at Gartner.

Suiting Up for the Cloud There are as many—and more—benefits of moving to the cloud as there are causes. About 75 percent of Indian CIOs cited scalability- on-demand, cost, and flexibility to the business as the primary reason for moving to the cloud. “Frequent upgrades to existing infrastructure is the new norm today. So, the lifecycle of an IT product plays a crucial role. The cloud, hence, is a better option as it saves costs and time,” says R. D. Malav, VP-IT at Jindal

“The needs of various customers are shared efficiently through a public cloud in the very nick of time. The key here is capacity-on-demand.” — Anil Khopkar, VP (MIS), Bajaj Auto

Polyfilms. Malav also falls in the bracket of CIOs that are running mission-critical applications on the cloud. The company’s ERP and CRM run on a private cloud, while its mail management system sits on a public cloud. This hybrid model will soon become the norm. According to CIO’s survey a little over 70 percent of respondents favor the hybrid model, with just 37 percent preferring private clouds. That’s because a standalone private cloud can only do so much. Its limitations, says Anil Khopkar, VP (MIS) at Bajaj Auto, come to light when organizations are in dire need of capacity and are restricted by costs. “The needs of various customers are shared efficiently through a public cloud in the very nick of time. The key here is capacity-ondemand,” says Khopkar. He has migrated the company’s CRM to a private cloud and has moved his mail system to the public cloud. Another proponent of the hybrid model is Essar India. With its VDI running on a private cloud, the company is running four of its business apps on the public cloud. It’s also in the process of moving more apps to the public space. “We learnt several lessons from our pilot implementations and that made us prepare better for our upcoming public cloud ventures,” says Rathod. At Essar, a dedicated team has been set up to analyze how, when and what application can move to the public cloud. “This year we’ll be raring for public cloud experiences with a larger magnitude,” he says. There’s no doubt that cloud computing has managed to change its impression on Indian CIOs but business still needs convincing. One way to do that, says Rathod, is to clearly spell out the existing stage of any application that is chosen to be migrated. This means effective design and planning with meticulous checkpoints to tap cost benefits. “I convinced business with a tap-the-quick-gain approach: Tell them that the cloud will achieve ROI in no time. Capex reduction with indicative figures and opex control is what business considers. But we still have a long way to go with respect to data flow,” says Rathod. And as far as security is concerned, Rathod’s advice is to not depend solely on the cloud service provider. “We bank on inhouse security implantations as well,” he says. With Indian enterprises fearlessly willing to adopt the hybrid model to reap better benefits, the cloud is far from narrowing itself down. As enterprises deal with global economic tremors, tight budgets, and a volatile market this year, the cloud will rain business in India. CIO

Shweta Rao is trainee journalist. Send feedback to shweta_rao@idgindia.com

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 60

Vol/7 | ISSUE/03

1/13/2012 5:49:04 PM

EXECUTIVE

Viewpoint

THE GREY MATTER IN THE CLOUD

CUSTOM SOLUTIONS GROUP BMC

An intelligent service governor can make the difference between a clever cloud computing strategy and a lousy one.

SUHAS KELKAR Chief Technology Officer APAC Suhas is responsible for driving innovation and incubation projects globally for BMC Software. In the year 2009, Suhas successfully filed for three separate patents.

The next phase is all about intelligent placement of workloads. The service governor in the product is the brain that can do this.

What groundwork is essential while planning for cloud computing, but often overlooked by companies? When it comes to cloud computing, there is a big difference between the requirements of the early tech-savvy companies that drove cloud adoption and the early or late majority. Most enterprises today are falling into the trap of taking a technology-centric approach to cloud rather than a service- or business-centric view. When cloud computing is adopted in a hurry, controls and processes that have been in place in the traditional setup are overlooked. Users inside an enterprise may bypass policies to procure resources from an external cloud. In such cases, which we have termed ‘Rogue IT’, enterprises desperately want to reclaim control. There is another situation where the asset management and capacity planning of the company’s current resources have not been given sufficient importance, yet the company is attempting to run behind the silver bullet of cloud. It is essential that the company first identifies its existing assets and carries out workload assessment, as well as service assessment before starting the journey to cloud. We call this Cloud Planning and it is an essential aspect of a successful cloud journey. John Atkinson, Manager at Software Consulting at BMC says that cloud computing can be like “ordering a coffee”. Comments.. The analogy draws attention to the fact that you need to distinguish between what is a constant with what varies. For instance, when you log into Amazon, you can request a linux server, with a specific number of cores, a specific amount of memory and so on. We believe that this is a suboptimal model because the permutations and combinations in such a model can be infinite. We have a concept of Service Blueprints that encapsulates the requirements of a particular service and complements it with the other associated options via multiple Deployment Models.

How is the “service governor” changing the way the cloud is used? When you have a cloud-like environment, you have thousands of resources (network, compute, storage) underneath. In order to have an optimal cloud, someone needs to take a decision about where the next workload should be placed, and this is not an easy task. Hence, we believe that the next phase is all about intelligent placement of these workloads. The service governor in our solution is the brain behind this execution. That is what distinguishes us from the others who are focusing only on features such a selfserviced portal, basic provisioning and some level of automation, which, as a business service management (BSM) provider, we already have been doing for many years. What are BMC’s strengths that make it an attractive cloud partner for enterprises? Apart from the differentiators for feature functionalities like service blueprint and service governor, our biggest strength is our laser focus on being the best management software products company. Our solutions also support heterogeneous infrastructures, including multiple hardware platforms, multiple hypervisor platforms and a variety of storage devices. This is not the case with everyone. For example, VMware, a popular virtualization platform, also provides a cloud-like structure, but its value proposition is only valid as long as your entire infrastructure is using VMware. We are the only player that provides a cloud management solution across heterogeneous platforms and still offer a single pane of control. Besides, we are a pure software products company, without a hardware agenda. This Interview is brought to you by IDG Custom Solutions Group in association with

ear

Ahead

Cover Story

Trends 2012

SPECIAL

Advanced Persistent Threat

Taking It

Down

Sameer Ratolikar CISO, Bank of India, says business users should share the onus of guarding

APT has arrived. And in 2012, new technologies like social media, mobile, and the cloud will ensure it’s here to stay. CSOs from some of India’s prestigious organizations share ways to defend your organization from APT infiltrators.

information and that should become a business imperative.

By D ebarat i Roy

Satish Das CSO and VP-ERM, Cognizant Technology Solutions, says CIOs should pay special attention to privileged accounts or profiles because that’s a target for hackers.

Sunil Varkey Head-Information Security, Idea Cellular, says APT hackers exploit the blind trust that people exhibit on social networks.

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 62

Advanced Persistent Threat (APT): A three-letter acronym that security professionals love to hate; that vendors love to spout; and, which has aspects of a shape-shifting beast of myth—no one is certain what shape it might take, or even when an attack might begin.

Yet, this much is certain, the last year saw the defences of major corporations crumble before it—RSA, Citibank, Gmail, Sony—all victims in the APT war. CSO magazine’s Global Information Security Survey 2011 reveals that APTs will drive security spends this year in 64 percent of Indian organizations—a clear indication that the threat is getting bigger. At present, only 35 percent of organizations in India have Vol/7 | ISSUE/03

1/13/2012 5:49:07 PM

“The onus of guarding information should be a business imperative and business users should take responsibility.” Sameer Ratolikar, CISO, Bank of India

a strategy to combat APTs, 85 percent of which rely on traditional intrusion detection or intrusion prevention systems. But these outdated systems aren’t capable of standing up to newage threats from emerging technologies like mobiles, social networks, and strategies like BYOD.

Organized Crime Be warned, you aren’t dealing with everyday thugs that hack for the heck of it. APT hackers are sophisticated and innovative, like Ethan Hunt in the Mission Impossible series. “The entire approach to an attack has moved from infrastructure to intelligence, and that’s what makes the situation scary,” says Sunil Varkey, head-information security at Idea Cellular. The enemy now is a well organized, innovative, and highly skilled group of individuals. It’s not the evil genius behind these advanced attacks, but its relentless nature that makes it a nightmare. “The masters of such attacks now work like an intelligence unit. Their objectives require them to be long-term, operate in stealth mode, and constantly change tactics,” says Satish Das, CSO and VP-ERM, Cognizant Technology Solutions. And that makes APT’s modus operandi unpredictable and hard to detect. Experts are beginning to see some patterns in APT attacks. One telltale sign is a 1-2-3 approach. For example, hackers first broke into RSA, stole security token of Lockheed Martin and then breached that company. Though APT is like a knife constantly hanging over their heads, security, admits Sameer Ratolikar, CISO, Bank of India, is still an afterthought in most organizations. “Over the years, as new applications and systems were built, the primary concerns have always been performance and downtime—not security,” he says. But with social networks gaining official entry into enterprises, security can no longer be on the back burner. Because APTs piggyback on social media’s reach. Varkey dubs it the ‘trust exploit’ phenomenon. “Earlier hackers had to do vulnerability scanning on a particular server to figure out the weakest link. Now all they need to do is exploit the blind trust we exhibit on social networks.”

Defense Mechanism

coverstory_tech_trends_2012.indd 63

64% Of Indian

New, Improved, and Dangerous It’s like playing a video game with multiple levels: Every level you advance, you are forced to tackle a new, more powerful, more dangerous enemy. “There are almost no reference points for defending attacks on clouds and mobiles. It is easy for attackers to escalate to any level as they can use proxy to cover their identities,” says Das.

organizations say that APTs will drive security spends this year.

Like an eye-for-an-eye, Varkey believes that the only way to combat APT’s 1-2-3 attack approach is a 1-2-3 security strategy: 1 for people, 2 for processes and 3 for technology. “A behavior-based detection model is useless in a social engineering scenario as attackers have the Vol/7 | ISSUE/03

ability to copy a regular user’s behavior,” he says. Varkey emphasizes on a risk assessment methodology based on a repository built on past experiences. “I also keep a check on my reverse traffic—if I know that I don’t have business in a suspected geographical territory, I would be wary of any traffic which is directed from or toward that place.” Das suggests that organizations should polish their monitoring techniques to protect mail servers. This might sound like a negligible component, but this is where it all begins—from spear phishing to malicious links. Also, Das says, privileged accounts or profiles (such as that of your CXOs or system admins) need special attention as they are hot targets. Having admin rights opens up a window of possibilities for attackers. But there’s only so much you can do. “The most important thing is to come to terms with the fact that you can’t keep out every single attack. The bad guys have gotten too fast for you to keep up with them,” says Bill Brenner, managing editor, CSO magazine (CIO’s sister publication). The key, therefore, is to determine where the acceptable risks are and plan accordingly. “Gunning after everything leads nowhere. As the attacks are getting more targeted so should the approach,” says Varkey. But no strategy is fool-proof without the people factor. Of the three components of the 1-2-3 strategy, educating employees is the hardest. “The onus of guarding information should be a business imperative and the business users should take responsibility. Get the management to drive the change,” says Ratolikar.

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 5:49:13 PM

It’s the classic catch 22 situation: On the one hand you can’t say no to emerging technologies like social media and the cloud that provide a competitive edge, and on the other, you can’t leave a new door open for infiltrators. Nor can you deny access to your dealers or business partners as that will adversely affect business. How then should CIOs guard their organizations? Varkey says continuous monitoring and a DR plan are the only precautions one can take at this moment when it comes to social media and the cloud. Ratolikar believes that CIOs have—more or less—figured out how to 60

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 64

handle mobility and BYOD. Solutions like access management, DLP, data classification and digital rights management have proved to be effective. However, CIOs still need to devise new methods to fight threats from emerging technologies. “When it comes to security, there can never be a day when I can say ‘I am done’. Somehow it reminds me of watching Tom and Jerry,” says Varkey. CIO

Photo by Fot 0corp

“When it comes to security, there can never be a day when I can say ‘I am done’. Somehow it reminds me of Tom and Jerry,” says Sunil Varkey, Head-Information Security, Idea Cellular.

Debarati Roy is correspondent. Send feedback to debarati_roy@idgindia.com

Vol/7 | ISSUE/03

1/13/2012 5:49:22 PM

ear

Cover Story

Ahead

Trends 2012

SPECIAL

Enhancing User Experience

What They

Want

This year, end-users are going to want more from you—speedier service, smarter apps, more intuitive interfaces, and increased control. Basant Kumar Chatur vedi Controller-ICT, Perfetti Van

By Varsha C hidam baram

Melle, has instituted a formal process of collecting user feedback.

Sharat Airani Chief-IT (Systems & Security), Forbes Marshall Group of Companies, ensured users didn’t feel a loss of control when he introduced VDI.

Vinod Sivarama Krishnan CIO-Global, Jubilant Life Sciences, found that involving users in interface design elicits maximum co-operation and excitement.

Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 65

The flux in the economy, coupled with the

consumerization of IT is transforming the pace and style of work. In reaction to economic uncertainty, managements are pushing for a quantum increase in business agility, and IT has typically responded with an increasing number of project rollouts—projects characterized by short deadlines, low investment and short ROI windows. At the same time, users are demanding the same level of user-friendliness they get with applications outside the enterprise.

When these two trends cross paths you get trouble. With less time to get projects right, CIOs must ensure that IT projects are instant hits—or face user ire. This is putting pressure on CIOs. According to CIO research, 60 percent of Indian CIOs say user resistance to new technology is one of the three big challenges they see in 2012. REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 5:49:26 PM

ear

Ahead

Cover Story

Trends 2012

SPECIAL

At the same time, the increased availability of broadband and smarter devices is leading end-users to expect—nay, to demand—that enterprises offer them the same level of IT service they get outside the office. “If you look at the Android platform, it is a user-driven customization of how desktop looks and feels. This has led to a positive pressure on enterprise applications; users feel they should be as easy to use, and if not, they should at least have a say in it,” says Vinod Sivarama Krishnan, CIO-Global at Jubilant Life Sciences. Until now, users had little or no say in the look or feel of the applications that they worked with. That’s going to change, especially with the average age of users across organizations falling rapidly.

Making Change Accenture’s Technology Vision report for 2011 suggests that more consumers will expect natural interfaces that require little learning, and have few or no barriers to use. At Jubilant Life Sciences, Krishnan says this trend has already started. Jubilant Life Sciences has a disparate intranet application stack for approvals ranging from travel requests to purchase orders. “Users came to us saying they’d like to see all approval requests on one screen and have the ability to select all of them or tick off select requests, radio button style,” says Krishnan. The timing of the request is significant given that Jubilant Life Sciences staffers have been using

Photo by Srivatsa Sh an dilya

“In our effort to get users more involved in an application, we found that the UI is the easiest step to build engagement,” says Vinod Sivarama Krishnan, CIO-Global, Jubilant Life Sciences.

coverstory_tech_trends_2012.indd 66

1/13/2012 5:49:38 PM

disparate systems for over 10 years, says Krishnan. “We should’ve seen this coming.” At Perfetti Van Melle, controller-ICT, Basant Kumar Chaturvedi, has instituted a formal process of collecting user feedback. “Users can choose whether they want radio buttons, or drop down menus, or tabular formats, among others,” he says. Such feedback is useful in applications that require a high degree of data input, he says. That information came handy when Chaturvedi wanted to tweak the candy-manufacturer’s dealer management system, which required many fields to be filled. Based on user feedback, Chaturvedi fine-tuned the system to a single file format, markedly reducing the time spent by users accessing the application.

It’s Not that Hard Enhancing user experience becomes more critical when you are running a VDI set-up—exactly what Sharat Airani, chief-IT (Systems & Security) at Forbes Marshall Group of Companies has done. “The biggest fear users have is the loss of ownership,” says Airani. With virtual desktops, users no longer have any personal space, for family

60% Of Indian

pictures and the like. So Airani carved out space on the company’s central servers and dedicated it to employees. “Each user has two logins. With a professional login, they aren’t allowed any personalization. But for everything else they can use the separate login,” says Airani. It’s really a small step and not a technological challenge, but it can go a long way in fostering a healthier employee-IT relationship. It also helps build a culture that encourages user participation and trust. Accenture’s report recommends that companies start planning for superior user experiences that help to boost customer satisfaction— experiences that don’t cost much to create, that are very engaging, and that are entirely natural, requiring little or no learning. That’s not very hard to do, says Krishnan. “In our effort to get users more involved in an application, we found that the UI (user interface) is the easiest step to build engagement,” he says. During mock-ups, Krishnan has found that involving users in interface design elicits maximum co-operation, excitement, and empathy with the development team. “In terms of technology, this is significantly a minor challenge and easy to do,” he says. If you’re worried that there will be too many variants, don’t be. “As people customize there comes a point when it all converges into a system that is most functional. Within six months everyone’s pages tend to look the same,” says Krishnan.

CIOs say user resistance to new technology is one of the three big challenges they see in 2012.

Function Over Form

“Users can choose radio buttons, drop down menus, or tabular formats.” —Basant Kumar Chaturvedi, Controller-ICT, Perfetti Van Melle Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 67

But CIOs shouldn’t get carried away and let users run amok with customizations. CIOs need to keep in mind that focusing on user experience takes time and effort and its returns are hard to pin down in rupee terms. “If I had an application that everybody in the organization touched I would be careful of how much customization I offered. I think I would have three layouts rather than giving users whatever they wanted,” says Krishnan. Airani agrees. “User profiles should be created on the basis of their function. You cannot give everyone the same level of flexibility. This approach works best in areas that need significant people involvement and for key users who need that extra flexibility.” As more Indian CIOs try to meet the twin imperatives of this year—more agility and increased IT consumerization—it would do them well to take a tip out of Krishnan’s playbook. “You don’t want to be telling people what to do. Let them make the journey on their own.” CIO

Varsha Chidambaram is senior correspondent. Send feedback on this feature to varsha_ chidambaram@idgindia.com

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 5:49:42 PM

ear

Ahead

Cover Story

Trends 2012

SPECIAL

Big Data and Analytics

Big and

Bold Big data is the newest star in the technology firmament. Here’s how you can tame the big data beast and tap its potential. By Sneha J ha

Big data and analytics is steadily supplanting cloud Alpna Doshi CIO, Reliance Group & CEO Reliance Tech Services, says big data solutions will be essential given the rate at which data is growing.

Dr. Jai Menon group director, innovation & IT, Bharti Enterprises, believes that in 2012, CIOs will try to devise new ways to wield big data.

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 68

computing as the next big wave to sweep across enterprise IT. Ovum research attests that big data and analytics will be one of the most significant drivers of technological change in 2012. In a November 2011 report, Big Data Interest Bubbling Under the Surface, Ovum revealed that 44 percent of organizations they polled will budget for big data projects in the next two to five years. One-third said they would do so in 2012. And according to the State of the CIO Survey 2011, 19 percent of Indian CIOs feel that big data is going to be a buzzword in 2012. “Data is exploding. Most enterprises we spoke to predicted that in 2012 alone the amount of data in their warehouses will grow by at least 10 to 20 percent,” said Tony Baer, author of the report. As CIOs scramble to manage the torrent of data zipping Vol/7 | ISSUE/03

1/13/2012 5:49:48 PM

20% The amount

around the enterprise, they are beginning to take a serious look at the big data conundrum—and for a growing number of CIOs big data and analytics is the way forward.

Big Data, Big Power Like most next-big-things, big data and analytics has its cheerleaders. Dr. Jai Menon, group director, innovation & IT, Bharti Enterprises, is one of them. He believes that in 2012, CIOs will try to devise new ways to wield big data. So far, he says, the IT community has been in data gathering mode but now it will figure out how to use that treasure trove on a real-time basis. 2012 will see the first steps in this direction.

“Early adoption of this solution paves way for faster rollout of many customer-facing services.” — Alpna Doshi, CIO, Reliance Group and CEO Reliance Tech Services Vol/7 | ISSUE/03

coverstory_tech_trends_2012.indd 69

which Gartner estimates businesses using big data analytics will outperform their peers financially by 2015.

Menon explains the concept of big data and analytics using a Venn diagram with three intersecting circles. The first circle, he says, comprises all the enterprise data, including e-mail and feeds, internal social networking, etcetera. The second circle has to do with the voice of the customer, including data that deals with customers of a particular business. And the third circle is partner ecosystem data. Although these three circles are distinct, they do intersect and different tools and techniques will have to be applied to each. “The two trends in big data and analytics are real time and unstructured. In 2012, a third trend will emerge: Segmentation of the big data problem. Enterprises will be able to clearly segment what questions they’re seeking answers for in each of these three circles. And that is what I would encourage the CIO community to start thinking about. This trend is most critical because then you will start thinking about the questions you want big data to answer and then go about discovering those insights,” he says. In 2012, Menon is looking forward to more real-time analytics. “Analytics technologies are maturing rapidly and we will see streaming analytics come in. I see the Indian communication sector shifting from what was earlier known as data warehouse, then BI, and now towards streaming analytics so that we can get real-time analytics,” he says. Menon isn’t the only one getting started on big data and analytics. Industries, especially those with large amounts of data like media houses and pharmaceuticals or those with large customer bases like telecom and BFSI, are more likely to avail of the big data analytics. CIOs in these sectors say that they are going to need to think outside the box if they want to keep up with the challenges of dealing with the data their enterprises produce. Reliance Communication is a case in point. “Our data is growing enormously due to subscriber growth and the consumption of our services. We are applying innovative methods and process changes to manage and capitalize on resulting data. This data has shown a growth of 25 percent,” says Alpna Doshi, CIO, Reliance Group and CEO Reliance Tech Services. Reliance Communication uses a data management system, which is designed to monitor and handle large data growth. Its data is segregated under three buckets: Customer centric (data required for customer services), business data (data required for analytics, trend analysis and business forecasts), and legal data. These early adoptors will give their enterprises a big boost. Gartner estimates that by 2015, businesses using big data analytics REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 5:49:54 PM

“The success of big data lies in using it in bite sizes and evolving from there,” says Dr. Jai Menon, Group Director, Innovation & IT, Bharti Enterprises.

will outperform their peers financially by 20 percent. “Early adoption of this solution paves way for faster rollout of many customer-facing services,” says Doshi.

Big Data, Baby Steps For enterprises that want to get started early on the big data and analytics road, Menon suggests a slow but outcomebased approach, one that searches for answers to very specific 66

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

coverstory_tech_trends_2012.indd 70

questions—and not boil the ocean. “Look at it one drop at a time and slowly build it up rather than having a comprehensive all-ornothing solution. The success of big data lies in using it in bite sizes and evolving from there,” says Menon. Menon also suggests a three-step process. The first step, he says, is to educate the business about the big data challenge and its opportunities. The second is getting your feet wet. Pick one business problem that you’d like to solve, he says, and run a proof of concept. It’s important, during this stage, he says, to collaborate with one of these functions: Marketing, customer service or finance. Step three is then building a roadmap. When you build a roadmap, he says, you must always have specific trigger points so that you know when to stop—or not to. He advises CIOs not to bunch these trigger points too close; they should be at least six months. Menon’s deliberate approach is going to help with a problem that big data experts predict CIOs will confront: Business apathy. Another way around this challenge is CIOs to walk hand in hand with their businesses. “CIOs need to partner with marketing, customer service, and finance to infuse analytical talent in these departments and build a tight bridge with the business. CIOs will have to take a highly collaborative and partnership-oriented approach for value creation. Understanding big data in business language is the only way to unleash its power,” says Menon. CIO Sneha Jha is senior correspondent. Send feedback on this feature to sneha_jha@ idgindia.com

Vol/7 | ISSUE/03

1/13/2012 5:50:00 PM

An IDG Custom SOLUTIONS initiative IN ASSOCIATION WITH

Transforming Business Through Judicious Application of IT

PLUS Aarogyasri is a unique community health insurance scheme formulated by the Andhra Pradesh Government, under the Aarogyasri Health Care Trust, to bring quality medical care within the reach of the poor in the state. The Trust realized that the success of this scheme depended upon a web-based solution that would utilize IT to provide visibility, robustness, speed and transparency in operations.

INTERVIEW Girish Rao, Head - IT, Marico, believes job rotation helps provide for workersâ&#x20AC;&#x2122; overall development and boosts company loyalty.

TRANSFORMERS CASE STUDY

Ensuring Accessible Healthcare Aarogyasri is a unique community health insurance scheme formulated by the Andhra Pradesh Government, under the Aarogyasri Health Care Trust, to bring quality medical care within the reach of the poor in the state. The Trust realized that the

success of this scheme depended upon a webbased solution that would utilize IT to provide visibility, robustness, speed and transparency in operations.

Company Aarogyasri Healthcare Trust, Government of Andhra Pradesh Industry Government Offering Social Development Solutions

Custom Solutions Group TATA CONSULTANCY SERVICES

ollaboration between the private sector and the government in the delivery of health services is a recent phenomenon in Andhra Pradesh. One such initiative is the Aarogyasri Community Health Insurance Scheme, a state-funded health insurance scheme run by the Aarogyasri Health Care Trust, which provides financial protection to BPL (Below Poverty Line) families for the treatment of serious ailments requiring hospitalization and surgery. The scheme was introduced after a pilot study period and then was slowly implemented in a phased manner, with additional regions of the state covered in each phase. The state government finances 100% of the premiums for state residents who fall below the poverty level. Catastrophic (inpatient) care is provided primarily by private providers (the network does include some public facilities, but the majority of the network providers remain private facilities), and administrative services are provided jointly by a private insurer along with the Aarogyasri Trust. Aarogyasri beneficiaries have access to facilities they would not otherwise be able to access due to financial barriers. For example, Apollo Hospitals is one of the leading high-end hospital chains in India. The Apollo Hospital in Hyderabad is a member of the Aarogyasri network and provides care to hundreds of Aarogyasri members each month. So, even though network eligibility requirements are somewhat stringent, the benefits of being a network provider are many. Quick payment timelines, additional patient volumes and thus revenues alone are an attractive enough proposition for both public and private hospitals to improve their operating procedures and align with the eligibility requirements for Aarogyasri. According to N Srikanth, IAS, CEO, Aarogyasri Healthcare Trust, “There is a need to provide quality healthcare services for all. The government of Andhra Pradesh has launched Rajiv Aarogyasri scheme with the objective of providing quality tertiary healthcare services to the poor. In fact, Rajiv Aarogyasri scheme has generated a sense of security among them.”

The IT platform of Aarogyasri is a live example of how technology can be leveraged to offer efficient and prompt health care service.” Mr. N Srikanth, IAS CEO, Aarogyasri Health care Trust

to all the stakeholders – in the form of timely information on health camps, case registrations, pre-authorization requests, expenses, fund allocations and re-allocations among others. Availability of critical operational information such as occupancy records, clinical notes, surgery details for each case, claims, expenses, fund allocation, re-allocation and business-critical information including repeat cases, yearly insurance reports, disorder/ailment reports and claim reports were some of the requirements. In addition, other important information on bed capacity, in-patient/ out-patient records, surgery discharge reports, pre-authorization reports as well as information to monitor patient records, surgery discharge reports, and other weekly reports was required for the successful implementation of the scheme. The Trust embarked upon the scheme with a small IT vendor providing an IT solution. However, the vendor was not able to deliver up to their expectations. M o re ove r , t he sc he me was catching on rapidly throughout the state and the Trust realized that it would have to scale up quickly with an IT solution to deal with the escalating number of transactions. In addition, the growing popularity of the scheme put pressure on the Government to roll it out across all the districts.

85%

Business Situation The Trust recognized that the key to making the scheme a success was to make realtime information available

of below-thepoverty line households in the state are covered under the scheme

TRANSFORMERS CASE STUDY

The Aarogyasri Trust realized that it required a partner who could provide an end-to-end solution including hosting, development, deployment and maintenance. TCS, with its excellent track record, vast technical expertise and proven ability to scale up rapidly, was chosen to partner the Aarogyasri Trust for this prestigious engagement.

The Aarogyasri Scheme has been a great success in the districts where it has been introduced, and has provided the client with the following benefits:

TCS Solution

Quick and accurate decision-making due to availability of real-time information

TCS developed the ICT website - http://www. aarogyasri.org, the primary channel through which the Aarogyasri Scheme was utilized by the target groups. This website portal, the core of the scheme, was a workflow-oriented integrated system which addressed all the needs of the target groups. Each phase of a patient’s journey through the system, from in/out patient registration, surgery updates, discharge updates to claim settlements among others, was routed through the ICT. According to Babu Ahmed, IAS, Former CEO, Aarogyasri Healthcare Trust, “Aarogyasri revolutionizes public health through conviction and innovative ICT application. The ICT solution developed for this unique scheme has absorbed all the complexities of the scheme and made it user-friendly, thus helping implement the scheme in efficient manner involving various end users and stake holders. “ Seeking care does not require any kind of expenditure from the patient’s side. On the backend, the provider must submit a pre-authorization to the insurance company or to Aarogyasri Healthcare Trust. The insurance company/Trust appoints medical officers who work on pre-authorizations. After pre-authorization and treatment, the

After using ICT to power the AP Rural Employment Guarantee Scheme, the solution for Aarogyasri is the next instance of leveraging the power of ICT on a massive scale for the benefit of the common man.” Late Y.S. Rajasekhara Reddy, Former Chief Minister of AP

Flagging of irregularities to the appropriate authorities at the correct time, leading to fewer opportunities for fraud Transformation of the project into a flagship brand for the AP government due to the implementation of critical business applications and solutions Tracking of worker productivity and performance Efficient accounting due to online reconciliation systems Low-cost solution due to the employment of open source technologies e-Office solution for complete office automation system

insurance company or Trust (depending on which procedure the beneficiary was enrolled in) will settle claims from hospitals within seven days of receipt of claim, discharge summary, and a satisfaction letter from the patient. Some of the important modules of the solution include registering the patient for the scheme, providing preauthorization for the surgery and treatment requests placed by the network hospitals, processing all the claims submitted by the hospitals and dealing with electronic payments to hospitals. Apart from these functions, TCS also worked with Aarogyasri to provide back-end support which included setting up a call center to attend calls from the beneficiaries and resolve their queries. The call center also serves as a telemedicine system over a toll free number across Andhra Pradesh. A grievance addressal mechanism ensured that all issues raised were monitored and successfully addressed. The module also ensured automatic hospital empanelment into the Aarogyasri Scheme. On the accounts front, the module could deal with all internal payments and receipts processed, as well as the online reconciliations.

Custom Solutions Group TATA CONSULTANCY SERVICES

It also automatically generates income tax-related forms to the service partners. “It is not an exaggeration to say that if IT stops, the entire Aarogyasri programme will stop. The programme depends on IT every second,” says J. Satyanarayana, IAS, then Principal Secretary - Health, Medical & Family Welfare Government of AP. “In fact, our former Chief Minister, Sri Y.S. Rajasekhara Reddy, used to say that we should use IT to improve every aspect of the common man’s life,” he adds. The site was designed to provide real time information about the number of medical camps, people screened, cases registered, in/out patients, pre-authorizations, surgeries/therapies and insurance amount claimed thereof. The TCS team utilized its proprietary DigiGov framework and made necessary customizations. The team also drew upon the expertise of the Performance Excellence Group (PEG) and the Consulting Group to provide the client with Business Data Analysis Software. The cost-effective solution was built on open source technologies such as Java, Redhat and Tomcat. Rising to the challenge in a record time of thirty days, TCS was, thus, able to provide a cost effective and end-to-end solution that utilized technology. TCS continues to be a part of the joint ICT team and is thus able to constantly improve and upgrade the solution to the continuous satisfaction of all the stakeholders.

Internal Monitoring and Evaluation Monitoring and collecting information on Aarogyasri operations is the responsibility of the insurer and the Aarogyasri Trust. The insurers are mandated to coordinate and ensure proper implementation of the scheme to the satisfaction of the Trust. The insurer must review progress with the Trust on a daily basis and is responsible for implementing suggestions of the Trust for effectively running the scheme. The most important aspect for monitoring the services provided is the technology platform. All hospitals are required to share patient history and detailed information about symptoms and test results for each patient. The dedicated Aarogyasri project office of the insurance company is required to be established at a location that is convenient for the facilitation of co-ordination between the Trust and the insurer’s administrative offices. The Aarogyasri project office must report to the CEO of the Trust on a daily basis. A dedicated MIS department within the project office is responsible for working with network hospitals and Aarogya

Mithras to collect and report data on a real-time basis. This department also has a sub-unit with operators who collect hourly information from the Aarogya Mithras, regional co-ordinators, and district co-ordinators, among others. The insurer’s IT department is also responsible for ensuring that the Aarogyasri website is updated and functional. The website contains all documents relevant to e-pre-authorization, claim settlement, and reimbursement. Through the website, realtime follow-up is maintained between providers, the insurer, and the Trust. The website captures all data collected by the system on a 24-hour basis.

Benefits The Aarogyasri Scheme has been a great success in all the districts where it has been introduced and has enabled quick and accurate decision-making due to availability of real-time information. It has also been able to flag irregularities to the appropriate authorities at the correct time, leading to fewer opportunities for fraud. Other benefits include tracking employee productivity and performance, efficient and accurate accounting due to online reconciliation systems and enabling e-Office solution that provides a complete office automation system. The solution employed open source technologies to keep costs low and it has now become a flagship brand for the AP government due to the implementation of critical business applications and solutions. The scheme has been instrumental in conducting around thirteen lakh surgeries/ therapies. Over fifty lakh people have been screened across thirty thousand health camps and more than Rs. 3600 crore have been claimed since April 2007. The average premium per family is around Rs. 300 per year to cover up to 2 lakh towards the surgeries/ therapies. Around 330 network hospitals are part of the empanelment. “IT platform of Aarogyasri is a live example of how technology can be leveraged to offer efficient and prompt health care service,” says Srikanth. There have been several attempts to introduce similar schemes in other states, but Andhra Pradesh has been one of the only states to successfully roll out the scheme. This was primarily possible due to the intelligent use of technology. According to Late Y.S. Rajasekhara Reddy, Former Chief Minister of Andhra Pradesh, “After using ICT to power the AP Rural Employment Guarantee Scheme, the solution for Aarogyasri is the next instance of leveraging the power of ICT on a massive scale for the benefit of the common man.”

TRANSFORMERS INTERVIEW

ROTATE TO

RETAIN Talented staff can be the pillars of an IT department’s success story. Girish Rao, Head - IT, Marico believes job rotation helps both: it provides for workers’ overall development and boosts company loyalty.

Girish Rao,

Head - IT, Marico

Custom Solutions Group TATA CONSULTANCY SERVICES

There is tough competition among players in the consumer products industry. How can IT contribute in the strategic plans of Marico to help it outdo its competition? A key aspect to devising a good strategy is to read the customer’s mind. As we do not directly interact with our end consumers, it becomes all the more important that we get a feel of what is happening at the retail store. IT has played its part here by helping design a distributor automation software called MIDAS, an offline system which is integrated with MiNET, a online system developed inhouse connecting all stakeholders. Decision makers in the supply chain make their demand forecasts by studying the data analysis from MIDAS. We then work backwards and plan so as to keep our inventory to a minimum. At the same time, a better insight into the current processes helps the sourcing department buy the best of raw materials for the least prices. How was you experiment with virtualization? What prompted it? A little before our hardware refresh cycle, we had found out that most of our servers were five years old and maintaining them was proving to be an expensive proposition. We decided to replace and consolidate them using virtualization. Virtualization helped reduce the number of physical servers from 30 to three and the number of racks from five to two, while downtime was slashed from six hours to 15 minutes. There was also a significant achievement in power saving to the tune of around 70 percent. What is your strategy to scale IT infrastructure with growth? I am a strong proponent of maintaining a regular upgrade cycle of a duration of around three to four years. This ensures that we are abreast of the latest in technology. New technology often brings in more flexibility and power and a technology upgrade helps employees exploit the latest features. However, before we sign a deal, we ensure that the vendor is an established player in the space and that there has a clear road map for that product. This has been a long-standing norm with us. What is the most significant challenge in curbing attrition in recent years? Have you been successful? Retaining talent is very important to us. As a member in the IT department moves up the ladder, he acquires business knowledge that helps him contribute to the organization in a more significant manner. We take a number of steps, such as job rotation

and allowing staff to switch roles from business departments to IT, and vice versa, to help staff remain engaged in their jobs. For instance, I would like to typically shift an infrastructure team member to applications development and the other way around during some phase in their career. At the same time, we scout for fresh talent to help build the talent pipeline. We have had good success with retaining IT staff that have been with us for a considerable number of years. At that level, the worker’s project management skills weigh in as heavily as his or her core knowledge of IT and we ensure that there is enough opportunity for learning. At the entry level, we have had limited success in retaining talent as we compete with the IT industry. Why did you decide to go for a media management portal? We spend around Rs 160 crore, including media (Rs 92 crore) and non-media (Rs 68 crore), on advertising. Managing this huge volumes of transactions between the company’s media management team and media agencies was an important agenda item for us. The system lacked transparency and visibility because of which analyzing the ASP (advertising and sales promotion) spend was not straightforward. A B2B media management portal could act as the middle-man between Marico’s media management team and media agencies. In order to ensure smooth data transfer between the systems and on-line controls like budget checks and data validations, integration with the existing ERP was a must. Unless both the teams used the portal adequately, the required information would not be present in it. The project went live in June 2008. Before we had the portal, processing media bills took about 15 days, but with the system it took less than five days. The new system reduced the chances of duplication during bill processing. Earlier, the final closure of the estimates of media vendors was carried out via phone — a process that used to take a week. Now it takes about two-three days.

Transformers is brought to you by IDG Custom Solutions Group in association with

Reengineering processes for Carnival Cruise Lines to increase guest satisfaction.

That’s certainty

Carnival Cruise Lines (CCL) is the world’s largest cruise line offering vacations to over 3 million guests from 22 ports to destinations across the Caribbean, Hawaii, North & South America and Europe. CCL’s existing system allowed guests to purchase shore excursions only after boarding the ship. This led to long queues, supply and demand challenges and overall guest dissatisfaction with the purchasing experience during peak purchasing times. To simplify this process, CCL had to provide guests with the ability to book shore excursions at their convenience, well in advance of their vacation. As one of the world’s fastest growing technology and business solutions providers, Tata Consultancy Services (TCS) enhanced the existing system to provide a web-based system that allowed guests to easily shop and book shore excursions any time prior to their vacation. Ensuring better management of demand and enriched purchase experience. Resulting in improved customer satisfaction. And of course, enabling CCL to experience certainty. To learn how your business can experience certainty, visit www.tcs.com

ear

Ahead SPECIAL

The

Year

Ahead Survey Survey Methodology

What's Inside How High do you expect your salaries to go? The Biggest technology buzzwords this year. Your Expectations around staff pay and IT budgets. A Snapshot of what this year will bring in terms of workload and challenges.

51%

75%

53%

14%

The Year Ahead Survey 2012 was administered online over three weeks in September and October, 2011. Three hundred IT leaders participated. Thirty-five percent of respondents were from organizations with annual revenues under 1,000 crore; 42 percent from enterprises between Rs 1,000 crore and Rs 10,000 crore, and 19 percent from organizations over Rs 10,000 crore. All responses were gathered using a secure server with all individual data kept confidential. The degree of error is +/- 4.6 percent at a 90 percent confidence level.

Yes

37% 36%

1/13/2012 4:50:33 PM

Your Monies Despite looming economic uncertainties, CIOs remain positive that the flow of money will not halt. These findings mirror the findings of other global surveys, which show that IT spending isn’t stopping, it’s slowing

Expected Salary Increase

Expected Staff Pay

CIO Insight: 92% of CIOs expect their salaries to increase. CIOs considered competitive differentiators expect the biggest jump (15.4%). Those considered cost centers expect the least increase (14.1%).

CIO Insight: CIOs in companies between Rs 500-1,999 crore expect the highest increse in staff pay (13.2%), those in companies under Rs 500 crore expect the least (10.9%).

By Industry

By Industry 15.3%

Manufacturing

IT/ITES

11.1%

Services

11.6%

BFSI

12.6%

Manufacturing

13.1%

Services

11%

IT/ITES

11%

BFSI

9.9%

By Company Size 14.5%

10,000 crore and above

14.3%

2,000-9,999 crore

15%

500-1,999 crore

13.9%

Under 500 crore

By Company Size

IT Budgets Increase

11.4%

10,000 crore and above

CIO Insight: IT budgets do not vary much across industries. Manufacturing expects the highest increase (10.9%) and BFSI and IT/ITES the lowest (10%). But they do vary depending on company size.

11.7%

2,000-9,999 crore

13.2%

500-1,999 crore Under 500 crore

10.9%

IT Budget Expectations by Company Size 10,000 crore and above

10.1%

2,000-9,999 crore

12%

500-1,999 crore

9.4%

Under 500 crore

9.9%

51%

Of Indian CIOs expect to see more growth in their opex budgets; 49% in their capex budgets. 76

J A N U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

year_ahead_survey2012.indd 58

CIOs considered trusted partners expect the highest increase in their I.T. budgets (11.2%)— not

competitive differentiators.

Vol/7 | ISSUE/03

1/13/2012 4:50:33 PM

ear

Ahead SPECIAL

Your IT Environment Next Year The CIO optimism continues as they look forward to larger teams and implementing new-age technologies like social media and the cloud.

Tech Buzzwords in 2012 CIO Insight: Mobile BI is the most popular tech buzzword in 2012 among CIOs who say their industries will grow. BYOD and private cloud by those who say theirâ&#x20AC;&#x2122;s will slow down.

IT Provided By Outsourcers and the Cloud Compared to last year, more CIOs are outsourcing more.

51%

Tablets

17%

26%

49%

Private cloud

43%

Bring your own device

54%

53%

40%

Social analytics

2012

2011

59%

Mobile BI

19%

28%

Location-aware applications 28% Big Data

19%

Top 8 Tech Investment Areas

Less than 10%

50% and above

Between 10-50%

Donâ&#x20AC;&#x2122;t know

Weird: CIOs in companies between

CIO Insight: Only CIOs considered competitive differentiators say that hybrid clouds top on their tech agenda in the next 12 months. The rest plan to do reporting or analytics.

Rs 500-1,999 crore expect the

IT Spend for the Next Six Months

expect the highest increase in staff compensation.

Social media technologies

Content/document management

Mobile/wireless

Reporting (using BI tools)

Cloud computing (hybrid)

Analytics (not reporting)

Cloud computing (public)

Video conferencing/telepresence

IT Spend for the Next 12 Months 1.

Analytics (not reporting)

Cloud computing (private)

Business process management

Cloud computing (hybrid)

Reporting (using BI tools)

Collaboration tools

Mobile/wireless

Big data

Vol/7 | ISSUE/03

year_ahead_survey2012.indd 59

highest attrition but also

In 2012, Your Headcount Will.. CIO Insight: Companies between 2,000-9,999 crore expect the most increase in staff. Companies between 500-1,999 crore expect the most decrease in staff.

52% 40%

Increase

Stay the same

Decrease REAL CIO WORLD | J anuary 1 5 , 2 0 1 2

1/13/2012 4:50:34 PM

Your Plans for the Year Ahead For the most part Indian CIOs remain positive of their company’s forward momentum.

Top 3 Big Challenges in 2012

In 2012, Your Industry Will…

CIO Insight: Governance, risk & compliance is the greatest challenge CIOs expect—immaterial of industry or company size.

CIO Insight: The most number of CIOs who expect their industries to grow in 2012 are in IT/ITES; those who expect a slow down are mainly in BFSI.

53%

Governance risk & compliance

37%

Slow down

Supporting business expansion

36% 7%

Stay the same

Delayed decisions from business

88%

Increase

Top 3 Leadership Competencies in 2012

Will Workloads Increase in 2012?

CIO Insight: Change leadership is the most important leadership competency for 2012 only for CIOs in companies above Rs 10,000 and those in IT/ITES.

11%

Can’t say

62%

Long-term strategic thinking and planning

14% No

75%

Collaboration & influence

Yes

The Industry-wise View

Top 5 Ways CIOs Will Solidify IT-Business Relationship Meeting more frequently with influential stakeholders

52%

Initiating new products and services for competitive advantage 51% Developing a cross-functional focus among IT managers 49%

Creating a portfolio approach to IT

47%

Change leadership

44%

Training IT staff to partner better with business

49%

BFSI

Initiating new products and services for competitive advantage

IT/ITES

Meeting more frequently with influential stakeholders

Manufacturing

Developing a cross-functional focus among IT managers

Services

Initiating new products and services for competitive advantage

42%

2012 Agenda No matter how you slice the data (by company size or by industry),what CIOs want to accomplish in 2012 and what they want to spend the most time doing don't seem to be aligned.

What IT Wants to Accomplish in 2012 Improve the quality of products and/or processes Drive agility Enable regulatory compliance Drive new market offerings or business practices 78

J A N U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

year_ahead_survey2012.indd 60

What IT Will Spend Time On in 2012 IT/ITES

Design/optimize business processes

Manufacturing

Interact with your company’s CXOs and business execs

BFSI

Interact with your company’s CXOs and business execs

Services

Strategic business planning Vol/7 | ISSUE/03

1/13/2012 4:50:34 PM

CUSTOM SOLUTIONS GROUP SAS

EXECUTIVE VIEWPOINT THE ERA OF BIG DATA ANALYTICS

HAS JUST BEGUN

Most companies today have plenty of data. Creating intelligence and gleaning real insight from this data is what continues to elude organizations. Sudipta K Sen CEO and MD, SAS Institute (India)

Analyzing big data will become a key basis for competition. How is SAS helping businesses take advantage of big data? Today, data deluge is such that it is impossible for human beings to spot patterns from the data which exists in their organization. Hence , it is imperative for organizations to invest in analytics infrastructure to make meaningful decisions. Using advanced analytics, businesses can study big data to understand the current state of the business and track stillevolving aspects such as customer behavior. Big Data Analytics is where advanced analytics techniques operate on big data sets. Big data analytics is really about two things – big data and analytics – plus how the two have teamed up to create one of the most profound trends in business intelligence (BI) today. SAS is designed with big data in mind, which is critical given the ever-increasing tidal wave of data – both structured and unstructured, from financial reports and factory sensors to call centre notes and customer product reviews on social media. Big Data Analytics is also fueling the need of high performance analytics and In memory analytics. SAS has strong offerings and is uniquely positioned to help organizations apply big data analytics by solving their biggest analytical challenges – the kind that can transform their business. Big data has the potential to help the public sector in India. Are they aware of the benefits, and, if so, what steps have they taken? Big Data Analytics can and will increasingly play a very critical role in the public sector. Govern-

ments and the public sector, if considered as one big organization, have citizens as their customers. It means we are talking about the biggest data repository here. Having that data qualified, in the right shape and in the right place will enable analytics to be done the right way on this data universe. We are seeing increased traction with various public sector undertakings and government departments that are actively embracing analytics as a part of their core strategy and decision-making process. How can enterprises ensure that actionable data gets in the hands of the right decision makers? What makes big data captivatingly critical to organizations of all sizes is the competitive gap between organizations that manage data effectively and those that do not. Most companies today have plenty of data. Creating intelligence and gleaning real insight from this data is what continues to elude organizations. Effective decision-making requires an analytics framework that incorporates the people, processes, technology and culture of an organization. For analytics, to have a positive business outcome, it is imperative that analytics seeps in across the organization and become an integral part of its day to day operations. Only when analytics becomes a part of an organization’s DNA will it really transform it in to a high performance entity. How strong is the case for keeping analytics not limited to just one department? I would say very strong, and this is what the leading organizations are already doing and other organizations are aiming to achieve – an enterprise level analytics approach. Analytics is changing the way companies of all sizes, in all industries, go about their businesses. From the way they understand their markets

to how they mine information about their own operations, analytics is unlocking insights at every turn. Each department in an organization needs to take decisions which are based on facts and analysis, for the organization to propel forward. Analytics has become the key factor for companies to make informed decisions. Companies that fail to develop a competency around it are likely to be left behind. What do companies need to do to ensure that their analytics know-how is leveraged in a strategic way? Organizations should look at analytics in terms of the opportunities inherent in a value shift from simply collecting large amounts of information to clearly understanding what that information can do for them. It is not just about how organizations collect and store data, but how they share that data and create intelligence out of it. The kind of information and the volume of information are changing; therefore, the value comes from what one is able to do with that information. It is in being able to analyze information in increasingly real-time, collaborative manner. Companies need to take the time to discover how analytics can provide an objective view of their world, not only as it appears today, but also how it is likely to appear tomorrow. It is about developing and implementing strategies today that are based on a careful analysis of their likely outcomes in future. And this won’t be possible without analytics.

This interview is brought to you by IDG Custom Solutions Group in association with

VIEW

from the TOP

Sam Ghosh, Group CEO, Reliance Capital, says that IT helped the company see 2008 through and he’s banking on IT again to help in 2012.

Tackling

2012 By Sneha Jha

It was during one of the hottest months of 2008 that Sam Ghosh took over as Group CEO of Reliance Capital. But it wasn’t just the weather that was hot. That year marked the beginning of what would be the worst economic depression since 1929. And Ghosh knew that taking over a financial services organization—at that time—wasn’t the easiest job in the world. But he was unfazed. He quickly realized that the company needed to be agile and cost effective—and that IT could help it get there. Today, as the economy is on the verge of another slowdown, Ghosh is once again looking to IT to see his organization through.

CIO: How will the global recession affect India?

Sam Ghosh: We firmly believe that the

What do CEOs and other C-level executives expect from you? Read all about it in View from the top. Visit www.cio.in/ceointerviews

VFTT_JAN12.indd 86

J a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

India growth story is still intact. Though macro-economic numbers are short of expectations, things are likely to look up. India will post over six percent growth in GDP and the domestic demand in semiurban and rural areas still continues to be strong. However, businesses are likely to

face some short-term challenges. Growth and demand will slow and businesses will have to work harder to achieve the targets they are setting for themselves. IT will play a critical role in helping businesses achieve their growth targets in this challenging year. Companies will have to embrace new channels to reach out to customers, offer innovative products, and more importantly, reform their processes

Vol/7 | ISSUE/03

1/13/2012 1:05:38 PM

Sam Ghosh expects I.T. to: Provide competitive edge Make IT cost variable Aid customer retention

and systems to keep their costs under tight control.

Photos by ro hit gupta

What challenges do you anticipate in your industry? Profitability and growth, while ensuring steady customer retention, will be the key challenge in the next few quarters. Customers continue to be cautious about their investment decisions after witnessing unprecedented volatility in 2011. As a company, we are increasing our focus on customer service and

Vol/7 | ISSUE/03

VFTT_JAN12.indd 87

have identified the need to reach out to customers through multiple channels using IT. Various technological initiatives like an accelerated adoption of mobiles, Internet-based services, workforce collaboration, and virtualization have helped us take a lead in this direction.

What lessons from 2008 will help you this time? The key lesson we learnt from the last slowdown was thatâ&#x20AC;&#x201D;especially for ITâ&#x20AC;&#x201D;we need to take a variable-cost approach.

Over the last few years, we have reviewed all our IT systems and projects and tried to shrink our fixed cost base and make it more flexible. In the last two-three years, we have rationalized our IT systems and the number of servers we have. During the slowdown of 2008, we tried to do more with less and focused on business intelligence and CRM projects, which helped us evaluate our customers and gain insights into what they want. We are doing the same this time around. We are also using analytics and forecasts to

REAL CIO WORLD | J a n u a r y 1 5 , 2 0 1 2

1/13/2012 1:05:57 PM

View from the Top

drive new data-driven program initiatives in the field. Another big learning was the need to improve business processes, drive increased productivity through IT initiatives such as portals and business process management to cut costs. And that will be our mantra in the coming months as well.

What will drive your growth going forward? Customer centricity and the use of enabling technologies will be the main driving theme to help businesses perform better. Go online is our change mantra today. Online channels provide an excellent platform for extending reach and engagement with our customers. If you look at our mutual funds, about 10 percent of the business comes from the online medium. Our large following on Facebook (for Reliance Mutual Fund) will helps us get information from our customers directly, resolve issues faster, and fine tune our processes and products in line with customer needs. The general insurance business mobilizes almost 40 percent of its volume, directly and indirectly through online channels. The life insurance business also is gearing up by formulating several new products that will be launched for this medium. Customer self-service is the big focus of the online medium and all businesses are pushing forward in this direction.

What's your strategy to maintain profitability during the slowdown? From an IT perspective, we are trying to move—more and more—to a variable-cost scenario. As of now, 40 percent of our IT cost is variable. But variable cost should not simply be an opex stream, it needs to be linked to the top-line and ensure that sales and costs move in tandem. Second, we have to make our distributors and customers use our systems to provide transaction fulfillment at the point of customer contact. We are also devising a 82

VFTT_JAN12.indd 88

J a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

“IT innovation is absolutely critical to us. It shrinks our cost base and improves access to end customers.” — Sam Ghosh mechanism for customers to download transaction receipts, certificates, statements and other documents themselves. This reduces the cost of paper processing.

Which IT initiatives will be vital in the slowdown? Virtualization is a big play for us. We have already deployed server and storage virtualization. We are now looking at thin clients or desktop virtualization. We are already private cloud enabled and are also piloting the public cloud to make IT costs variable. We’ll also look at mobility as a game changer. We are empowering our employees, customers, and distributors with these end-point devices. Our commercial finance business has used award-winning mobility initiatives to achieve superior outcomes for recoveries by field collectors. The third part of our strategy will be analytics; gaining customer insights and increasing the persistency of customers. For example, customers in our life insurance

business sometimes tend to delay premium payments. We need to ensure they pay it on time to derive maximum benefits. BI helps us predict which customers are likely to default and helps us focus our efforts on this smaller population. Collaboration is another big priority. We are deploying a single platform that combines instant messaging, multi-video-conferencing, web-casting, e-learning, Intranets, and social media to boost collaboration between employees, senior management, distributors and customers. Connecting the feet-onstreet workforce to decision-making to risk management to the delivery of product and quality services will be a key enabler.

Can organizations afford to be innovative in such uncertain times? IT innovation is absolutely critical for us. It helps improve productivity, shrink our cost base, improve access to end customers, and extend better service to them. We are doing new projects selectively. For example, we are looking at moving our mobile employees to tablets. This is going to be an added cost but we believe it needs to be done to survive the next cycle and grow. Employees should be able to complete an interaction with customers whether they are in the office or not.

How will Reliance Capital maintain its competitive edge during the slowdown? We have to be in the top three in all our businesses but most importantly we have to be ROE (return on equity) focused. And to do that, IT has been made strategically important in our larger scheme of things. IT helps us address our business goals in a challenging environment more effectively. Also, I feel that IT is extremely critical to an organization like ours with a retail focus and hence it becomes an intrinsic component of product and service delivery. CIO Sneha Jha is senior correspondent. Send feedback on this interview to sneha_jha@idgindia.com

Vol/7 | ISSUE/03

1/13/2012 1:06:03 PM

CIo Career

2012 Resolution:

Five tech Proj oj Projects to

Boost

Your Career Take the reins of any of these five forward-looking initiatives and become an IT hero in the eyes of upper management.

By Dan Tynan Too many projecTs, Too liTTle Time: Thatâ&#x20AC;&#x2122;s the sad lament of many IT professionals who must constantly balance the needs of the enterprise against the desires of business usersâ&#x20AC;&#x201D;all while keeping a close eye on the newest technologies coming at them from every direction.

Vol/7 | ISSUE/03

Reader ROI: How to win the business over What you can do to make yourself stand out Why speed is important

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 3:12:38 PM

CIO Career

Still, some less obvious projects may pay bigger dividends in the long run, both for the company and, more important, for your career. A sure hand on the reins of the massive influx of mobile devices into your network will be a boon to the organization—and will get you noticed. So too will sussing out a sound social media strategy, spearheading a crisis response team, or merging your development and operations teams to accelerate your ability to

“Say Company A acquires Company B,” says Brydges. “The CFO of Company A needs to bring new apps online. look at the consolidated financials of both Then there are the troves of data your company has been collecting companies, and he doesn’t have time to wait for IT to run it through its data warehouse. just waiting to be mined to improve decision-making. You need a tactical solution that can quickly Done well, these five projects will make you a hero to upper pull data from multiple sources into a tool like Excel or SharePoint so your CFO can use it management while enabling the organization to move forward. right away.” The key is to do it in a structured way so that results are consistent no matter what data is input or who does it, Brydges says. “If you’re going to create a spreadsheet where you mix the financials of Company A and Company B, you need to deProject No. 1 Streamline Company Data fine the architecture so the next time someone asks for this, you don’t It’s hard to resist the allure of big data. Gather enough data points, start with a blank spreadsheet that produces different results and then harness enough computing horsepower to crunch them, and you can have to create a third spreadsheet to reconcile the two,” he adds. predict what your company’s customers will want before they even That means business and IT need to work together to identify the bits know they want it. You’ll be a hero, and the business will own a license of of data that drive results and figure out the best ways to mine them. to print money. That’s the promise, anyway. (For more turn to Pg 80) So, if this is such a great idea, why isn’t everyone doing it? “Because The problem? Most organizations already have more data than it’s hard to do,” says Stephenson. “There are tons of companies stuck they can handle, much of it inconsistently defined and captured in in the middle of large BI projects. People are afraid it’s too big to tackle. incompatible ways. So decision-makers spend all of their time arguing But our definition of ‘big’ is changing. . There’s no reason you can’t about whose data is correct, not what the data is telling them to do, says start out by using smaller subsets of data to validate your ideas before Chris Stephenson, co-founder of Arryve Consulting. investing too much time or money in a big initiative.” The project you want to own is to simplify that data, make sense of it, and use it to propel the company forward. Step one: Take the conflicting streams of data collected by different IT Project No. 2 Master Mobile Devices systems in your organization and consolidate them into a single The consumerization of IT is here to stay. The question is: What are database before business users ever get their mitts on it, advises you going to do about it? Stephenson. To do that you’ll need to work with business users to You have two choices: Resist and kiss your career ambitions goodidentify the important data points and arrive at common definitions. bye, or embrace it and win the undying respect of the C-suite execs who “That’s much easier said than done,” he adds. “But it will ensure really want to use their iPads, even if they’re not entirely sure why. that a company is managing to one version of the truth and allow The project IT pros need to wrap their arms around is the mobile multi-department conversations to focus on the decisions the data is device dilemma: How to manage devices securely, provision them driving, not the data itself.” efficiently, and make your bosses happy without compromising your But even big data doesn’t have to be that big. While you’re waiting network, says Mike Meikle, principal of Hawkthorne Group. for that multi-million-dollar business intelligence initiative to pay Even if you or your enterprise aren’t quite ready to jump with both dividends, you can employ ‘tactical BI’—isolating the information that feet into the realm of mobile device management, you should at least really matters to business leaders so they can make decisions more be conversant with all the options available to you, he adds. quickly, says Bill Brydges, managing director in Morgan Franklin’s “A lot of IT folks will simply say no, they don’t want those devices Performance Improvement practice. in their environment,” says Meikle. “That’s not going to fly, especially 84

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Feature_5_Tech_Projects.indd 52

Vol/7 | ISSUE/03

1/13/2012 3:12:38 PM

if this is being driven by executives. If you’re approached by senior management about what it will take to integrate these devices into the enterprise and you say they’re too risky or that you want to take a wait-and-see approach, you’re not going to look so good. Being knowledgeable about what solutions are available will make you look like a pro.” If your enterprise is thinking about going BYOD, you’ll have to figure out how to securely sandbox those corporate apps and what kind of authentication hoops users will jump through in order to log on, he adds. You’ll also need to take a deep dive in the mobile apps pool. If you have the programming chops to develop mobile apps that align with your business objectives, go for it. But even if you don’t, you should be familiar with the apps commonly used in your company’s industry, and be provisioning a store of approved apps your business customers can select and install with a click. If this is such a great idea, why isn’t everyone doing it? Transitioning from a legacy mobile device infrastructure (typically BlackBerry) isn’t trivial, notes Meikle, especially if you are planning to support multiple mobile platforms. Mind you, mobile device management solutions are still relatively immature, and there are few clear-cut choices. “These devices are only a few years old, and enterprise IT doesn’t typically turn on a dime,” he says. “So trying to come up with the right solution can be difficult.”

IT Project No. 3 Become a ‘Dev-ops shop’

Boost Your Career with Blogging Writing a blog can establish your company’s credibility, demonstrate your expertise on a certain subject or help you organize yourself and your projects. It can also land you a job. as blogging becomes more pervasive in popular culture, CIOs are finding blogs can be truly useful to their careers. according to rebecca Foreman, VP at executive recruiting service firm Polachi, blogs are an excellent way to highlight not only your career accomplishments but also your personal interests. Foreman says that she often looks for personal interests that align with the position she is trying to fill. For example, in looking to fill a position at Segway, she wanted someone with a passion for transportation. That’s not something you’d put on a résumé, but it’s something you might write about in a blog. Foreman searched blogs for executives who had interests in bicycling or Harleys, or were trained as private pilots and enjoyed flying in their free time. “We want to find what’s not on the résumé,” she says. “There is more to a person than their role at a company.” Many people might have the necessary skill set, but personal affinities like being a mountain biker can make you the ideal candidate, she says. according to a Polachi survey, a third of people who have been contacted by recruiters said they wanted to speak with them after reading their blog. The survey also showed that 80 percent of executives who blog think it helps them with professional networking. It worked for the County of San Diego’s CIO, Bill Crowell, who blogged about his career quest on CIO.com. The blog provided a powerful personal marketing tool and fodder for his final—and successful—interview with the county, says Crowell.

Tens of thousands of developers have adopted agile development methodologies—a highly iterative approach that keeps coding projects from going off the rails, out of scope, or over budget. But when those projects need to move from the development team to operations for load or functionality testing, they’re no longer so agile. “When programmers have to put in a request for system resources and go through that whole approval and provisioning process, projects can stop dead in their tracks,” 80 percent of says Brian Moloney, managing partner executives who blog of Web design and development firm think it helps them Imaginary Landscape. with professional The project you need to own: networking. Building a cross-functional ‘dev-ops’ team that blends programming chops with sys admin acumen to keep projects flowing. “It requires a blended skill set,” says Moloney. “Programmers need the authority to make administrative changes, and ops needs to know how to do a little coding. That way the dev team doesn’t have to stop the flow of what it’s doing to disconnect and then reconnect the project.” Interdisciplinary skills become even more important as organizations build apps to run in the cloud, says Todd Olson, vice president of products at Rally Software, an agile project management and coaching firm. “Developing for the cloud affects how software is written,” he says. “Coordinating what happens to that binary after it leaves dev’s hands is even harder. If you’re doing both agile and cloud deployment, dev-ops becomes something you really can’t ignore.”

Vol/7 | ISSUE/03

Feature_5_Tech_Projects.indd 53

—By Margaret Locher

CIO Career The best way to get started? “Select a small proof-of-concept project, pluck people from each silo, put them in a room together, and look at the result,” says Moloney. If this is such a great idea, why isn’t everyone doing it? A lot of organizations haven’t solved the first problem, yet—getting good code out the door quickly, says Olson. Inter-departmental politics also plays a role, especially in larger organizations. And the dev-ops concept is fairly new, while divisions between developers and admins are not. “Dev people and ops people speak different languages,” Olson says. “The role of the ops guy is to reduce risk so he doesn’t get desperate phone calls on the weekend. The goal of the dev team is to produce as much good new stuff as possible. There’s a conflict there. You can’t just buy a tool to make it happen. It requires a change in culture.”

things that might happen to them, says Budd. Crisis response can be expensive, and many companies simply lack the expertise. “When people get in trouble, a lot of them automatically start acting like five-year-olds,” he adds. “Their first response is to cover it up. It takes a certain amount of courage to go out on stage in front of a hostile audience and say, ‘Here’s the bad thing that’s going on now.’ It’s easier to adopt a bunker mentality.”

IT Project No. 5 Control Social Media

Like iPads and iPhones, Facebook, Twitter, and their ilk are finding their way into the workplace whether IT officially endorses them or not. Organizations that aren’t steering the social media bus are likely to end up with tire tracks on their backs—and, worse, a real security nightmare on their hands. “If you do not provide the means for business users to access IT Project No. 4 Get a Crisis Response Team social media, they will go around you,” says Justin Kwong, senior When Sony’s PlayStation Network was taken down by hackers last director of IT operations and security at 24 Hour Fitness. “That’s spring, the electronics giant responded by doing just about everything a worst-case scenario for a security professional, wrong, says Christopher Budd, a former member of Microsoft’s because instead of having some mitigated worldwide crisis response communications team. risk, you’re fully exposed.” After the network went offline last April, Sony Because it The project you want to failed to acknowledge or explain the cause of bungled its initial own is bringing social media the outage. For a week the company provided response, when Sony into the workplace without virtually no information—allowing the press finally did something leaving it exposed to internal and blogosphere to fill the gap with speculation right, at great cost, it got leaks, external threats, or and misinformation, says Budd, who now runs no credit, highlighting embarrassment, says Meikle. his own crisis communications company. the need for a crisis That means helping to The reason? Sony lacked an effective incident response team. create social media policies that response process for online security and privacy define acceptable and unacceptable issues, something even smaller organizations need behavior on social networks, as well as the to implement. “Any organization that’s a custodian kinds of information that should never be shared. of customer data needs to spend time figuring out But even that won’t work without first obtaining buy-in from top what it’s going to do if something happens to that management. data,” he says. “Besides avoiding damage to their “Effective policies for how to use social media must be governed reputations, they also need to protect themselves against legal and and supported by senior management,” says Meikle. “This will allow regulatory risks.” employees to engage customers at a far more personal level. And Building an emergency response team means marshaling resources employees will understand the boundaries they are constrained by across the organization—legal, communications, and technical. It also when these policies and tools are communicated and supported by requires a mandate from the top that empowers the team to do what senior management.” needs to be done, swiftly and without interference, Budd adds. So, if this is such a great idea, why isn’t everyone doing it? “You need to get out there as quickly as possible and be as transparent Corporations remain wary of social networks, says Meikle, in as you can be,” he says. “You need to say what has happened, and also part because Web 2.0 security solutions are relatively immature. what hasn’t happened. Because one way or another, the story will Enterprises in heavily regulated industries like finance and health care get out. You want to be the one to step out onto the stage, grab the face severe penalties for accidental data leaks, making them cautious. microphone, and take charge of the situation.” “Social media has to be carefully monitored in these environments Because it bungled its initial response, by the time Sony finally so sensitive information is not released,” he says. “It also opens a did something right—shutting down the network for a month and door for malicious actors to gather data on key individuals in the rebuilding it piece by piece, taking a huge financial hit in the process— corporation. That’s why effective and well-communicated social media it got almost no credit for it, says Budd. usage policies are critical.” CIO However, Sony may have learned its lesson, he adds. After thwarting attempts by hackers to access nearly 100,000 PSN accounts some weeks ago, Sony got ahead of the crisis by reporting it quickly and in detail, minimizing further damage to its reputation. So, if this is such a great idea, why isn’t everyone doing it? Most organizations are focused on generating revenues, not on the bad Send feedback on this feature to editor@cio.in 86

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Feature_5_Tech_Projects.indd 54

Vol/7 | ISSUE/03

1/13/2012 3:12:41 PM

Imagine

your data center guarded better than international borders

making it possible Tulip Data City

16 Level Physical security 1500 Security cameras Explosive detectors Baggage and personnel screening Separate personnel and material movement plans Letting your imagination soar, and then engineering it to reality - thatâ&#x20AC;&#x2122;s Imagineering. With the new Tulip Data City, we have just imagineered the data center of the future. Join us at the Imagineering India Summit, where Indiaâ&#x20AC;&#x2122;s leading CIOs will convene to imagineer a new era in Indian IT, made possible with the launch of this state-of-the-art facility. 3-4 February, 2012 | Tulip Data City, Bengaluru. www.cio.in/imagineering-india

By Invitation Only

Imagineering = Imagine + Engineering Powered By

casefiles real people

* real problems * real solutions

Cloud By

Design How Applied Materials enabled users to access CAD applications from the cloud. By Shweta Rao

Moore’s law predicted that chip capability would double every two years. Applied Materials has proven that rule for decades, boasts Applied Materials on its website. But keeping up with that pace of development is hard work. It has required a slew of acquisitions over the last five years—and 24x7 R&D work across three continents. It’s also required centralizing the company’s 17 IT groups into one—and giving its CAD users something no other design could: On the fly access to design data using desktop virtualization and the cloud.(For more tips to deploy private clouds turn to page 114)

Chip on the Shoulder

Case Files.indd 56

J a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Ph oto by srivatsa shan dilya

As semiconductor manufacturers started stacking chips horizontally and vertically, the prime hitch lay in filling tiny gaps between transistors to electrically isolate them from each other. Applied Materials engineered a novel insulator deposition tool to fill these gaps measuring a few nanometers. Not surprisingly, MIT’s Technology Review named Applied Materials one of the 50 most innovative companies in the world in 2011. That’s what Applied Materials means when it says, “Building tomorrow’s transistor, atom By atom.” Designing such chips involves designing big assemblies with over 30,000 parts— all done at a scale below 20 nanometers. It requires heavy CAD applications that demand large amounts of rendering, which traditionally needed to be done on CAD workstations equipped with dedicated, extremely high-end graphics processing units.

Vol/7 | ISSUE/03

1/13/2012 3:17:44 PM

“Our work is really complex from a design perspective as we devise high-end capital equipment used in the semiconductor industry,” says Nagaraj Bhat, director of global information services, which supports half of the over 2,000 R&D engineers who work simultaneously to develop products involving complex designs—around the clock. For an international company like Applied Materials, this meant big-ticket hardware projects and implementing point solutions across three sites in three continents: Austin, Amsterdam and Bangalore. When an engineer at Applied’s Austin office signs out at six, work on his design continues in Bangalore. Each file is anywhere between 2GB to 8GB, says Bhat. Simultaneously, Applied Materials has undertaken a large number of acquisitions, the last of which was Varian Semiconductor Equipment Associates in May 2011. The strategy forced the company to deal with multiple IT infrastructures—and worse, work with several project lifecycle management (PLM) instances worldwide on a day-to-day basis, which typically have data integrity issues in a multi-site environment. “Changes made by a design team at Amsterdam would be lost before someone accessed an Adobe InDesign file,” says Bhat. What Applied needed, in Bhat’s opinion, was a standardized PLM platform. It would establish a process-driven workflow, connecting all stakeholders working on a project and uniting multiple subsidiaries. The process would also lower administration costs and complexity associated with keeping software, hardware and servers up-to-date. “We started to lay down our architecture roadmap with our journey towards a single PLM platform,” recalls Bhat. But, his team soon realized that they had just struck the tip of an iceberg. “We figured the extent of the problem as we tried to move more users into this newly-conceived project.”

Packing Up for the Cloud Bhat discovered that the consolidation was going to be costly. They had to integrate

Vol/7 | ISSUE/03

Case Files.indd 57

By moving to a cloud, Nagaraj Bhat, Director Global Information Services, Applied Materials, delivered 30 percent performance improvements over traditional CAD workstations.

multiple CAD apps that the engineers used with the single unified PLM platform. “We had to start with business units in different geographies and many of them were coming through the M&A process,” says Bhat. Creating multiple PLM instances across the globe was only going to complicate their problems of data integrity, and the inability to support and manage five sites simultaneously.

“All our requirements pointed to a highdensity centralized datacenter,” says Bhat. The move was significant. If it went through with the project, Applied Materials would be the first company in India to have its entire CAD infrastructure on a cloud. “We couldn’t see any point in having data tied down to desktops. By being on the private cloud, data would follow users everywhere

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 3:17:51 PM

Case File | Applied Materials

and they would only need to visualize it,” says Bhat. Applied Materials leveraged “central grade infrastructure” that would allow users to do CAD computing in the datacenter rather than at a CAD workstation. The project involved installing desktop blades in the server farms with a graphics processing unit, which would replace heavy workstations at an engineer’s desk. In addition, they employed high-speed networking to eliminate networking drags giving CAD professionals real-time access to 3D designs. The consolidation helped Bhat bring all existing PLM platforms together. “Virtualization techniques available in the market don’t provide solutions to handle virtualization with high graphic content,” says Bhat. “Really, there is no solution that allows sharing the graphics processing unit and delivers graphic intensive application over the wire!” Combining the blades with CAD apps running adjacent to the PLM servers gets rid of the need to host local instances of PLM environment in each country. “We were now able to have our design engineers located in different parts of Asia use regular office desktops to connect to the centralized CAD blades farm,” says Bhat. In addition, synchronization errors in multi-site instances that caused data integrity issues were removed, enabling cost savings. “Our ability to centralize our CAD blades farm helped us to avoid making investments in creating multiple instances of the PLM platform across geographies which otherwise would cost high capital and operating expenses,” says Bhat.

Rome Wasn’t Built in a Day The company’s journey to the cloud began two years ago, says Bhat. Pilots were set up in Austin and Bangalore for 100 CAD blade servers each, long before conceiving the need for a datacenter set up. “We started this process to support our non-India user base including the Asia Pacific. We then realized that in order to expand the footprint of 100-200 users and support 2,000

Case Files.indd 58

J a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

Heat dissipation in the high-density datacenter was a challenge since temperatures could go from 18°C to 64°C in a mere 30 seconds. users, we needed to create a platform which is easy to manage,” says Bhat. But being a trailblazer had it's problems. “We faced a dearth of solutions that would help interface the user with the datacenter.” But HP’s ‘Remote Graphic Solution’ came to the team’s rescue. “It provides a thin-client type of an interface to the end-user that installs itself on the desktop,” says Bhat. The launch of the cloud service made for safe and secure storing of designs possible for CAD engineers. The redundant environment also enables users to track changes made to the design, hence, avoiding delays.

Seeking Buy-In The road to success is dotted with some conflict. For Bhat the proposal to invest $5.5 million (about Rs 24 crore) in the project raised eyebrows. But Bhat was prepared. “We had to go to each of the GMs for buy-in. Naturally, it took a good deal of explanation from an ROI perspective,” he recalls. The capital committee heard out Bhat’s proposal, which clearly stated savings expected in the long run. “I always remember to insert cost clarity in every proposal I deal with. More importantly, we told management that the project would deliver a capability which can’t be measured in dollars but through productivity improvement,” says Bhat. He was certain the project would deliver ROI both from the cost saving and cost avoidance perspective.

Testing It Out The many practical and technical tests to put CAD on the cloud are familiar. But the main challenge is getting users to adopt it. And for that companies need to give their users a very good reason to move. “The most critical reason is time,” says Bhat. “You know, time is money.”

Another challenge was datecenter design. “We can have 54 blade servers in a single rack but that would require an enormous amount of power,” says Bhat. The challenge that confronted Bhat’s team was to muster up the capacity to host 400 CAD blades. Hosting them in a traditional datacenter would burn out the system which was geared to generate only 3-5 KW per rack. “We designed a high-density datacenter capable of supporting 20KW per rack. We now host 64 CAD blades per rack compared to the previous datacenter which has 16-32 blades per rack,” says Bhat. Heat dissipation was another challenge. In traditional datacenters, you have a buffer of 10-15 minutes to react to an increase in heat. But in a high-density datacenter temperatures can go from 18°C to 64°C in 30 seconds. Having an office at the International Tech Park in Bangalore limited infrastructure design in terms of cooling, says Bhat. Relying on the available chilled water supply wasn’t foolproof. Hence, provisions for gas-based cooling to provide redundancy in case the water supply was cut off became a requirement, says Bhat.

The Benefits Wherever you go, your data follows. “CAD users can now experience the luxury of doing their jobs on regular desktops sitting in the comforts of their homes,” says Bhat. How many CAD users can say that? At Applied Materials, engineers across the world are now able to use standard desktops or laptops to connect to a CAD blade which is housed in the datacenter— irrespective of their location (both Internet and WAN connectivity are used). Applied’s design engineers spread across the AsiaPacific region including Taiwan, Korea,

Vol/7 | ISSUE/03

1/13/2012 3:17:51 PM

Case File | Applied Materials

Japan, China and India can avail of the cloud service. Bhat has seen a huge difference in its CAD user feedback today compared to a year ago. “They’re far happier now as they don’t have to contact IT support to resolve data integrity issues,” he says. It has, hence, not just reduced support costs but also helped them perform faster. “It’s like working on a supercomputer through one’s laptop. Who wouldn’t want that?” The desktop virtualization consolidated Applied’s hardware and software environment and drastically reduced support cost. “We forget that outsourcing of R&D work to India is not just about the cost—it’s also about time to market,” says Bhat. The capital investment with CAD blades and associated datacenter infrastructure is significantly higher than that of provisioning a standard CAD desktop. However, productivity improvement, lower operating costs, reduced IT support costs combined with productivity improvement

and avoiding investment of multisite environment are factors that can’t be ignored. “The electricity consumption of a regular laptop and CAD blade is at least 40 percent lower than a standard CAD workstation,” says Bhat. Applied’s new datacenter, which was set up with the latest green technologies also enabled the company to achieve a PUE (power usage effectiveness) of 1.6—about 25 percent better than its old datacenter. The project showed the company’s engineers that there was no longer a need to load each individual CAD file, analyze, and then search parameters that match search criteria. The impact on computationally expensive recognition feature saved time remarkably. Naturally, Applied’s engineers have welcomed the change with open arms. “We see that over six percent of our CAD users have been regularly accessing the CAD environment through remote access from their home or when they are on the move contributing to increased productivity and work-life balance,” says Bhat.

The desktop CAD applications, running on centralized CAD blade farms, are delivering performance improvements of over 30 percent compared to traditional CAD workstations. This has been possible due to the sheer increase in the computing power introduced by the CAD blades. “We have seen significant performance gain of up to 60 percent in some cases,” says Bhat. Bhat bases his ROI on a number of factors; one of them is on the money that will be saved in the future. “I understand if many CIOs don’t see an ROI from this project because of the investment. Delivering a return on investment with only material value in mind is definitely challenging.” But he believes that ignoring how technology can impact a business and not quantifying its soft benefits is acute short-sightedness. CIO

Shweta Rao is trainee journalist. Send feedback on this feature to shweta_rao@idgindia.com

How SAP Enabled Kuoni's VFS to Expand A case study on Network Monitoring / Management in Services

How a Centralized Customer Database Can Help Cross-sell and Strengthen Brand Image A case study on Consolidation in Automotive

How IT Smoothened UB's Integration Challenges A case study on Infrastructure in Manufacturing

READ MORE CASE STUDIES ONLINE WWW.CIO.IN/CASESTUDIES

Case Files.indd 59

Intelenet Gains Brownie Points With Enterprise Architecture Re-Tooling A case study on Infrastructure Management in BPO / KPO

Fullerton Shrinks Loan Approval Time, Saves 10 Crores on Opex A case study on BPM in Financial Services

1/25/2012 1:08:58 PM

casefiles

Vodafone India

Every minute of CRM downtime cost Vodafone India over 6,500 customers. In a fiercely competitive industry, that’s a number its CIO knew the company couldn’t afford.

Manoj Nigam, VP, CS-IT, Vodafone, created an alternate Web CRM that checked downtime, saving over Rs 5 crore for the company.

Case Files.indd 60

J a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

The Organization: In a country that’s home to one of the world’s largest mobile subscriber bases (881 million as of October 2011), Vodafone India holds the distinction of being the second largest mobile operator. Today, the company serves more than 150 million customers in India. The Problem: There’s no doubt that the telecom industry is a victim of fierce competition. “With most competitors offering similar products and competitive prices, services is something that will provide any

By Debarati Roy

organization an edge in this industry,” says Manoj Nigam, VP, CS-IT at Vodafone. And you can’t provide better services without a robust CRM system. That was something Vodafone couldn't boast of. The company's Oracle CRM system wasn’t built to handle its growing customer base and users. “There are 40,000 users on the CRM system with 12,000 concurrent users logged in at any given point of time, 24 hours a day,” says Nigam. As the company introduced new service channels like an IVR, downtime became routine. That was something Vodafone couldn’t afford. With a little more than 10 million interactions a day, a minute of downtime cost 6,944 interactions. That’s 6,944 lost opportunities to retain customers. This increased repeat calls to customer service centers, increasing the company's expenses. Mostly outsourced, these partners are usually paid on a per call received basis, and Vodafone has to pay for every call attended— even if the customer care executive is unable to help due to downtime. The Solution: Nigam knew that he needed to build something that could share the increasing load on the existing CRM. Like a body double for the existing CRM, Nigam launched a Web CRM. Based on Java J3, this lighter

version would step into the shoes of the Oracle CRM whenever there is planned or unplanned downtime— automatically. So whenever there’s downtime, the Web application pulls out information from the master database (used for the Oracle CRM) when reading data. However, when a user writes something, the application stores it locally. As soon as the original CRM is up, the alternative database automatically synchronizes itself with the master database in the backend and updates the latest inputs. User profiles have been pre-configured to alert them when the original CRM is down. “User experience remains unadulterated and users can seamlessly move from one app to another by using the same credentials to log in,” says Nigam. The Benefits: The new system has made downtime inconsequential. On an average, the system has saved about Rs 5.3 crore since 2009 due to reduced calls to the call center. The repeat calls have fallen from about 28 percent in 2008 to 15 percent in 2011. The Web CRM now acts as the primary CRM for mini Vodafone stores in tier 2 cities where bandwidth is an issue. Vodafone's services can now truly live up to its tagline: Happy to help. CIO Send feedback on this feature to debarati_roy@idgindia.com

Vol/7 | ISSUE/03

1/13/2012 3:18:02 PM

Imagine

your data center never having to experience power cuts

making it possible Tulip Data City

A fully redundant power capacity of 80 MW 66 KVA substation in front of the building Fuel tanks and 96 MW DG sets as power backups Direct connection to the national power grid

Letting your imagination soar, and then engineering it to reality - thatâ&#x20AC;&#x2122;s Imagineering. With the new Tulip Data City, we have just imagineered the data center of the future. Join us at the Imagineering India Summit, where Indiaâ&#x20AC;&#x2122;s leading CIOs will convene to imagineer a new era in Indian IT, made possible with the launch of this state-of-the-art facility. 3-4 February, 2012 | Tulip Data City, Bengaluru. www.cio.in/imagineering-india

By Invitation Only

Imagineering = Imagine + Engineering Powered By

DHFL

When a fire breaks out in DHFL’s headquarters, head-IT, Satish Kotian’s disaster recovery strategy keeps the business afloat. The Organization: Dewan Housing Finance (DHFL), India’s second-largest private housing finance company, isn’t readying for a slowdown. According to market researcher RNCOS, the market for ‘mediumhousing’ (as opposed to highend and low-cost) will grow at 26 percent CAGR between 2011 and 2013—and Mumbaiheadquartered DHFL is determined to piggyback on that wave. The Business case: Satish Kotian, head-IT, DHFL, has been with the company since 1992 and has witnessed the evolution of the housing sector from close quarters. As business mushroomed— DHFL has consistently grown at a CAGR of 35 percent—Kotian anticipated the need for reliable, resilient and secure IT infrastructure. "Having a DR is like investing in insurance. It prepares you for all eventualities. I deemed it necessary to bolster our emergency preparedness so that business operations are not stalled in the face of a crisis," says Kotian. First Steps: In the third quarter of 2009-10, Kotian appointed IBM to assess

Case Files.indd 62

J a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

* By Sneha Jha

DHFL’s infrastructure security. They came up with a number of suggestions, the sum of which Kotian knew would be very difficult to implement in-house. Conventional wisdom pointed to hosting their own primary datacenter and outsourcing their DR to a service provider. But, DHFL had different plans. “We did not want to build our own datacenter because it would involve prohibitive investment in terms of hiring skilled personnel for maintenance and security. And we needed an IT infrastructure which could withstand the ravages of a disaster,” says Kotian. He resolved to invest in managed services. The strategy would help him avoid frequent operational fire-fighting and ensure proactive monitoring. Once he had identified a partner, Kotian also ensured that his staff was not intimidated with the outsourcing move, he says. The project was executed within four months and in July 11, 2010, DHFL’s hosted datacenter was up and running. The Benefits: The move brought operational ease, flexibility, scalability as well as cost effectiveness while allowing DHFL to execute business demands faster because instead of fighting fires DHFL’s IT team can work on business projects. But it was in November 2010 that Kotian’s DR strategy really paid off.

The disaster recovery strategy of Satish Kotian, head-IT, DHFL, saved his company millions.

That month a fire broke out at DHFL’s corporate office rendering the facility nonoperational for a month. But that didn’t affect the business. “With a centralized architecture and our browserbased application, it was easier for us to meet our customers’ requirements during this period. Top management heaved a sigh of relief because customer information and transaction records were completely safe,” says Kotian. A lack of foresight on Kotian’s part would have affected the company’s bottom line directly. “Every month, we add between

7,000-8,000 new customers and our installment collection is to the tune of Rs 200 crore from existing customers. These would have been impaired if the systems were not functional during this disaster,” he says. Being a financial institute, DHFL needs to submit various reports to its regulator the National Housing Bank and its lenders. Thanks to the DR, system support was available during the crises and the company was able to comply with all these requirements. CIO Sneha Jha is senior correspondent. Send feedback on this feature to sneha_jha@idgindia.com

P hoto by Foto corp

casefiles

Vol/7 | ISSUE/03

1/13/2012 3:18:11 PM

Imagine

your data center scaling up to 26 Taj Mahals

making it possible Tulip Data City

9,00,000 square feet Capacity to host 12,000 racks Large areas reserved for your specific requirements

By Invitation Only

Imagineering = Imagine + Engineering Powered By

illust ration by pradeep gulur

Security

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

STUPID_HACKER_TRICKS.indd 50

Vol/7 | ISSUE/03

1/13/2012 12:27:11 PM

Security

Hacker, Stupid Hacker

Taunting tweets, provocative pics, iPad-spam chats—the stupid slip-ups that lead to high-profile hacker arrests. For the new year, we present you some of the most idiotic hacker blunders.

Common sense be damned, though, someone decided InfraGard needed to be infiltrated. Apparently the company’s ties with the By JR Raphael government rubbed some folks the wrong way; last June, the hacking collective known as LulzSec took credit for taking down one of the organization’s sites, citing recent computer crime legislation as the cause of its ire. The incident connected to Arciszewski came just one month later, If the Internet is the new Wild West, then hackers are the wanted in July 2011. The FBI alleges that Arciszewski, a 21-year-old computer outlaws of our time. And like the gun-slinging bad boys before them, engineering major at the University of Central Florida, broke into all it takes is one wrong move to land them in jail. InfraGard’s Tampa Bay chapter website. He’s accused of uploading a Whether they are out to steal money or merely wreak havoc, the few files—animated kitty GIFs, one can only hope—and then posting a consequences of an exploit gone bad can be harsh. And these days, link on Twitter showing others how he skirted the website’s security. the margin for error can be measured in bits. After all, thanks to the The tweet reportedly contained just eight words—”Infraguard Internet’s international nature, cyber outlaws have an awful lot of [sic] Tampa has one hell of an exploit”—along with a shortened link. sheriffs sniffing out their online footsteps. That turned out to be more than enough to send the bloodhounds on Sometimes, though, the sheriffs don’t have to work too hard. Clever Arciszewski’s path. as they often are, hackers can turn boneheaded pretty quickly and slip The Bust: FBI agents, none too pleased with their public flogging, up in silly ways, leaving authorities a virtual road map pointing right set out to find the guy who tore a hole in their virtual fence. It didn’t to their doorsteps. take too much work, from the sounds of it: According to reports, Just ask the suspects in these five cases, all of whom have officially Arciszewski retweeted his boast to the attention of the FBI’s official earned a spot in our Stupid Hacker Tricks (SHT) Hall of Shame. press office account. D’oh! “Word of mouth leads to a lot of arrests,” says Clifford Neuman, director of the USC Center for Computer Systems Security. “Hackers SHT No. 1: Hack, tweet, repeat—until arrested often brag to others on message boards and social The Suspect: Scott Arciszewski [media] services, so detectives look for indications like The Crime: Hacking an FBI-sponsored website Reader ROI: online postings.” Dossier: Arciszewski is accused of hacking into the Where to look for clues In Arciszewski’s case, the feds tracked down the website of InfraGard, an FBI-run program focused on when you’re trying to catch a cyber criminal IP address used in the attack and connected it to that cyber crime prevention. Yes, you read that correctly: The most popular troublesome tweet. According to Ryan J. Reilly at TPM Cyber crime prevention. In other words, if there were hacker weakneses Idea Lab, the FBI went from Arciszewski’s Twitter an encyclopedia entry for “places you don’t want to How to beat hackers account to his personal website. Before long, they found mess with,” InfraGard would top the list.

Vol/7 | ISSUE/03

STUPID_HACKER_TRICKS.indd 51

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 12:27:12 PM

Security his real name, matched up some photos, and showed up at his UCF dorm room with a warrant for his arrest. On the plus side, that may have been the most action Arciszewski’s dorm saw all semester.

SHT No. 2: Risqué Miley Cyrus pics arouse suspicion The Suspect: Josh Holly The Crime: Hacking celebrities’ Internet accounts as part of a spam and credit card-stealing caper Dossier: It’s no party in the USA these days for Josh Holly, the 21year-old accused of hacking Miley Cyrus’s Gmail account and posting provocative pics of her online. Holly is currently facing criminal charges—though, in a surprising twist, not for the semi-indecent exposure of the then-15-year-old star. Holly’s trouble actually revolves around a series of spam-based credit card thefts. In August, he pleaded guilty to felony charges stemming from the possession of about 200 compromised credit card numbers. According to the FBI, Holly hacked into numerous celebrities’ MySpace accounts, then used their accounts to spam the masses, reaching legions of responsive followers and bringing in more than $100,000 in shadily obtained revenue. So where does the lovely Ms. Cyrus factor into the equation? Holly famously bragged about breaking into Miley’s e-mail and stealing her risqué photos (which, of course, were plastered all over the Web in no time). Holly told Wired the whole thing started when he broke into a MySpace admin panel and found a plain-text list of passwords. He tried Miley’s MySpace password on a Gmail account she was known to use, according to the interview—and sure enough, it worked. The Bust: Though Holly was never charged specifically for the Miley incident, that high-profile hack appears to have played an integral role

in his arrest. The FBI followed his boastful bread crumbs and raided his Tennessee home. They seized his computer and found all the evidence they needed inside. Holly seemed to spot his slip-ups pretty quickly—after the fact, at least. In an interview conducted with Wired shortly after his arrest, Holly is quoted as saying, “There’s no way I can get out of this. ... I was an idiot and I didn’t delete any of my [hard drive data]. I never thought they would raid me. They’re going to get full proof [sic] evidence of everything that I’ve said I’ve done.” Of course, the massive amounts of money moving through various accounts probably didn’t help, either. Where there’s money, after all, there’s almost always a trail. “Whenever there is required collusion—the exchange of a hack or credit card number or anything like that—that creates a point of vulnerability where information can be exposed,” says Neuman.

SHT No. 3: Boost score, get busted The Suspect: An unnamed 17-year-old from Manchester, U.K. The Crime: Launching a DDoS attack on the Call of Duty website and bringing the game to a screeching halt Dossier: The British teen is accused of using a tool called Phenom Booter to perform a DDoS attack on servers that hosted the Call of Duty video game. According to reports, the boy’s goal was to keep other players from signing in and killing his character—thereby allowing him to maintain a high score. Ah, kids. To his credit, the plot worked. It reportedly took the Call of Duty staff several hours to get the site back up and running. Our junior hacker didn’t stop with the single attack, though. Investigators say he spent time scouting out other would-be

More From the Hall of Shame Perp: Farid “Diab10” Essebar Dossier: In 2005, at the ripe old age of 18, Farid Essebar probably thought he was untouchable. Working with accomplices in his home country of Morocco and in Turkey, the Russianborn Essebar wrote and distributed the Mytob, Rbot and Zotob botnet Trojan horses. The malware infected thousands of computers at large corporations, U.S. government departments and media companies, and was built to log keystrokes and steal financial and personal data. Affected computers typically got into a cycle where they rebooted constantly, spread the malware to 98

j a n u a r y 1 5 , 2 0 1 2 | REAL CIO WORLD

STUPID_HACKER_TRICKS.indd 52

other computers on the network, then provided remote access to infected computers to a bot herder. Essebar also fell prey to the braggadocio bug. When University of Pennsylvania security researcher David Taylor deliberately infected a computer with Zotob, and stumbled into one of Essebar’s botnet IRC channels, he struck up a conversation with him. Essebar responded, gloating that he earned substantial sums using his bot to install adware on infected computers. Within seven days, the FBI, working in concert with local law enforcement and Microsoft employees, sent teams

of computer experts to Rabat, Morocco, and Ankara, Turkey. Less than two weeks after the outbreak, authorities arrested Essebar, as well as then-20year-old Achraf Bahloul in Rabat. Authorities were able to clearly identify Essebar as the author of the worm; not only had he signed it with the words “by Diabl0” buried in the source code, but he’d written the worm using Microsoft’s Visual Studio, which embeds information about the computer on which the code is written into the compiled program—in this case, the directory path “C:\ Documents and Settings\Farid.” D’oh! — By Andrew Brandt

Vol/7 | ISSUE/03

1/13/2012 12:27:12 PM

Security hackers and offering to sell them the secret to his score-boosting ruse. The Bust: Police tracked the teen to his home— where you can imagine Mum and Dad were none too pleased. While hackers often use proxies and redirection services to mask their locations, it sounds like our amateur attacker didn’t do much to hide. Officers say they quickly figured out that the server responsible was hosted in the United Kingdom. From there, it didn’t take them long to make their way to the Manchester neighborhood where Boy Wizard lived. “Hackers only need to make a mistake once for that to be the piece of evidence which ultimately identifies them,” says Graham Cluley, senior tech consultant at Sophos. Needless to say, this little prank didn’t have police laughing. “This type of crime can often be the precursor to further offending in more traditional areas of online crime,” detectives told the Daily Mail. “Spanky, spanky,” the kid’s parents probably added.

In the case of less-professional cyber criminals, they may find it irresistible to brag online about their activities, or leave nicknames in their attacks, which ultimately help authorities unmask them.

SHT No. 4: Pummel PayPal, get payback The Suspects: Christopher Cooper, Joshua Covelli, Keith Downey, Mercedes Haefer, Donald Husband, Vincent Kershaw, Ethan Miles, James Murphy, Drew Phillips, Jeffrey Puglisi, Daniel Sullivan, Tracy Valenzuela, Christopher Vo, and a minor The Crime: Conducting a DDoS attack against PayPal Dossier: When a handful of financial companies decided to stop handling payments for donations to WikiLeaks last December, the Internet temporarily went wild. Hackers from the group Anonymous cocked their guns and fired, promising to take down anyone “bowing down” to what they called “government pressure” to muzzle WikiLeaks’ efforts. For PayPal, that meant a bunch of bogus Internet traffic. Hackers around the country conducted a DDoS attack against the site, allegedly using a tool called “Low Orbit Ion Cannon” to send massive amounts of data into PayPal. The goal, of course, was to overwhelm the company and cause its service to collapse. The Bust: A “Low Orbit Ion Cannon” sounds impressive—but apparently, the tool did a poor job of hiding its operators’ locations. PayPal was reportedly able to identify the IP addresses of different attackers in its server logs, allowing authorities to use that data to dig up the suspects. “Even if hackers do redirect through other sites, it’s frequently still possible to track an attack back to them,” USC’s Neuman notes. “You trace it back to one point, then you go through diplomatic channels to get the authorities in the outside country to find and collect the logs. It’s a months-long process, but it can be done.” In this case, that kind of international effort wasn’t even needed. FBI agents conducted raids on the suspects’ homes and made their arrests. And remember: For someone with something to hide, a raid can spell serious trouble. “When they arrest them, they’ve got warrants,” Neuman says. “Even though the path back to them may have been somewhat obscured, they usually have information on their own machines that

Vol/7 | ISSUE/03

STUPID_HACKER_TRICKS.indd 53

shows they had the source code or program related to the attack. A lot of individuals don’t think it will ever get to that point and don’t even try to prepare.” Each suspect is charged with conspiring to cause damage and intentionally causing damage to a protected computer—charges that, combined, carry penalties of up to 15 years in prison and $750,000 in fines. Some payback indeed.

SHT No. 5: Chat up your iPad account hack The Suspects: Andrew Auernheimer and Daniel Spitler The Crime: Hacking into an AT&T database and exposing the e-mail addresses of thousands of iPad owners Dossier: Aurenheimer and Spitler discovered a public script on AT&T’s website in which you could plug an ICCID number—a unique identifier associated with each iPad’s SIM card—and get back the e-mail address of the user who owns the device. Armed with that knowledge, the two men, allegedly operating as “Goatse Security,” are accused of creating their own script called the “iPad 3G Account Slurper.” That script is said to have input random ID numbers in rapid-fire succession. Every time it came across a legitimate one it retrieved and logged the corresponding e-mail address. Harmless, right? Not quite: The script harvested more than 100,000 e-mail addresses in all, including those of folks like New York Mayor Michael Bloomberg, former White House Chief of Staff Rahm Emanuel, and numerous other national leaders. And the guys from Goatse didn’t keep the info quiet: The company is accused of offering the data to both News Corp. and Thomson Reuters. It was Gawker, however, that eventually bit and published a glimpse of the stolen tidbits, causing an embarrassing debacle for AT&T and Apple alike. The Bust: Once the data dump went public, the pressure was on to find the responsible parties. In this instance, once again, the old adage “loose lips sink ships” may describe what brought Goatse Security down. In their complaint against Aurenheimer and Spitler, prosecutors cite numerous e-mails and chat logs in which the men appear to discuss the hack and their involvement. One note even mentions the possibility of “iPad focused spam”—something that certainly doesn’t look good for anyone mulling over the men’s intentions. “With less-professional cyber criminals, they may find it irresistible to brag online about their activities, or leave nicknames in their attacks, which ultimately help authorities unmask them,” says Cluley. Unmasked, perhaps—but hey, at least their e-mail addresses weren’t exposed. CIO

Send feedback on this feature to editor@cio.in

REAL CIO WORLD | j a n u a r y 1 5 , 2 0 1 2

1/13/2012 12:27:12 PM

CHARTING THE YEAR AHEAD

CIO's Annual Year Ahead Program 2011 gathered India's top CIOs and the leading lights of the industry at Dubai in December 2011, to chart out the challenges and opportunities in the upcoming year. A host of insightful symposiums, sessions and discussions grouped under relevant themes marked the event. In the following pages, read how CIOs see the IT landscape changing in 2012.

PRESENTING PARTNERS

ASSOCIATE PARTNERS

PARTNERS

CLOUD & BIG DATA 2012 PLATINUM PARTNER

SILVER PARTNER

PARTNER

Presenting Partner

The Year Ahead

Associate Partners

BYOT: The New Buzzword in 2012

With an influx of operating systems and their innumerable versions, CIOs will have to start taking Panelists from Juniper Networks discussed how CIOs can help their organizations tackle security concerns that a BYOT strategy introduces.

here's no doubt that BYOT has created a stir across enterprises. CIOs have been forced to create new strategies and embrace the concept that has today become inevitable. It's true that security concerns around BYOT have bogged CIOs down but now there are tools that can put security fears to rest. The panelists discussed new ways like mobile device management, highly encrypted SSL connectivity, remote data wipe, and VDI to fight security concerns that come with BYOT.

Mobility and Cloud Computing: Gamechangers of 2012

a platformagnostic approach to BYOD.â&#x20AC;? ASHISH DHAWAN, Country Director-India and South Asia,Juniper Networks

Dealing with the Economy

Oscar Rodriguez, President and CEO, Extreme Networks, on technologies to watch out for.

SPECIAL EVENT COVERAGE

obility, virtualization, and cloud computing are going to make the concept of any device, any location, anytime information a game- changer, said Oscar Rodriguez, President and CEO, Extreme Networks. As people go mobile, the best and most secure way to serve data is to centralize it, he said, adding that the adoption of BYOD and cloud computing would need careful evaluation and stringent security policies.

CIOs from across industries figure out a way to deal with 2012.

he beginning of 2012 is an extremely delicate phase for the world of enterprise IT and those who govern it. In this panel discussion CIOs agreed that business-as-usual would see major refurbishing and that BPM will become a top priority. Mobility and the Internet, they agreed, will help companies focus on the rural market and help them enter new markets.

Presenting Partner

Smart Enterprise

Associate Partner

Driving Tomorrow's IT's Performance Today

New age services must try to not just to meet but to exceed business expectations

via high-quality application innovations.”

Kamal Dutta, Director-BTO/IM, APJ, HP Software and Solutions, speaks on bettering IT's performance using ITPS and BSM 9.1.

amal Dutta, Director-BTO/IM, APJ, HP Software and Solutions, started out his session by outlining the dismal state of IT that still exists in IT today. He referred to studies that report how a large number of IT projects continue to fail or are misaligned with business strategy. IT leaders, he said must strive to change the perception of IT that stems from these problems; IT he said must move from being a bottleneck to business, to being an accelerator. Dutta stated that the best way to enhance IT performance is the KPI-driven approach to IT’s portfolio of services. He emphasized on the need for open data models and space for KPI expansion and customization.

The Analytical Enterprise

ew emerging trends like big data, analytics, and new platforms are going be the driving forces in the future, believes Panjwani. His presentation revealed that the data deluge that enterprises are currently facing is so huge that human can no longer be expected to spot patterns in the data or grasp the complexity of databases. Therefore, companies will have to invest increasingly in analytics to make insightful decisions about changes around them. He stated that analytics will help enterprises transcend from the realm of reactive decision-making to proactive decision-making, which will enable organizations to increase their competitive differentiation. He also highlighted eight levels of analytics starting from standard reports to optimization.

SPECIAL EVENT COVERAGE

Business analytics will eventually transform the culture of how enterprises work with data leading to fact-based Ashit Panjwani, Exec. Dir., Sales and Alliances, Marketing, SAS, talk analytics.

decision making and competitive excellence.”

Associate Partners

Future Technology Re-imagining Mobility in 2012

Mobile broadband is the new growth source for the telecom industry, booming with 470 million subscribers globally. This will grow to two billion

subscribers by 2014.”

M Dr. Pritpal Singh Lakkha, Head-Marketing, Aircel, shares a new vision for mobility.

obiles gained official entry into enterprises in 2011. And this year, according to Dr. Pritpal Singh Lakkha, head-marketing, Aircel, they would increase their influence in organizations. To stay ahead in the game, Lakkha said CIOs should embrace new technologies such as NFC (near field communication) and M2M (mobileto-mobile), among others. BYOD and the consumerization of IT have been encouraging the growth of mobility in enterprises and Lakkha said that in 2012 tablets would also make their presence felt.

Seven Technology Trends Reshaping the Business Landscape

rom the rise of cloud computing to the complexity of big data analytics, 2011 has been an eventful year for technology. Dr. Sanjoy Paul, senior VP at Accenture India, stressed on the seven trends that, according to him, would keep CIOs on their toes in 2012. While the usual suspects—cloud computing, mobility and social media—featured on the list, enhancing user experience and data analytics were the new entrants. Paul stressed on analytics-asa-service that, according to him, would be better able to enhance business process management.

There’s a need to design a data platform that can handle the exponential growth of data, provide timely response, and deal with the fragmented

nature of data.”

SPECIAL EVENT COVERAGE

Dr. Sanjoy Paul, Senior VP, Accenture India, predicts the IT landscape in 2012.

Presenting Partner

Business Transformation

Associate Partner

The Role of Non Linear Solutions There are two ways to look at nonlinear solutions: One,

path-breaking and another, philosophical.

Satya Mishra, Head of Solutions and Pre-sales, TCS, tells CIOs how non-linear solutions can help their companies move ahead.

atya Mishra, head of solutions and pre-sales, TCS, presented how non-linear solutions could help when companies met with roadblocks. “There are two ways to look at nonlinear solutions: One, path-breaking and another, philosophical,” he said. Path-breaking means disrupting business’ traditional investing pattern. The philosophical approach aims to tap the growing diffusion between what's core and non-core to a business. Non-linear solutions will be critical to maximizing revenue opportunities and minimizing expenses, he said.

Visual Collaboration Tools

Non-linear solutions are critical to maximize revenue opportunities and minimize expenses." SATYA MISHRA Head of Solutions and Pre-sales, TCS

Efficiency Vs. Flexibility

Neeraj Gill, MD-India and SAARC, Polycom, explores the benefits of VC.

SPECIAL EVENT COVERAGE

eeraj Gill, MD-India and SA ARC, Polycom, shared the benefits of visual collaboration with CIOs. Gill pointed out that the effectiveness of meetings increased 73 percent with the use of visual collaboration tools. He added that most companies also enjoyed 30 percent reduction in travel costs. Visual collaboration also helps companies with effective staff training, quicker emergency response and smoother decision making process, he added.

CIOs gathered to find ways to balance efficiency and flexibility.

s economic uncertainty continues to worry organizations, CIOs are struggling to balance efficiency and flexibility. In a panel discussion, CIOs came to the conclusion that divorcing the two was not an option. "We can’t really draw a chart to demarcate the two. But, we understand the scenario better than yesterday and hence both these factors stand equally important,” said Prince Azariah, head-IT Services, ACC.

Cloud Cloud & Big Data 2012 Cloud and the Future of Business

hile the subject of cloud is being discussed everywhere, there is a lack of substantive, objective research into not just technological trajectories but into the potentially far-reaching business implications of the cloud. To that end, Manish Panjwani, country managing partner-technology, Accenture and Ramakrishnan, partner, Cloud Centre of Excellence, Accenture, spoke on ‘Cloud and the Future of Business: From Costs to Innovation’. In their presentation, they focused on the kind of transformation the cloud is going to represent, and provided a perspective on the direction that cloud technologies would travel. They also discussed

Our ‘Desires Framework’

strips out the ‘value-added’ benefits of the cloud, the stuff of marketing hype, and allows organizations to focus on the specific differences." MANISH PANJWANI Country Managing Partner, Technology, Accenture

SPECIAL EVENT COVERAGE

that the cloud has real consequences, not all of which are fully or well understood, and that, simultaneously, they are finding that expectations are running very high, particularly among business users. Organizations and CIOs need to be anticipating and planning their cloud journey now for major changes that will begin over the next three to five years; a journey, they added, which would reach its full potential by 2020. They also highlighted cloud computing changes, its risk profile, and the possibilities that the cloud offers in terms of growing innovative business services.

To evaluate differing technology options, one needs to understand the

distinct dimensions of how various offerings differ from existing solutions." RAMAKRISHNAN Partner, Cloud Centre of Excellence, Accenture

CLOUD & BIG DATA 2012

Platinum Partner

Silver Partner

Partner

The Brave New World: Cloud Security in a Data Centric Universe

Amit Nath, Country Manager, India and SAARC, Trend Micro, on changes in security.

mit Nath, country manager, India and SAARC, Trend Micro, talked about how the world of computing is moving to the cloud; towards shared infrastructure, shared systems, instant provisioning, and pay-as-you-go services. In his presentation, The Brave New World: Cloud Security in a Data Centric Universe’, Nath highlighted how traditional network security—which addressed sets of computing power such as machines and data storage as a guarded walled garden—will no longer apply. So what will? He said the solution was not a one-size-fits-all approach and that each organization would have to move forward at its own pace as a function of the requirements it faces, and other factors. Hence, he said, solutions needed to be sufficiently flexible to accommodate this diversity. His session described the evolution of these changes as enterprises adopt virtualization and cloud computing.

How to Make the Cloud Rain Business

A panel discussion on the cloud brought together some of India's most forward-looking IT leaders.

s more Indian CIOs turn to the cloud, a CIO panel discussion held at the Year Ahead in Dubai, probed whether Indian CIOs thought the cloud was delivering its many promises including lower costs, better asset utilization, increased productivity and effectiveness.

SPECIAL EVENT COVERAGE

The discussion also brought out some lessons. “First, identify a roadmap for your cloud deployment,” said Murali Krishna, VP and Head-CCD, Infosys. To that Satish Kumar Das, CSO and VP-ERM, Cognizant Technology Solutions, added, “Before signing for a cloud service, it’s important

to read the terms and conditions of the contract.” And as far as deploying critical apps are concerned, Sudhir Reddy, VP & CIO, MindTree said, “Cloud services can be optimized for critical enterprise apps, but this requires specialized infrastructure and a high level of expertise.”

CLOUD & BIG DATA 2012

Roundtable: Analytics

Analytics:

Cutting a New Path to Growth

Getting an analytics project off the ground is hard, but that is not the end of a CIO's job. For true success, CIOs need to first break down resistance to analytics and then build a culture for it—and that is not always easy.

The right way is to work with the segregated source of data, get the required value and enable the right decision-making process.” MANISH PANJWANI, Country Managing Partner for Technology Growth Platform, Accenture

SPECIAL EVENT COVERAGE

s the Indian economy prepares for a slowdown, more companies will need to find smarter and more efficient ways to stay profitable. One of these ways is the use of analytics. At a roundtable held on the sidelines of the Year Ahead 2012 in Dubai, Indian CIOs discussed the benefits of creating a culture of using analytics. Arun Gupta, CCA and group CTO at Shoppers Stop, believes that BI allows users not only to look at the past, but investigate the future. "After continuous development, by 2009, we reached a ‘what-next?’ stage," says Gupta. “That was a turning point, when we set up a group from the business which was supported by IT and decided to bring in analytics. Some sections resisted the change as it challenged their performance. But many felt empowered with the data. They were able to look into the future and decide what could be done differently for a better future.”

Gaining Acceptance From being a mere repository of information where people can mine historical data, Business Intelligence can become a business opportunity driver. "Continuous user-education around technical changes is helping users accept changes and move on," Gupta added. One of the ways CIOs can get around some of the push back from an analytics project is by getting top management buy in. Some IT leaders are fortunate enough to work with forward-looking CEOs. “At our company, we have a CEO who accepts change. He has initiated the process, is driving a change in traditional infrastructure and using analytics as a means for it. A change driver sitting at the top always makes things possible,” said Rajesh Mohan, Joint President-IT & Systems, Binani Industries. T.K. Subramanian, VP-IS, UB Group, elaborated on what might be causing businesses to resist change. “There are two things that primarily cause a disconnect between business and IT. The first is demolishing business’ established norms, and the second is business’ noncommittal nature. Analytics can help with the second by presenting problems using facts and figures, hence making it is easy to attract the top management’s commitment. And norms? They are meant to be broken,” he said.

Right Infrastructure is Key Nevertheless, to seamlessly enable acceptance and buy-in of analytics, it is essential to build a robust BI platform. Executive Partner – Process & Information Management Practice and Lead-Global Information Management at Accenture, Soumendra Mohanty pointed this fact out when he said, “In terms of interpretation, there will always be a gap between reports or dashboards, which are a collection of figures, and analytics, which is a deliverable represented as a score or a percentage. This gap can be bridged by

SPECIAL EVENT COVERAGE

At our company, we have a CEO who accepts and is driving change. A change-driver sitting at the top always makes things possible." RAJESH MOHAN, Joint President-IT & Systems, Binani Industries

Analytics can present problems using facts and figures, making it easy to attract top management’s commitment to a solve a problem." T.K. SUBRAMANIAN, CIO & IT advisor, UB Group

an intermediate layer that I call 'guided decision-making'.” It essentially means associating value drivers to the reports and enabling each of the function heads to run ‘what-if’ scenarios on the same reports to gain further insights. Hence, it makes it highly important for organizations to set up the right infrastructure and data dashboarding layer to extract data as and when required. In addition, Joydeep Dutta, CIO, ICICI Securities stressed on the fact that centralizing data is paramount for the success of analytics. He stated, “When we started out our data warehouse a decade ago, the objective was to get the data together so that we can have a consolidated view of our customers’ relationships with our organization and we can therefore take informed decisions for further action. Hence, a platform was created to enable consolidation of data from all across the disparate systems to gain a single view of truth.” To this, Manish Panjwani, Country Managing Partner for the Technology Growth Platform at Accenture, clarified that while consolidation of data is the

conventional approach, a maturity of existence is developing in corporations and is dictating whether these will move towards working increasingly with distributed data sets for analytics. “In my experience in an organization, we tried to follow the playbook of getting data right in the consolidated, single form. This was a very complex environment with various data sources - internal and external. There was a strong mandate to do this consolidation. But over a period of time, it became clear that the task was arduous and time-consuming to not eke out the value in this case. Eight months, and there was a widespread acceptance of the fact that you do not have a choice but to figure out how to work with the segregated source of data,” he recalled. Panjwani maintained that the right way is to work with the segregated source of data spread across the legacy of systems and ERPs, get the required value tagged to the data, and enable the right decision-making process. This will help organizations tap into analytics to cut new pathways to growth and high performance.

Cloud Roundtable: Security The Enemy Within According to a DSCI-PwC survey, the impact of an insider attach is at least 10 times worse than the impact of an external attack. Indian CIOs discuss ways to take insiders down.

here’s BYOD, there’s social media, there’s cloud computing and then there’s the mobile. True, they fall into the bracket of new technologies but for most organizations they symbolize new threats. Simply because they give more power to the user and open numerous doors for insider threat. Insiders are a dangerous lot. They steal credit card data from retailers, promotion campaigns from ad agencies, employee healthcare records from insurance companies, source codes from software firms, and product designs from manufacturers. So how do CIOs plan to tackle them? In a CIO roundtable at the Year Ahead Program, IT leaders from some of India’s most prestigious organizations discussed ways to fight such security breaches. “Security technology is only 10-15 percent of the solution, the rest is maturity, governance and management of the enterprise,” said Satish Das, CSO, Cognizant Technology Solutions. He said that it’s important for a CIO to encourage

SPECIAL EVENT COVERAGE

employee sensitivity, giving them a legal perspective of a breach and its impact on the company’s customers. That could

In the context of tackling malware, we detect around 70,000 malware samples every day, out of which 1,200 is stealthy malware." MICHAEL SENTONAS, VP & CTO (APAC), McAfee

keep insider threats at bay. In his view, that’s a bigger challenge than getting a tool enabled. According to a survey jointly undertaken by the Data Security Council of India (DSCI) and PwC in September last year, the magnitude of the impact of an attack from an insider is at least ten times more than that of the total impact that an external attacker can cause. Sunil Sirohi, VP-IT, NIIT, agreed to the fact that insiders are not always unaware. “A bad transaction between an employee and management may lead to an insider threat in the organization." In retrospect, Das confirmed to a trend where a large proportion of breaches and threats have been propagated by disgruntled contract employees of thirdparty vendors. An important aspect of the discussion was whether security, from a management’s perspective, was pushed as insurance against something that might go wrong. Ajay Misra, GM-IT, Punjab National Bank, agreed that security and risk go hand-in-hand. “It is never been advertised as a competitive differentiator,” he said. According to Misra, most of the security measures in banks are reactive but its time that banks became more proactive. “We have implemented a risk-based adaptive authentication system which detects any abnormal transaction and acts proactively blocking perpetrators.” Despite differences on several issues, almost all CIOs agreed that a security governance structure needed to be in place and policy procedures must be updated on a regular basis. Additionally, the legal system in banks and other organizations needs to be strengthened.

Roundtable: Outsourcing Strategic Outsourcing: It's a Two-way Street Outsourcing is a tricky business, but as more Indian CIOs come to terms with it, they are taking away one important lesson: The need to treat their partners like they would do their own staff.

hat do you do when your outsourcing partner refuses to let your team escalate a problem despite repeated attempts? One CIO was forced to look up an old friend from his days at IIT who worked at the vendor organization. And when that didn’t work, he finally went to the press. That’s just one of the stories that emerged at a CIO roundtable on strategic outsourcing on the sidelines of the Year Ahead Program in Dubai. The roundtable sought to find out the current outlook of CIOs on strategic outsourcing, what they thought were its benefits, its risks and the strategies they were implementing to negate some of the risks. One of the learnings that was revealed during the roundtable comprising some of India’s most prominent CIOs was the need to build better relationships. “CIOs spend a lot of time building iron-clad contracts— which are necessary—but shouldn’t a lot more time be spent on other more important things?’ asked Vijay Ramachandran, editor-in-chief, IDG Media.

SPECIAL EVENT COVERAGE

Chandrasekaran N., special director-IT, Ashok Leyland agrees. “We enter outsourcing relationships with a sense of discomfort, which explains all the

Preparing ironclad contracts is only one factor in the success of strategic outsourcing. Preparing the ground is much more important." SHAJI PILLAI, VP & Head Startegic Outsourcing, TCS

time spent writing contracts. But tell me do we ask our employees to sign similar contracts, one with penalties built in?” “We should treat vendors, not as vendors, but as partners,” says C.S. Ramesh, VP-CIO & head KM, PFP, Titan Industries. “We should, for example, celebrate with them, like we do with employees.” “It has to be a win-win situation,” says Veneeth Purushotaman, headtechnology, HyperCITY Retail. “If we tie down our vendors, if I, for example, get everything I want out of a contract, it’s going to be one-sided and a relationship can’t work like that.” Another topic that came up during the discussion was the decision of going the outsourcing route the whole hog—total outsourcing complete with a 10-year deal—or piecemeal? “It depends on the maturity of the organization,” say U.C. Dubey, executive director-IT, IFFCOTOKIO General Insurance. But most CIOs at the table, even those who have mature processes, say that piecemeal was the way to go, immaterial of maturity. There are multiple benefits to an outsourcing deal. “There are two benefits of outsourcing,” says Dr. Selvam K., group CIO, Siva Industries and Holding. “You get access with vendors who work with your peers across the globe, and therefore access to best practices and knowledge,” he says. But that advantage is also a worry for CIOs. “Should there be a clause in a contract which states that outsourcers can’t work with my competitors?” says Ramesh. Whether or not they have the strategies to make the best of an outsourcing deal, most CIOs realize that it’s the way to go. “Outsourcing has become a way of life,” says Dubey.

KKEY E Y HIGHLIGHTS Expert Talk (L to R): Pavan Duggal, Advocate, Supreme Court of India; Oscar D'Souza, Prof, SP Jain Institute of Management and Dr. D.K. Joshi, Chief Economist, Crisil, tell CIOs what to expect in 2012.

IT Forecast: CIOs broke up in small groups to discuss what they think were trends in the coming year.

CLOUD & BIG DATA 2012 Engaging Insights: CIOs from a cross section of Indiaâ&#x20AC;&#x2122;s most wellknown companies engrossed in the dayâ&#x20AC;&#x2122;s presentation.

Networking: In between sessions, CIOs caught up with old friends and were introduced to new ones. A Little Piece of Home: CIOs enjoy an Indian meal at the restaurant of celebrity chef Sanjeev Kapoor.

Closing Note: Vijay Ramachandran, Editor-In-Chief, IDG Media, opens the Year Ahead Program 2012.

Essential

technology image by photos.com

A CLOSER LOOK AT private clouds

Private clouds attempt to offer the same selfservice agility and scalability that public clouds do, but without the complications of putting critical services and data in the hands of a third party. Hereâ&#x20AC;&#x2122;s how. 114

J AN U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

Essential_Tech_Jan012.indd 80

Private Route to the Cloud By Matt Prigge

IT Management | Few IT crazes have reached the fever pitch that cloud computing has attained. Almost from day one, intense excitement has greeted the vast potential offered by enormous, hyperscalable public clouds that can scale up and down while customers pay only for the resources consumed. (For more on how Indian CIOs are gearing up to the cloud, turn to Pg. 54) Despite this excitement, however, just a small slice of enterprises are actively using the public cloud for core, mission-critical functionality. The reason? Mainly, widespread trepidation about the level of security, reliability, and data portability that current public cloud offerings can provide. The industryâ&#x20AC;&#x2122;s answer to these concerns is the private cloud. The private cloud attempts to offer the same self-service agility and scalability that public clouds offer, but without the complications of putting critical services and data in the hands of a third party. But as with any sweeping IT concept, many customers are having a difficult time grasping what a private cloud really is and how they can benefit from building one.

Cloud Shapes and Sizes Part of this confusion stems from the wide variety of ways to organize on-premise IT infrastructure into something that can legitimately be called a private cloud. These range from smart design

Vol/7 | ISSUE/03

1/13/2012 3:16:06 PM

essential technology

and management of server virtualization (using tools most enterprises already own) to fully integrated environments complete with feature-rich, self-service customer portals, fully autonomous server and storage provisioning, and automated chargeback. It should come as no surprise that the fullyintegrated, high-end implementations apply almost exclusively to very large enterprises– and not just due to cost. Much of the benefit of cloud computing lies in enabling more infrastructure to be managed by fewer people, so that one admin might be responsible for thousands of servers, many more than most smaller enterprises maintain. Moreover, the notion of self-service, where stakeholders provision their own resources, demands a level of expertise that line-of-business personnel in smaller enterprises typically lack. Yet a common thread of shared resources, more efficient management, and greater business agility unifies all private cloud implementations and can be applied to any size environment.

Two Views of the Cloud As always seems to be the case in IT, at least two different perspectives surround the adoption of any new datacenter technology: The view from the CIO’s desk, which largely concerns itself with business goals; and the view from within the datacenter, which is driven by technology and the struggle to manage an ever-expanding workload. The good news is that the private cloud, when implemented for the right reasons, can meet both sets of needs. A CIO might see the private cloud as a means to deliver better service levels, improve responsiveness, and allocate resources among business units more effectively. Also, the newfound agility and efficiency of the private cloud can decrease the likelihood internal business units will “get tired of waiting for IT” and adopt public cloud services willy nilly–weakening the IT organization, creating new silos and redundancies, and opening potential security vulnerabilities. A 2010 survey of IT decision makers conducted by Forrester Research concluded that only 13 percent of enterprises surveyed

Vol/7 | ISSUE/03

Essential_Tech_Jan012.indd 81

were using cloud-based IaaS offerings, but Forrester believes the true number to be nearly double that. “It often comes as a big shock to the infrastructure and operations people [within IT] to find they grossly underestimated the cloud services in use at their organizations,” says Galen Schreck, Forrester vice president and principal analyst, “They realize they have no idea what the application owners [in business units] and developers are up to.” That’s a dramatic statement and CIOs are definitely taking notice. Day by day, they risk losing control of their organization’s data– data they are ultimately held responsible for managing and protecting. In the old days, “rogue” projects typically took the form of

that sets it apart from a traditional, even fully virtualized, on-premise infrastructure.

Agility Business units like to complain to CIOs and IT practitioners that it always takes too long to provision new services, and they often decry the up-front cost associated with them. A business unit seeking to deploy a new application may spend months or even years deciding which software vendor to purchase from and lining up development resources and consultants. But once contracts are signed and plans are put in motion, business stakeholders expect IT to react quickly and fulfill infrastructure needs.

A full-scale private cloud doesn’t just require technology, funding, and know-how. It also requires a number of changes in the way IT is run on a day-to-day basis. departmental servers hiding underneath someone’s desk; today, data migrates to thirdparty public cloud providers without planning or oversight, risking data loss or regulatory violation. To the CIO, the private cloud seems like the silver bullet to stop this. But a full-scale private cloud doesn’t just require technology, funding, and know-how. It also requires a number of changes in the way IT is run on a day-to-day basis. Attempting to implement a private cloud without business acceptance of a chargeback funding scheme or resource pooling is just as counterproductive as providing business units with the technology to provision their own server resources in an environment where they may not have the skills to take advantage of it.

What Makes a Private Cloud? Before delving into what a private cloud looks like from a rack and sheet metal perspective, it’s important to understand what problems a private cloud is designed to solve and how

For a traditional IT department, unanticipated requirements can be extremely difficult to manage. Business stakeholders often underestimate the server, storage, and data protection resources that their new application will require, and they may not account for the time it takes to order, receive, configure, and implement. Alternatively, the contract for the software may have included hardware intended to be dedicated to the new application. In the latter case, not only will IT be saddled with managing that hardware, there’s also an excellent chance the software vendor will have massively over-spec’d it–resulting in even less operational efficiency. At best, this process is an expensive waste of time. At worst, it can have a lasting negative impact on the working relationship between the business unit and IT. It’s easy to say that the solution lies in better communication between IT and the business. That helps, but very few IT organizations manage to fully cross that chasm. REAL CIO WORLD | J AN U A R Y 1 5 , 2 0 1 2

115

1/13/2012 3:16:06 PM

essential technology

The private cloud essentially allows everyone to have their cake and eat it, too. Project sponsors can access various types of server and storage resources that IT has made available through a self-service portal. They can review the specifications and costs of each and share them with the software vendor, which can make recommendations on which they should choose. When it’s time for the application to go live, the business unit “orders” the services, which are automatically provisioned and immediately available for use, all without IT needing to do anything or even necessarily be involved. Configuring the portal, policy, and automation magic that makes it all work requires time and effort. But the efficiency benefit can be big, especially when system provisioning is a common task. From a political standpoint, the benefits are much more obvious: IT is no longer a speed bump for the business units but still retains control over the infrastructure.

Scalability Another key requirement placed on any IT infrastructure is the ability to quickly scale in the face of increasing load. Traditional IT generally handles this by over-provisioning infrastructural resources as they are purchased by business units. This gives IT some cushion before stakeholders will demand additional resources to cope with higher load. Yet over-provisioning contributes to the perception among business stakeholders that IT is too expensive. Plus, this approach fails to scale beyond a certain point, after which yet another round of costly capital expenditures ensues. Worse, by repeatedly over-provisioning small islands of dedicated infrastructure, IT strands large amounts of capacity and prevents those resources from being used to satisfy spikes in demand elsewhere. When these application loads live inside a private cloud and business units are paying on a per-usage basis, IT no longer has to dedicate resources to each business unit individually. Instead, they can pool the entire corporate infrastructure–servers and storage–and manage a single pool of spare capacity. It’s 116

J AN U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

Essential_Tech_Jan012.indd 82

easy to see how this can decrease overall costs. Just as business units can deploy a new application with little lead time, they can also increase the amount of resources granted to one that they have already deployed–even to satisfy a short-term increase in load–and then contract them afterward.

Multi-Tenancy One of the few good things about traditionally deployed dedicated infrastructure is that it’s fairly easy to maintain divisions between the infrastructure serving various applications and business units. These divisions may simply consist of installing applications on different servers, providing security and performance segregation. But they may also extend all the way down through the network and storage infrastructure. Such physical separation allows IT to implement a high degree of security easily, but it also results in an incredible amount of waste. Although resources are pooled on the same server, network, and storage hardware in a private cloud, IT must still maintain appropriate performance and security segregation between the various workloads for the resulting product to be acceptable to business units. This segregation is accomplished through automatic configuration of the virtualization, network, and storage hardware as the services are provisioned. During the provisioning process, the automation engine will build out a virtual machine with processor and memory

Politically,the benefitsofprivate cloudsare obvious:ITisno longeraspeed bumpforthe businessbutstill retainscontrolover theinfrastructure.

57.2 %

Of organizations are deploying and are planning to deploy private clouds in the next 12 months. state of the CIO survey, 2011

allocations, limits, and reservations that match the specifications the business unit chose for the system. In addition, it will automatically configure a secure network for the system, generally using a softwarebased firewall for edge security. It will also, based on policy, configure the storage for that virtual machine. Although the level of direct storage integration varies from product to product, the service level for storage can be based on either known service levels for various pools of storage that users can choose between, or, ideally, on actual service-level configuration within the back-end storage itself.

Governance In traditional IT environments, IT governance–really just an explicit set of policies–is often seen as an obstruction in the path of business units seeking quick deployment. The lumbering nature of governance often derives from the fact that IT must apply and reapply the same policies over and over as each business unit brings in a new application or upgrades an old one. How much performance is required? How will the data be stored? What are the data retention policies if a system is decommissioned? What kind of redundancy will exist? These are only a few questions that IT really must ask to do its job, but the business unit almost always sees them as obstructionist and, above all, expensive. The private cloud does not eliminate these governance requirements, but it does simplify

Vol/7 | ISSUE/03

1/13/2012 3:16:07 PM

Imagine

your data center being responsible for a better environment

making it possible Tulip Data City

Aspiring LEED Gold certification of the facility Rain water harvesting Low PUE Low emission building materials

By Invitation Only

Imagineering = Imagine + Engineering Powered By

essential technology

Bungle Bugle

them by allowing IT to effectively answer them once for the entire shared infrastructure and build those infrastructural costs into the usage fees that business units pay. Remember that provisioning within a private cloud is driven entirely by the business units, largely without direct IT involvement. Therefore IT must be very careful when it constructs the policies that define the different compute and storage products business units can choose from–and in defining the SLAs attached to them. So although IT can improve its own customer relations by requiring less information from business units, it also has a far larger internal policy burden to bear.

Storage

Cloud Computing Errors IT Management | Here are three surefire ways to fail with cloud computing and what you can learn from them to avoid suffering that same fate. Putting the wrong people on the project. This is the most common way that cloud computing development, migration, and implementation projects fail. Cloud computing is a hyped ‘cool’ space. Those who have the most political clout in an IT organization quickly position themselves on cloud computing projects. However, just because they are buddy-buddy with the CIO does not mean they have the architectural and technical skills to make the cloud work for the enterprise. Bad decisions are also made in terms of deciding how to select technology types and technology providers. It's a manage-by-magazine world at many organizations. When you select what's popular versus what's a true architectural fit, you shoot yourself in the foot. Security is an afterthought. This means that those driving the project do not consider security and compliance requirements until after deployment. It's almost impossible to retrofit security into a cloud computing deployment, so the approach and use of technology (such as encryption) should be systemic to the environment. This is a rookie mistake. Selecting the wrong business problem. The right approach is to pick new application development or existing application migration that is meaningful to the business, but that is not mission-critical. There are two paths to failure here. The first is to pick the "kill the business with a single outage" type of application, put it in the cloud, then pray to the Internet gods that nothing goes wrong. Too risky. The second is to pick a meaningless application that nobody cares about, move it to the cloud, and hope that somebody notices. Too underwhelming. Find something that falls in the middle. — By David Linthicum

image by photos.com

Storage is the bedrock of any IT infrastructure. At first glance, it seems that deploying storage for a private cloud would be relatively simple. Instead of requiring a fleet of different storage resources, each dedicated to a different business unit or app, a single integrated storage pool can shoulder the load of the entire cloud infrastructure. True enough, but that fact alone demands storage solutions specifically tuned to accommodate a large number of disparate workloads. The storage must be able to scale extremely easily, must be capacity-efficient, must manage performance and tiering autonomously, and, ideally, should be easy to integrate with cloud management software. This is a tall order. Only a few storage products satisfy all or most of these needs. Regardless of what kind of storage is used, monitoring and managing storage capacity and performance levels are extremely important in private cloud environments. Since IT may not have any warning that large influxes of new workloads are going to spin up, it needs to be able to turn on a dime to add additional capacity. Failure to adequately manage storage capacity and performance in a private cloud environment can have far-reaching impact on a wide range of users. That storage, after all, is a huge pooled resource. CIO

Send feedback to editor@cio.in

118

J AN U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

Essential_Tech_Jan012.indd 84

Vol/7 | ISSUE/03

1/13/2012 3:16:12 PM

Imagine

your data center with its own mini fire department

making it possible Tulip Data City

Very early smoke detection and alarm NOVAC 1340 - based automated fire suppression system Aspirating smoke detection system

By Invitation Only

Imagineering = Imagine + Engineering Powered By

essential technology

Power of the Private Cloud More than automation combined with virtualization, the private cloud can tap into enormous efficiencies in network and storage layers. By Matt Prigge

| The term "cloud computing" has approached the point of being meaningless. And that's not because nobody can agree on what the cloud is or has been created to do, but because every vendor in the IT space is falling over themselves to tell you just how "cloudy" they areâ&#x20AC;&#x201D;and spending a mint in marketing dollars to do

Infrastructure

solution, networking vendors pushing next-gen converged networking gear as a foundation for the cloud, or storage vendors selling you "cloud storage," it's difficult to get any of them to describe how their gear fits into the bigger picture. Maybe this is a good time to ask whyâ&#x20AC;&#x201D;why is the concept of the private cloud attractive in the first place?

image by photos.com

In a public cloud, putting all your eggs in someone else's basket is scary enough to prevent most businesses from dumping their own infrastructure. it. Along the way, they've diluted the term to the point where it's hard to tell what anyone's really talking about anymore. Far from being an exception to this, the increasing popularity of private clouds has made the problem even worse. Whether it's a server vendor hawking blades and automation software as an all-in-one cloud 120

J AN U A R Y 1 5 , 2 0 1 2 | REAL CIO WORLD

Essential_Tech_Jan012.indd 86

And in the most practical sense, what reallife components do we need to put together to fully deliver on its promise?

Why Private Cloud? At the most basic level, most businesses want one very simple thing: To spend less time and money building and managing infrastructure

and more resources directly adding value to the business. From a business standpoint, IT infrastructure is an expensive and timeconsuming distraction to getting actual work done. As IT professionals, we can easily deride such ideas as fanciful daydreaming. After all, you can't deliver the kinds of integrated information management tools that the business needs to survive without an infrastructure for them to run on. However, this is the backdrop against which business units everywhere are drawn to the promise of public cloud-based offerings that require next to no lead time or capital expenditure to implement. The hyper-elastic public cloud would seem to be the silver bullet that offers the agility and scalability craved by business. However, the public cloud is also afflicted with a wide variety of pitfalls and uncertainty. Putting all of your eggs in someone else's basket is scary enough to prevent most businesses from dumping their own infrastructure. It's clear that business needs a way to deliver the same kinds of agility and scalability on its own terms and with resources it can directly control. That means consolidating server and storage resources to yield better utilization, trimming management overhead wherever possible through automation, and offering business units the ability to provision their own services. Therein lies the promise and challenge of the private cloud.

Network and Storage Though it needn't be an overnight transformation, the journey of implementing a private cloud will inevitably touch every level of your infrastructure. Aggressive virtualization and automation software are

Vol/7 | ISSUE/03

1/13/2012 3:16:15 PM

essential technology

the two obvious components that most people think of when they hear the words "private cloud." However, stopping there leaves out some of the most important components of the datacenter: The network and storage. Anyone who has virtualized all or part of their datacenter is already familiar with the enormous benefits of doing so. You can consolidate your workloads onto generalpurpose server hardware, implement secure multi-tenancy, and manage your compute resources as a single, commoditized pool that can be scaled non-disruptively. These benefits in concert with the management flexibility to reshuffle and

through server virtualization allows you to make better use of those high-bandwidth converged networking ports you've deployed. Some converged networking vendors also allow you to integrate the provisioning of networking resources with that of virtualized workloads—further increasing operational efficiency and capabilities. Similarly, tighter integration between modern storage offerings and virtualization platforms brings performance and management gains to the virtualization layer. These can be delivered through support for hypervisor-specific features such as VMware's vStorage API, which allows

While the guts of a private cloud revolve around management software and a healthy serving of virtualization, stopping there ignores a large part of the value proposition. balance workloads among different server resources make an incredibly powerful combination. It's no wonder that virtualization is so popular. With converged networking hardware, those same virtualization concepts can be applied to the network. By combining all I/O onto the same high-bandwidth network fabric, you can achieve the same types of operational efficiencies. Innovations in storage technology pave the way to eerily similar gains. Instead of allocating separate storage resources for every server, virtualized storage arrays spread storage load throughout available hardware. Likewise, multi-tier storage can be managed autonomously by the storage hardware, with frequently used data retained in faster storage, while less-used data is gradually migrated to slower, less expensive storage.

All for One, One for All Better still, each of these layers of infrastructure provide symbiotic benefits to one another. The high utilization density that can be achieved

Vol/7 | ISSUE/03

Essential_Tech_Jan012.indd 87

many storage-intensive tasks to be off-loaded directly onto the storage system or through hooks into the virtualization management tools. Conversely, the intelligence in modern storage systems can take advantage of virtualization-based thin provisioning, which allows the storage to free unused space and eliminate most storage overprovisioning— one of the largest sources of waste present in storage infrastructures. While the guts of a private cloud revolve around management software and a healthy serving of virtualization, stopping there ignores a large part of the value proposition. The private cloud is really a unifying concept built on consolidation of resources and management that draws together advances being made in virtualization, converged networking, and intelligent storage—all of which can combine to form a whole greater than the sum of their parts. CIO

Send feedback on this feature to editor@cio.in

4 Tips for Private Clouds Define the value. There are many private clouds constructed for no reason other than to put ‘cloud’ on the résumés of the builders. There should be a clearly defined value and ROI around the use of a private cloud. Before the project is funded, insist that the value be understood. Understand the use cases and other requirements. Why should you define the purpose for cloud first? After all, many organizations stand up storage or compute clouds, focusing more on the journey than the destination. But the destination matters, so you need to answer a few questions before you can increase your odds of success: What applications will exist in the infrastructure? How will resources be used and by whom? It may seem like common sense to get these answers beforehand, but unfortunately, the practice is rare. Perhaps you need to concentrate on the use of the private cloud from the point of view of the users. Private clouds serve up resources: Compute, storage, or applications services. Thus, it's best to focus on the interfaces into the cloud, including provisioning and service, then back those into the services that should exist and figure out what they should actually do. Leverage SOA, even for the most primitive clouds. Even if you're only doing virtualized storage, you need to start with SOA patterns as a way to find the right conceptual and physical architecture. It takes less time than you might think. Consider security as systemic. Again, even if your private clouds provide only primitive services, you have to build security into most of the architectural levels and components, including APIs, messaging, management, data at rest, and data in flight. — David Linthicum REAL CIO WORLD | J A N U A R Y 1 5 , 2 0 1 2

121

1/13/2012 3:16:15 PM

bookclub club whAt we’Re ReAdINg

by Vijay RamachandRan

* What Got You here Won’t Get You there

What NotTo Do This is a book all about what gets in the way of successful people being more successful—the way they behave. IN SUMMARY:

Happy are they that can hear their detractions and put them to mending. —William Shakespeare (Much Ado About Nothing) The pages of Book Club almost always discuss books that help extend you as a leader, as a business executive and as a CIO. In a way, they’re prescriptive, their pages are all about what you could do. How then do you deal with a book that’s all about what you shouldn’t? What Got You Here Won’t Get You There is about what gets in the way of successful people being more successful. And, who better to know about that than Marshall Goldsmith, an expert on leaders and leadership, recently recognized as the ‘Most Influential Leadership Thinker’ in the world at the Thinkers 50 Conference (sponsored by Harvard Business Review). An executive coach and author, Goldsmith says his greatest accomplishment is helping people have a better life—and helping people help the people around them have better lives. This particular book got off the ground when his mentor Peter Drucker said: “We spend a lot of time helping leaders learn what to do. We don’t spend enough time helping them learn what to stop.” Often, what holds people back, he states: “are simple behavioral tics—bad habits that we repeat dozens of times a day in the workplace—which can

122

Book_Club.indd 82

j a N u a r y 1 5 , 2 0 1 2 | ReAL CIO wORLd

be cured by (a) pointing them out, (b) showing the havoc they cause, and (c) demonstrating that with a slight behavioral tweak we can achieve a much more appealing affect.” Thus he puts the spotlight on 21 of our most irritating habits, including clinging to the past, playing favorites, withholding information and failing to express gratitude. Such habits, he believes, “are transactional flaws performed by one person against another ... that make your workplace substantially more noxious than it needs to be.” For anyone in a leadership position, it’s tough enough admitting that they’re flawed creatures. But, making the leap to realizing that these flaws are impacting others in a toxic way can be both uplifting and downright depressing. Goldsmith peppers his text with anecdotes of real situations which contain little leadership lessons in themselves. As he put it: “If you read the book, it’s filled with funny stories. It’s temping to read and say, What a bunch of idiots. But the idiots in the book have IQs of 150, CEOs of multibillion dollar companies, and they are the ones that are trying to get better. They are not idiots at all..” Goldsmith asks us to question ourselves and points us in the direction of what we need to change. For instance, he asked one of his coaching clients what he learned from being a CEO of a big company. The CEO said he had learned

whAt A gOt At tY YOU heRe wON’t ’t get et Y YOU theRe

By Marshall Goldsmith Publisher: Profile Books Price: Rs 295

that his “suggestions became orders”. As CEO, he told Golsmith, “you win. You don’t have to prove you’re right, prove you’re smart, you win anyway.” The problem with many us is that we are achievers, used to winning. That is what we continue to do. But, as Goldsmith observes, once we get to the top, we have to quit doing that. Ford CEO Alan Mulally once told Goldsmith: “Leadership is not about me. It’s about them. And that is hard.” A few years ago, I had the privilege of hearing Dr. Goldsmith deliver a keynote on this very subject. Some of the lessons I learnt then caused me to look deep within and make an effort to change. I can vouch for the good that has followed. I commend this book to you. Do get hold of a copy, and give one to anyone you deeply care for. Paraphrasing a hero to both Dr. Goldsmith and me, Buddha: Please just use what works for you and let go the rest. Sounds interesting? We invite you to join the CIO Book Club. CIO Send feedback to editor@cio.in

Vol/7 | ISSUE/03

DECODING NATURE’S FURY. CRITICAL DATA TO SAVE LIVES. A TEST FOR MAN AND MACHINE.

LENOVO THINKPAD. ENGINEERED TO PERFORM WHEREVER BUSINESS TAKES YOU. The ThinkPad® is a business-critical notebook that delivers blazing-fast performance even in the harshest of conditions. 2nd generation Intel® Core™ i5 processor Passes 8 military-grade specs ■ RapidBoot technology ■ Super-efficient thermal design ■ ■

WWW.LENOVO.COM corpsales@lenovo.com Lenovo, the Lenovo logo, For Those Who Do and ThinkPad are trademarks or registered trademarks of Lenovo. Intel, the Intel logo, Intel Core and Core Inside are trademarks of Intel Corporation in the U.S. and other countries. Microsoft and Windows are registered trademarks of Microsoft Corporation in the U.S. and other countries. © Lenovo 2012. All rights reserved. REM_IND_PDA_Q3-12_25820