CIO Magazine May 2012 Issue by Sreekanth Sastry

BuSineSS

technology

leaderShip

Disaster Recovery Customer Needs Business Continuity Virtualization Cost Optimization Career Big Data Analytics Users Strategies Tactics Management Staffers Business Intelligence Cost ROI Opex Capex Back Up Cloud Computing SLAs E-mail Applications ERPVOL/07 | ISSUE/07 CRM Vendors Cost Imperative Niche products Advice CFO CEO Economy the th Line Slowdown P&L Forecasting Sales Products Hardware Bottom 125Training Change Management IaaS Supply Chain Customer Experience issue Incentives Business Acumen Enterprise In-memory Relationships specialPaaS Long Term Goals Business-IT Alignment CISO Stakeholders Social Media Mobiles BYOD VDI Integration Consumerization of IT Best Practices Policy Governance Tablets Survey MDM Applications Store OS Cloud DR Outage Security Security Operations Use Cases Cloud Broker Manageability Storage Drive Infrastructure Erasure Codes Semantic Data Models Hadoop Competition Disaster Recovery Customer Needs Business Continuity Virtualization Cost Optimization Career Big Data Analytics Users Strategies Tactics Management Staffers Business Intelligence Cost ROI Opex Capex Back Up Cloud Computing SLAs E-mail Applications ERP TCO CRM Vendors Cost Imperative Niche products Advice CFO CEO Economy Slowdown P&L Forecasting Sales Products Hardware Bottom Line Change Management IaaS Supply Chain Customer Experience Training Incentives Business Acumen Enterprise In-memory Relationships PaaS Long Term Goals Business-IT Alignment CISO Stakeholders Social Media Mobiles BYOD VDI Integration Consumerization of IT Best Practices Policy Governance Tablets Survey MDM Applications Store OS Cloud DR Outage Security Security Operations Use Cases Cloud Broker Manageability Storage Drive Infrastructure Erasure Codes Semantic Data Models Hadoop Competition Competition Disaster Recovery Customer Needs Business Continuity Virtualization Cost Optimization Career Big Data Analytics Users Strategies Tactics Management Staffers Business Intelligence Cost ROI Opex Capex Back Up Cloud Computing SLAs E-mail Applications ERP TCO CRM Vendors Cost Imperative Niche products Advice CFO CEO Economy Slowdown P&L Forecasting Sales Products Hardware Bottom Line Change Management IaaS Supply Chain Customer Experience Training Incentives Business Acumen Enterprise In-memory Relationships PaaS Long Term Goals Business-IT Alignment CISO Stakeholders Social Media Mobiles BYOD VDI Integration Consumerization of IT Best Practices Policy Governance Tablets Survey MDM Applications Store OS Cloud DR Outage Security Security Operations Use Cases Cloud Broker Manageability Storage Drive That w ill Change Your Perspective Infrastructure Erasure Codes Semantic Data Models Hadoop Competition Disaster Recovery Customer Needs Business Continuity Virtualization y 15, 2012 | ` 100.00 Costm AOptimization Career Big Data Analytics Users Strategies Tactics ww w.CIO.IN Management Staffers Business Intelligence Cost ROI Opex Capex Back Up Cloud Computing SLAs E-mail Applications ERP TCO CRM Cover_May2012_Dummy_proof.indd 84

125 5/11/2012 4:24:21 PM

JN_India_CIO_V1.1.indd 4

From The Editor-in-Chief

Publisher, President & CEO Louis D’Mello E d i to r i a l Editor-IN-CHIEF Vijay Ramachandran EXECUTIVE EDITOR Gunjan Trivedi Features Editor Sunil Shah Senior Copy Editor Shardha Subramanian Senior correspondents Sneha Jha, Varsha Chidambaram Correspondents Debarati Roy, Shweta Rao, Shubhra Rishi Product manager Online Sreekant Sastry

Break on Through

Organizations need to leverage the slump by considering variable cost models to gain tactical advantage. We are the Pilgrims, master; we shall go Always a little further: it may be Beyond the last blue mountain barred with snow, Across that angry or that glimmering sea. —James Elroy Flecker At first glance the data from the CIO Mid-Year Review Survey felt more like a nightmare vision, but a closer look convinced me that true economic recovery, while distant, was more of a mindset game than one connected to external factors alone. The true impact of an economy in flux seems to be coming through in the responses of about 200 organizations and their CIOs to the study. Shorter business horizons are leading to a host of short-term solutions being demanded of CIOs. Multiple projects, fast rollouts and quicker change requests from business are stressing IT teams, who now have to deal with a crushing workload. Given this tactical nature of IT, it’s no surprise that close to 40 percent of CIOs flagged shortage of time for strategic planning as one of their biggest barriers to success. Unclear business expectations and inadequate in-house skillsets are only making the situation worse. Interestingly, just 17 percent of IT leaders said that they were inadequately funded! Throw in the 49 percent who state unequivocally that their organization’s risk and growth appetite remains high and a strange picture emerges. While the fear of stumbling exists, a significant number of organizations seem to be hoping that the Darwinian nature of the current slowdown will take out the competition. And, more than a few are trying to widen the gap by actually making the right moves, albeit cautiously. It’s heartening that more organizations have worked on creating better customer connect than those that have focused primarily of cutting cost. To get ahead, organizations need to punch through this slump. You need to use it to your advantage by considering models like the cloud to give you the short-term tactical advantage while trying to build cost variability as a longer-term strategy. (Coming next month our analyses on data from the CIO Mid-Year Review Survey)

Custo m Pu b l i s h i n g Principal Correspondents Aditya Kelekar, Gopal Kishore Correspondent Vinay Kumaar Design & Production Lead Designers Jinan K.V., Jithesh C.C, Vikas Kapoor Senior Designers Unnikrishnan A.V. Designers Amrita C. Roy, Sabrina Naresh, Lalita Ramakrishna Production Manager T. K. Karunakaran Ev e n t s & A u d i e n c e D e v e l op m e n t Vice President Events Rupesh Sreedharan Sr. Managers projects Ajay Adhikari, Chetan Acharya, Pooja Chhabra Asst. manager Tharuna Paul Senior executive Shwetha M. project coordinators Archana Ganapathy, Saurabh Pradeep Patil Sales & Marketing President Sales & Marketing Sudhir Kamath VP Sales Sudhir Argula Asst. VP Sales Parul Singh AGM Marketing Siddharth Singh Manager Key Accounts Jaideep Marlur, Sakshee Bagri Manager Sales Varun Dev sr Manager Projects Ajay S. Chakravarthy Associate Marketing Anuradha Hariharan Iyer, Benjamin Anthony Jeevan Raj, Dinesh P., Rima Biswas Asst. Manager Sales Support Nadira Hyder

Finance & Admin Financial Controller Sivaramakrishnan T. P. Manager Accounts Sasi Kumar V. Asst. Manager Credit Control Prachi Gupta

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in 2

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

IDG Offices in India are listed on the next page

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2

5/22/2012 3:52:16 PM

Networks are complex. Your network performance management shouldnâ&#x20AC;&#x2122;t be. Decomplexify it with Riverbed Cascade.

Go to www.Riverbed.com/Cascade to see how Riverbed is Decomplexifying network performance management by enabling end-to-end visibility into the performance and troubleshooting of critical business applications. For any queries, please contact marketingindia@riverbed.com or +91 9845652826, +91 80 40300567

From The governing board

Gov e rn i n g BOARD Alok Kumar VP & Global Head-Internal IT& Shared Services, TCS Amrita Gangotra Director-IT (India & South Asia), Bharti Airtel

Who Dares, Wins

Anil Khopkar VP-MIS, Bajaj Auto

CIOs should encourage business users to challenge IT to foster a culture of innovation that outwits the competition. IT has forever been the long standing ally of business. It has supported business processes, and propelled innovation. Viewed from that perspective, innovation has been the hallmark of IT. But I also believe that IT innovation is very short-lived. IT innovation can be replicated by competition in no time. This goads IT to disrupt the status quo and break the mould. To help this foward movement, business needs to challenge IT. CIOs must cultivate this approach to help their organizations realize the strategic advantages of IT. They should encourage business users to challenge IT. This is a methodology wherein the business users of an organization take a hard look at their business processes or any other matrix of the business. Then they identify areas where there is scope for improvement. After this, users challenge the IT department to find a solution. At Maruti Suzuki, I instituted this culture five to six years ago. I put business users in a workshop and asked them to jot down the current business matrix then I asked them to identify performance gaps in the process. Once that is done, I encourage them to challenge IT to re-engineer the process. When they do that I get them to collaborate with IT to conceptualize the project. This way I tap into the collective ingenuity of IT and business. For instance, our business users once challenged IT to improve their forecasting mechanism. We worked with them to re-engineer the process and delivered the desired results. This approach augurs well for the enterprise. It sustains a culture of unfettered innovation. It assuages the pain of change management. Since users themselves ask for improvements and work towards making it more palatable they have no reason to complain. Itâ&#x20AC;&#x2122;s not like something that is forced on them. However, IT and business users can imbibe this culture only if they are equipped with a keen understanding of business processes. I also believe business should budget these projects as this will intensify their ownership. This culture cannot be developed overnight. But once itâ&#x20AC;&#x2122;s established, challenging IT could be central to how organizations resolve business complexities, cross new performance thresholds, and outwit competition. Rajesh Uppal, Executive Officer IT & CIO, Maruti Suzuki India

Atul Jayawant President Corporate IT & Group CIO, Aditya Birla Group C.N. Ram Group CIO, Essar Group Devesh Mathur Chief Technology & Services Officer, HSBC Gopal Shukla VP-Business Systems, Hindustan Coca-Cola Manish Choksi Chief-Corporate Strategy & CIO, Asian Paints Murali Krishna K SVP & Group Head CCD, Infosys Technologies Navin Chadha IT Director, Vodafone Essar Pravir Vohra Group Chief Technology Officer, ICICI Bank Rajeev Batra CIO, Sistema Shyam Teleservices (MTS India) Rajesh Uppal Executive Officer IT & CIO, Maruti Suzuki India S. Anantha Sayana Head-Corporate IT, L&T Sanjay Jain CIO & Head Global Transformation Practice, WNS Global Services Sunil Mehta Sr. VP & Area Systems Director (Central Asia), JWT V.V.R. Babu Group CIO, ITC

Bangalore: Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, Phone: 080-3053 0300, Fax: 3058 6065 Delhi: New Bridge Buisness Centers, 5th and 6th Floor, Tower-B, Technolopolis. Golf Course Road, Sector 54 Gurgaon- 122002, Haryana Phone: 0124-4626256, Fax: 0124-4375888 Mumbai: 201, Madhava, Bandra Kurla Complex,Bandra (E), Mumbai 400 051, Phone: 022-3068 5000, Fax: 2659 2708

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 4

5/22/2012 3:52:19 PM

Runs Oracle

10x Faster

The World’s Fastest Database Machine •

Hardware by Sun

•

Software by Oracle

* But you have to be willing to

spend 50% less on hardware.

10x faster based on comparing Oracle data warehouses on customer systems vs. Oracle Exadata Database Machines. Potential savings based on total hardware costs. Oracle Database and options licenses not included. Actual results and savings may vary.

Print Ad Resize

22.23 x 27.6cm CIO (1st Right Hand Page Ad)

PUB NOTE: Please use center marks to align page. Job No.: Headline: Date: Project: Type: Live: Trim: Bleed:

312M_EXD_10xFaster_CIO Runs Oracle 10x Faster* 01/24/2012 APAC Regional Fulfillment Magazine 20.32cm x 25.72cm 22.23cm x 27.6cm 22.86cm x 28.26cm

Fonts: Univers LT Std. 75 Black, 65 Bold, 55 Roman, 45 Light, 67 Bold Condensed, 57 Condensed

PRODUCTION NOTES

READER

LASER%

Released

1/24 2012

Please examine these publication materials carefully. Any questions regarding the materials, please contact Darci Terlizzi (650) 506-9775

contents

125

may 15, 2012 | Vol/7 | issue/07

52 | moment of Truth: one Thing you’d like From your Technology Provider 61 | What has been your biggest Achievement This year? 62 | in your role as an iT leader, What has been your greatest learning Till date? 67 | What Advice Would you give your CFo to Tackle the Current economic reality?

vieWs From The ToP:

40 | 125 BIG IDEAS

twenty-five of india's finest CeOs share their views on it and the CiO role.

FeATures | sTrATegy From your career to your team, and from your vendor to your boss, these 10 features will open up a world of possibilities for your success.

COVER DESIGN By VIKAS KAPOO R

96 |beyond the Cio role voiCes | Cio role And CAreer IT leaders from India's most prestigious organizations tell you what you need to know to become a better CIO—work-wise and otherwise.

22 | What have you done to ensure that ‘Cio’ does not stand for ‘Career is over’? 25 | best Piece of Advice you've given your staff 47 | how do you Keep iT staff Continually inspired to excel? 51 | An interview Question you like to Ask staffers When you are recruiting

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

/7 | ISSUE/06

contents

(cont.) departments 2 | From the editor-in-Chief Break on Through By Vijay Ramachandran

4 | From the Governing Board Innovation | Who Dares, Wins By Rajesh Uppal, Maruti Suzuki India

11 | trendlines

5 4

16 | alert BYOD | The Inmates Have Control! Legal | Indian Cyberlaw: Liability of CIOs

Case Files

141 | essential technology

118 | Carzonrent

IT Management | A Single Pane of Glass Mobile | Time for Mobile Virtualization?

revenue mAnAgemenT Carzonrent puts in place a robust revenue management system after it loses track of 1.4 percent of its transactions. by sneha jha

152 | 5 things I've Learnt The Voice of Experience | Alagu Balaraman,

120 | Flipkart innovATion By using a system that allows Flipkart’s engineers to launch multiple versions of its website in real time, IT drives a new level of innovation. by Varsha Chidambaram

former CIO and current partner & MD India Operations CGN & Associates

Columns 24

| What About my Feelings?

staff management You need to teach your staff that fixing user problems doesn't get the job done—and it won't be until they deal with user emotions. Column by Paul Glen

| in the hot seat

underCover oFFiCer One man’s adventure into the interviewing process for a CSO position. Column by an anonymous CSO

| Three Keys to Tomorrow

Cio role Three things IT leaders need to do to move the CIO role forward . Column by Pravir Vohra

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

3 6

AlTernATive vieWs: how smart are monetary incentives? Is dangling money in front of your staff the best way to increase productivity and retain employees? Two CIOs debate.

VOL /7 | ISSUE/07

Cio online

.in CIO AdverTiser index

accelPro Technologies India Pvt. Ltd.

[ CI O H OMEPAGE ]

BenQ India Pvt. Ltd

CiO.in revamps!

Ca (India)Technologies Pvt. Ltd

Cicso Systems (India) Pvt.Ltd

Bharti airtel Limited

To serve your needs better, we've redesigned cio.in. Now you'll be able to navigate content more easily, and quickly see the stories that demand your attention. We also have more surveys and more case studies!

[ BO O K CLUB ]

[ DEBATE ]

is money the best way to retain employees?

We invited two CIOs to kick-start a debate on whether money is the best way to hold on to staff. Read all about it in alternative Views (page 36). Which side are you on? We also have more debates for you on www.cio.in Job Rotation: Harmful or Helpful? ayes Vs Nays a Are We Ready for Big Data? ayes Vs Nays a Is Jugaad a Good Thing? ayes Vs Nays a >> www.cio.in/cio-debates

Conversation starter

9 57+ Belly Band

Ctrl S Datacenters Ltd

Dell India Pvt. Ltd

38 & 39

Eaton Power Quality Pvt. Ltd

Fujitsu India Pvt. Ltd

HCL Comnet Ltd

33, 34 & 35

HID India Pvt. Ltd

IBM India Pvt. Ltd

Juniper Networks India Pvt. Ltd

IFC

Lenovo India Pvt. Ltd

IBC

Oracle India Pvt.Ltd

Riverbed Technology India Pvt. Ltd.

SaS Institute (India) Pvt Ltd Tata Consultancy Services Tulip Telecom Ltd

27 121 to 128 BC

Books have been known to spark conversations and on our website you can find the genesis of one. Learn what your peers think of a book and then visit the all new CIO Book Club section online and join the conversation with your peers.

>> www.cio.in/bookclub

[ Ca se File ] sold On innovation

By using a system that allows Flipkartâ&#x20AC;&#x2122;s engineers to launch multiple versions of its website in real time, IT drives a new level of innovation.

>> www.cio.in must read @ cio.in 10

>> Alert: Indian Cyberlaw: Liability of CIOs >> Column: Three Keys to Tomorrow >> Feature: 5 Things I've Learnt

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Content,Editorial,Colophone.indd 10

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

VOL /7 | ISSUE/07

5/22/2012 3:53:09 PM

EDITED BY sharDha suBramanIan

new

hot

unexpected

Bump to Create Cash

QUICK TAKE:

Increasing Budgets in a Slowdown

In a world dominated by shrinking IT budgets, some CIOs say their IT budgets have increased this year. One of them is K. N. C. Nair, CIO, Muthoot Group. Shweta Rao spoke to him to find out what this means to IT and his organization.

It Budget

Has the global economic slowdown affected your IT budget this year? Not much. Muthoot Group exhibited growth even during the 2008 recession. That gave us the confidence to step into 2012. In fact, we have increased our IT budget by 50-60 percent this year. Where are you planning to invest? About 60 percent of the IT budget will be dedicated to a core banking solution. The rest would be spent on system upgrades, HRMS and CRM. Our aggressive growth is forcing us to straighten our central operations so that we stay competitive. A core banking solution will help reduce IT infrastructure spending by 10 percent and enable us to invest in more business and mission-oriented projects.

Vol/7 | ISSUE/07

Trendline_april 2012.indd 11

downloaded the app and linked it to their PayPal accounts. “Bump Pay is interesting because of its novelty, which may spur trial, but being within arm’s reach of the person you’re paying back is not always convenient and will limit its usefulness,” said Denee Carrington, an analyst with Forrester Research. But Chris Silva, an Altimeter Group analyst, sees proximity as the right approach, “People are just so paranoid about using any type of technology where there’s a transaction taking place and you’re not actually exchanging funds or a card. I think it makes sense for what people are going to feel comfortable using,” says Silva. As for the security of the app, Silva notes that some Bump Pay users could claim that they had accidentally tapped another person’s phone, and thus attempt to recoup their funds. “There’s a risk, but it’s almost completely borne by the credit card issuers and the banks.” —By Cameron Scott

trendlInes

I n n o v a t I o n Startup Bump Labs threw its hat into the crowded mobile payments ring by launching an app that allows people to exchange money by tapping their phones together. The app, called Bump Pay, builds on the company’s core technology, which enables two smartphones using Bump apps to transfer data by being tapped together. Unlike NFC (nearfield communication), which Google and others are promoting for mobile payments, Bump requires physical contact between devices. The company’s current app, called Bump, allows users to transfer contact information and photos. To use Bump Pay, a user types in how much money he or she wants to send and then bumps phones with the intended recipient. Bump’s software determines which two phones collided. The app then transfers funds from one user’s PayPal account to the other’s. Both users must have previously

Despite the budget increase, responsible spending will always be a challenge. How do you plan to tackle it? Continuing to do more with what you have is always better than doing more with less. The trick is figuring out how to efficiently embrace a new technology while getting rid of legacy systems. Also, I think the importance of testing a rollout is terribly underplayed these days. It provides a great learning experience and helps pre-empt unfortunate encounters. Good feedback has helped me avoid over-spending on more than one occasion. One must have user focus groups to receive good feedback.

K.N.C. Nair

What would you advice CIOs facing budget cuts? With shrinking budgets, technology will be a key component in keeping critical operations on track. But that won’t suffice. Ideas like decremental budgeting can come to the rescue when working with reduced budgets. CIOs also need find innovative ways to solve to everyday problems that don’t require expensive solutions. REAL CIO WORLD | M a y 1 5 , 2 0 1 2

Lessons From Abhishek Manu Singhvi voices:

Siddegowda Sudhakar Head-IT, Majid Al Futtaim (Fashion)

trendlines

“Instant access to information is making us less sensitive and less capable of understanding individual rights on our own. And social networking sites are loud, glass houses and the lack of physical contact over these sites lowers users’ natural defenses making them prone to distress.”

Man Mohan Goyal Head-IT, Phillips Carbon Black “Today’s highly networked world allows for a faster and more free flow of information and more exposure than before. But, technology advancement is a natural process and cannot be stopped. Every new technology is going to take us by surprise and make us vulnerable in some areas. But, like always, we soon learn to adapt, adopt and evolve.”

Valerio Fernandes GM-IT, Continental Automotive Components India “Technological improvement definitely poses a threat to individual and social security if not handled properly because it has the potential to be intrusive and devastatingly destructive. The world has raced towards embracing technology while significant loopholes still exist.”

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Trendline_april 2012.indd 12

Trial Blazing R e t a i l The cavemen must have been a happier lot. For one, they weren’t forced to live with the social-induced pressure of dressing up. Imagine the hours we could save waiting outside trial rooms. Now, for the first time, one Indian company is trying to give shoppers back those hours—and still keep their shirts on. According to a poll of 2,000 shoppers by market research firm OnePoll.com, women spend about 399 hours and 46 minutes on 301 shopping trips a year. That’s eight-and-a-half years worth of retail therapy if you live till 63. Yet, a lot of it is spent uncomfortably waiting outside or using clammy changing rooms swamped with other people’s bad taste. A Hyderabad-based startup, Imaginate, offers customers the chance to be spared that fate with a shopping assistant it calls TRIALAR, a digital apparel and jewelry trial room platform. More simply, TRIALAR combines HD cameras, a flat HD/ LCD panel display, and Intel core advanced CPUs to allow shoppers to see how they look in clothing—without having to try them on. Using HD cameras, the system captures a customer’s measurements and allows them to choose clothes or jewelry from a digital catalogue—something most retailers with e-commerce abilities already have. And thanks to a multi-screen display, shoppers can compare how they look in different colors. “We hope to save shoppers time standing in queues and trying on various items. And it allows retail stores to eliminate the damage that occurs when shoppers try out clothes,” says Hemant Sathyanarayana, CEO of Imaginate Software Labs. Motion sensors around the display screen can recognize when a shopper wants to move to the next item by making a flipping gesture, tablet style. “We cut out the touch screen option because that would force a shopper to keep stepping back and forth while making a choice,” says Sathyanarayana. The system also displays additional information like fabric—or whether a celebrity wore something similar. And an analytics-based engine can throw up intelligent ‘you-may-alsolike-these’ options. e-Retailers can incorporate webTRIALAR for their online shopping websites. Online customers can use webcams or upload their pictures to virtually try out clothes—encouraging buyers who want to see how they look before making a purchase. Imaginate is currently developing mobTRIALAR, its mobile version on multiple platforms including Android, iPhone, and Windows 7. — By Debarati Roy

images by photos.com

The recent controversy surrounding Congress party’s former spokesperson Abhishek Manu Singhvi, where his video was posted on a social media platform brings up an important question: Are technological advancements posing a threat to our own security? Shweta Rao asked your peers if they agreed.

Security

Vol/7 | ISSUE/07

5/11/2012 4:38:23 PM

Facebook ‘Likes’ Could Make you Jobless Facebook “likes” could get you fired, and if you take your employer to court over the punishment you may have an uphill legal battle. that’s what some plaintiffs found when they took the matter to the US District court for Eastern Virginia. In the case bland versus Roberts, the plaintiffs, who had worked in the hampton, Sheriff’s office under b.J. Roberts—who was running for re-election against Jim adams—asserted that doing things to support their boss’ opponent eventually got them fired once Roberts had secured his seat. Such activities included placing a pro-adams bumper sticker on one of their cars, attending an adams-sponsored cookout, and “liking” adams’ Facebook page. the court said Roberts was not aware of these activities, except for the Facebook endorsements. Even so, his knowledge of the “likes” was inconsequential, said the court. “[Roberts’] knowledge of the posts only becomes relevant if the court finds the activity of liking a Facebook page to be constitutionally protected. It is the court’s conclusion that merely “liking” a Facebook page is insufficient speech to merit constitutional protection,” the court said. lawyer Venkat balasubramani disagrees. “the court veered off course in concluding that a Facebook like is not speech.” he said. “maybe the court slept through many other instances of online activism in the past five years.” —by christina Desmarais

trendlInes

Internet

P of!

go Virtualization Challenges

v I r t u a l I z a t I o n Indian CIOs show a new level of ease with virtualization when asked what their biggest issue with running mission-critical apps in a virtual environment was.

36%

No issues at all

11%

25% Some applications are not good candidates for virtualization

Increased latency & performance issues

10% Inadequate in-house skill sets necessary for the migration

governance, risk & compliance issues

application workload difficult to define

problems with back-up Source:cIo Research

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Trendline_april 2012.indd 14

NASA Finds a New

Sun God

P o P u l a r s c I e n c e Could satellites one day beam solar energy back to Earth? It could be possible, thanks to a new research project. There have been some incredible advances in solar power technology over the years, ranging from simple solar panels to solar-thermal power and more efficient panels. But NASA scientists believe the next step in maximizing sun-based energy will come from satellites that would beam harvested solar power down to Earth. The idea is to use a satellite with an array of mirrors to collect energy from the Sun and send it back to Earth via a Microwave beam. It might sound like another crazy death ray beam, but NASA thinks that it’s realistic enough that they’ve funded the Artemis Innovation Management Solutions group to develop its Solar Power Satellite via Arbitrarily Large PHased Array (SPS-ALPHA). The array will feature a modular, tulip shaped satellite equipped with thin-film mirrors to reflect sunlight into photovoltaic cells. The collected solar energy will be converted into microwaves that will then be transmitted back to a receiving station on Earth at a low frequency and intensity. Power plants on Earth will be able to convert the Microwave energy into electricity and add it to the power grid. NASA says that each array system could create anywhere from tens to thousands of megawatts of energy. Since the satellite array will use so many small, lightweight parts, it will also be simpler and cheaper to build than previous solar-power satellite methods. Instead of building a gigantic array on Earth and launching into space, scientists could send parts up into space on current cargo spacecraft so they could be assembled in orbit (much like a space station). NASA has been looking into satellite energy-beaming concepts for some time, but none have been as promising as SPS-ALPHA. —By Kevin Lee

Vol/7 | ISSUE/07

5/11/2012 4:38:26 PM

Four Must-Dos for CIOs Online kept confidential, but so-and-so said...” Dishing dirt is infinitely appealing, but the world we work in is a small one. It’s far too easy for your name to be sullied when you toss around negative opinions. Be direct in your requests for help. Job seekers commonly make the mistake of being too hesitant to ask for help right off the bat. Don’t simply ask networking contacts to keep you on their radar screen. most of us have about 5,000 people on our radar screens that we’ve completely forgotten about. We all have good intentions when we use that phrase, but it’s too passive to be effective. Be present online. capitalize on tools such as linkedIn and use your status updates wisely. Share an article once a month. t twice a month, swap out a book on your amazon reading list. Regularly look for industry events or webinars and indicate you’re interested in attending, or join a professional group. —by Kristen lamoreaux

Fast, secure

trendlInes

Executives exploring options outside their current company are often in need of job search etiquette tips. Especially since the immediacy and transparency of today’s technology can easily create an uncomfortable situation. So how can you avoid being “that guy” while still incorporating social networking tools into your job hunt? a good first rule of thumb: If you find yourself hesitating before clicking send, stop and review what you’re doing. laying the right groundwork with your network can also help protect your reputation. Organize your contacts by trust level. Say you’ve decided it’s time to look for a new job and want to begin to contact people in your network. y you should be building concentric circles based on trust levels and initiate contact with your core trusted resources first. never talk trash. bashing your current employer to professional contacts is never acceptable. t too many networking conversations begin with, “of course this must be career

Custom solutions Group ACCELPRO

Full remote access From anywhere

When you talk about mission critical enterprise deployments, no other product can match the performance of AccelPro, Aditya Malhotra gives you three reasons which makes AccelPro a clear choice for ISP and Enterprise customers.

30 X times faster than conventional SSL VPN Only True Enterprise/ISP level SSL VPN available in the market with Zero Support Calls TCP Optimization, WAN Acceleration, DLP, ANAC, End Point Compliance, Next Generation VPN all features inbuilt into Single Product. ADITyA y MALHOTRA, yA Co-Founder & CEO accelPro Technologies India Pvt. Ltd

“AccelPro is a true Next Generation VPN product with very good performance and unmatched engineering support and is best suited for ISP environments, we are highly satisfied with their technology and support.”

“We have evaluated all the available SSL VPN products in our environment and AccelPro could give us the best performance. We are also using AccelPro instead of international MPLS to connect our international offices, delivering VC, Voice and enterprise applications”

MAnISH TRIPATHI, M Product Manager, Tulip Telecom

S SREEnIVASREDDy IVASREDDy RAnABOTHU, IVASREDD aGM - Corporate IT, LaNCO Infratech Ltd. a

sales@accelpro.net info@accelpro.net support@accelpro.net contact: +91 9871288832, +91 9911430044

Trendline_april 2012.indd 15

5/11/2012 4:38:28 PM

alert

Enterprise Risk management

“The Inmates Have Control!” M

IMAGES by PHOTOS.COM

obile devices are multiplying and—sanctioned or unsanctioned—finding their way onto corporate networks. For IT pros, the influx of personal mobile devices to the corporate network is raising security concerns, creating management challenges, and swamping the help desk with support calls. In a survey of 400 IT pros jointly conducted by Network World (a sister publication to CIO) and SolarWinds, respondents shared a wide range of tactics for handling the mobile device management challenge. For starters, the majority of respondents said their companies issue mobile devices that can access the corporate network, including laptops, tablets and smartphones. BlackBerry devices, iPhones and Android devices are among the most common corporateissued smartphones, cited by 48 percent, 46 percent and 38 percent of respondents, respectively.

Just 15 percent said their companies don’t issue mobile devices with network access. Tellingly, some of respondents whose companies don’t issue mobile devices said there’s opportunity for end users to bring personal devices to work—the bring-your-own-device, or BYOD, trend—and receive support from corporate IT. “We provide a monthly stipend where users can BYOD for smartphones,” one respondent said. “We don’t issue mobile devices, but users who own their own mobile devices can access the corporate network once they have received IT permission,” another respondent said. The BYOD trend is not universally embraced, however. In the pro-BYOD camp, 59 percent of respondents say there are no device restrictions when

findings

Monitoring the Madness Is BYOD really a security threat? It’s hard to say, especially with many IT departments not monitoring mobile devices. 5% No clue

BYOD Duh How confident are you that you know of all the personal mobile devices on your network?

23% Not at all confident

16% Certain

26% Somewhat confident

30% Very confident

it comes to employee-owned devices that are allowed to access the corporate network. (However, access is limited to specific Web apps or segregated virtual networks.) When asked why companies decided not to allow personal mobile devices, responses varied. Many were absolute: “If it is not company-owned, it does not touch our network,” one respondent stated. Another said there’s “no need to have personal devices on the network when the company provides every resource necessary to do your job.” Respondents also expressed security concerns and IT support challenges. They cited the potential for loss of confidential data; legal issues and regulatory compliance risks; and the management burden associated with supporting diverse device types.

23%

of organizations aren’t sure if non-companyissued mobile devices have been responsible for a security breach.

Source: Network World and SolarWinds

Alert_May2012.indd 18

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:34:17 PM

The

Logical Choice for Security

Convenience meets Security at the desktop. Whether your organization needs a contact smart card for secure log-in, digital signature or secure remote access, or you require the most convenient two-factor authentication solution, HID Global’s OMNIKEY® contact and contactless smart card readers provide a fast and reliable solution. Compliant with industry standards, OMNIKEY contact and contactless readers are compatible with virtually any smart card, any operating system and a variety of applications. Available in numerous form factors, OMNIKEY readers offer a risk-appropriate choice for any organization. For information on HID Global’s innovative line of smart card readers, visit hidglobal.com/smartcard/CIO

HID_Omnikey_CORP_CIO.indd 1

5/3/11 9:15 AM

alert

Enterprise Risk management

If employees use personal devices, “in our experience they expect the IT dept. to support those devices, and we have a strict policy against supporting devices we didn’t issue,” said one respondent. “Most often these devices are using pirated software, have been infected from home, or are being utilized to do non-workrelated stuff,” another said. “We have not set up a method to segregate these from our production network, so for now they are not allowed.” Unsurprisingly, permission to access the network is not always clear-cut. Some respondents said exceptions are made for certain job roles (and certain executives). Nor is it always clear how often employees bring their own devices to work. Asked if they knew about all the personal mobile devices with access to the corporate network, respondents expressed varying degrees of certainty. Sixteen percent said they are certain, 30 percent are very confident, and 26 percent are somewhat confident. Meanwhile, 23 percent said they are not at all confident, and 4 percent saud they have no clue.

The BYOD Effect Despite myriad security concerns and manageability challenges, there are

positive effects associated with the BYOD trend. Among respondents whose companies allow personal mobile devices to access the corporate network, 46 percent said it increased productivity among end users. A nearly similar number (47 percent) said it has increased end users’ ability to work from home. In some cases, having a BYOD policy has positively impacted employee relations. BYOD has “improved employee attraction and retention,” one respondent said. “We have seen a change in morale,” another noted. The policy has “increased job satisfaction for the employee and satisfaction with central corporate IT’s customer service,” another concluded. Just 5 percent said allowing personal mobile devices to access the corporate network decreased employee productivity, and 28 percent said they haven’t seen any change in behavior. On the security front, respondents were asked if a non-company-issued mobile device has been responsible for a security breach on the company network. Just 6 percent said yes, while 67 percent said no and 23 percent said they’re unsure. Among the respondents with anecdotes about BYOD-spawned security incidents, the most commonly cited culprits were

Now, Hyperspeed Signalling Security engineers at the University of Tulsa have found a way to identify cyber attacks before they reach their target, enabling network administrators to take pre-emptive measures to protect their IT systems. In a report published in the International Journal of Critical Infrastructure Protection, engineers explained that slowing traffic by just a few milliseconds can give networks time to identify malicious data packets. The team have developed an algorithm that sends high-speed signals flying ahead of the malware to mobilize defences. “Hyperspeed signalling uses optimal (hyperspeed) paths to transmit high priority traffic while other traffic is sent along suboptimal (slower) paths,” stated the report. “Slowing the traffic ever so slightly enables the faster command and control messages to implement sophisticated network defence mechanisms.” But one of the report’s authors, Sujeet Shenoi, admitted that adapting an existing network to run the algorithm would not be cheap. Further, the system is only as good as the threat sensors that pick up the impending attack. — By Sophie Curtis

personal laptops that introduced a virus on the company network. On the support front, nearly two-thirds of survey respondents are in agreement on one particular BYOD issue: They need management help. When asked if they have the necessary tools in place to manage non-companyissued mobile devices on the network, 65 percent said no, 28 percent said yes, and 7 percent said they’re not sure. With the increased use of mobile devices, 44 percent of respondents said they’ve experienced an increase in helpdesk requests, 41 percent said they’ve experienced an increase in network traffic, and 16 percent said they’ve experienced an increase in security issues. Just over 14 percent said they’ve seen an increase in all three of those areas. Yet, 28 percent said they’ve experienced none of those upticks. One respondent said the management overhead is significant since “we needed to outsource mobile phone device management to keep up with demand.” Respondents said they’re employing a wide range of vendor tools and security tactics in order to provide safe, productive mobile access. Usage policies vary, and many are works in progress. Determining security policies that can be reasonably enforced on personal mobile devices is tricky. In some cases, companies have found they need to rethink blanket bans on personal devices at work as the BYOD trend gains momentum. To ignore the trend could be a big gamble. “Our current policy disallows all personal devices on the corporate network. However, we’re not enforcing this. We are in the process of developing a useful/ enforceable version of the policy,” one respondent said. Put another way, another survey respondent humorously noted the mobile device management challenge is constantly evolving “because the inmates of the asylum have control.” CIO

Ann Bednarz is associate news editor for NetworkWorld. Send feedback to editor@cio.in

Alert_May2012.indd 20

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:34:18 PM

can you keep your data secure in the cloud?

you can You may feel more secure working in your own, private environment. Many IT professionals feel the same way. But the world is demanding more innovation, greater agility and higher levels of responsiveness. That means cloud. We can help you “embrace the cloud” in ways that will help you achieve the kind of business agility you need to drive tomorrow’s success. Talk to us about ways to simplify, secure and accelerate—even from the most heterogeneous of computing environments. For more information on how our cloud management solutions can help you simplify, secure and accelerate IT, visit ca.com/in

ca_datasecure_cioindia.indd 1

ADVERTISER: PUB: ISSUE:

CA Technologies CIO India Magazine April 2012

3/9/12 3:57 PM

DATE: SIZE:

9/3/12 22.23cm x 27.6cm 0.33cm bleed 560 Harrison Ave., Suite 503 | Boston, MA 02118 617.338.4441

alert

EnTErprIsE rIsk

[ LEgaL

E ag L E ]

management to two different kinds of liability for top management. The first Pavan Duggal, Advocate, Supreme Court of India

indian Cyberlaw: Liability of CiOs

pril 2012 is the first anniversary of the coming into force of extremely significant rules which impact the use of computers, computer systems, computer networks, computer resources and communication devices. The Information Technology Rules, 2011 were enacted and implemented in April, 2011. Does the CIO really need to take into consideration the Information Technology Act, 2000 and rules made there under? Should CIOs be really concerned with legal aspects concerning use of computers, computer systems, computer networks, computer resources and communication devices? The answers to all these questions is a resounding yes. Today’s CIOs need to be extremely alive and aware of the legalities impacting the use of computers, computer systems, computer networks, computer resources and communication devices. CIOs today cannot say that the legalities concerning computers, computer systems, computer networks, computer resources and communication devices have to be looked after only by the company’s legal department. On the contrary, a CIO is an integral element of the mindshare that has to be applied in the direction of ensuring compliances with the law. Today’s CIOs have to ensure compliances with the parameters of the Information Technology Act, 2000. The Information Technology Act, 2000 as amended by the Information Technology (Amendment) Act, 2008 has put a tremendous focus on compliances. These compliances have become more critical and important in today’s context. Information Technology Rules, 2011 have further reinforced the need for consistent compliances by companies. The immediate downside of non-compliances is potential exposure for the company and its top

exposure is liability of a civil nature which will expose a company’s top management to the liability of paying potential damages by way of compensation of up to Rs 5 crore per contravention. The second exposure that the company’s top management needs to be ready for is exposure to potential criminal consequences. The law of the land is very clear: If a contravention is committed by a company, then every person responsible for running its affairs shall be deemed to be guilty of the said offence and are liable for punishment accordingly. Of course, it will still be up to the top management to escape liability if they are able to show that the said contravention happened without their knowledge or that despite the exercise of due diligence they still could not prevent the commission of any contravention under the law. The exposure to potential criminal consequences for the top management could include imprisonment ranging from three years to life imprisonment and a fine ranging from Rs 1 lakh to Rs 10 lakh under various provisions of Chapter XI of the amended Information Technology Act, 2000. Today, CIOs have to insist that their companies are compliant with the provisions of the Information Technology Act, 2000 and rules and regulations made there under. Compliance, compliance and compliance is the only way forward for achieving CIO nirvana. CiO Pavan Duggal is asia’s and India’s foremost expert and authority on cyberlaw and mobile law and is a practicing advocate, Supreme Court of India. Send feedback to legal_eagle@idgindia.com

OnE::LinEr

the he problem with BYOD is you can’t disable functions like cameras and U UsB ports because it’s the employee’s device.

—par p EsH Makwana, Vp par p and Head Datacenter & Information security Officer, Dsp Blackrock Investment Managers The Indian goverment is planning to spend an estimated rs 800 crore to set up an ‘Internet scanning agency’ that will monitor all web traffic passing through Internet service providers in the country. It’s calling it the National Cyber Coordination Centre.

m a y 1 5 , 2 0 1 2 | REAL CiO WORLd

VO l/7 | ISSUE/07

What Have You Done to Ensure that ‘CIO’ Does Not Stand for ‘Career is Over’? the th 125 issue special

“IT is transforming business and this has given the CIO role a

“All CIOs need to realize that Change Is Obvious and resort to an interchanging DR

much-needed edge. Today, new innovations are born everyday; your career is far

(Department Role) strategy. This will

from over if you stay focused.”

give them the necessary edge and transform into excellent CIOs.” Ashok R.V., Vice President (Information Systems), Sundaram Clayton

Rakesh Mishra, GM-IT&C, Jindal Steel and Power

“CIOs should lead the e-business initiatives of their

companies. It’s a new revenue channel that adds to the company’s bottomline. CIOs also need to align with CMOs to give direction to digital marketing initiatives.” Mohit Agarwal, CIO, Carnation

“CIOs should be perceived as people who drive initiatives to enhance the business. So, one has to strive to take on a P&L

responsibility.”

Jo ep Dutta, CTO, ICICI Securities Joyde

“I run a continuous improvement program to increase the efficiency of sub-optimal business processes.

I’m also actively involved in new business development, strategic tie-ups and other development activities.”

Ashish Mehta, Director-IT & Infrastructure (APAC & Middle East) Euronet Worldwide

“Moving to the role of a global

CIO would be my next step.

This shared services role requires collaborating with finance, HR, etcetera, and requires both an understanding of tech and strategy.” S. Narayanan, Group IT Manager–Infrastructure & Security, Hindustan Unilever

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

Paul Glen

staff management

WhatAbout My Feelings?

very IT person has had one of these just died on me.") Recognize the feelings in their If your staff wants to be situations. A user comes to you with tone of voice. Put yourself in their shoes. Then, good at working with nona problem. You fix it and announce, simply acknowledge what they're feeling by technical people, they have "Problem solved!" or "Case closed!" saying something such as, "This must be really to learn to expand their But you're met with a long, uncomfortable silence frustrating for you." When you do that, users feel ability to deal with both or a blank stare. It's an awkward moment that that you are trying to help them, as people, rather people's problems and you can end only by saying something like, "Well, than just tending to the machines. And when the let me know if there's anything else I can do for problem is solved and the case closed, speak to their feelings. Because you," before shuffling away, wondering where both the technical and experiential parts of the whether users ask for it or you went wrong. problem. Say something like, "It's working now not, they need help. Where we go wrong, more often than not, is and should make your life a whole lot easier." in handling the facts of a problem but not the Seriously—it's that simple. feelings that accompany it. The technology problem is solved, but the feelings that the problem aroused in the user—anger, Apologize with Dignity disappointment or frustration—are unresolved. Sometimes a simple apology will make the difference, even though I can imagine what you have to say to that: "Dealing with you have nothing to apologize for. It's not a sign of weakness to let feelings is not in my skill set." We geeks are adept at handling someone know you're sorry that they're experiencing discomfort the facts of people's problems and notoriously oblivious to their or inconvenience. It's not necessarily an admission of personal feelings. But if you want to be good at working with non-technical guilt either. Just say, "I'm sorry that this is so difficult." people, you have to expand your ability to deal with both. Whether they ask for it or not, whether they realize it or not, they need you Share Your Own Feelings About to help them resolve both to move forward. the Situation So why don't they just tell you that they're upset? Two reasons: It comforts people to know that they aren't the only ones who At work, people don't feel comfortable talking about feelings. It's might feel a certain way about a situation. Letting them know safer to complain about facts. And sometimes it's hard to put about your own experiences allows you to build a relationship feelings into words. People may not even be able to articulate the rather than conduct a transaction. When you say, "This has been nature of their disappointment. keeping me up at night too," you're sharing in the person's urgency I happen to think that geeks can handle these situations. We're and upset. problem-solvers, and if we just expand our definition of the Technical people who can navigate both facts and feelings are problems we solve to include both the facts and the underlying the ones that business people really want to work with. When you feelings, we can deal with them like any other difficulty. Relax; include the user's emotional life in your problem definition, you you don't have to be Dr. Phil. You just need to use some responsive become that magical person who can work with anyone. CIO words and send subtle signals that show you care. Here are three easy ways to do that.

A Kick Out of IT To learn more about how CIOs can take the drudgery out of IT read Making IT Fun Again on www.cio.in

c o.in

ma y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coloumn_Feelings.indd 26

Empathize Methodically Train yourself to recognize emotions that aren't explicitly stated. Listen to users' word choices. ("It

Paul Glen is CEO of Leading Geeks. His newest book is 8 Steps to Restoring Client Trust. Send feedback to this column to editor@cio.in

Vol/7 | ISSUE/07

5/11/2012 4:13:36 PM

One of the Best Pieces of Advice You Have Given Your Staff the th 125 issue special

“Keep an eye out for new things happening around you. Be open to new technology, new processes, and new ideas;

change is going to prevail.” Pratap Pat Joshi, GM-IT, JCB, India

“Do your job to the best of your ability, enhance and learn new—relevant—skills, acknowledge the positives in your team, be self-aware, be real with commitments, have trust in your abilities and—most importantly—have fun.” Dheeraj Sinha, Head-Global IT & Supply Chain, Apollo Tyres

“Take ownership, take responsibility. It’s not a job, it’s your life, it’s your career. Only if you are convinced, will you be passionate about your work. Staffers should have the freedom to decide their own benchmarks.” Yogesh Zope, CEO, Kalyani Technologies & VP-IT, Bharat Forge

“Keep your eyes and ears open, be flexible and receptive, and try

to wear the shoes of your users. One has to be aware of how new technologies can

help business.”

K. Karnatak, Sr. VP & Group CIO, RJ Corp

“Give immense importance to the quality of the code you write.

This has a ripple effect in lower costs and better customer experience.” Viraj Patel, Head-Technology, Bigtree Entertainment

“Always keep your commitments: We may cite a hundred reasons for not meeting our commitments, but the customer needs only one reason to stop business with us.” Dr. B.R. Reddy, Director-Operations, Natco Pharma

Vol/7 | ISSUE/07

Voices_BIG_IDEA.indd 33

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

5/11/2012 4:10:48 PM

Undercover Officer

Anonymous

In the Hot Seat One man’s adventure into the interviewing process for a CSO position.

he call came in early one morning and made it through my usually protective security screen in part because of her particularly pleasant first-name request to speak with me. Without much of an intro, the caller got right to the point. “Would you be interested in the CSO job of the millennium?” she inquired.

After establishing that this wasn’t some nutcase, but instead a headhunter familiar to those in our trade, I decided to play. “Tell me more,” I answered. So she laid it out as if she were offering me a winning lotto ticket. “With your credentials, you’d be a leading contender right out of the gate,” she cooed. “It’s for a company with a new CEO and CFO and a reinvigorated board concerned about integrity, data security, contingency planning. They recently had a very mean workplace violence incident,” she said. I started thinking about the security-related news over the recent past to try and home in on the company. No feedback from the fog. “So these people are serious about a really senior

Vol/7 | ISSUE/07

Anonimous_colunm_May2012.indd 3

guy, but do they know what a CSO title is all about?” I wondered aloud. “I’ve teed up the CSO bit with them, and it absolutely flies,” she told me. “They’re eager to make a statement about security in its broadest context. Are you interested?” “If you’ve vetted this job and think they’re serious, then sure,” I told her. “But keep it totally confidential. I’m very satisfied here.” “I’ll get back to you,” is how she left it. I didn’t hear a thing for a few months. Then another call came early one morning. “Sorry I was silent but, to your point, I wanted to confirm they’re serious about this job,” she said. “I’ve put yours and a few other CVs before their selection committee.”

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 2 6

5/11/2012 3:36:26 PM

Undercover Officer

Anonymous

Oh great, a selection committee, I muttered to myself. But I was more controlled in my response. “And the answer is...?” “You’re in the catbird seat!” she said as though announcing an Academy Award nomination for best supporting actor. Hmmm. Let’s hope not. “They want to see you ASAP.” I knew I’d have to put this to the wife who agreed to move here on my pledge to sink an anchor into the ground.

Getting the Whys and Wherefores My wife was predictably unenthusiastic. “You’re going where to do what?” she said without a hint of a smile. But the kids thought the new company was in an “awesome” area, and my own pathetic look must have led her to relent. “Go get this out of your system. But no promises!” So I started doing some homework over the next several days, which revealed some interesting facts. First, the workplace violence incident had caused some focus on security. But from the business press, it looked as if a couple of the newer audit committee members had read the SarbanesOxley tea leaves and wanted to play hardball. Other sources told me that the CEO and the executive vice president of administrative services wanted a higher-profile security exec to pull a more integrated program together. Or is it to take the heat? Note to self: Better make sure it’s the former.

One on One To learn more about interview etiquette, read 5 Must Dos in an Interview on www.cio.in

c o.in 28

MA y 1 5 , 2 0 1 2 | REAL CIO WORLD

Anonimous_colunm_May2012.indd 4

Security is just one horse at the trough. My responsibility would be to make you aware of the risks and to propose solutions. You could always decide to accept the risk, I told the EVP. When I arrive at the appointed hour and place, I’m immediately impressed with the initial approach. No star chamber, no apparent chairman. Just a comfortable room with everyone at one table. It’s clear that everyone has been well briefed on my background and experience. A good sign, I hope. I learn that the committee is composed of the head auditor, the chief legal counsel, the senior vice president of HR, the CIO and the executive vice president of administrative services. These are my primary stakeholders, so I do not pass if I blow it here. CIO: “You don’t have a technical background, but you have information security in your current job. How do you do so without that experience?” Me: “My employers expect me to be on top of the full range of risks in my playing field. They have given me the scope of risk oversight because we have discussed the linkages between the threats that confront global business today. That scope has come with an understanding that we need to have an information risk management capability with a team equal in strength to the risk we face in this area of business, which is significant.” I went on. “Our CISO has a clientele that wouldn’t give him the time of day without total confidence in his competence. We are partners with the business and our CIO. I’m the orchestra leader. He’s the principal soloist.” CIO: “Would you propose that we have information security under you here?”

Me: “Not at this point, or maybe not at all. It’s far too early to say what model I’d propose here. A lot depends on what works in your culture, how service units can most effectively serve and lead here.” Auditor: “Assuming you know about Sarbanes-Oxley, what role do you think security should play in our controls if any?” Me: “Frankly, most organizations haven’t taken enough time to think through a control model to create the most appropriate mix of players given the risk environment. I’m bullish on security being an equal partner in the governance team. Security is a lead player in addressing reputational risk with background vetting, third-party due diligence, internal investigations and vulnerability analysis. While not as headlined as audit, I think these are core processes in the evolving Sarbanes environment, which is about doing the right thing by our shareholders.” CFO: “We’re in the process of identifying every dollar that contributes to or detracts from our being more efficient and productive than our competitors. Security represents a relatively large cost center here, and still there’s a sense that we should be doing more. How would you propose to be a leader in cost management and containment?” Me: “I would get a fresh assessment of the risks facing this company on a global basis and demonstrate to you that we have unmet priorities to

Vol/7 | ISSUE/07

5/11/2012 3:36:26 PM

N N IT O OPE RA OW T S GI IS N E R OD RI E P

AWA R D S 2012 C O M P U T E RWO R L D & C I O

BEROAMERICAN december 2012 • madrid

r e g i s t r at i o n p e r i o d i s n o w o p e n s u b m i t y o u r a p p l i c at i o n at :

w w w. i d g . e s / p r e m i o s i b e r o a m e r i c a n o s

ER RL

W COMPUTER

ICANOS

MIOS 2 E 01 PR 2 I

D & CIO IB

O R E

Undercover Officer

Anonymous

address them. It’s incumbent upon the CSO to show that the company has a higher likelihood set of threats for which it is unprepared and find the most cost-effective solutions he can, reduce costs if possible and then convince you that the new expense is worth it.” CFO: “What if we shoot it down anyway?” Me: “Hey, security is just one horse at the trough. My responsibility would be to make you aware of the risks and to propose solutions. You could always decide to accept the risk.” HR: “We’ve had some issues with our security folks giving off a Big Brother sense to our employees. It doesn’t sit well in our culture and seriously impacts your department’s credibility. What would you do to restore confidence in security here?” Me: “Well, given that dark assessment, I would make that a very serious first priority because everything else I’d likely want to do here will depend on bottom-up confidence in our functions. So I would meet with employees at all levels to find out how they’re feeling about our services, what we do well and not so well. I believe in being a very close business partner with human resources and legal, so I would really suss out their perceptions of our strengths and weaknesses. And I’d be looking at our team’s competencies for things such as relationship management and influence. The bottom line is: If you’re right, then this is a serious challenge. And I can’t be a success if we can’t turn this around.” Chief Legal Counsel: “I was interested in your response about reputational risk. As I recall, you mentioned

background investigations. But we don’t do them here, and I’d be curious why you think we should.” Me: “Let’s start with the recent workplace violence case. Your local newspaper uncovered the information that the guy you fired for assaulting his supervisor had a long record of assaults, domestic violence, firings and substance abuse. That was easily and legally obtainable pre-employment information, and you didn’t even ask your job applicants for information that could be verified for such purposes. At my last two employers, one in five of all applicants had some material discrepancies in their personal history statements. In other words, they lied. Should you hire liars coming through the door? How would that look on the upper-right-hand corner of The Wall

I’ve peeled off a scab and started the bleeding anew. “This smacks of the goon squad approach I spoke of earlier,” he says. “Rather than addressing the culture and crisis in confidence, you’d propose we crank the hostility up a notch or two?” EVP (while checking his watch and waving off the HR guy): “Uh, how would you propose to add value to this organization?” Me: “This recruitment process tells me that you’re thinking seriously about security’s place in the health of this company. You are raising the bar. I will add value when I measurably help this team address where that bar needs to be to proactively manage the risks we know and those we have yet to identify.” It’s clear we’re done at this point. And as I’m saying my good-byes, I

The human resources guy’s body language speaks volumes. I sense I’ve peeled off a scab and started the bleeding anew. “This smacks of the goon squad approach I spoke of earlier,” he says.

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Anonimous_colunm_May2012.indd 6

Street Journal? I’m an unabashed fan of background investigations at the very least, for everyone in a ‘risky’ job. We can discuss that definition if you like.” HR: “I’ve got to wonder if we aren’t better off not knowing what we don’t really need to know.” Me: “The thing you’ve got to consider, with all the ethics issues before the public and regulators these days, is if the bar is being raised by your board and shareholders. Should you know about the integrity of your key people? Would there have been a different result if you had had a criminal history on this violent employee?” The human resources guy’s body language speaks volumes. I sense

notice that the HR leader has already ducked out. I play it all back on the way home and decide I’ve either blown it big time or, if not, I will have to get ready for some fireworks if I take the position. I can’t wait to get home and convince the wife that this would be a good thing to do. CIO

This column is written anonymously by a real CSO. Send feedback on this column to editor@cio.in

Vol/7 | ISSUE/07

5/11/2012 3:36:26 PM

Pravir Vohra

CIO Role

Three Keys to Tomorrow For the CIO role to move forward CIOs need to do three things: Make business their main focus, embrace change, and institutionalize innovation. That’s going to be easier said than done.

Illustration by P HOTOS.COM

ho is a CIO? In the eyes of most people, he oversees a company’s IT department, orders computer equipment, and even builds IT roadmaps. But let me dispel that myth for you. Today’s CIO is more than just a designation that’s centered around technology. Obviously, CIOs still have technical jobs but now, as technology has become essential to businesses, they have become key partakers of the business. Clearly, the focus of CIOs has shifted from operational excellence— which was in the spotlight for 15 years—to adaptability. One area that needs change is the idea—nurtured by IT leaders— that CIOs need to stick to one industry. It’s an idea that’s likely to get diminutive. Historically and today, in the eyes of the business, the role of a CIO has always been treated as being fungible between industries; they’re not concerned what industry CIOs are from. Even within one company, CIOs will have to move between functions if they want to contribute as much as they can. But CIOs need to remember that it’s one thing to understand a business’ process and another thing to understand business. It takes time to understand the ethos and the DNA of a corporation. But it takes even more time to comprehend business. And for this, they will need to learn multiple languages; business jargon to speak with business colleagues and SOA to speak to their IT peers. Not many of my colleagues want to hear about these changes that are expected of them, especially in the context of their careers. But, these changes are required if the CIO role is to evolve.

Going Places Until a while ago, CIOs identified themselves with order takers. To this day, I joke with my colleagues that one has to be better

Vol/7 | ISSUE/07

Coloumn_Pravir.indd 27

REAL CIO WORLD | M a y 1 5 , 2 0 1 2

5/11/2012 4:14:50 PM

Pravir Vohra CIO Role than a waiter at a fancy restaurant. I would advise all CIOs to treat legacy support functions as only a small part of their core responsibilities. Everything else they do should be focused on business. In fact, I find it impossible to understand how we CIOs can detach ourselves from business. Because, whether we like it or not, the line between technology and business is going to get blurred, it’s already happening. This is my advice because, at the end of the day, if our colleagues in business don’t see value in the CIO’s role, we will evolve more slowly—if at all. Shrugging and saying “that’s not my problem” is definitely not the attitude we should take. We will all be under pressure to morph. I have always viewed CIOs as midwives. Knowing the domain that one services and the technology to support it, makes the CIO the best person to deliver to the business. But CIOs usually don’t know what the market is doing—and that’s extremely critical for the evolution of the role. One of the reasons CIOs aren’t as business-savvy is because they don’t communicate very well with the business and we have e-mail to thank for that. The importance of the medium of communication between business and IT is extremely underrated. As a result, simple words become extremely complex. Even our use of cell phones demonstrates how little importance we give to the communication medium. Today, despite our increased focus on communication, we have staccato, one-word conversations over mobile phones. What happened to across-the-table meetings? What happened to face-time with customers? (To read how your global peers have benefited from meeting cutomers turn to page XX) These will improve the adversarial relationship between technologists and the business. Finally, if CIOs want to be more business-oriented, they need to improve their partnership skills. CIOs have created technology like a big black box. We extract power out of it and it makes us feel indispensable—but it doesn’t buy us trust. We’re not liked if we deliver a product which business doesn’t understand. I strongly encourage CIOs to step out of the narrow confines of 0’s and 1’s, get real and get involved in negotiations, conversations and getting results.

Adapting to Change There are two types of changes CIOs of the future need to get used to. First, the ability to adapt at an individual level, and second, the ability to bring about large changes successfully. Let’s take the second type of change first. The fear of change among enterprise users is irrational and has roots in our belief in certainties. We are animals of habit, which is why changing culture is the most difficult. We have managed large changes because IT absorbed much of the changes. And that’s why I believe that there’s only one way for IT to bring large changes to the enterprise: Absorb the sea of difference that changes bring and let users enjoy the benefits. 32

Coloumn_Pravir.indd 28

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

That said, those who are the most inimical of changes in technology are technology drivers. I've noticed that the biggest fight to a new idea comes from within technology. Any change that threatens IT’s coveted position or authority is met with resistance. That brings us to the first type of change; the one at the individual level. Let’s take a look at company acquisitions as an example. We believe that an acquisition will vaporize all our old relationships; that we will need to build new ones all over again. But is that true? The fact is technology is going to occupy less of a CIO’s time and aligning it with organizational agendas will become a

CIOs have created technology like a big black box. We extract power out of it and it makes us feel indispensable—but it doesn’t buy us trust. priority. But to bring about this change CIOs must develop the ability to consume, absorb and digest immense amount of change. Only then can they become catalysts of change

Institutionalizing Innovation New ideas bring new ways of working but that doesn’t mean CIOs should stop innovating. They still need to infuse innovation in their organizations. Questions like “should the CIO have a place on the table?” or “are CIOs important enough?” have been asked too many times in the past five years. Let me tell you this: You won’t get a place at the table simply because you carry a C-level tag but because somebody believes you deserve it. CIOs will have to add more to their charter than operational excellence; they need to drive innovation. But today, as technology leaders, we are so complianceoriented that we tend to ignore the art of business. People untouched by bureaucracy are open to possibilities while we are used to thinking within constraints. We need to bring in younger people in the thought process, be more tolerant of failure, and allow fresh ideas. Do not fight change, adapt to it. CIO

This column is based on excerpts from an address during the CIO Money Matters Symposium in February 2012 Pravir Vohra is group CTO, ICICI Bank. Send feedback on this column to editor@cio.in

Vol/7 | ISSUE/07

5/11/2012 4:14:50 PM

RISE OF BAITâ&#x20AC;? ALIGNING IT WITH YOUR BUSINESS GOALS

Shareholder Values Increased Scalability Improved Margins Robust Governance Business Values Increased Competitive Advantage Improved End user Experience Reduced Capital Expenditure

BUSINESS ALIGNED IT

HCL TECHNOLOGIES INDIA

bait@hcl.com www.hcltech.com

CUSTOM SOLUTIONS GROUP HCL TECHNOLOGIES

CIO 2 CIO

TOWARDS HIGHER GOALS AND BROADER HORIZONS Ajay Kumar Meher, Sr. VP-IT & New Media, Sony Entertainment India, speaks about how organizations can achieve business-IT alignment and make use of emerging technologies to stay ahead of competition.

AJAY KUMAR MEHER Sr. VP - IT & New Media Sony Entertainment India An industry veteran of close to 18 years, Meher has extensive experience in application deployment and process automation. In his current role, he heads the IT, New Media and Post Production for Sony Entertainment Television.

According to you, what will be the top IT trends in 2012? IT is one of the enablers of business growth today. Automating business processes and making them robust and flexible are, now, on top of the priorities list of CIOs. These priorities are interdependent because one cannot automate business processes if they are not flexible. On that note, any SOA-driven IT initiative that helps business, business process management tools (BPM) and business intelligence (BI) are some of the top trends today. These have been discussed by the management and IT for quite a few years now, but business processes have still not achieved the kind of flexibility required to drive growth. What are some of the new technologies that are shaping the entertainment industry? Since we are in the broadcasting industry, the emerging technologies we see revolve around digitalization of content and distribution. Distribution seems to be a lucrative option in the broadcasting vertical because it ensures reduction in undercount of subscribers which otherwise leads to revenue loss. However, this new business opportunity comes with its own challenges as well. Digitaliizing the content, making the distribution process smooth

and ensuring security are some critical areas that have to be given careful attention to. On the other hand, other trends that are increasingly gaining reception in this vertical are developing high definition (HD) content and delivering the same in different new media platforms such as tablets and Internet-enabled devices. These aspects are becoming more critical and increasing competition day by day. How does a CIO achieve alignment of IT with business goals? IT can neither be on the sidelines nor come up with its own strategies that donâ&#x20AC;&#x2122;t deliver business growth. Every IT strategy has to be aligned with the business strategy in the first place. Particularly in our organization, several business-critical initiatives, such as launch of new HD channels and content repurposing with respect to syndication of new media platforms, are taking place currently. What matters now is the speed at which these services are delivered. This is not just an IT challenge, but a business-oriented challenge as well. Therefore, IT goals and business goals have to complement each other in order to maximize revenue. Organizations have to take steps such as increasing their efficiency in order to achieve this. Also, the same steps are helping us ensure growth. Some of the strategies have already been fruitful for us and some are starting to show their impact on business. Can you share some examples of IT engagements aligned with business goals? One of the projects which is almost on the verge of completion is our broadcast management system. This project is automating the business process of ad-spot management, right from identifying advertising deals to fulfiment of ad-spots and invoicing them. This system creates the playlist on the basis of the best order to place the ads and is also inte-

grated with the playout automation module which plays the content automatically. Another project we are working on right now, in collaboration with HCL Technologies, is building a platform which can repurpose the content from our digital asset management system and publish it on a different new media platform effectively. We are also building a content management solution system (CMS) and a video portal with enhanced capabilities. These two projects would certainly add business value for the organization. How has your journey with HCL Technologies been, particularly in terms of driving core business benefits for your company? We have been working with HCL Technologies on the aforementioned projects. These projects involve a great deal of integration with different points of the new media platform. One is the digital asset management and another is content delivery network (CDN). Next comes the ad-serving network, followed by the broadcast management system. We are working hand-in-hand with HCL Technologies on these business-critical initiatives. With respect to the business benefits, the new media platform is expected to increase revenue, and HCL Technologies is bringing the core engine along with the publishing platform for this project. Our journey with HCL Technologies has been smooth because we are working together to fulfill some business-critical requirements, and they have understood this well. This Interview is brought to you by IDG Custom Solutions Group in association with

CUSTOM SOLUTIONS GROUP HCL TECHNOLOGIES

EXECUTIVE VIEWPOINT

RAISING THE BAR FOR PERFORMANCE MANAGEMENT

HCL Technologies’ ability to feel the pulse of verticals is its greatest strength while advising clients. The role of an Indian CIO has changed in the last couple of years. What is your take on that? In the wake of ever-changing business environment, organizations world over are increasingly adopting technologies to optimize resources for exploring newer business opportunities This has led to a new set of expectations from CIOs. They are now powerful business decision influencers who harness the power of technology to enable market re-alignment, enable faster time-to-market and foray into new markets and channels. For instance, a CIO of an insurance company would be interested in exploiting the power of mobile technology to create a near real-time claims processing application or using a product configurator to reduce time-to-market for a new product launch and thus achieve competitive advantage. Similarly, a CIO of a pharmaceutical company would be keen to deploy quality management solutions that help detect and track defects based on batch number or use forecasting and business planning applications that help reduce expiry losses. We see many Indian CIOs playing a key role in their organization’s growth, as part of business KRAs introduced in their work mandate.

the organization. Business intelligence, performance management, mobility, risk and compliance, and cost optimization are some key boardroom themes which are driven by CIOs. What will be the key mandate for CIOs in 2012 – 2013 from CEOs and CFOs? In many verticals, Indian organizations are growing at a faster rate than their western peers. CEOs of such robust companies are faced with the daunting challenge of maintaining and accelerating this growth rate over the coming years. CIOs are the change agents in this growth story, bringing technology closer to business. The mandate to a new-age CIO varies from one industry to another. For example, CIOs in the banking industry may have a KRA to get a 360 degree view of the customer to facilitate cross-sell/upsell of new services, while a CIO in the retail industry may have a mandate to achieve better demand planning so as to increase customer satisfaction. A manufacturing industry CIO may be asked to implement a robust manufacturing execution system, while a media industry CIO may be asked to facilitate growth in digital business by implementing a SOA (Service Oriented Architecture)-enabled back office. However, the common theme across industries is “how can technology usher better customer services and optimized operations?”

“CIOs are the change agents in this growth story, bringing technology closer to business.”

Do you see CIOs being involved in strategic decisions and boardroom discussions? Absolutely yes! From ‘back office contributors’ to ‘board room influencers’, CIOs across the world have travelled a long journey over the years. They now have an important place in boardroom meetings as they can align IT with business goals and help grow

How is HCL Technologies placed to help Indian CIOs achieve these tasks? HCL Technologies has been a pioneer in providing business-aligned IT solutions to

PRADEEP BINDAL President, Asia Pacific, Middle East & Africa HCL Technologies Pradeep heads the Asia Pacific, Middle East and Africa business for HCL Technologies, which has a vision to provide “Business Aligned IT Services”. Pradeep is associated with HCL since 19 years and has been a key member of HCL’s transformational journey.

more than 200 clients in India. To quote some real life examples, we are catering to a leading insurance company, providing them a single and centralized view across 50 million policies and helping them understand their customers better. As another example, we have a leading media house as our client where we have been able to optimize IT run-cost through strategic cost and performance management. Two major differentiating factors helping us to serve Indian clients have been our vertical focus and ability to understand industry problems. These have helped us in addressing the business needs of Indian CIOs – to serve end users in an efficient manner by using business-IT alignment and optimizing IT operations for better productivity.

This Interview is brought to you by IDG Custom Solutions Group in association with

Alternative Views

Staff management

Is Money the Best Way to Drive Employees? Is dangling money in front of your staff the best way to increase productivity and retain employees? Two CIOs debate.

don’t believe that monetary benefits are a great way to motivate or retain employees, or improve employee productivity and satisfaction. Various studies and research reports indicate that conferring big monetary rewards kill the zeal to think out-of-the-box. People become extremely focused on what they are supposed to do, and do it diligently because there is a monetary reward attached to it. Somewhere in the middle of all this, they lose their determination to attain something more meaningful and fulfilling. Providing monetary benefits is an easier route to take but like most shortcuts, it’s not very effective. Yes, investing in sustainable reward and recognition strategies requires significant time and effort, not to mention the urge to go the extra mile. But overall, creating a challenging and satisfying job environment would go a long way in retaining staff—far beyond the realms of monetary benefits.

Also, there will always be someone in the market—most likely a competitor—who can poach an important resource by offering a bigger, fatter, pay check. Money, unlike intangibles, is not available in free-flowing abundance. One cannot give a salary increase of 20-30 percent to their employees every year. There is a limit to that. Organizations need to look beyond that and find new ways of constantly challenging their staff. That said, I think rewarding employees with monetary benefits might work in oneoff cases when a CIO knows that an employee is going through financial trouble and needs assistance. But the motive there would be to make the employee feel that he is valued and his boss is not oblivious to his problems. I believe the ideal way to retain talent in a team and keep their enthusiasm levels high is to help them recognize their strengths and expand their horizons by providing exposure to new roles and responsibilities.

“Providing monetary benefits is an easier route to take but like most shortcuts, it’s not very effective.” Tarun Pandey,VP-IT,Aditya Birla Financial Services 36

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Alternative_Views_May2012.indd 34

Vol/7 | ISSUE/07

5/11/2012 3:35:27 PM

Alternative Views

Staff management

hether you accept it or not, it’s a fact that money makes the world go round. That statement is even more true when you’re talking about the lower level or the mid-tier of an organization. Perhaps, as one moves up the ranks, things like job satisfaction and the need for a more challenging job environment starts kicking in. But their position also leaves them with more time to worry about personal growth than pending bills. I’m not commenting about the global scenario here; I’m talking about India, where the mid-tier—that’s a majority of young employees—is constantly exposed to a capitalist consumer market. Also, the idea that having a lot of money and that a good designation determines a person’s value in society has been drilled into the mindset of mid-tier employees. People talk about nurturing talent and challenging employees, but the fact that most youngsters in this country still aim for the IIMs and IITs show that a highpaying job is largely the crux. One often comes across news stories which report the record packages that IIM students have bagged. But how many of those stories talk about the job profile or how well matched it is to an individual’s abilities?

“To rubbish the idea that employees don’t leave a job for money would be too impractical a statement to make.” Vijay Sethi,VP & CIO, Hero MotoCorp Let’s take a small example. At HeroMotoCorp, I take every initiative to keep my employees motivated. This includes sending them to collect awards on the organization’s behalf. Now, that itself is an elating experience for them. This is coupled with constant recognition for a job well done. But consider this: After giving them a star rating of 5 on 5 for their performance, if I declare that my team members will receive a certificate—instead of salary hikes—it wouldn’t be a pleasant situation to deal with. Having said that, I also agree that only monetary benefits are not going to keep the wheels turning. There needs to be a fine balance between both monetary rewards and recognition. But to rubbish the idea that employees don’t leave a job for money would be too impractical a statement to make. CIO

As told to Debarati Roy Debarati Roy is correspondent. Send feedback on this story to debarati_roy@idgindia.com

TRANSFORMING BUSINESS

THROUGH JUDICIOUS APPLICATION OF IT

IN THIS ISSUE

To follow business transformation in action, visit www.cio.in/transformers

Alternative_Views_May2012.indd 35

121 | CLEARING CHEQUES ON THE CLOUD Yes Bank embraces a hosted solution to implement Cheque Truncation Services (CTS).

126 |SURVIVAL OF THE FITTEST The role of CIOs are not confined to managing IT anymore opines Subhakanta Satpathy of Axis Bank. An IDG Custom Solutions Initiative

5/11/2012 3:35:29 PM

CUSTOM SOLUTIONS GROUP DELL

CASE STUDY

UST Global Gets More Power and Better Data Center Management Dell’s PowerEdge 12th generation servers help UST Global get optimal energy efficiency and maximize virtualization density. UST Global is a leading provider of end-to-end IT services and solutions for top 1000 companies globally. The company has a client-centric Global Engagement Model that combines local, senior, on-site resources with the cost, scale, and quality advantages of off-shore operations.

ENABLING INNOVATION BY SIMPLIFYING IT To stay innovative, UST Global realized that it needed to quickly adapt to changing demands, and the one way to do so was to spend less time on infrastructure maintenance and more time on business innovation. “We did not want complex technologies with complicated processes that required retraining our IT staff. We wanted a technology that simply works in our dynamic infrastructure, be it physical or virtual,” says Rinosh Jacob Kurian, Enterprise Architect, (IT Applications), UST Global. To keep up with this growth, UST Global was looking to improve the efficiency of their data center environments. Its data centers were under constant fiscal pressure, and it was important that the service provider make more efficient use of IT resources, streamline and automate operational tasks and leverage their existing investments. According to Kurian, “We were looking to get more out of the resources we had, enable better usage rates, and run our data center with greater efficiency.” However, this was not a simple task for UST Global, as all its data centers were already running on full capacity and were facing power and cooling challenges. Also, UST Global had its own campus build out which restricted expanding its existing capacity. Hence the company was looking to optimize its IT resources using virtualization and add an additional capacity of 1000 virtual servers, while ensuring that the energy footprint is reduced or at least remain the same.

The solution not only included a comprehensive approach to driving energy efficiency across the data center but also maximized virtualization density, offering 300 percent more virtual machines in the same physical space.

GETTING IT RIGHT The power efficiency features included advancements in Dell’s ‘Fresh Air Initiative’, energy smart design and the OpenManage Power Center, which resulted in significant power savings at the data centre for the service provider. “In fact, the average power usage is just 12 W per VM (6 for compute and 6 for storage),” says Kurian. Streamlining and automating operational tasks have also become extremely hassle free with the Dell Remote Access Controller (iDRAC7) with Lifecycle Controller 2.0. This helps UST Global simplify the lifecycle of deploying, updating, monitoring, and maintaining PowerEdge servers. “Dell seems to have got it right with the new agent free iDRAC technology offered with Dell 12G servers, which helps us eliminating

“ We think of the PowerEdge 12th generation servers as systems designed by us, and engineered by Dell.”

The Challenge: All Data Centers maxed out on Power & Cooling Own Campus Build out prevents existing capacity expansion Optimize by virtualizing to add capacity of 1000 virtual servers Keep energy footprint same or lower The Solution: Dell energy efficient Blade Servers Dell Compellent Storage for optimal Power Capacity Performance Dell consulting services The Success: Capacity Built out to 1000 servers High performance VMs (ERP virtualized) Average power usage 12 W per VM (6 for compute & 6 for storage) time consuming management tasks and streamlines the way we manage our systems, there by maximizing efficiency,” says Kurian By using the Fluid Data Architecture storage technology, UST Global is able to access the information it needs in a flash, and gain valuable insights from the huge amount of data. New innovations in PCIe solid state disks, data accelerators and scalable internal storage has provided significant improvements in the ERP, Business Intelligence and database performance for the service provider. “We think of the PowerEdge 12th generation servers as systems designed by us, and engineered by Dell,” concludes Kurian. This feature is brought to you by IDG Custom Solutions Group in association with

CHOOSING THE RIGHT SOLUTION With powerful processors, large memory footprints and big I/O pipes, Dell’s 12th Generation PowerEdge servers along with Dell Compellent storage was the ideal solution for UST Global.

DATA CENTER CONSOLIDATION

RINOSH JACOB KURIAN

Enterprise Architect, (IT Applications), UST Global

Disaster Recovery Customer Needs Business Continuity Virtualization Cost Optimization Career Big Data Analytics Users Strategies Tactics Management Staffers Business Intelligence Cost ROI Opex Capex Back Up Cloud Computing SLAs E-mail Applications ERP TCO CRM Vendors the th Niche products Advice CFO CEO Economy Slowdown Cost Imperative 125 P&L Forecasting Sales Products Hardware Bottom Line Change Manissue agement special IaaS Supply Chain Customer Experience Training Incentives Business Acumen Enterprise In-memory Relationships PaaS Long Term Goals Business-IT Alignment CISO Stakeholders Social Media Mobiles BYOD VDI Integration Consumerization of IT Best Practices Policy Governance Tablets Survey MDM Applications Store OS Cloud DR Outage Security Security Operations Use Cases Cloud Broker Manageabil Manageability Storage Drive Infrastructure Erasure Codes Semantic Data Models Hadoop Competition Disaster Recovery Customer Needs Business Conti Continuity Virtualization Cost Optimization Career Big Data Analytics Users Strategies Tactics Management Staffers Business Intelligence Cost ROI Opex Capex Back Up Cloud Computing SLAs E-mail Applications ERP TCO CRM Vendors Cost Imperative Niche products Advice CFO CEO Economy Slowdown P&L Forecasting Sales Products Hardware Bottom Line Change Management IaaS Supply Chain Customer Experience Training Incentives Business Acumen Enterprise In-memory Relation Relationships PaaS Long Term Goals Business-IT Alignment CISO Stakeholders Social Media Mobiles BYOD VDI Integration Consumerization of IT Best Practices Policy Governance Tablets Survey MDM Applications Store OS Cloud DR Outage Security Security Operations Use Cases Cloud Broker Manageability Storage Drive Infrastructure Erasure Codes Semantic Data Models Hadoop Competition Competition Disaster RecovRecov one hundred and twenty-five ideas from Indiaâ&#x20AC;&#x2122;s leading CIos and ery Customer Needs Business Continuity Virtualization Cost Optimiza Optimization Career Big Data Analytics Users Strategies Tactics Management Staffers Business Intelligence Cost ROI Opex Capex Back Up Cloud Computing SLAs E-mail Applications ERP TCO CRM Vendors Cost Imperative Niche products Advice CFO CEO Economy Slowdown P&L Forecasting Sales Products Hardware Bottom Line Change Management IaaS Supply Chain Customer Experience Training Incentives Business Acumen Enterprise In-memory Relationships PaaS Long Term Goals Business-IT Alignment CISO Stakeholders Social Media Mobiles BYOD VDI Integration Consumerization of IT Best Practices Policy Governance Tablets Survey MDM Applications Store OS Cloud DR Outage Security Security Operations Use Cases Cloud Broker Manageability Storage Drive Infrastructure Erasure Codes Semantic Data Models Hadoop Competi Competition Disaster Recovery Customer Needs Business Continuity Virtualization Cost Optimization Career Big Data Analytics Users Strategies Tactics Management Staffers Business Intelligence Cost ROI Opex Capex Back Up Cloud Computing SLAs E-mail Applications ERP TCO CRM Vendors

125 40

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 30

Vol/7 | ISSUE/07

5/11/2012 6:12:12 PM

on cs ack dors own anves rm iles licy DR bilels ntisers OI ERP EO Botce onders IT ons es des oviza izaent oud Cost &L ment ess als OD nce ty rive etiion cs ack dors

Cover Story

It’s easy to sum up the CIO role in three words: Business, leadership, technology. Like on our masthead. But that’s like defining Leonardo Da Vinci as a man—completely true but not wholly accurate. Why? Because those three words open up a galaxy of other descriptors (some not as nice as others). And in the last few years, that galaxy has expanded ever more. Master of analytics, king of cloud computing, safe keeper of information, interpreter of big data, and the list, which doesn’t account for the business and technology challenges that face CIOs, goes on. That is why in this special issue—one that celebrates the anniversary of our 125th edition—we put together the 125 ideas we—and many of the leading lights of both enterprise IT and India Inc—think are important ways to run IT, your department and your life, going forward. It isn’t a complete list; that would

42 48

What’s Driving analytics? Getting Storage Big Data Ready

Cloud DR: Sending mixed Signals

Easy Integration with the Cloud

Consumer Tech Takes Over

CEos on how to run IT and your life. be too ambitious. But it covers many of the most imperative issues in a CIO’s life today. The CIO role, as one of the features in this issue points out, has come a long way, very fast. Along the road—and even now— the Indian CIO has constantly redefined the benchmarks he is measured against, pushing always to bring forth the benefits of technology and cast IT as an integral part of the business. By any standards, it’s been an impressive, if steep, journey. But as technology marches on and new business needs fill the air, CIOs must push on. We hope that this issue will help.

Vol/7 | ISSUE/07

70 78

Customers F2F

Nabbing Insider Crime

Virtualization on Double Duty

Keeping IT Up

Beyond the CIO

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 4 1

5/11/2012 6:12:12 PM

Big Data Disaster Recovery

Analytics Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk management Virtualization Business

the th 125 issue special

What’s Driving CIos share the five IT trends that are transforming Advances in analytic technologies and business intelligence are allowing CIOs to go big, go fast, go deep, go cheap and go mobile with business data. Current trends center as much on tackling analytics challenges as they do on taking advantage of opportunities for new business insights. For example, technologies for managing and analyzing large, diverse data sets are arriving just as many

Reader ROI: Different trends driving the use of analytical tools Real-life use cases of analytics The benefits of analytics

By David F. Carr

organizations are drowning in data and struggling to make sense of it. Still, many of the cost and performance trends in advanced analytics mean companies can ask more complicated questions than ever before and deliver more useful information to help run their businesses. In interviews, CIOs consistently identified five IT trends that are having an impact on how they deliver analytics: The rise of big data, technologies for faster processing, declining costs for IT commodities, proliferating mobile devices and social media.

“Getting customers to help co-create our offerings is the future of competition. Big data capability can turn this vision into a reality.”

—Avinash Jhangiani, Head-IT & Digital, BIG Cinemas

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 32

Vol/7 | ISSUE/07

Cover Story

Analytics?

The Trends • Big data • Faster infrastructure • Falling costs • Mobility • Social media

how their companies process data to gain valuable business intelligence. Big Data Big data refers to very large data sets, particularly those not neatly organized to fit into a traditional data warehouse. Web crawler data, social media feeds and server logs, as well as data from supply chain, industrial, environmental and surveillance sensors all make corporate data more complex than it used to be. Although not every company needs techniques and technologies for handling large, unstructured data sets, Verisk Analytics CIO Perry Rotella thinks all CIOs should be looking at big data analytics tools. Verisk, helps financial firms assess risk and works with insurance companies to identify fraud in claims data. Technology leaders should adopt the attitude that more data is better and embrace overwhelming quantities of it, says

“In a fast-paced business like ours, in-memory can be very helpful because it enables us to analyze transactional data coming from various sources quickly.” —Sandeep Phanasgaonkar, CTO, Reliance Capital

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set1.indd 33

Rotella, whose business involves “looking for patterns and correlations between things that you don’t know up front.” Big data is an “explosive” trend, says Cynthia Nustad, CIO of HMS, a firm that helps contain healthcare costs for Medicare and Medicaid programs, and private businesses. Its clients include health and human services programs in over 40 US states and over 130 Medicaid managed care plans. HMS helped its clients recover $1.8 billion (about Rs 9,000 crore) in 2010 and save billions more by preventing erroneous payments. “We’re getting and tracking so much material, both structured and unstructured data, and you don’t always know what you’re looking for in it,” Nustad says. One of the most talked about big data technologies is Hadoop, an Open-source distributed data processing platform

originally created for tasks such as compiling Web search indexes. It’s one of several so-called “NoSQL” technologies (others include CouchDB and MongoDB) that have emerged to organize web-scale data in novel ways. Hadoop is capable of processing petabytes of data by assigning subsets of that data to hundreds or thousands of servers, each of which reports back its results to be collated by a master job scheduler. Hadoop can either be used to prepare data for analysis or as an analytic tool in its own right. Organizations that don’t have thousands of spare servers to play with can also purchase on-demand access to Hadoop instances from cloud vendors such as Amazon. Nustad says HMS is exploring the use of NoSQL technologies, although not for

“Decreasing technology costs is making it more affordable to store and analyze higher volumes of data than before.” —Nat Malupillai, Director Technology, Target Corporation

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 4 3

5/11/2012 6:12:17 PM

the th 125 issue special

its massive Medicare and Medicaid claims databases. These contain structured data and can be handled with traditional data warehousing techniques, and it makes little sense to depart from traditional relational database management when tackling problems for which relational technology is the tried and true solution, she says. However, Nustad can see Hadoop playing a role in fraud and waste analytics, perhaps analyzing records of patient visits that might be reported in a variety of formats. Among the CIOs interviewed for this story, those who had practical experience with Hadoop, including Rotella and Shopzilla CIO Jody Mulkey, are at companies that provide data services as part of their business. “We’re using Hadoop for what we used to use the data warehouse for,” Mulkey says, and, more importantly, to pursue “really interesting analytics that we could never do before.” For example, as a comparison shopping site, Shopzilla accumulates terabytes of data every day. “Before, we would have to sample data and partition data; it was so much work just to deal with the volume of data,” he says. With Hadoop, Shopzilla is able to analyze the raw data and skip the in-between steps. Good Samaritan Hospital, a community hospital in Southwest Indiana, is at the other end of the spectrum. “We don’t have what I would classify as big data,” says CIO Chuck Christian. Nevertheless, regulatory requirements are causing him to store whole new categories of data such as electronic

percent

Of Indian CIOs plan to implement analytical tools in 2012. SoUrCE: StatE of thE IndIan CIo

medical records in great quantities. Doubtless there is great potential to glean healthcare quality information from the data, he says, but that will probably happen through regional or national healthcare associations rather than his individual hospital. It’s unlikely he’ll invest in exotic new technologies himself. John Ternent, CIO at Island One Resorts, says that whether his analytic challenges are driven by big data “depends on how capital your B and D are.” But he’s seriously considering using Hadoop instances in the cloud as an economical way of running complex mortgage portfolio analytics for the company, which manages eight timeshare resort properties

“Telecom has become very personalized. The information from social media brings us closer to our customers.”

—Manoj Nigam, VP, CS-IT, Vodafone

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 34

across Florida. “That’s a potential solution to a very real problem we have now,” he says.

Business Analytics Get Faster Big data technologies are one element of a larger trend toward faster analytics, says University of Kentucky CIO Vince Kellen. “What we really want is advanced analytics on a hell of a lot of data,” Kellen says. How much data one has is less critical than how efficiently it can be analyzed, “because you want it fast.” The capacity of today’s computers to process much more data in memory allows for faster results than when searching through data on disk—even if you’re crunching only gigabytes of it. Although databases have, for decades, improved performance with caching of frequently accessed data, now it’s become more practical to load entire large datasets into the memory of a server or cluster of servers, with disks used only as a backup. Because retrieving data from spinning magnetic disks is partly a mechanical process, it is orders of magnitude slower than processing in memory. Rotella says he can now “run analytics in seconds that would take us overnight five years ago.” His firm does predictive analytics on large data sets, which often involves running a query, looking for patterns, and making adjustments before running the next query. Query execution time makes a big difference in how quickly an analysis progresses. “Before, the run times would take longer than the model building, but now it takes longer to build the model than to run it,” he says. Columnular database servers, which invert the traditional row-and-column organization of relational databases, address another category of performance requirements. Instead of reading entire records and pulling out selected columns, a query can access only the columns of interest—dramatically improving performance for applications that group or measure a few key columns.

Vol/7 | ISSUE/07

Cover Story

Technology Costs Less Along with increases in computing capacity, analytics are benefiting from falling prices for memory and storage, along with Open Source software that provides an alternative to commercial products and puts competitive pressure on pricing. Ternent is an Open-source evangelist. Prior to joining Island One, he was vice president of engineering for Pentaho, an Open-source business intelligence company, and worked as a consultant focusing on BI and Open Source. “To me, Open Source levels the playing field,” he says, because a mid-sized company such as Island One can use R, an Opensource application, instead of SAS for statistical analysis. Once, Open-source tools were available only for basic reporting, he says, but now they offer the most advanced predictive analytics. “There is now an Opensource player across just about the entire continuum, which means there’s tooling

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set1.indd 35

Thomson Reuters’ Social BI Play Thomson Reuters has made a major upgrade to its market feeds by adding analysis of content from social media sites. The Machine Readable News service now delivers traders with analytics from 50,000 news sites and four million social networks, in a format promised to be digestible and to highlight the key information. Analytics include sentiment, relevance and novelty indicators that capture market opinion, for algorithmic trading systems as well as risk management and human decision support processes. Thomson Reuters said the development would help traders to be better informed as they shape their strategies. Data can be aggregated at the stock, sector, market, and country levels to track sentiment on desired parameters. It can also be filtered to hone in on specific information sources, with tools spotting trends and anomalies. The new function will mine the “expansive wealth of social media and blog content”, Thomson Reuters said, delivering “digestible analytics on selected companies and market segments”. The News Analytics software is available as a separate system—or within Elektron, Thomson Reuters’ vast data and trading infrastructure. The new system uses information from supplier Moreover Technologies, an aggregator of global news and social media. Financial markets had seen a “dramatic rise in the volume and influence of industry blogs, social-networking and commentary websites”, Thomson Reuters said. Some 35 percent of quantitative trading firms are using machine readable newsfeeds, up from just two percent three years ago, according to Aite Group research. “Investment firms are embracing new data, tools and techniques to help make sense of the massive amounts of unstructured data available on the Internet,” said Rich Brown, head of quantitative and event driven trading solutions, at Thomson Reuters. “When properly analyzed and understood, this data can complement a firm’s trading and investment strategies and give it a competitive edge.” —By Leo King

available to whoever has the gumption to go and get it.” HMS’ Nustad sees the changing economics of computing altering some basic architectural choices. For example, one of the traditional reasons for building data warehouses was to bring the data together on servers with the computing horsepower to process it. When computing power was scarcer than it is today, it was important to offload analytic workloads from operational systems to avoid

degrading the performance of everyday workloads. Now, that’s not always the right choice, Nustad says. “With hardware and storage so cheap today, you can afford to juice up those operational systems to handle a BI layer,” she says. By factoring out all the steps of moving, reformatting and loading data into the warehouse, analytics built directly on an operational application can often provide more immediate answers. Hackney observes, however, that although

photograp hs by ro hit gupta, images an d dr lohia

Ternent warns that the performance benefits of a columnar database come only with the right application and query design. “You have to ask it the right question the right way for it to make a difference,” he says. Meanwhile, he says, columnar databases only really make sense for applications that must handle over 500 gigabytes of data. “You have to get a certain scale of data before columnar makes sense because it relies on a certain level of repetition” to achieve efficiencies.” To improve analytics performance, hardware matters, too. Allan Hackney, CIO at the insurance and financial services giant John Hancock, is adding GPU chips— the same graphical processors found in gaming systems—to his arsenal. “The math that goes into visualizations is very similar to the math that goes into statistical analysis,” he says, and graphics processors can perform calculations hundreds of times faster than conventional PC and server processors. “Our analytic people love this stuff.”

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 4 5

5/11/2012 6:12:19 PM

Cover Story

Cloud Computing

the th 125 issue special

the price performance trends are helpful for managing costs, potential savings are often erased by increased demands for capacity. “It’s like running in place,” he says. While Hancock’s per unit cost for storage dropped by 2 to 3 percent this year, consumption was up 20 percent.

Everyone’s Mobile Like nearly every other application, BI is going mobile. For Nustad, mobile BI is a priority because, like everybody, Nustad herself wants access to reports on whether her organization is meeting its service level agreements “served up on my iPad when I’m very mobile and not at my desk.” She also wants to deliver mobile access to data for her firm’s customers, to help them monitor and manage healthcare expenses. It’s “a customer delight feature that was not demanded five years ago, but is demanded today,” she says. For CIOs, addressing this trend has more to do with creating user interfaces for smartphones, tablets and touch screens than it is about sophisticated analytic capabilities. Maybe for that reason, Kellen dismisses it as fairly easy to address. “To me, that’s kind of trivial,” he says. Rotella doesn’t think it’s that simple. “Mobile computing affects everyone,” he says. “The number of people working off of iPads and other mobile devices is exploding. That trend will accelerate and change how we interact with our computing resources in an enterprise.” For example, Verisk has developed products to give claims adjusters access to analytics in the field, so they can run replacement cost estimates. That’s a way to “leverage our analytics and put it at the fingertips of the people that need it,” he says. What makes this challenging is how much more quickly technology changes, Rotella says. “Two years ago, we didn’t have iPads. Now everyone is running around with iPads.” With multiple device operating systems in play, “we’re trying to understand how to best leverage our development so we’re not writing these things three, four, five times over,” he says.

4 6 m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 36

percent Of Indian CIOs say that they aren’t interested in big data. Source: State of the Indian CIO 2011

On the other hand, the requirement to create native applications for each mobile platform may be fading now that the browsers in phones and tablets are more capable, says Island One’s Ternent. “I’m not sure I’d invest in a customized mobile device application if I can just skin a web-based application for a mobile device.”

Social Media in the Mix With the explosion of Facebook, Twitter and other social media, more companies want to analyze the data these sites generate. New analytics applications have emerged to support statistical techniques such as natural language processing, sentiment analysis, and network analysis that aren’t part of the typical BI toolkit. Because they’re new, many social media analytics tools are available as services. One prominent example is Radian6, a software-as-a-service product purchased by Salesforce.com. Radian6 presents a dashboard of brand mentions-tagged positive, negative, or neutral-based on Twitter feeds, public Facebook posts, posts and comments on blogs and discussion board conversations. When purchased by the marketing and customer service departments who use them, such tools may not require heavy IT involvement. Still,

University of Kentucky’s Kellen believes he needs to pay attention to them. “My job is to identify these technologies, see what the match is for the organization in terms of competitiveness, and start educating the right people,” he says. The university has the same interest in monitoring sentiment about its brand as any other business, but Kellen says he may also identify opportunities to develop applications specific to school concerns such as student retention. For example, monitoring student posts on social media could help faculty and administrators learn earlier when students are having academic trouble, much as Dell does when its support organization detects people tweeting about broken laptops, Kellen says. IT developers should also be looking for ways to build alerts generated by social media analytics into applications for responding to those events, he says. “We don’t have the know-how, nor the tools, go out and mine massive quantities of social media postings,” says Hackney. “But once you have the data, you need to be able to have enough information about events happening in the company to be able to correlate them.” While Hancock’s efforts in this area are “nascent,” according to Hackney, he envisions a role for IT in correlating the data provided by a social analytics service with corporate data. For example, if the social media data shows comments about the company in the Midwest are becoming more negative, he would want to see if the company has made price or policy changes in that region that might explain the trend. Finding such correlations could make a big difference in getting company leaders to believe in the return on investment of social media, Hackney says. “In my industry, everybody’s an actuary, everyone’s looking for the numbers—they don’t take anything on belief.” CIO

David F. Carr is a freelance writer based in Florida. Send feedback on this feature to editor@cio.in

Vol/7 | ISSUE/07

5/11/2012 6:12:19 PM

How Do You Keep IT Staff Continually Inspired to Excel? the th 125 issue special

“We run talent identification programs and entrust staffers with new responsibilities if they show expertise in other areas. We nominate

people to our global exchange program.”

“Creating healthy competition within the team is a way of

M. Suresh, Director-ADM Group, Hyundai Autoever Systems

inspiring team members to excel. I give a similar task to more than two people and let them know others are chasing something similar.”

“We organize training every six months. We

run global exchange programs and send staff to our locations in Hong Kong, Dubai, Belgium, and China.”

Satyanarayan B., CIO & VP, Dimexon Diamonds

P. Lamba, VP & Head-IT, Ballarpur Industries

“We give monetary incentives, send employees for training, and expose them to learning opportunities. The last

is based on their capability to handle different projects apart from their regular jobs, which keeps them motivated and gives them a break.”

Satish Kotian, Head-IT, Dewan Housing Finance Corporation

“We provide sponsorship for management development programs conducted by premier institutes. I also nominate them for seminars and training meant for technology upgradation.” S. Raghuna Reddy, SVP-IT, UTI Mutual Fund

“I employ three basic HR processes: Learning and development, reward and recognition, and engagement. We have mandatory certification annually, recognizing the best IT implementations, and weekly knowledge-sharing programs.” Subhasish Saha, CTO, Apeejay Surrendra Group

Vol/7 | ISSUE/07

Voices_BIG_IDEA.indd 35

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

5/11/2012 4:10:53 PM

Big Data Disaster Recovery

analytics Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk management Virtualization Business

the th 125 issue special

Getting Storage online photo site Shutterfly—which manages more Everyone is talking about big data analytics and associated business intelligence marvels these days, but before organizations will be able to leverage the data, they’ll have to figure out how to store it. Managing larger data stores—at the petabyte scale and larger—is fundamentally different from managing traditional large-scale data sets. Just ask Shutterfly.

Shutterfly is an online photo site that differentiates itself by allowing users to store an unlimited number of images that are kept at the original resolution, never downscaled. It also says it never deletes a photo. “Our image archive is north of 30 petabytes of data,” says Neil Day, Shutterfly senior vice president and chief technology officer. He adds, “Our storage pool grows faster than our customer base. When we acquire a customer, the first thing they do is upload a bunch of photos to us. And then when they fall in love with us, the first thing they do is upload a bunch of additional photos.”

Reader ROI: Why managing the petabyte-scale data stores is different from traditional large-scale data infrastructures. How to prepare

By Thor Olavsrud

“CIOs should pick one business problem. Then build a proof point with marketing, or customer service. Build a roadmap so that you know when or not to stop.” —Dr. Jai Menon, Group CIO and Group Director-Innovation & IT, Bharti Enterprises

` 4 8 m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 38

Vol/7 | ISSUE/07

Cover Story

The Size of Big Data • One petabyte is equal to 1 thousand terabytes. The archive of the first 20 years of observations by NaSa’s Hubble Space Telescope comes to a bit more than 45 terabytes of data.

Big Data Ready than 30 petabytes of data—shares its strategy for taming its big data beast.

To get an idea of the scale we’re talking about, one petabyte is equivalent to 1 thousand terabytes or 1 million gigabytes. The archive of the first 20 years of observations by NASA’s Hubble Space Telescope comes to a bit more than 45 terabytes of data, and one terabyte of compressed audio recorded at 128 kB/s would contain about 17,000 hours of audio.

Petabyte-Scale Infrastructure Is Different “Petabyte-scale infrastructures are just an entirely different ballgame,” Day says. “They’re very difficult to build and maintain. The administrative load on a petabyte or multi-petabyte infrastructure is just a night and day difference from the traditional large-scale data sets. It’s

like the difference between dealing with the data on your laptop and the data on a RAID array.” When Day joined Shutterfly in 2009, storage had already become one of the company’s biggest buckets of expense, and it was growing at a rapid clip—not just in terms of raw capacity, but in terms of staffing. “Every n petabytes of additional storage meant we needed another storage administrator to support that physical and logical infrastructure,” Day says. With such massive data stores, he says, “things break much more frequently. Anyone who’s managing a really large archive is dealing with hardware failures on an ongoing basis. The fundamental problem that everyone is trying to solve is, knowing that a fraction of your drives are going to

fail in any given interval, how do you make sure your data remains available and the performance doesn’t degrade?”

Scaling RAID Is Problematic The standard answer to failover is replication, usually in the form of RAID arrays. But at massive scales, RAID can create more problems than it solves, Day says. In a traditional RAID data storage scheme, copies of each piece of data are mirrored and stored on the various disks of the array, ensuring integrity and availability. But that means a single piece of data stored and mirrored can inflate to require more than five times its size in storage. As the drives used in RAID arrays get larger—3 terabyte drives are very attractive from a density and power consumption perspective—the time it

“Hadoop and social media can play a big role in analyzing unstructured data. The CIO needs to consolidate disparate data sets and use BI tools to derive business insights.”

“Big data helps us keep a competitive edge. As customer data grows there’ll be a significant shift in product usage that’s why big data solutions are important.”

—Daya Prakash, CIO, LG Electronics

—Alpna Doshi, CIO, Reliance Communication

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set1.indd 39

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 4 9

5/11/2012 6:12:25 PM

the th 125 issue special

takes to get a replacement for a failed drive back to full parity becomes longer and longer. “We didn’t actually have operational issues with RAID,” Day says. “What we were seeing was that as drive sizes became larger and larger, the time to get back to a fully redundant system when we had any component failure was going up. Generating parity is proportional to the size of the data set that you’re generating it for. What we were seeing as we started using 1-terabyte and 2-terabyte drives in our infrastructure was that the time to get back to full redundancy was getting quite long. The trend wasn’t heading in the right direction.” Reliability and availability is missioncritical for Shutterfly, suggesting the need for enterprise-class storage. But its rapidly inflating storage costs were making commodity systems much more attractive, Day says. As Day and his team investigated the potential technical solutions to getting Shutterfly’s storage costs under control, they got interested in a technology called erasure codes.

Next-Generation Storage With Erasure Codes Reed-Solomon erasure codes were originally used as forward error correction (FEC) codes for sending data over an unreliable channel, like data transmissions from deep space probes. The technology is also used with CDs and DVDs to handle impairments on the disc,

20 percent

Of Indian CIOs say they will implement big data in one year. SoUrCE: StatE of thE IndIan CIo 2011

like dust and scratches. But several storage vendors have begun incorporating erasure codes into their solutions. Using erasure codes, a piece of data can be broken up into multiple chunks, each of them useless on their own, and then dispersed to different disk drives or servers. At any time, the data can be fully reassembled with a fraction of the chunks, even if multiple chunks have been lost due to drive failures. In other words, you don’t need to create multiple copies of data; a single instance can ensure data integrity and availability. One of the early vendors of an erasure code-based solution is Cleversafe, which has added location information to create what it calls dispersal coding, allowing

“Semantic data models would play a role in some functions. It would definitely help marketing but not finance.” —Rajeev Batra, CIO, Sistema Shyam Teleservices

5 0 m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 40

users to store chunks, or slices as it calls them, in geographically separate places, like multiple datacenters. Each slice is mathematically useless on its own, making it private and secure. Because the information dispersal technology uses only a single instance of data with minimal expansion to ensure data integrity and availability, rather than multiple copies as with RAID, Cleversafe says, companies can save up to 90 percent of their storage costs. “When you go to put it back together, you don’t have to have every single piece,” says Russ Kennedy, vice president of product strategy, marketing and customer solutions for Cleversafe. “The number of pieces you generate, we call that the width. We call the minimum number you need to put it back together the threshold. The difference between the number of pieces you create and the minimum number required to put it back together is what determines its reliability. Simultaneously, you can lose nodes and drives, and you can still get the data back in its original form. The highest amount of reliability you can get with RAID is dual parity. You can lose two drives. That’s it. With our solution, you can lose up to six.” Erasure codes are also a software-based technology, meaning it can be used with commodity hardware, bringing down the cost of scaling even more.

Building Next-Generation Storage Infrastructure “Having identified the right technology, we went and looked at a number of different vendors who were providing solutions in that space,” Day says. “We looked at building it ourselves. But we felt that if we could find a company that was a pretty close match to our requirements, with a system that was reasonably proven, that would be a much better approach for us.” Shutterfly brought four vendors to its lab for evaluation and built prototypes of the storage device it wanted for its datacenter. Day says he was looking for

Vol/7 | ISSUE/07

An Interview Question You Like to Ask Staffers When You are Recruiting the th 125 issue special

“Can you give me one example of an initiative you’ve taken which has introduced substantial business benefits?

It’s one of the criteria to judge whether a candidate’s knowledge of business-IT alignment is good.” Zoeb Adenwala, CIO Global, Essel ProPack

“I’d ask for his professional expectations. From an

“What is your real motivation for change? And what do you expect to be doing in the next two years? The reason should

organization’s view what needs to be understood are his real reasons for looking out for a change.”

be genuine, otherwise the candidate could be a misfit and the business would waste time and money.”

Subhodip Bandyopadhyay, Director Organization Systems and Supply Chain, Carrefour India

Sanjay Saraswat, CIO-Carrier Business, Reliance Globalcom

“How do you plan to meet organizational goals? And what are your short-term and long-term aspirations?

A candidate should be able to visualize what he’s capable of based on industry requirements when he joins an organization.” Muralidhara H.S., Head SAP-Center of Excellence, TTK Prestige

“What do you find interesting about this job? This gives a very clear perspective about the candidate’s inclination and keenness for the job. This means

Vol/7 | ISSUE/07

Voices_BIG_IDEA.indd 37

“What is your people philosophy?’ I believe IT management is all about managing people. It

requires empathy, respect, fairness, and assertiveness. That’s

that the interviewee has done research about the company as well as the job.”

why people philosophy matters so much in a candidate.”

Rajat Sharma, President-IT, Atul

Jagdish Belwal, CIO, Tata Motors REAL CIO WORLD | m a y 1 5 , 2 0 1 2

5/11/2012 4:10:58 PM

Moment of Truth: One Thing You’d Like From Your Technology Provider the th 125 issue special

“I want them to take the initiative to understand

“Vendors need to understand that global templates that have worked wonders across the world might not fit my business. I’d like them to figure out how to make

my business’ needs and challenges and then offer me solutions—rather than

bringing me whiz-bang technology and trying to fit my requirements into the product’s specs.” Hitesh Arora, Director & Head-IT, Max New York Life Insurance

global practices palatable to my business realties.” Manan Chhatrapati, CTO, Hungama Digital Media Entertainment

“The ability to influence the delivery mechanism and deliver quicker than what was committed. A partner that can

understand and collaborate with me to achieve results with fast turnaround is more

likely to win my appreciation.” Ranendra Datta, VP-IT, SABMiller India

“Vendors will explain how other companies have benefited from their solutions. But they don’t share challenges. If only vendors could be straightforward, it would save us a lot of trouble during implementation and increase our trust in them.”

“Partners need to create more awareness about their complete portfolio,

rather than pushing products which are the latest launches.”

Atul Luthra, CIO, ABC Consultants

G. R. Pillai, CIO, Super Religare Laboratories

“If service providers take a ‘partner

approach’ rather than a transactional one, and adopt a mid-

to long-term view of their products, support and pricing strategies, it would bring in a salutary change the the procurement process!” Francis Rajan, VP-ICT, BIAL 52

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

Cover Story

Today, when a drive fails or goes offline, Shutterfly’s storage infrastructure can mark it as unavailable and route data around it while recovering data on that drive. Instead of an “all hands on deck” situation when a drive or a shelf fails, Day says his team can now simply note the failure and replace the affected infrastructure on a scheduled maintenance schedule.

performance, availability, fault tolerance and manageability. “We have a staff that does nothing but manage our image archive,” he explains. “One of the big concerns in 2010 was the growth we were seeing in our image archive. We were going to have to grow our staff relative to the growth of our image archive, and that wasn’t very attractive.” Day says the company he chose as the best fit for Shutterfly was mostly based on that company’s willingness to work with Shutterfly to tailor its solution to Shutterfly’s needs. The two companies started going through a series of progressive proofs of concept, including load and performance tests in Shutterfly’s lab. After Shutterfly was comfortable with the operational and performance characteristics, it placed a parallel storage infrastructure in production, directing a copy of all Shutterfly’s traffic to it. “Every image coming in the door was written to our legacy infrastructure and the partners infrastructure,” Day says. “We ran it for six months, including holidays.” The holidays are the peak season for Shutterfly, when many of its customers create photo books. Shutterfly brought the vendor’s storage solution into full production for its image archive in 2011 and has been using it as the primary image repository ever since.

The TCO of Erasure Code-based Storage “It’s fundamentally a software solution, allowing us to deploy on very, very costeffective hardware,” Day says. “That changes the whole picture from a total cost of ownership perspective for us. We have more flexibility dealing with hardware vendors and can guarantee that we’re getting the best possible price on the drives and the infrastructure that supports them.” Administering the storage pool has also been greatly simplified, Day says.

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set1.indd 43

“We can basically just add another brick of storage and it automatically gets added to whichever pool we designate it for,” he says. “Previously, we had to do some fairly interesting administrative gymnastics whenever we added additional storage.” Also, now, when a drive fails or goes offline, Shutterfly’s storage infrastructure is able to mark it as unavailable and route data around it while recovering data on that drive transparently. Instead of an “all hands on deck” situation when a drive or a shelf fails, Day says his team can now simply note the failure and replace the affected infrastructure on a scheduled maintenance schedule. “It’s allowed us to not grow [our staff] as quickly as we were previously,” he says. “We still do grow, but at a much slower rate than we did with the previous generation of gear. The daily maintenance workload has declined. Administrators get to spend more time on interesting proactive projects. Their workloads have shifted to what I would call additive work. It’s good from a growth perspective and a job content perspective.”

still be orders of magnitude larger than the average” he says. “One of the things that’s really interesting right now is in the last four or five years you’ve seen a bunch of applications and technologies enter the marketplace that make it possible to deal with very large datasets. Those are really exciting because they allow companies to gain deeper insights into their business by actually looking at the fine-grained data.” “That’s a positive move in the industry,” Day says. “We’re just at the very early stages of that coming into play. Another factor that’s pretty interesting is that as businesses do more with real-time customer interactions, with online, with mobile, they’re also generating just massive amounts of data. It’s now possible to analyze that data for really impactful business insights. But all of that depends on the ability to store massive amounts of data and do it reliably.” CIO

Store It and Insight Will Come While Shutterfly is an Internet company that deals with volumes of data that dwarf what most enterprises today have to deal with, companies across the board are storing ever-increasing amounts of data. “Our archive size in five years is going to look pretty pedestrian, though we’ll

Thor Olavsrud is a senior writer for CIO.com. Send feedback on this feature to editor@cio.in

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 5 3

5/11/2012 6:12:26 PM

Big Data Disaster Recovery

analytics Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk management Virtualization Business

the th 125 issue special

Cloud DR: Sending When it comes to DR, the cloud is a mixed bag. here’s how it has both lowered Reader ROI: The importance of thinking cloud DR through The connection between recovery and replication Why cloud DR is just one leg of your strategy

By Jeff Vance

“Our DR is hosted on the Amazon cloud. But our business suffered for 8-12 hours due to outage. So we decided to spread our data locations across continents. So, if servers in the US go down, we can move operations to Singapore.” —Animesh Singh, VP-Operatrions, BrickRed Technologies

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Cloud computing is slowly upending the disaster recovery (DR) market. Only a few years ago, disaster recovery meant one of two things: For large organizations, it necessitated huge capital investments; for the mid-market it meant backing up only the most important data to tape and shuffling it off to a secure location.

Actually, there’s a third thing. For many organizations, even today, DR means doing the bare minimum, crossing your fingers and hoping for the best. The cloud is changing all of that. On one hand, it is democratizing DR, making it affordable for even SMBs to sign up for DR services. On the other, the disruption is causing confusion, often giving companies a false sense of security and luring them into bad decisions. An SMB can take advantage of such free or cheap services as Dropbox, Box or SkyDrive, and many can confidently (and not incorrectly) say that this is a sufficient DR plan. In fact, what most organizations don’t realize is that part of their DR plan are the evolving habits of knowledge workers, mirroring what many SMBs are doing for DR. As knowledge workers become ever more mobile and rely on a growing array of mobile devices, they constantly move critical information out of corporate data stores and into their personal, cloud-based storage simply to make that data accessible from anywhere on any device. There are problems with this approach, obviously, but it means that if a disaster strikes, your sales team will likely have a customer list it can access. Public relations pros will have key press contacts at their fingertips, and developers will simply access their latest projects in the cloud, where they probably already had been.

Vol/7 | ISSUE/07

5/11/2012 6:12:27 PM

Cover Story

Best Practices • Remember that in a cloud outage, you are more responsible than your provider. • Use WAN optimization to overcome the bandwidth obstacle. • Create a question bank to find out whether your DR takes care of all your issues.

Mixed Signals

the entry barriers for dr and given businesses a dangerous sense of false security. What should be obvious to you by now is that even if you are wary of the cloud for DR purposes, you are already deeply entangled in cloud-based DR through your tech-savvy employees.

The Danger in Laissez-Faire DR Before you breathe a sigh of relief, thinking you’re more DR-ready than you’d previously imagined, remember that this laissez-faire DR may work out when you’re hit by run-of-the-mill outages, such as a brief power blackout, but if a real disaster hits, you could still be in deep trouble. “When I lived in Florida, my organization had to rebound after a hurricane. We learned quickly about the things we hadn’t planned for but should have,” says Daniel Neufeld, vice president of information systems for long-term care provider Leisureworld Senior Care. Neufeld’s organization originally felt lucky that it was no longer tied to the corporate PBX for voice. “We thought we’d just move over to our mobile phones, but that plan didn’t work out for long,” he says. They hadn’t realized that many cellular towers don’t have battery backup. And let’s not forget that all of this employee-driven, de facto DR butts up against another looming issue: Data loss. Sure, having critical data stored in Dropbox may save CIOs when a disaster

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set1.indd 45

hits, but it could just as easily get a CIO fired if that Dropbox account gets hacked or a key sales manager quits after having poached all the data he needs in order to take his accounts with him to his new job. A more pervasive and dangerous laissez-faire DR mistake is simply believing that your cloud provider will handle data backup and recovery for you. “When Amazon had downtime, customers were up in arms,” says Jon Beck, senior vice president of worldwide channels and alliances for OpSource, a provider of enterprise cloud and managed hosting services. “There’s not a service provider on the planet that won’t have an outage someday. What was interesting about the Amazon outage is how many big-name customers didn’t have a disaster recovery plan in place to either move data to other availability zones or to other providers.” Don’t blame your cloud provider. Blame yourself.

The Cloud Marries DR to Data Replication The problem with DR plans that involve moving data to other zones or providers is that the public Internet isn’t built for shifting huge chunks of data around on a moment’s notice. If mission-critical data still resides in on-premises servers, most small- to mid-sized organizations don’t have the bandwidth in place for real DR,

nor do they have the budget available if they wanted to add it. Both OpSource and Leisureworld overcame the bandwidth obstacle through WAN optimization, with OpSource using the cloud-based WAN optimization service from Aryaka and Leisureworld using Riverbed’s Steelhead appliances. Interestingly enough, neither OpSource nor Leisureworld was thinking about DR when it deployed WAN optimization. “A couple of our customers [including SaaS companies Xactly and Accept Software] started using Aryaka to replicate data from our East Coast to West Coast datacenters,” Beck says. “One of the great things about the cloud, with its elasticity and flexibility, is that you don’t need to have separate conversations with vendors about data replication and disaster recovery. Those discussions get merged. You’re no longer forced to have assets at one end sitting idle waiting for a disaster to happen. You can be using additional capacity for data replication between two sites, but in the event of a disaster, you can spin up compute assets in the secondary site on demand.” Neufeld of Leisureworld Senior Care had a similar experience. He deployed appliances to overcome bandwidth limitations and replicate data from nursing and retirement homes back to the home office. Each home only has a cable modem

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 5 5

5/11/2012 6:12:28 PM

the th 125 issue special

or DSL connection. Once the appliances were in place, Neufeld was able to deploy the virtual backup solution from Veeam. “Without WAN optimization, we wouldn’t have had the bandwidth for this,” he says.

What the Cloud Does— and Does Not Do—for DR The cloud is putting DR in reach of even the smallest organizations. SMBs may not have the time or IT savvy to sketch out a full-blown DR plan, but they can certainly sign up for cloud-based backup and recovery solutions. For the mid-market, more involved DR is also in reach, often augmented by WAN optimization and a variety of cloud-based services. The short list of benefits that come from moving DR into the cloud includes lower TCO, the ability to consume DR as a service, the ability to get DR as an add-on to data replication and the fact that DR is dovetailing with mobility. If you’re a small organization that doesn’t have to pass compliance audits every year, simply signing up for a cloudbased backup and DR service may well be sufficient for you. However, if your organization is larger and regulated, you’ll need to put a lot more thought behind those DR plans, and many large organizations still haven’t done this. Consider this scenario: The vacant lot next to your building has been sold, and a construction crew has moved in to start building a new office tower. This has nothing to do with your DR plans, right? Wrong. “If there’s a construction site near you, or especially if there’s construction in your building, we recommend to our clients that they get a rider on their insurance policy in the event that they’re displaced as a result of the work being done,” says Ginnie Stouffer, a master certified business continuity professional with IDC Partners, a business continuity firm in King of Prussia, Pennsylvania. Construction workers could spark a fire, cut a buried power line or break through a

5 6 m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 46

“When I was with Airtel, its customer support was outsourced. The Mumbai floods took our call center down. But thanks to our cloud-hosted DR site, we were able to resume BPO operations in two hours.” —Selvam K., Group CIO, S Tel

“We have project sites across India. All our business critical apps are hosted over a private cloud. A public cloud provider can’t guarantee less than twohour downtime unlike an onpremise DR.” —L. Prasad, Head- IT, Kivar Environ

“Over two years I’ve seen a sea change in the Indian DR solution arena—probably due to cloud adoption. Yet, DR in most Indian companies still depend on onpremise infrastructure. —Deepak Madan, aVP & Head-IT, mantri Group

natural gas line. Any of these events could disrupt power or force nearby businesses out of their buildings. Stouffer noted that most businesses are underinsured for disaster recovery—something the cloud will certainly not help you with—and even those with DR plans in place may forget to scrutinize the fine print. What happens if you need to install new servers for an on-premises system? Will you be able to get the gear in a day or two? If not, can your business afford to be down for however long it takes? Many businesses will fail if they are offline for three or four days. Equipment providers offer quick-ship agreements that you have to sign up for ahead of time. Has your organization signed up for one? If not, does it have a third-party provider in mind that can deliver gear quickly? Even if you are in the cloud and don’t have to rebuild your own servers, have you thought through what a disaster really means? “All the cloud provider does is keep the servers running,” Stouffer sags. “It doesn’t provide you with office space in an unaffected nearby town. It doesn’t give you directions to that office. Most providers fail over from disk to disk. Do you want tape as part of the disaster recovery solution? Is your data being replicated to a different region? After [Hurricane] Katrina, we know how important that is.” In other words, the good news is that the cloud has made DR affordable for business of all sizes. The bad news is that cloud-based DR just scratches the surface, and many organizations, whether consciously or not, are doing little more than scratching the DR surface. CIO

Jeff Vance is a Los angeles-based freelance writer who focuses on next-generation technology trends. Send feedback on this feature to editor@cio.in

Vol/7 | ISSUE/07

Big Data Disaster Recovery

analytics Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk management Virtualization Business

the th 125 issue special

Easy Integration CIos say integration with existing systems is a big worry about going cloud. Just two weeks after Mohawk Fine Papers made the decision to sell its products on Amazon.com, things were looking good for the company: Integration work was complete, connections to its ERP system had lit up and sales were rolling in. “Amazon generated tens of thousands of dollars in revenue immediately,” says Paul Stamas, vice president of IT at the $300 million (about Rs 1,500 crore), 725-employee manufacturer of premium papers.

Reader ROI: Benefits of working with a cloud-based integration partner Rise of the cloud broker The impact of this trend on monolithic systems

By Robert L. Mitchell

Best of all, the data integration project, which cost less than $1,000 (about Rs 50,000) to get off the ground, required no in-house investment in integration tools or staff resources. Instead, cloud-services provider Liaison Technologies performed the integration work and then set up—and currently manages—the connections through its cloudbased service. Two years ago, a project like this would have been handled as just another point-to-point EDI integration.

“The biggest service a third party cloud integrator provides is the ease of manageability of different public clouds. Since cloud services are pay-per-use, a cloud integrator regulates the use of the service.” —Ajay Kumar Meher, Sr. VP-IT & New media, multi Screen media

5 8 m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 48

Vol/7 | ISSUE/07

Cover Story

Benefits of Working with Cloud Integrators • It lowers in-house investment • It in integration tools or staff resources. • It shrinks turnaround time. • It • It cuts the number of projects • It you put on the backburner.

With the Cloud fine papers used cloud-based integration partner—and saved millions.

But the Amazon deal and the 100-plus other business-to-business connections that Mohawk has set up through Liaison over the past 18 months represent the culmination of Stamas’ vision to create what he calls a “service-oriented architecture in the cloud.” The model has allowed Mohawk to quickly and inexpensively set up new business relationships without worrying about the technical details, thereby producing new revenue opportunities and millions of dollars in cost savings. “SOA was the answer because it works based on the concept of loosely-coupled services, and geography doesn’t matter,” Stamas says. He briefly considered building an SOA in house, but “my head was spinning at the costs and complexity,” he says.

So, early in 2010, he began working with Liaison on his idea. Since then, the services that Liaison provides have moved beyond straightforward provisioning and management of B2B data mapping and EDI connections. Liaison now handles all connections, whether they’re between on-premises applications, from on-site systems to the cloud or cloud-to-cloud. Recent projects include a process by which another cloud service provider, StrikeIron, provides up-to-date currency exchange rates to Mohawk’s on-premises ERP system at the time of invoice for international orders. Another inserts freight costs into each customer order on Mohawk’s website by way of cloud-based transportation logistics service broker Mercurygate. And a Web service created by Liaison checks Mohawk’s websites and

its ERP system to ensure that items are in stock and relays availability information to customers before they place their orders. “We have over 30,000 of these checks a month and they happen in real time, synchronously, in two to three seconds,” Stamas says. Liaison serves as the intermediary for every type of transaction, performing the necessary integration and data management work with Mohawk’s customers, suppliers and other business partners. The vendor also presents the connections as services for Mohawk to use as it wants, and offers a business activitymonitoring tool that keeps tabs on service levels from end to end. “With Liaison, all types of data integration flow through the same serviceoriented infrastructure, all [data] payloads

“I turned to a cloud integrator to take care of my needs for integration, security, and SLAs in the cloud. We were entering a new platform and we needed the required expertise. “

“A cloud solution provider should not only suggest the right architecture and solution, but also offer validation of the services available.”

—Mehriar Patel, CTO & Head–IT, Globus Stores

—Charan Padmaraju, CTO and Co-founder, redBus.in

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set1.indd 49

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 5 9

5/11/2012 6:12:39 PM

the th 125 issue special

are defined as services, all interactions are managed via Web services, and all integrations use a publish-or-subscribe model” in which services are either provided or consumed, Stamas explains. “They have the tools and platforms, the enterprise service bus, messaging bus and service registry—all of the components of a service-oriented infrastructure. It’s a foundation on which we build our own unique integrations.”

The Rise of the Cloud Broker Liaison is on the leading edge of an industrywide trend in which traditional providers of managed B2B services are becoming what Gartner analyst Benoit Lheureux calls a cloud services broker, or CSBs. In addition to offering data integration and customization services, CSBs provide an aggregation point for all types of business partner interactions. The differentiator for Liaison is that it has the in-house expertise necessary to perform integrations quickly, and it can draw upon thousands of integrations it has already built, Lheureux says. Competing vendors are starting to move in that direction as well. Gartner estimates that by outsourcing to a CSB, small and midsize businesses can save 20 percent to 30 percent over what it would cost to do the integration work internally. But there’s more to it than saving money, says Lheureux, explaining that such spending is now an operational expense rather than a capital expense.

49 percent

Of Indian CIOs say that integration is among their top-three public cloud challenges.

SoUrCE: CIo CloUd CompUtIng SUrVEy 2012

This setup could work for large companies, too. “If you’re good at B2B and have the economies of scale, it’s not about savings. It’s about what are your required internal core competencies?” he says. Since 2008, many CIOs in large businesses have been asked to scale up their B2B efforts but lack the capital or head count to do it. “A lot of them don’t even know that they have an option to outsource,” Lheureux says.

Mohawk’s SOA Model B2B integration traditionally has used a messaging approach to synchronize data,

“When we rolled out our cloud across the globe, we faced many challenges. A cloud consultant who can work with diversified and geographically dispersed set up is a definite advantage. “ —Manoj Sharma, VP, IT, Jones Lang La Salle

6 0 m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 50

but Mohawk uses a services-based model. Integration workloads are managed by two Web services: One at Mohawk and one at Liaison. Because Mohawk’s IT organization has been abstracted away from the technical aspects of creating and maintaining all the different types of connections, Stamas says his group can focus on working with the business to develop new business models and connections with new business partners—and that’s good for IT. Tony Hunter’s job is to pursue those business models. As Mohawk’s IT manager and business process architect, he helps to identify opportunities for the business and presents Liaison with the specifications. Right now, for example, he’s working on connecting Mohawk’s e-commerce website to a cloud-based service that provides realtime information on freight costs. Mohawk currently offers UPS and FedEx options on its website, but those aren’t the best-priced services for some customers. For instance, “less than truckload” (LTL) freight tends to be less expensive than UPS or FedEx for orders over 150 lbs. “We are losing order opportunities because of [not offering] a freight cost,” says Steve Giangiordano, Mohawk’s manager of accounting services. So Hunter created a specification for a Web service that pulls LTL freight charges from Mercurygate’s cloud-based freight brokerage service and presents the data in the customer’s order on Mohawk’s website. “They hit a function key and they know right away what the LTL rate is. It’s amazing,” Hunter says. “Once we have that in place, the problem will go away.” Mercurygate is a CSB like Liaison, but it provides freight data in the cloud, and on demand, rather than integration services. Using a CSB has also improved security, Stamas says, because everything flows through a single point by way of a VPN connection. “Inside the cloud, they have all of the data security precautions you’d expect from a PCI standardscompliant datacenter,” he says, adding

Vol/7 | ISSUE/07

What Has Been Your Biggest Achievement This Year? the th 125 issue special

“I’ve steered SAP acceptance through the company’s end users. Their increasing dependency on SAP standard

reports reduced dependency on erroneous Z reports. We now have accurately defined KPIs/KRAs and measure them periodically.” V.J. Rao, CIO, Viraj Steel

“We faced a totally unexpected digital media attack last year and management was concerned about the

proliferation of negative news over digital media.

We then pawned the entire fiasco and worked towards gaining trust back within a month using social media tools.” Jayakumar M., Head-IT, Eastern Condiments

“The widespread acceptance of a shared services model for IT in our new group, that’s spread worldwide. We’re now working on the transformation process for other groups.” Rajesh Mohan, Joint President-Information Technology and Systems, Binani Industries

“I’ve enabled the delivery of business change initiatives.

I’ve ensured these initiatives are sustained for at least five years to make tangible impacts.” Sriram Krishnan, Exec. VP-IT, ING Life Insurance

“We enabled crossplatform integration.

This allows groups to interact seamlessly regardless of location, moving projects faster, boosting growth, and cutting costs.” Arvind Saksena, Sr. VP Support & Services, Consilium Software

“We’ve achieved immense scalability and

reliability in a very little time. Today, SMS Gupshup is the largest SMS-based communication platform in India and handles over 3 billion SMSes a month.” Vishwanathan Ramachandran, CTO, SMS Gupshup

Vol/7 | ISSUE/07

Voices_BIG_IDEA.indd 41

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

5/11/2012 4:11:04 PM

In Your Role as an IT Leader, What Has Been Your Greatest Learning Till Date? the th 125 issue special

“Cricketers change strategy when the game changes its pitch. It isn’t different for CIOs. I’ve learnt

“CIOs need to perform a fine balancing act and work among different sets of people. I have learnt to focus on the interplay

that delivering means helping business sell a product while adapting to

technology changes.”

Sanjeev Saxena, Head-IT, IFB Global

between managing IT processes and the need to

“Long business projects are like big waves and have long-lasting benefits whereas short projects are like small tides which promise incremental benefits. Don’t lose sight

of the tide in search of waves!”

lead people.”

Guruprasad Murty, VP-IT & IS, Microland

Muthu Kumar, GM-IT, Moser Baer

“Aligning IT to business during an economic downturn was a great learning. I’ve learnt that business

measures value with two parameters: Increase in revenue and a reduction in cost.”

Vijay Mahajan, VP-Center of Excellence & Infrastructure Projects, Corporate IT, Mahindra Shubhlabh

“Amid regular upheavals, and in a competitive market like today, user expectations haven’t diminished. I am still learning to manage expectations without compromising quality.” Subramanian Chittur, Head-Systems, Metro Cash & Carry

“Threats and vulnerabilities are getting extremely dynamic and complex. I’ve learnt that ensuring robust

security posture needs an integrated focus on people, processes and technology. This runs against a siloed approach.”

Sunil Varkey, Head Information Security, Aditya Birla

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

Cover Story

Gartner estimates that by outsourcing to a cloud services broker, small and midsize businesses can save 20 percent to 30 percent over what it would cost to do the integration work internally. But there’s more to it than saving money, says analyst Benoit Lheureux, explaining that such spending is now an operational expense rather than a capital expense.

that Liaison supports the AS2 communications standard, as required by Mohawk’s bank. “Going through a single point gives you an extraordinary benefit in securing transactions. The alternative is anarchy— people doing this through Web browsers, coming in through Port 80 and poking holes in your firewalls.” The benefits of hosting a service-oriented architecture in the cloud don’t come without risks, and Stamas does have two concerns. One is vendor lock-in. “If Liaison drops out of site or becomes too big, what happens to our intellectual property and the integrations we count on? It’s a real concern,” he says. Another is whether the cloud service provider can keep up service levels as Mohawk’s transaction volumes and customer base grow. While Mohawk has service-level agreements, he says, “the technical details of their underlying infrastructure are hidden from me.” Can Liaison scale effectively? “If we’re twice as big in a year, can they handle the volume? I don’t know,” he admits. Liaison CTO Bruce Chen says his company has 50 percent more capacity on hand than its customers need and has a distributed, service-based architecture that scales rapidly. But Gartner’s Lheureux says the technology that keeps data flowing is just one part of the business. Growing the professional services and managed services that make up the bulk of the company’s revenue means scaling up people, methodology and expertise. “The cost is not in the mapping tools or processors in the cloud. It’s in the people,” Lheureux says. As a hedge, Mohawk retains a copy of all of its translations and mappings. The information is managed using Liaison’s Contivo technology, a tool designed for high-end mapping and best practices. The intellectual property that Mohawk receives from Liaison is better than

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set1.indd 53

what it might receive from other service providers because Contivo makes it easy to re-deploy or re-purpose data maps in different technology infrastructures, Lheureux says. Nonetheless, porting to a new platform would be painful. “You can’t just pick it up and drop it on another platform,” he says. But for Mohawk, the benefits outweigh those risks. The low cost per integration and the rapid turnaround have given the company the agility to create new business relationships and build business processes on a trial basis. Mohawk can do all this without worrying about the investment of time, money and other resources required to do the integration work. And because its costs are lower, Mohawk can tackle smaller projects that it wouldn’t have considered before. Stamas points to the StrikeIron integration as an example. “It is a small little Web service,” he says, noting that in the future there may be hundreds—or thousands—of such initiatives.

End of Big IT Architectures? Stamas sees this as the beginning of the end for monolithic enterprise applications. “They’re beginning to break apart into pieces. Rather than monolithic systems like SAP and Oracle, an ecosystem of cloud services will be interoperating with other workflows and processes that can be anywhere,” he says. For example, Stamas explains, “our ERP is the system of record for financials, but

much of the functionality resides outside the system.” Orders entered via websites and CRM, expense management and HR systems are handled in the cloud, and advanced capabilities such as planning, scheduling, transportation, supply chain, asset management, manufacturing execution and warehouse management are performed outside the ERP software. Today, 60 percent of Mohawk’s IT portfolio resides outside the ERP system, up from 10 percent five years ago. “I see this rate accelerating,” says Stamas. In such a setup, “your ERP system may call Web services at StrikeIron for a currency conversion, and UPS or FedEx for a freight rate,” he says. “Then it may check inventory for an item at a customer or supplier” or ping other sites to perform credit checks, calculate sales tax, approve a credit card payment and more. As the financial bar has been lowered and turnaround times shortened for executing on such integrations, the number of projects at Mohawk has increased. “We can bring in a third-party manufacturer or logistics provider at the drop of a hat. That’s what’s fueling revenue generation,” Stamas says. “If it costs us $1,000 to try something, why not try it? If it doesn’t work, we just throw it away.” CIO

Send feedback on this feature to editor@cio.in

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 6 3

5/11/2012 6:12:40 PM

Big Data Disaster Recovery

analytics Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk management Virtualization Business

the th 125 issue special

Consumer Tech many forward-looking businesses are accepting, even embracing,

Reader ROI: Best practices to create the right consumer tech environment How to balance freedom and governance

If your IT department is resisting the “consumerization” trend, it’s in the minority. Recent research shows that most enterprises are proactively addressing this trend and the new relationship between IT and users that often accompanies a consumer IT strategy. What do they know that you don’t?

Why security isn’t that big a deal

By Bob Violino

“Employees believe that even if the device is theirs, IT should lend its support. Framing a policy that strikes a balance between employee freedom and corporate security is one of the toughest challenges.” —Jayantha Prabhu, Group CTO, Essar Group

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Many of the fears regularly expressed by some technology and business executives—often related to information security in the mobile environment—can be effectively addressed through technology and policy. A recent survey by the consultancy Avanade found that 60 percent of the companies surveyed are adapting their IT infrastructure to accommodate employee’s personal devices, rather than restricting use of such devices. Also, 91 percent of the executives say their IT department has the staff and resources needed to manage the use of consumer technologies. In that environment, resistance really is futile. As your organization moves to consumer-based technologies such as tablets and smartphones, cloud services, a mix of PCs and Macs, and social networking, here are six critical practices to help create the right environment to make both IT and the business happy.

Step 1: Create a Culture That Welcomes Consumer Tech How can your organization ensure it gets the most out of consumerization and users have the freedom they need while at the same time maintaining appropriate control? Perhaps the first move the organization needs to make is adjust its cultural orientation and attitudes from one of zero tolerance on consumer technologies to one of intellectual curiosity and business

Vol/7 | ISSUE/07

5/11/2012 6:12:41 PM

Cover Story

Takes Over

Best Practices • Create a culture that welcomes consumer tech. • Focus on policy-based governance. • Implement MDM. • Tap into your employees for app ideas. • Get over security skittishness around ByOD • Build an app store that appeals to users

consumer technology. are you? here are six steps that will help you get there. opportunity, says Frank Petersmark, former CIO of Amerisure and now a CIO advocate at the consulting firm X by 2. Instead of automatically frowning on, say, employees bringing their own devices to work, you might think about how best to leverage this for better customer service, improved profitability, or increased productivity, Petersmark says. An organization’s ingrained culture is probably one of the biggest inhibitors to effectively and sensibly leveraging the opportunities presented by technology consumerization. Part of the cultural change is getting IT out of the mind-set that only technology people can make technology choices. For example, the IT team at the Austin Convention Center in Texas had a hard time accepting that consumer products such as iPads would be suitable for use in its business environment, says Joe Gonzales, IT services manager. “In our organization, there is this perception that if a product didn’t get ordered from our Dell Premier page, then it’s not good enough to use in the enterprise.” First, the center had to get to a way of thinking that the objective is to give employees productivity tools, and it doesn’t matter if these tools are considered business IT or consumer IT. Now, it uses iPads to deliver service-order information to its employees on the shop floor, and about 50 employees are using their own smartphones to access e-mail and calendar information.

Vol/7 | ISSUE/07

Step 2: Focus on Policy-based Governance This may seem obvious, but it’s usually a big gap for companies to bridge: Develop policies to govern how consumer technologies can be used in the workplace, and deploy an asset management strategy for company-owned objects such as PCs and mobile devices. Yes, consumer IT is largely about giving people freedom to choose devices and applications. But without a cohesive policy

43 percent

Of Indian CIOs say bring your own device will be a buzzword in 2012. SoUrCE: StatE of thE IndIan CIo 2011

in place, anarchy can result. “The majority of IT departments feel powerless when it comes to consumerization or any aspect of bringyour-own-device,” says Barb Rembiesa, CEO of the International Association of IT Asset Managers (IAITAM). But governing policies, strong processes, and proactive guidelines will give organizations the ability to move into a consumer IT environment while bringing value instead of adding risk and cost. Also, think about deploying IT asset management systems to control risk and ensure financial return of company-owned technology goods. After all, you own them because you have an explicit expected benefit or payback, or a specific security need that moved you to mandate that tool. Your standard technology deployment process may not fit the management of consumer technologies. For example, the Austin Convention Center found that its ITinitiated approach of adding a mobile device to a Windows domain and adding user profiles didn’t address the casual nature of BYOD usage. The IT department had to start from scratch and determine how it was going to manage equipment, yet still comply with the City of Austin’s IT security policies and procedures under which it operated. In the end, the center wrote a new deployment policy that centered around educating users on the do’s and don’ts of device usage, Gonzales says. This is also how

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 6 5

5/11/2012 6:12:45 PM

the th 125 issue special

the center goes about segmenting company data and personal data on devices: By educating users not to mix the two. IT also took responsibility for the initial setup of devices, so it could control app deployment on them.

Step 3: Implement MDM Mobile device management (MDM) software secures, monitors, and supports mobile devices. Typical functionality includes app distribution, configuration and enforcement of access controls, and—for higher security environments—imposing usage requirements, such as disabling the camera or limiting Wi-Fi access to specified access points. Such software—and the policies they execute—apply to both company- and employee-owned devices. Consider the experience of furnishings company Holly Hunt’s iPad trial, where a few sales staffers used Apple iPads on visits to client sites. During the pilot, the company discovered there was no way for IT to manage the updates of iPad apps without going through an iTunes account. That meant it had to have a corporate iTunes account for each device issued and users had to periodically send their device in for the company to update with the PCs running that iTunes instance. This was an operational nightmare, says Neil Goodrich, director of business analytics and technology at Holly Hunt. Instead, the company decided to shift to a BYOD model for the sales rollout, eliminating the concern about IT needing to keep devices current. Users took that responsibility, aided by iOS’s application alert system. Holly Hunt also deployed MDM software, so it can blacklist certain apps. It can also remotely wipe data and deny network access to devices that do not adhere to policies. This strategy gave the company what it wanted with its mobile strategy: Users can self-update their personal devices and get the full utility from the one device for both their personal and work need, and Holly Hunt can protect itself against risks such as lost or stolen devices.

6 6 m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set1.indd 56

“BYOD is inevitable. It’s only a question of time before it becomes the norm. A future looking CIO should start considering this as part of his IT strategy.” —Sebastian Joseph, President– Technology & Fm, mudra Group

“The market is flooded with various devices and OSes. Securing these endpoint devices is extremely complicated and cumbersome. Investing in VDI ensures endto-end security.” —Prashanta Ghoshal, Director-IT Solutions & Services, Geometric

“An enterprise app store is a wonderful idea. It’s a great way to enhance productivity by providing employees with quick and easy tools to carry.” —Gopal Rangaraj, VP-IT, Reliance Life Sciences

In addition, MDM software allows for multiple profiles, so the company can have one profile for employee-owned devices and other profiles for corporate-owned devices, which it uses in its warehouse and fabrication facilities. Other organizations implement multiple profiles to vary permissions and privileges based on users’ roles.

Step 4: Tap Into Your Employees for App Ideas For application development and deployment and the kinds of apps employees are allowed to use, many organizations are trying to catch up with the consumer marketplace, says X by 2 consultant Petersmark. Most new employees enter an organization with a more capable set of productivity and networking tools, not just devices, than supplied by their new employer, Petersmark says. It’s problematic at best and catastrophic at worst from a talent recruiting and retention perspective “if the best and the brightest decide that their new employer’s infrastructure and application portfolio is far inferior to what they already have in their pockets,” he says. Forward-thinking companies are trying to embrace those in their organization who tend to push the boundaries on the consumerization front. Rather than consideringthosepeopletobetroublemakers, Petersmark advocates that you bring them into the planning and deployment process and ask them why they use the devices, services, and apps that they do, how they use them, what benefits they derive, and so on. Consider creating a small team of the more cutting-edge employees and ask them to help re-create some of the core application functions the company uses in the form of more consumer-friendly technologies, Petersmark says.

Step 5: Get Over Security Skittishness Around BYOD Most organizations historically denied network and data access to anything that was not company-issued. But that doesn’t

Vol/7 | ISSUE/07

What Advice Would You Give Your CFO to Tackle the Current Economic Reality? the th 125 issue special

“Leverage IT’s ability to reduce

complexity through creative automation by implementing

innovative processes thus reducing long-term opex.”

“Use—and treat —IT investments to make predictions.

Rajesh R. Nair, VP-Business Continuity, Credit Suisse India

“We must encourage initiatives that have a high probability of generating value. And while investing in any initiative, we

Bring in process discipline in the organization so that the results are minutely accurate for decision making.”

must maintain a long-term rather than a short-term view to ensure we protect our investments for the future.”

Anil Nadkarni, CTO, Thermax

Vikram Idnani, Head- IT, Trent

“Outsource accounts payables, receivables, bank reco. etcetera. Use technology to place people in small towns at reduced cost (salary and office rentals), eliminate paper and use workflows.” Venkat Iyer, CIO, Wockhardt

“Foster a culture of innovation, have a long term vision for IT investments and technology deployments, have a savvy

contract management system, and build an outsourcing strategy that will variablize your costs.” Harnath Babu, VP-IT, Aviva Life Insurance

Vol/7 | ISSUE/07

Voices_BIG_IDEA.indd 45

“Continue to have a strong focus on operational processes and methods to manage business-IT flexibility. Adopt technology changes. Explore

acquisitions to enable organic growth.”

Milind Nene, CIO, Astarc Group

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

5/11/2012 4:11:14 PM

the th 125 issue special

“A CIO ought to be a visionary, passionate about business, and a driver of change. Nothing less will ever do.”

A.M. Naik Chairman & MD, Larsen & Toubro

VFTT_May 2012.indd 30

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:08 PM

Cover Story

work in a consumerization context. Thus, companies are increasingly creating secure access points via virtualization or cloud services that allow employees to safely access company resources with their own devices. If done correctly, this tactic can yield several benefits, Petersmark says, including allowing staffers to be more productive and even more innovative by permitting some flexibility in how, when, and from where they are allowed to engage the company’s resources. Still, security remains one of the biggest concerns among IT executives when it comes to consumer technology in the workplace. Although some of the fear is fueled by vendors and analyst reports seeking to sell security tools, some of the worries are legitimate. But with tools for encryption and access control, you should be able to safely provide access to some enterprise data and applications to trusted users. The adoption of a virtualization strategy addresses many of the challenges of consumerization of IT, says Paul Martine, CIO of Citrix Systems, a virtualization technology provider. By hosting all applications, virtual desktops, and data in the datacenter, you can deliver these services to any consumer devices in a controlled and secure fashion, Martine says. However, many virtual desktops are designed for use on Windows PCs and Macs, and they don’t work well in a mobile environment. The issue is not just screen size, but lack of support for touch and other native user interface methods, as well as back-end applications that don’t reformat themselves

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set1.indd 59

to the current context, says Ryan McCune, senior innovation director at Avanade. He notes that Citrix and others now offer APIs to help developers make their back-end apps mobile-savvy, so they can adapt to the device being used. Cloud services that are designed to deliver apps and data securely over a network can also help address security concerns. But few cloud services yet work well with mobile devices; Google Docs and Microsoft Office 365 being prime examples of such PC-oriented services. And many apps make it easy to use cloud storage services—such as Appe’s iCloud, Box.net, Dropbox, and Microsoft SkyDrive—that IT can’t manage. However, more options are emerging to make consumer-class cloud storage more palatable to IT.

Step 6: Build An App Store That Appeals to Users People who use mobile devices such as iPhones, Galaxys, and Droids are accustomed to going to app stores to easily download what they need for their devices. For its own employees, Avanade is developing several enterprise-wide mobile applications, including some that will connect employee mobile devices into the company’s social computing capabilities such as employee profile pages, microblogging sites, video and media sharing, search, communities, and blogs. The majority of enterprise applications are not optimized for mobile devices, and many users opt for work-arounds to access them,

says Chris Miller, Avanade’s CIO. “We can take lessons from the consumer app store model and apply that to meet the specific needs of the business environment,” Miller says. On the commercial software front, both SAP and Oracle have invested in creating mobile clients to access their ERP and CRM systems, in recognition of the increasing endpoint diversity among users. An enterprise app store should provide employees with a central portal to request an application across any number of devices—from laptops and desktops to tablets and smartphones, Miller says. From a management perspective, it should also have built-in approval processes and workflows to manage costs and make sure the right people and teams are getting access to the tools they need. And, says Avanade’s McCune, enterprise app stores need to acknowledge the commercial apps available to users and steer them to preferred apps by adding links to the Apple App Store, Google Android Market, Microsoft Windows Store, and so on.

Consumerization is Unstoppable, But That’s OK The consumer IT trend seems unstoppable, given the proliferation of tablets and smartphones, cloud tools, social tools, and mobile apps in the workplace. That doesn’t necessarily have to be a bad thing for technology executives. Rather than looking at this development as another drain on IT’s time and resources, organizations can embrace the opportunity to give workers new levels of productivity and flexibility, with the ability to work from virtually anywhere using the tools of their choosing. If you understand your organization’s risk tolerance then approach consumerization not as a threat but as a different way of managing, you can come up with an effective strategy that accounts for risk but also enables employees—and, in turn, enables your business. The returns can be substantial. CIO

photo grap hs by rohit gupta, images an d dr lohia

When it comes to consumer tech, it’s problematic at best and catastrophic at worst from a talent recruiting and retention perspective if the best and the brightest decide that their new employer’s infrastructure and app portfolio is inferior to what they already have in their pockets.

Send feedback to editor@cio.in

REAL CIO WORLD | m a y 1 5 , 2 0 1 2 6 9

5/11/2012 6:12:50 PM

Big Data Disaster Recovery

Analytics Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk Management Virtualization Business

Know Your Customer • Go meet real consumers • Get your staff to meet them • Befriend the CIO of your customer’s company • Study consumer trend and BI data • Sit on sales calls

the th 125 issue special

Customers F2F CIOs who get out of the office and talk face-to-face with customers can bring back ideas for new products and better systems.

By Kim S. Nash

Reader ROI: How meeting end customers can help CIOs and their organizations Different ways to get customer input

The customer is always right, but how would you know? Few CIOs truly understand what external customers want and why they act the way they do. Running IT can all too easily keep CIOs internally focused, making sure fellow employees have the technology they need to do their jobs. That’s important work, but it’s not strategic.

CIOs who don’t look outside the office and mingle with the people who pay money for the company’s products and services miss the chance to get ahead—of customer complaints, of competitors, and in their own careers. A CIO who knows how to interpret customer behavior can come up with ideas for new products and fixes for systems that don’t quite work the way customers expect. CIOs with experience on the front lines of the business may even be able to help shore up relations with customers being courted by competitors or spot new business opportunities. “The magical stuff with IT is great applications that run the business better. That can’t happen when IT stays in a corner,” says Wayne Shurts, CIO of Supervalu, a $37.5 billion (about Rs 187,500 crore) chain of grocery stores that include Albertson’s, Jewel-Osco, Shaw’s and others.

“Social media and customer tweets play a large role in sourcing information about customers. Such feedback is definitely better than data based on customer feedback forms.” —Dhiraj Trivedi, AVP-Revenue Management & Electronic Distribution, Royal Orchid Hotels

7 0 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

VO l/7 | ISSUE/07

the th 125 issue special

“Sales for the sake of sales, is nothing more than vanity. Increased sales to make increased profit is what the goal should always be.”

Adi B. Godrej Chairman, Godrej Group

Vol/7 | ISSUE/07

VFTT_May 2012.indd 33

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

5/11/2012 3:43:10 PM

the th 125 issue special

Most CIOs don’t do much customer outreach, according to our latest State of the CIO research (US version). Just nine percent of CIOs surveyed said they spend time studying market trends and customer needs to identify commercial opportunities—the same as last year and a drop of three percentage points from 2010. According to the Indian version of the State of the CIO, Indian CIOs spend 12 percent of their time with external business partners and customers. Not understanding customers can lead to poor decisions, says Bruce Temkin, managing partner of the Temkin Group, a customerexperience research and consulting firm. As senior executives, CIOs are involved in critical corporate decisions about mergers and acquisitions, divestitures, investments and business strategy. But those who hibernate, focused on IT operations only, may lack the customer-related information needed to do the job well, Temkin says. “More CEOs are looking for their staff to be better aware of customers,” he says. The US survey shows that CIOs expect that paying attention to customers will become a bigger part of their job. Twenty-seven percent said they want to be doing this kind of work in three to five years. What it’ll take to get there is dedication. Many CIOs bring back tidbits from informal encounters with customers outside the office. “I heard from my neighbor that our bank’s branch in town could really use a Spanishspeaking teller...” That’s helpful, but limited. To be most valuable, collecting customer intelligence must be a sustained and focused effort that permeates not just the IT group but the whole company, says Michael Capone,

percent

The amount of time Indian CIOs spend with business and customers. SOUrCE: StatE Of thE IndIan CIO

CIO of Automatic Data Processing (ADP), a $9.9 billion (about Rs 49,500 crore) human resources and payroll provider. Capone tries to spend at least 20 percent of his time with customers and prospects, which helps erase the line some enterprises draw between IT and the rest of the company. He doesn’t wait for the business to devise strategy for IT to enable, he says. Instead, his customer knowledge informs strategy decisions. “We help envision what’s possible with technology.” Progressive CIOs offer five ways to get close to customers.

Venture Into the Wild A time-honored way of connecting with customers is to work in stores and offices with front-line employees. For CIOs serious

about studying customers, this is a chance to uncover how IT can make practical changes to advance the company’s competitive position and generate new business. For example, when Starbucks CIO Stephen Gillett was hired in 2009, he worked as a barista for a week. Starbucks has since pushed hard to get customers to use mobile technology to speed up checkout as Starbucks battles back from a rough recession. At Supervalu, top executives see understanding the customer as paramount in turning around the company, which lost $1.5 billion (about Rs 7,500 crore) last year. “It’s real easy, especially in IT, to get lost in what you’re doing and lose sight of the mission,” Shurts says. “We are a grocery retailer that serves customers. We have to bring customers in.” Craig Herkert, Supervalu’s president and CEO and Shurts’ boss, started a Not-SoUndercover Boss program in 2011. All senior executives must work on the front lines twice a year to understand employees’ jobs and customers’ behavior. In December, Shurts worked at a full-service bakery at a Cub Foods. He ruined a few cakes, he says, but gained fresh insight on how people shop. “When I go to a store, I’m not looking only at IT. The customer doesn’t think of the store as a technology experience,” he says. “I’m looking for ways to improve the overall experience, whether that includes IT or not.” He asked people about grocery prices, how they liked the new vegetables, and how they shop. Do you print coupons from the Web? Can you find everything you want? Customers love the store locator on Cub Foods’ website, he says, but want some help

“Based on customer feedback, we realized that we were perceived as an expensive store. We abide by international standards for food sales but this was sending wrong signal to customers. They felt that our stores were too clean leading to a general perception that we were expensive. Also, we realized that the first thing customers came across at the store entrance was the international food section. We then used our planogramming tool to move the section towards the end of the store.” — Veneeth Purushothaman, Head-Technology, HyperCity Retail

7 2 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set2.indd 32

VO l/7 | ISSUE/07

the th 125 issue special

“There is no future without risk, that’s when the best innovations happen. Risk taking can’t be restricted to the top management.”

Ajai Chowdhry Founder, HCL & Chairman, HCL Infosystems

Vol/7 | ISSUE/07

VFTT_May 2012.indd 35

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

5/11/2012 3:43:10 PM

the th 125 issue special

“It’s not the person who does something first who succeeds. A window of opportunity remains open for four or five years.”

Ajit Balakrishnan Chairman & CEO, Rediff.com

VFTT_May 2012.indd 36

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:11 PM

once they wheel their carts inside. A few conversations that day solidified an idea the IT group had been contemplating: A mobile application that tells shoppers where to find products within a given store. Shurts is researching such a tool, with features such as suggested navigation routes based on a customer’s electronic shopping list. Robert Juliano, CIO of Brandywine Realty Trust, approaches his job with one goal: Lease

configuring an office and run into problems with their own telecom or network providers reworking installations for them, he says. “Even though it’s not our problem to fix, I have access to vendors that they might not have,” he says. Sharing IT expertise can lead to stronger, long-term customer relationships. But he wouldn’t know about some of those situations if he didn’t visit company properties, he says. “They’re not

Strike up relationships with the CIOs of your big customers. Anuj Dhanda, CIO of PNC Financial Services, seeks out CIOs at industry events. By talking informally with the CIO of an insurance company, Dhanda figured out how the bank should work on a payment clearinghouse system designed for healthcare companies. more space. The $573 million (about Rs 2,865 crore) real estate company rents commercial and residential buildings, and Juliano thinks of that as his first priority, he says. As he and his staff walk Brandywine’s buildings regularly with on-site engineers, they learn what kinds of questions tenants ask, and what kinds of problems arise. He says he then ponders what he or his IT group can do to smooth things out for both tenants and staff. For example, although Brandywine rents to big companies, such as Northrop Grumman and Wells Fargo, many tenants are small and midsize companies that Juliano goes out of his way to help. In one common scenario, a small customer may be

paying us directly, but it’s another way we can help serve our customers.”

Cultivate CIO Buddies Striking up relationships with the CIOs of your big customers provides intelligence about the customer’s business while you spread the word about your company’s products and services. For example, Jeff Hutchinson, CIO of Maple Leaf Foods, a $5 billion (about Rs 25,000 crore) consumer packaged-goods company, eats lunch often with the CIO of his company’s biggest customer. And Anuj Dhanda, CIO of PNC Financial Services Group, a $3.1 billion (about Rs 15,500 crore) financial services

firm, seeks out CIOs at industry events and meetings of professional groups. By talking informally with the CIO of a local insurance company, Dhanda got additional insights into how the bank should work on a payment clearinghouse system designed for healthcare companies, he says. The insurance CIO talked about some business intelligence features he’d like in such a system. Capone, ADP’s CIO, routinely meets with customer CIOs when he travels to major cities. At a lunch meeting in Atlanta last year with three fellow IT leaders, Capone discovered that they didn’t know about ADP’s new mobile applications that let people access their benefits statements from smartphones and tablets. Capone took out his iPad, had another CIO sign in to his company’s ADPadministered HR system, and demonstrated the features that those CIOs could activate for their employees. When he got back to the office, at a gathering of IT and marketing managers, Capone shared the story that led to the development of a new publicity campaign for the free mobile apps. “We’d done media, but somehow we had not pushed our story out,” he says. Within a few weeks, ADP customers signed up tens of thousands of users, he adds. That lunchtime CIO meeting proved fruitful. “There’s a lot of opportunity out there.”

Get Your Staff Out At Supervalu, CEO Herkert’s enthusiasm for customer contact inspired CIO Shurts to create his Business Immersion program in early 2011. Every year, all 1,200 members of his IT staff are required to work for at least one day, and often several days, at stores

phOtOgrap hS by rOhIt gU pta, ImagES and dr lOh Ia

Cover Story

“A standard complaint from our distributors was that our claim settlement took too long—over six months. They wanted to get rid of the process of filling settlement forms. So when one of our sales managers came up with the idea of implementing a system to capture data through mobile phones—via SMS or a Java applet— and generate claim sheet automatically. Today, the settlement process takes only seven days.” —Arup Choudhury, CIO, Eveready Industries

VOl/7 | ISSUE/07

Coverstory_BIG_IDEA_Set2.indd 35

REAL CIO WORLD | M A y 1 5 , 2 0 1 2 7 5

5/11/2012 6:15:43 PM

the th 125 issue special

and distribution centers. Similarly, Capone’s Know Your Business program kicks in soon after someone joins IT. He or she spends time listening to customer support calls, going on sales pitches and working on technology implementations at customer offices. Such programs offer participants customer input in many different forms, Shurts says. “This re-grounds IT.” Temkin agrees. “A well-informed CIO is good. One with a well-informed staff is better.” Job rotations aren’t new, but the idea is frequently pushed aside as a luxury that ever-leaner staffs can’t afford. But rotations can create stronger, more creative IT leaders, according to research released last year by the CIO Executive Council. At PNC, Dhanda at first gave his staff a quota of hours to spend in the field, a heavyhanded approach that deterred people, he says. Now he doesn’t dictate time, but explains to them in a matter-of-fact manner that they are expected to know the details of how customers interact with the bank. “This is part of your job and how you will succeed,” he tells them. Sometimes mid-level IT employees who interact with customers can bridge gaps that develop between how technologists imagine a customer uses a system and what a customer actually does. Sanmina-SCI, a $6.6 billion (about Rs 33,000 crore) company that makes medical devices, military equipment and other electronics, created an IT team that works directly with external customers. These customers have outsourced the manufacturing of their products, or parts of their products, to Sanmina-SCI, explains CIO Manesh Patel.

70 percent

Of Indian CIOs say calling on customers will solidify IT’s bond with business in 2012. SOUrCE: StatE Of thE IndIan CIO

“When they were building everything themselves, they had the systems to manage the process within their four walls,” he says. “Now some of the data has moved to us, and the two of us have created this divide.” Patel chose people from his IT group who are customer-savvy and good with business processes to work closely with clients to make sure each party has access to the right data. If a medical device company wants to analyze product trends but some of the needed data resides at Sanmina-SCI, Patel’s team might write code to extract the data for the customer, he says. Sanmina-SCI sometimes charges for this work but mostly sees it as a way to strengthen bonds.

Brandywine’s Juliano motivates his staff to think like customers by tying incentive pay to how well projects “reduce friction” between the company and its customers by, say, improving a business process. “I’m not incentivizing my guys on throughput in the datacenter. That doesn’t move the ball forward.”

Study the Data Get deeply immersed in market research about your customers and industry. Broad consumer trends should inform your internal IT capabilities and the products and services your company provides. IT professionals can educate themselves using the BI and analytics tools they supply to marketing and finance. Javier Polit, CIO of Coca-Cola’s Bottling Investments Group, studies detailed demographic and psychographic data about Coke drinkers so he can supply effective analytics tools to Coke’s marketing and distribution people. The ways consumer technology proliferates will affect your company’s products and services. At ADP, for example, Capone keeps tabs on national surveys and buying data about smartphone usage. Are Android phones surging? Do iPads have any real competition? His thinking: The people who buy those devices will want to bring them to work. Since ADP does business with the majority of the Fortune 500, its HR and payroll products will have to support consumer devices. He also watches consumer sentiments about privacy and monitors what’s happening with legislation in states, at the federal level and in other countries. ADP, which handles terabytes of personal data, wants to “stay conservative” on privacy issues, he says.

“In 2003, I worked at a pharma company where the sales team worked with doctors to educate them about our products and explain to them why it’s important for doctors to remember a few brand names. In most cases they were inattentive. So we created an engagement model with presentations which went down very well with the customers. This was in 2003. Today, this is the new way of doing business for almost every company in that industry.” —Arun Gupta, Former CCA & Group CTO, Shoppers Stop

7 6 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set2.indd 36

VO l/7 | ISSUE/07

5/11/2012 6:15:44 PM

Cover Story

Shadowing Your Customer Beyond the Dog and Pony Show Especially in industries where technology is the product, like financial services, CIOs are often asked to join the sales team to pitch to prospective customers. IT leaders typically explain in these meetings how the technology works and answer questions about privacy and security, for example, or compliance with government regulations. But there’s another advantage to sitting in on these sales calls. Questions from potential customers may reveal a competitive advantage IT can build into corporate products, says Dhanda at PNC. He goes on several sales calls per year and urges other CIOs to try it. Sales situations are rife with useful information. If you simply smile and deliver a rote PowerPoint presentation about the IT wizardry inside the company to try to close a deal, you leave behind valuable nuggets, he says. Instead, listen closely. During a meeting with a large federal agency a few years ago, senior executives peppered the PNC team with questions about data warehousing. Dhanda’s ears perked up as he realized they were preparing to expand their applications and revealing just what they had in mind. With this early tip, PNC later won a contract to build a large data warehouse for the agency. Some CIOs go further than sitting in on sales pitches. Clive Selley, CIO of the $12.5 billion (Rs 62,500 crore) BT Group, spent a “most stressful” day as a real salesman. Last year, Selley, who is also CEO of the company’s IT group, went with four of the telecommunication company’s CIOs, the CFO, and four other executives to a call center where they received training about BT products, then donned headsets and took calls. Customers—happy and unhappy—and curious prospects called all day, schooling Selley on BT’s strengths and shortcomings. “It feels very different when you’re the guy on the hot seat trying to match their needs with our products,” he says. “That’s a very powerful way of learning about what customers care about and, very importantly, how, in their minds, our products stack up against competitors’.”

VOl/7 | ISSUE/07

ADP fixes confusing software by tracking the customer’s every move. many CIOs would like to have the luxury of peeking over the shoulders of customers as they use the company’s products. payroll processor automatic data processing (adp) gets a similar experience by using t tealeaf, software that records the actions of people using adp’s software. When customers call the adp support line to report a problem, agents can pull up t tealeaf and see what went wrong by retracing the customer’s keystrokes. With these recordings, nothing gets lost in translation after a customer call because CIO michael Capone and his staff can spot exactly what kind of problems tripped up the customer—for example, a task requiring too many steps to complete. “We can get the story directly from our client,” he says, and then update the software. Capone says It t frequently makes changes to adp’s products based on watching customers’ actions. f for example, in one of adp’s systems, customers were submitting the same reports repeatedly. Using t tealeaf, It could see that users were clicking the submit button over and over again; there wasn’t a clear indication that the report had been successfully submitted. the solution: Capone and his staff improved the screen’s text and grayed out the submit button to indicate that the task was complete. —Lauren Brousell

He found that BT’s call center applications didn’t always provide enough information to agents trying to make a sale. Callers asked about tariffs for various regions and how channel packages compared with those from competitors, Selley says. “Customers really drill you.” He returned to his office with a list of tweaks for his developers—such as more detailed information to serve to agents earlier in the sales process—that are due to be implemented early this year. He also brought back an insight about a potential new feature. One woman asked Selley to set up phone service for her elderly mother in another town. She wanted to pay for the basic service every month while her mom would cover the calls. This would require BT to parse its costs and issue two bills to two addresses. “That kind of billing arrangement, we don’t support. But there was a real customer there with a real need,” he says. The caller bought services that day, under a regular billing plan. But the conversation got Selley thinking. “Maybe in a Western world with an aging population, more customers will want that billing arrangement.”

He passed along all executive feedback from the day to BT’s consumer group for consideration.

An Unfiltered View Getting out of the office to mix with real customers can teach executives a lot. But CIOs in particular should guard against taking too narrow an approach to the experience, Temkin advises. Technology leaders sometimes see the world through engineering eyes, he says. What new thing can I build to make this better? But customer interactions include sensory components such as accessibility and emotions. By asking broad questions of the customer in front of you, you learn more. How can we make this easier for you? How do you feel about what you’re doing? At Brandywine, CIO Juliano tries to keep the big issues in mind when he’s out with customers. “The farther [you get] from the field, the more filtered information you get. But on the front line you get an unfiltered view of the world, not theories.” CIO Kim S.Nash is senior editor.Send feedback on this feature to editor@cio.in

REAL CIO WORLD | M A y 1 5 , 2 0 1 2 7 7

5/11/2012 6:15:44 PM

Big Data Disaster Recovery

Analytics Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk Management Virtualization Business

the th 125 issue special

NabbingInsider

CIOs rarely discover the internal security threats that can ruin companies,

Yuan Li knew what she wanted and how to get it. For 32 months, starting in October 2008, the 29-year-old research chemist at Sanofi-Aventis downloaded trade secrets from the pharmaceutical firm. Li had worked for Sanofi, which makes the allergy pill Allegra and sleeping pill Ambien, for more than two years when she started to steal data. Her target: Five chemical compounds that the company had kept secret for possible use in future drugs.

By Kim S. Nash

Reader ROI: Why CIOs should market security New ways to approach insider crime How CIOs can influence an ethical culture

She knew which database to query to download the information to her work laptop, and from there she e-mailed it to a personal account. Sometimes, she loaded a USB flash drive with material. Li, a Chinese national, then put the information up for sale through a pharmaceutical company that she partially owned, whose parent is based in China. Sanofi helped investigators from the FBI and the US attorney in New Jersey to prosecute Li. In January, she pleaded guilty to theft of trade secrets and is due to be sentenced this month. She faces up to 10 years in jail and a hefty fine.

“Key “Convenience staff indicators, is often staffing trends, followed the by numbers risk andbehind the need India’s to mitigate least-stressed it. Opening IT up deparments, platforms like andBYOD the retention and social strategy media that increases worksthe best risks (clue: of it isinsider not the threat.” most popular method). —SujoyAll Brahmachari, in this survey. HeadIT Infrastructure & CISO, HeroMotoCorp

7 8 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

VO l/7 | ISSUE/07

5/11/2012 6:15:46 PM

Cover Story

Best Practices • Check • Check and recheck your basic security practices. • Involve everybody from • Involve the board, CEO to legal and audit in your security frame. security • Market the do’s and • Market dont’s in ways that appeal to users. appeal

Crime

even though it frequently involves It t systems. here’s what needs to change.

Sanofi declines to be interviewed about the tech and policies it uses to detect and prevent corporate crime, including Li’s long-term theft. “The measures we had in place actually contributed to the successful outcome of this particular case, and we are continuously looking for ways to improve security,” a spokesman said in an e-mailed statement. (For more on security, turn to page 16) Experts say this is a textbook example of insider crime and, perhaps, of IT failure. Just as no one knows what goes on inside someone’s marriage, outsiders can’t say with certainty what goes into someone else’s IT strategy. Sanofi could have done everything right and still been victimized. That happens. But too often in cases of insider crime, basic technology safeguards are ignored or missing. CIOs can’t be proud to learn

that of 11 methods of detection identified in 1,843 recent fraud cases studied by the Association of Certified Fraud Examiners (ACFE), IT controls came in dead last. They are the least likely means of identifying wrongdoing, responsible for just 0.8 percent of cases, the ACFE says. It’s more common to find out by accident (8 percent), from the police (2 percent) or even by confession from the perpetrator (1 percent). Tip-offs are by far the most common way authorities discover corporate crime, at 40 percent. Those findings have been consistent for a decade. There are many reasons that IT falls down on the job. For one thing, most corporate systems aren’t designed from the outset with fraud surveillance in mind. Plus, throwing a lot of money and people at fraud prevention doesn’t get senior executives excited. Conventional wisdom has it that

“Senior management should be made to understand that they cannot be exempted from the security policies of the company. Tighter controls at the top would encourage adherence of rules throughout the organization.” —Manish Dave, CISO, Essar Group

VOl/7 | ISSUE/07

Coverstory_BIG_IDEA_Set2.indd 39

the tighter the controls, the less efficient the company. Company leaders therefore decide to accept some financial loss through crime as a cost of doing business. And to their detriment, companies often split the task of fraud-fighting among siloed groups. Internal audit does one thing; compliance does another. IT supports the silos, but there’s no coherent, companywide plan, says Paul McCormack, an investigator and executive vice president at Connectics, a fraud-prevention consultancy. Choosing a combination of technologies and policies to thwart the darker parts of human nature requires a continuous risk-benefit calculation. CIOs can change the equation with new thinking and new technology, starting by promoting the notion that fraud prevention is everyone’s business, says Marshall Romney, a professor of information systems at Brigham Young University who has studied corporate fraud for three decades. For CIOs, that means spreading the word that detection and prevention don’t have to make a company less agile. And anti-fraud efforts are far more effective if major IT systems are configured with surveillance and analysis capabilities from the start. Advances in big data analytics, meanwhile, let CIOs create systems to sift through billions of transactions, customer interactions and employee activities to spot

REAL CIO WORLD | M A y 1 5 , 2 0 1 2 7 9

the th 125 issue special

the buds of corporate crime before it blooms. Specialized vendors such as FICO, Fiserv and NICE Actimize use neural networks and scenario matching to detect financial crimes, a $3 billion (about Rs 15,000 crore) software market expected to grow 8 percent per year through 2015, according to research company IDC. To make the best use of such tools, CIOs must elevate the discussion of fraud fighting, pouring much more detailed information into the risk-benefit analysis, Romney says. Involve all departments—especially operations, audit and legal—to consider factors such as economic conditions, business outlook and the cost of the programs in hard dollars, he advises. Make informed decisions about the loss of business agility that security technology can bring. Realize that what works in one industry won’t in another. And that each CIO must deal with his company’s proclivities. “This is a high-level conversation that has to go all the way to the board and CEO,” Romney says. CIOs who balance these variables can stop, prevent and maybe even predict insider crime, saving serious money and avoiding immeasurable damage to the company. But first they must reform some outmoded approaches.

Billions Lost, Poof, Gone Humans think up all sorts of crime, from stashing office supplies in a briefcase to hiding money under layers of complex computerized investment transactions. “If you operate as a company, you will have

percent

Of Indian CIOs say an employee or a former employee has been the source of a crime. SOUrCE: IndIan InfOrmatIOn SECUrIty SUrVEy

fraud,” says McCormack, who has worked on cases at Delta Air Lines, Ernst and Young, PricewaterhouseCoopers and SunTrust Banks. “I’ve yet to meet any C-level person who says, ‘I’m so proud that we have 500 people preventing fraud.’ It’s not what people want to put out there as a badge of honor. It’s a necessary evil.” The Sarbanes-Oxely Act, enacted in 2002, was supposed to stop a lot of big crime by giving internal and external auditors new and more detailed safeguards,

“Traditional security methods were not designed to check insider threats. CIOs should lay emphasis on actively monitoring every move within the organization.” —Pramod Reddy, VP-IT & CISO, AppLabs

8 0 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set2.indd 40

procedures and processes to check. The regulations encode good base-covering practices and serve as a proxy for good behavior. Lawmakers had an appetite for reform after colossal crimes at Enron, HealthSouth and other companies outraged the public, especially employees of those companies whose salaries and pensions were swindled away. But 10 years on, we have a new crop of corporate miscreants at whom to rage. Investor Bernie Madoff now serving 150 years in jail, confessed in 2009 to a Ponzi scheme that defrauded customers of perhaps $50 billion (about Rs 2,50,000 crore) or more. Last September, investment bank UBS blamed a $2 billion (about Rs 10,000 crore) loss on a rogue trader who was charged with fraud and false accounting. The trader pleaded not guilty and is scheduled for trial this September. Maxim Healthcare Services recently admitted to $61 million (Rs 305 crore) in Medicaid fraud and agreed to pay a fine of $150 million (about Rs 750 crore) to the federal government and 42 states. Afterward, the company replaced all its senior executives, including the CIO. Sarbanes-Oxley may have curbed some would-be criminals, but companies overrely on auditors to detect crime, McCormack says. But CIOs can make a dent by aiming technology and policy tools at common kinds of insider threats, he says. Of all the types of internal fraud, theft of assets—office supplies, computer equipment and so on—is the least costly but still significant, according to ACFE research. Losses in the average case amount to $135,000 (about Rs 67 lakh), the ACFE says. Corruption schemes, such as bid rigging and kickbacks, cost $250,000 (about Rs 125 lakh) on average. Financial statement fraud does the most damage, with each case responsible for $4 million (about Rs 20 crore) in losses on average. Technology can help, but CIOs should not hand off the job to project managers doing piecemeal work, says Frank Wander, a former CIO at Guardian Life Insurance,

VO l/7 | ISSUE/07

the th 125 issue special

Anand Mahindra Vice Chairman & MD, Mahindra & Mahindra

Vol/7 | ISSUE/07

VFTT_May 2012.indd 39

“We don’t get overly obsessed with IT or RoI or platforms or technologies. Obviously we want the best, but everything must serve the customer.”

REAL CIO WORLD | M a y 1 5 , 2 0 1 2

5/11/2012 3:43:11 PM

the th 125 issue special

â&#x20AC;&#x153;We put faith in technology ages before our competitors. Our organization has maintained a clear advantage because we kept innovating with technology.â&#x20AC;?

Ashwin Dani Vice Chairman & Managing Director, Asian Paints

VFTT_May 2012.indd 40

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:11 PM

Cover Story

Often a business that’s making money doesn’t bother with too much introspection. Or executives don’t want to think crime happens at their place. They think, ‘These are people I work with and I trust,’. But a lot of people trusted Bernie Madoff.

Tone at the Top If people get the idea that senior leaders don’t pay attention to wrongdoing—or worse, take liberties themselves—they will go along, says Jim Anderson, a management consultant at Blue Elephant Consulting. Ethics, Anderson says, is nothing more than daily decisionmaking in big and small situations. Rarely does anyone face a “burning building” quandary where there’s no doubt as to the right answer. “If you’re sitting in your cube and some strange guys with sunglasses show up with metal suitcases full of $20 bills, you’d say no,” he says. “But what happens instead is that ethical decisions sneak in around the corners of our average day.” Maybe an employee is late with a project and downloads data to bring home to work over the weekend, Anderson says. The employee knows he shouldn’t because the information is confidential, but he figures he’s breaking the rules for the right reasons. Months later, maybe the job is going sour, so he takes data to be able to defend himself in a poor performance review. Each time, no one says anything about his actions. Maybe they’re not looking at network logs; maybe they don’t care. Then things get hostile between the employee and the company, and he takes the work he’s done, intending to quit and find work at a competitor. “It’s a snowball,” Anderson says. “It’s the first ethical lapse that will cause all the problems down the road.” Wander, who recently founded the consultancy IT Excellence Institute, agrees. “Companies that have trouble don’t have the right tone at the top,” he says, adding that CIOs can influence culture in many ways.

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set2.indd 43

For example, at the quarterly town hall meetings Wander held with Guardian’s IT staff, he regularly focused on security issues and safeguarding company data. “Every individual knew it was a divisional priority,” he says. A CISO worked alongside Wander, not reporting to him, to spread understanding of the issues across departments. Companies that separate the roles this way also balance responsibility for the protection of corporate assets, he says. If too much falls to the IT group, other departments may get lax or get the idea that ethics isn’t part of their job. “Address [antifraud efforts] in people’s reviews so they understand they are responsible.” A neighborhood watch mentality at work

28 percent

Of Indian CIOs say they don’t know the source of a crime. Source: Indian Information Security Survey

helps cut criminal activity, says Carl Tidwell, CIO of the American Type Culture Collection (ATCC), a non-profit research center that supplies micro-organisms and other materials to life sciences researchers. Tidwell says he tries to educate employees about warning signs, such as people struggling with finances or living beyond their means. That’s evidence that humans can see but computers can’t, such as the former controller of a Pittsburgh car dealership who enjoyed a mink coat, 10 cars, four homes, gold bullion and a $32,500 (Rs 16.2 lakh) lunch catered by Food Network star Ina Garten. Over six years, the controller falsified accounting records, transferring $10 million (about Rs 50 crore) from the dealership to her personal bank accounts in 800 transactions. She pleaded guilty in January to wire fraud and is due to be sentenced in May. The dealership did not respond to requests for comment. Even when companies insert IT controls into their business processes, they too frequently fail to monitor them, says Matt Lynch, a fraud investigator who has worked at Altria Group, a cigarette company, and Palmetto GBA, which administers benefits for Medicaid and Medicare. Real live human beings from IT, audit, legal or other groups should be assigned to look at transactions randomly, he says. Often a business that’s making money doesn’t bother with too much introspection, he says. Or executives don’t want to think crime happens at their place. “They think, ‘These are people I work with and I trust,’” he says. “I’m sorry, but a lot of people trusted Bernie Madoff. Fraud is just a fact.” Instilling outright fear, however, works against you because employees become

photograp hs by rohi t gupta, images and dr lohia

The Harry Fox Agency and the Prudential Institutional Division. Instead, make fraud detection and prevention an organizational mandate exemplified by the ethical, upright behavior of top executives, Wander says. “People do what you do. That’s how the world really works.”

REAL CIO WORLD | ma y 1 5 , 2 0 1 2 8 3

5/11/2012 6:15:50 PM

the th 125 issue special

secretive and suspicious of each other, inhibiting collaboration and stalling productivity, says investigator McCormack. A little trepidation, however, can be helpful. Show employees how serious you are, he advises. Write policies that explain what people can and can’t do with company data and other material. Create anti-fraud training and give programs at least twice per year. Have employees sign confidentiality agreements, he suggests. “Establish a tone and set of expectations as soon as people walk in the door so they know what the company does to stop fraud and that they will be caught,” he says. The most damaging thing leaders do is keep quiet when something goes wrong, he says. Routinely monitor the movement of large or sensitive data sets around the network and spot-check where they’re going. “All it takes is examining a couple of those transactions and then talking to people about it. Word gets around.”

Technology to Close Holes Word also travels when an organization leaves itself vulnerable by skimping on basic IT controls. Some people will take advantage of what you didn’t do, Tidwell says. He remembers well what happened at a former company. He suggested to the CEO that IT block computer ports, so employees couldn’t use portable drives, and monitor e-mail for large data transfers. “I was told, ‘No, we trust our employees,’” Tidwell recalls. Soon after, a researcher quit, walking away with $300,000 to $400,000 (about Rs 1.5 to 2

crore) worth of intellectual property that he had sent to a personal e-mail account—a delivery method similar to the one the researcher at Sanofi used. This researcher, however, got a job at a competitor and started work using the stolen information. The rival notified Tidwell’s company. “They packed up everything, including his computer, and sent it to us,” he says. “The CEO was apologetic [to me] afterwards. He

The most damaging thing leaders do is keep quiet when something goes wrong. But word gets around. And word also travels when an organization leaves itself vulnerable by skimping on basic IT controls. Some people will take advantage of what you didn’t do. dodged a bullet because the competitor was an ethical company.” CIOs can use IT to reinforce and extend policies and behavior that promote an ethical culture. Wander’s philosophy is one of minimum access. “You want people to have the least privilege to get done what they have to get done,” he says. A CIO’s hands are tied if a CEO thinks IT controls are intrusive. But new technologies can obviate the need to outlaw some practices, Tidwell says. At ATCC, he is exploring virtualization, which means flash drives won’t be an issue, as central servers

“We regularly create reports based on possible threats that the company could have been vulnerable to and how we mitigated them. Keeping top management informed about emerging threats helps.” —Ashish Chandra Mishra, CISO, Tesco HSC

8 4 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

provide data to authorized users on thin clients. There will be no USB ports on the client hardware, and employees will be able to share secured data. Productivity won’t be hampered, he says, and senior leaders won’t look heavy-handed. As employees themselves bring new technology to work, especially smartphones and tablets, detailed and constant education can help mitigate the risks that come with

these new devices, says Stephen Laster, CIO of Harvard Business School. For example, his IT group creates artistic informational posters to hang in common areas where personnel gather. Recent posters focused on three ways to secure a smartphone: Use a password, enable location detection so you can find a lost device, and enable remote wiping of its data. Those measures help protect a company’s information should the device be lost or stolen. “Training is episodic. You need a continuous, engaging marketing campaign,” Laster says. At Graham Group, a construction company, CIO Kim Johnson has tried to set up systems so that e-mailing large chunks of data to each other isn’t the normal way to work. The company recently began developing a collaboration and workflow system from SAP, in part to eliminate the need for executives to sign off on major contracts via paper or e-mail. The system also helps employees work together on sensitive projects without having to send files to each other. “Fraud prevention is built in during the design of IT systems,” Johnson says.

VO l/7 | ISSUE/07

the th 125 issue special

Azim H. Premji Chairman, Wipro

Vol/7 | ISSUE/07

VFTT_May 2012.indd 43

“The combination of excellence in operations and strong execution of strategy is critical to achieving any organization’s vision.”

REAL CIO WORLD | M a y 1 5 , 2 0 1 2

5/11/2012 3:43:12 PM

the th 125 issue special

B.S. Nagesh Customer Care associate & Vice Chairman, Shoppers Stop

VFTT_May 2012.indd 44

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

“CIOs must definitely prepare the organization for the possible downsides of a technological deployment—to avoid being made the sacrificial horses.”

Vol/7 | ISSUE/07

5/11/2012 3:43:12 PM

Cover Story

Graham Group is also installing SAP financial applications this year. As soon as the idea germinated to buy and customize the software, Johnson requested that a key person from the internal controls committee participate in the design and configuration. He and the CEO wanted to weave anti-fraud measures into the software beyond what comes stock from SAP, he says. Top leaders considering these measures before setting up new technology and business processes reflects a more enlightened approach to fighting corporate crime, Johnson says. “We don’t want to be one of those bad crime stories in the media.”

Next: Predictive Monitoring For Romney, the IT professor, there are no small corporate crimes, just big ones discovered early. “Once I perpetrate a fraud and get away with it, do I do it just once and stop? No. Human greed is such that if I can take a little, why not take more?” he says. Criminals start by stealing small amounts over periods of time. Then they take larger amounts more frequently. Many times, they get caught. The next question for CIOs, he says, is, how can we figure out what the really smart criminals are doing? Beyond detection and prevention lies the possibility of prediction. Credit-card holders know that fraud monitoring systems at banks alert customer service agents to unusual transactions. A rush of purchases of highend electronics or airline tickets can trigger a call to the credit-card holder to make sure these items are legitimate. Sometimes, a card will be suspended pending confirmation from the customer. Healthcare organizations are also beginning to use big data techniques to uncover suspicious activity, with good results. HMS Holdings, which coordinates benefits and looks for ethical problems for government agencies and commercial healthcare plans, helped recover $2 billion (about Rs 10,000 crore) in costs related to fraud, waste and abuse in 2011, says CIO Cynthia Nustad.

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set2.indd 47

Would You Speak Up? A consultant says IT leaders may not feel comfortable reporting early signs of fraud. Why don’t CIOs turn in more insider criminals? No one suggests that CIOs routinely cover up corporate crime, but management pressures may inhibit CIOs from acting on their suspicions early in a fraud scheme. It’s rare to happen upon a digital smoking gun that incontrovertibly proves a corporate crime. It’s later, during a formal investigation, once auditors know what they’re looking for, that the obviously damning evidence is uncovered. Early on, though, a CIO might notice something amiss. Perhaps a network activity log shows unusual patterns or some entries in the general ledger look off. CIOs may hesitate to step forward, feeling they don’t know enough about the intimate workings of finance, says Jim Anderson, a management consultant at Blue Elephant Consulting. “They think, ‘I’m probably wrong. I probably just don’t understand it,’” Anderson says. He adds that such self-doubt may be more common in CIOs who report to CFOs. Also, bringing up vague concerns could mar the relationship between the CIO and whomever he tells; and certainly whomever he accuses, Anderson says. To avoid that, the CIO might sweep aside his ideas and assume, like so many professionals do, that internal and external auditors will catch anything untoward. Finally, many companies lack a clear process for reporting suspected wrongdoing. It may seem obvious that someone should go to a manager or the human resources department, even the CEO. But without a well-known policy for how to handle the situation, some employees—even CIOs—will do nothing, Anderson says. If someone is busy with everyday work and unsure of himself already, he says, “the issue just dies.” —K.S.N

HMS analysts and investigators comb petabytes of data in queries of billions of rows, she says. They use advanced queries and analysis, and will soon be leveraging data visualization—using pictures and maps of query results—to identify potential fraud faster. “If we can make it interesting and artful, then the number of questions you can answer more quickly is very significant.” Of course, people tend to think that ruinous fraud won’t happen to them. That’s probably what executives at Barings Bank, a 233-year-old institution, thought before it collapsed in 1995 after a rogue trader lost a billion and tried to cover it up. And MF Global, a now-bankrupt brokerage, is under investigation for alleged bookkeeping

problems. Trustees estimate that up to $1.2 billion is missing. Watching giant companies go down at the hands of insider criminals has provided an education to CIOs willing to learn, says Johnson, Graham Group CIO. “Ten years ago, I’d have said, ‘This is not my area.’ But now it’s very important for me to be involved,” he says. “It’s another way we’re measured: Not just how efficient IT makes a process, but how controlled the process is.” CIO

Send feedback to editor@cio.in

REAL CIO WORLD | ma y 1 5 , 2 0 1 2 8 7

5/11/2012 6:15:51 PM

Big Data Disaster Recovery

Analytics Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk Management Virtualization Business

the th 125 issue special

Virtualization on here’s how virtualization and replication technologies

Reader ROI: How cost sensitivity is driving the use of virtualization for disaster recovery

At Ingram Micro, executive president and CIO Mario Leone doesn’t think about how much he will spend on disaster recovery.

Why servers dedicated to disaster recovery may go out of style What to watch out for in cloudbased DR

By Robert L. Scheier

“Any DR strategy should be based on the value of data you are planning to secure. We realized that SAP and e-mail are business critical so we decided to have a DR for this.” —Mukund Prasad, Director-Group HR, Business Transformation & Group CIO, Welspun Group

M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

That’s because the global electronics distributor weaves its disaster recovery requirements into its broader business objectives and its service-level agreements (SLA) with its 15,000 users. Since 2010, the IT shop has been cutting costs and meeting its service and disaster recovery commitments by using a hybrid cloud made up of its own virtualized hardware at colocation facilities in Chicago, Frankfurt and Singapore. And rather than paying for dedicated recovery hardware that sits around waiting for a disaster, it uses virtualization to shift workloads from a failed server to one running a less critical workload. “We’re always using that architecture for something,” says Leone. (For more on virtualization, turn to page 145). More and more IT shops are using technologies such as virtualization and replication to make disaster recovery just another service, sometimes using the same servers, network and storage that run order entry, e-mail, application development or other services. This merges what historically were disaster recovery and business continuity efforts, protecting the business against not only rare disasters, but also human error or equipment failures. Some store only data (and perhaps templates for virtual machines) off-site, creating (and paying for) the physical hardware to run them only when needed. “We can recover at our remote site much, much faster by just being able to fire up the system images of the VMs,” says Justin Bell, systems administrator at Strand Associates, an engineering firm. Even if the server infrastructure at that site is less robust than the one at the primary site, “we

VO l/7 | ISSUE/07

5/11/2012 6:15:52 PM

Cover Story

More Efficient DR • Forget dedicated recovery hardware, • Forget use virtualization to shift workloads from a failed server to one running a less critical workload. • Employ easy-to-use replication software • Employ to copy data between primary and recovery sites in near real-time. •Turn to the cloud. •Turn

Double Duty

protect data from disaster, disaster, while keeping business services humming. could run in limited capacity, on much less hardware, until we got things back up at our primary site.” Other organizations have done away with dedicated disaster recovery systems. They shift production work to test or development servers during outages and defer work that’s less critical.

More Demands, More Risk These changes are driven by ongoing pressure to cut costs while maintaining continual uptime, and by the flexibility provided by server, storage and network virtualization. Meanwhile, a recent spate of natural disasters, along with stricter regulatory requirements, has made disaster recovery the No. 1 subject of client inquiries at research firm Gartner, says analyst John Morency. However, Forrester reports that enterprise disaster recovery/business continuity budgets are stuck at 6 percent of total IT capital and operating budgets and that concerns such as “consolidation, BI and virtualization” are given higher priority when it comes to spending. Meanwhile, the list of critical services that need protection keeps growing, with communication tools such as voice over IP and e-mail gaining ‘critical’ status alongside traditional business applications like order entry and ERP. Finally, it’s necessary to ensure uptime not only after

VOl/7 | ISSUE/07

Coverstory_BIG_IDEA_Set2.indd 49

major disasters, but also in the event of localized failures, and many companies need the ability to quickly recover just one file rather than an entire system. By separating virtual servers, networks and storage capacity from physical hardware, virtualization gives users many more choices in disaster recovery strategies. “When you recover a [virtual machine], it doesn’t matter where we put it,” says Kurtis Berger, IT manager at Provider Advantage NW, a healthcare

percent

Of IT budgets go to disaster recovery/ business continuity. SOUrCE: fOrrEStEr rESEarCh

software and services company. “At each of our datacenters, all of our VM servers are pretty much the same. [Almost] any old box will handle the prescribed load, and it’ll be good enough to recover some VMs onto.” Disaster recovery is also being transformed by fast, easy-to-use replication software that copies data between primary and recovery sites in near real time. One such offering allows users to sync data among servers and establish failover protection in about 20 minutes, says Joseph Pedano, senior vice president for data engineering at Evolve IP, a provider of cloud-based IT services. Martin Mazor, Ingram Micro’s director of global information assurance, wouldn’t discuss which products he uses, but he says replication allows his company to recover systems much more quickly than the full day it would take to ship tape offsite. Ingram Micro has also invested in tools that provide a single performance dashboard for all of its worldwide operations, and it has offered employees training in areas such as operational management and the handling of incidents and problems. Evolve IP uses virtualization technology, and Pedano says backup and recovery tools now feature improved integration, making it easier to replicate and restore not just servers, but also their associated databases and security systems.

REAL CIO WORLD | M A y 1 5 , 2 0 1 2 8 9

5/11/2012 6:15:55 PM

the th 125 issue special

Recovery in the Cloud Three things to think about before choosing a cloud-based data recovery service

1. Start with applications that already perform well in virtual or private cloud environments but don’t support your most critical systems. this gives you time to try different approaches and vendors.

2. be realistic about Slas, and know that most cloud providers won’t take responsibility for your losses if you can’t recover after a failure.

3. Understand the interdependencies among the applications and services you host in the cloud and those you host in a traditional datacenter so you properly test recovery. —Source: Forrester Research

virtual servers between its remote offices and headquarters. This is not only easier and less expensive than using a colocation facility, but the higher bandwidth required for the replication also makes it easier for employees to videoconference and share complex engineering documents. That bandwidth also allows Strand to “take snapshots every hour on the hour, so we can facilitate a file restore in about three to five minutes,” says Bell. Given the expense the company would incur if an engineer had to repeat several hours of work, the ability to take snapshots helps justify the cost of disaster recovery even without a disaster, he says.

Cloud Disaster Recovery? Not So Fast To successfully restore a business service such as e-mail or order entry, IT must recover the application server as well as associated components (such as an Active Directory server that contains user information or a database that holds inventory records), and it must do so in the proper order. Taking these dependencies into account is a major area of focus for vendors. Recent enhancements to backup products combine more granular backup and recovery of VMs with the ability to account for dependencies among VMs. The enhancements, found in products for businesses of all sizes, also make it easier to use multiple public or private cloud backup services, and to convert a physical server at a production site to a virtual server at a recovery site.

Another application is designed to automatically check all critical infrastructure components, such as the file system and virtualization components, and identify vulnerabilities that could cause downtime and data loss. It looks for vulnerabilities using a database of ‘signatures’ similar to the ones anti-virus tools use to identify malware. The database is updated by the vendor’s researchers and its users.

Making It Pay Often, the only way to get funding for disaster recovery systems is to demonstrate that they deliver more than just insurance, or that they can even pay for themselves. For example, Strand uses an appliance to replicate about 50TB of data and 25

Some providers say cloud-based disaster recovery will bring the benefit of true disaster recovery, rather than just backup, to small and midsize businesses that until now couldn’t afford it. Pat O’Day, co-founder and CTO of Bluelock, a provider of public cloud virtual datacenters, says customers are increasingly satisfied with cloud security. Many security experts say even public cloud environments in which multiple customers share hardware can be made secure with the proper processes. But a fall 2011 Forrester Research survey showed that only 11 percent of large enterprises and 9 percent of small to midsize businesses had adopted recovery as a service, with 35 percent of large enterprises and 41 percent of SMBs saying they were interested in it but had no plans.

“Today, virtual backup and DR strategies are critical. Enterprises should put their data in virtualized file systems or on network storage to secure them.” —Sharat M. Airani, Chief-IT (Systems & Security), Forbes Marshall

9 0 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set2.indd 50

VO l/7 | ISSUE/07

Cover Story

“DR on the cloud is a reality today. But identifying what you should take on the cloud and what you should keep within your premises is key.”

—Sanjay Kukreja, PrincipalTechnology Services, eClerx

VOl/7 | ISSUE/07

Coverstory_BIG_IDEA_Set2.indd 51

Strand Associates, an engineering firm, uses an appliance to replicate about 50TB of data and 25 virtual servers between its HQ and remote offices. This is not only cheaper than using a colocation facility, but the higher bandwidth required for the replication also makes it easier for employees to videoconference and share complex engineering documents. Cloud disaster recovery is also not suited for applications that rely on older platforms that most cloud providers don’t offer, or large databases that don’t perform well in the cloud, says Morency. Users also need to watch for the hidden costs of software licenses some cloud vendors charge for software sitting unused on remote VMs or disaster recovery systems, he says. Both Gartner and Forrester also warn that most cloud disaster recovery providers will refund only a portion of a customer’s fee if disaster recovery falls short—nowhere near enough to make up for the potential revenue loss that such an event could cause.

The cost of the bandwidth required to quickly recover an organization’s VMs and data from the cloud is often an unwelcome surprise, says Alan Arnold, executive vice president and CTO at Vision Solution Management, which provides high-availability and disaster recovery software and services. Some customers and providers opt to physically ship portable hard drives via overnight courier, says Arnold, recalling that one user joked that “FedEx is still the largest-bandwidth network out there.” With IT so central to the business and budgets so tight, it’s essential to get input from top business managers to assess which applications deserve the highest levels of protection. Ingram Micro, for example, conducted a business impact analysis that put various applications in different tiers, with voice, e-mail, ERP and ordering among the top priorities. The company thought of it “just like an insurance policy,” says Mazor. “It helped us think of how much insurance we’re going to buy.” CIO

phOtOgrap hS by rOhIt gUpta, Imag ES and dr lOh Ia

Berger says cloud providers only promise “not to go into your servers” when he questions them about security. “To me, that’s not enough,” he says, adding that the disaster recovery prices he’s hearing— $500 per month (about Rs 25,000) per server—are “more than I can justify.” He instead backs up approximately 60 VMs at two datacenters. The facilities are only a half-hour apart, so this setup would not meet some definitions of a disaster recovery system, but he says it covers most of his needs because the applications aren’t mission-critical. However, some CIOs downplay resistance to cloud-based disaster recovery, saying that smaller companies can host their entire infrastructures in the cloud, and thus get some level of disaster recovery simply by keeping applications and data off-site. Smaller companies that do choose the cloud don’t do it for the savings, they say, but because “it’s just so much simpler to have a system you set up and forget.” While midsize organizations have some incentive to consider disaster recovery in the cloud, few of them use the cloud for mission-critical systems that require true disaster recovery—and what they get in the cloud is closer to dedicated hosting (with the customer’s data and systems running on separate hardware) rather than a multitenant, elastic, pay-as-you-go public cloud. Most large organizations are big enough to provide disaster recovery themselves, CIOs say, and even if they weren’t, “there’s no good solution” for protecting sensitive applications in the cloud.

Send feedback on this feature to editor@cio.in

“Security for DR in a virtual environment should be grounds up. With bolt-on security, it’s hard to customize and keep pace with change.” —Md. Jawed Ahmed, Group IT Head, OmniActive Health Technologies

REAL CIO WORLD | M A y 1 5 , 2 0 1 2 9 1

5/11/2012 6:16:00 PM

Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk Management Virtualization

Business Continuity

CIO Career

Best Practices • Know that VDI has a bigger impact on BCP than server virtualization as it enables staff to work from anywhere. •Remember that mobiles in the workforce provide more flexibility for workforce recovery options.

the th 125 issue special

Keeping ITUp Up how It t business continuity is challenged by four tech megatrends: Social, mobile, virtualization and cloud. By Bob Violino

In IT, failure is not an option. Not surprisingly, companies have made it a high priority to develop and implement reliable business continuity plans to ensure that IT services are always available to internal users and outside customers.

But recent technology developments and trends, most notably server and desktop virtualization, cloud computing, the emergence of mobile devices in the workforce and social networks, are having an impact on how enterprises handle IT business continuity planning and testing. Much of the impact is for the better, experts say, but these trends can also create new challenges for IT, information security and risk management executives. Here’s a look at how these tech megatrends are affecting IT business continuity specifically.

Virtualization Virtualization is making business continuity planning easier for IT executives and their organizations, if for no other reason than it’s helping to reduce the number of IT assets, says George Muller, vice president, sales planning, supply chain & IT at Imperial Sugar Co, Sugar Land, Texas, one of

Reader ROI: Tech trends that offer BC opportunities The tradeoffs CIOs must be aware of How to prepare

“We manage some of our clients’ social media accounts. But, since it’s all cloud based—when doing our BCP—we also need to plan for Internet failures like the one caused by a fire at Airtel.” —Rohan Deshpande, CTO, Ogilvy & Mather

9 2 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set2.indd 52

VO l/7 | ISSUE/07

Cover Story

the US’s largest processors and marketers of refined sugar. “For those of us who have been in the IT world for a few years, we’ve seen the transition from the old large mainframes to client server to Web-based applications to cloud based computing,” Muller says. “During that time the proliferation of PCs and servers has been wild.” With so many devices to maintain and keep running, particularly physical servers in the datacenter, ensuring systems uptime had become a much greater challenge, Muller says. “With virtualization, we’ve now been able to reduce that footprint [of servers], which means when we are planning for business continuity now we’ve got fewer devices to worry about.” Server virtualization has allowed communications and compliance technology services provider Walz Group in California, to greatly reduce its planned outages, and largely eliminate unplanned downtime, says Bart Falzarano, CISO. Using server virtualization, the company can manage, support and secure its applications more effectively, Falzarano says. Walz has been able to achieve higher virtualization efficiencies (a higher number of virtual machines to hypervisor host) using newer infrastructure technology. The company is then able to leverage workload mobility capabilities locally that allow it to quickly switch VMs and apps between different physical resource pools of compute, memory and storage. “For maintenances, upgrades, firmware updates, critical patches, etcetera, Walz simply moves the applications away from the area being impacted by the maintenance activity,” Falzarano says. “Once the maintenance activity, testing and quality control checks are complete, [we] may move the application back to that region or area.” Virtualization has actually had a bigger impact on disaster recovery than on business continuity, says John Morency, research vice president at research firm Gartner, although one area where there’s been an effect on continuity is work area recovery.

Vol/7 | ISSUE/07

Coverstory_BIG_IDEA_Set2.indd 53

58 percent

Of CIOs say BCP drives their security spend. Source: Indian Information Security Survey

“But what more organizations are doing now is having people work at home or at Starbucks or the library or wherever,” he says. “The use of desktop virtualization technologies, in conjunction with secure tunneling, is enabling organizations to implement broader and more distributed work area recovery.” Some businesses and functions, such as branch banks and customer service call centers, continue to use work area recovery services, Morency says. But a growing number of Gartner clients are leveraging virtualization to enable people to work offsite when needed, as an alternative to work area recovery. Rachel Dines, senior analyst, infrastructure and operations, at Forrester Research, says desktop or client virtualization is having a bigger impact on business continuity than server virtualization. “Client virtualization is making workforce recovery [possible] for many companies that cannot rely on employees working from home with laptops,” Dines says. For example, at companies with highly sensitive information—such as financial services and insurance firms or government agencies—where employees are not issued laptops to prevent data leaks, client virtualization enables the rapid deployment of client images to disparate hardware at workforce recovery sites, Dines says.

In addition, organizations can deploy client virtual machines over the Internet and allow employees to access them via personal computers at home. “Either way, users are able to use the same environment that they are accustomed to on a daily basis, which means they will be more productive during the outage,” Dines says.

Cloud Computing Many of Gartner’s clients are increasingly using software-as-a-service (SaaS) to support business processes, Morency says. “With the use of SaaS for client-facing applications and even internal customer support applications there’s a much improved means of continued availability, even in the presence of minor or major disruptions,” Morency says. “You have a set of applications delivered from the cloud.” But this also imposes additional responsibilities on IT as far as being able to broker those services or provide additional problem management triage when necessary, Morency adds. Walz Group operates a private cloud and uses cloud management tools that Falzarano says are a key to the company’s business continuity initiatives. One such product the company is using provides a design architecture with combined networking, computing and storage infrastructure. Every Walz application has a template associated with it, Falzarano says. These templates are checked into an “environments catalog”, and are centrally managed by cloud management software. Using the software and the templates within an environment catalog, the IT team at Walz can maintain business continuity effectively, Falzarano says. The consumption of resources (for example, CPU, memory, storage, bandwidth) for these environments are displayed via dashboard, alerting and reporting metrics, and detailed trending such as daily, weekly, monthly and quarterly consumption helps with planning, determining and provisioning the capacity needed for business continuity and disaster recovery purposes.

REAL CIO WORLD | ma y 1 5 , 2 0 1 2 9 3

5/11/2012 6:16:04 PM

the th 125 issue special

Using the cloud management tool Walz can set up defined policies for scaling out additional applications, and this allows it to maintain business continuity through a more automated, on-demand type of provisioning, Falzarano says. The software also allows Walz to provision to its private cloud or to a service provider’s private cloud. For example, if Walz is using 80 percent of the internal private cloud and suddenly sees a demand for a new application and wants to rapidly spin up development systems, it might choose to provision these development systems to a service provider’s private cloud instead of provisioning systems to the remaining 20 percent on its private cloud, so that it can maintain some growth reservation. The same type of model can also be used for business continuity, Falzarano says. Imperial Sugar operates a hybrid cloud environment, with about 95 percent of its applications running on a private cloud in its datacenter and the remainder accessed via a SaaS model. The private cloud is provided by a network service provider and the SaaS software is delivered by software vendors on a hosted basis, Muller says. Because the cloud environment is maintained by service providers and software vendors, the onus falls on them to ensure continuity, and that can be a benefit as well as a risk, Muller says. “When I have a third party hosting the environment for me I look to them as part of the service-level agreement to have the resources—the people and hardware and infrastructure in place—so that they can guarantee me if the hardware has a problem

percent

Of CIOs include BCP in their security policies. SOUrCE: IndIan InfOrmatIOn SECUrIty SUrVEy

at one location they’ve got another location that will bring up my apps in a manner that is seamless to our internal users,” Muller says. “That’s sort of their problem, as long as I’ve got a strong service-level agreement in place with them.” On the other hand, even with a servicelevel agreement holding the service provider responsible there are no guarantees that service will not at some point be interrupted, Muller says. Not everyone sees cloud computing as influencing business continuity. “As of today, I don’t see a huge impact,” Dines says. “However, I do expect this to become a significant complicating factor in the future. As more organizations outsource more services to the cloud, it will become the job of the business continuity manager to audit the recovery plans of many different suppliers.”

In addition, Dines says, during a failure or testing, recovery will need to be coordinated across many different sites run by different vendors. “Longer-term, cloud will make business continuity much more complicated,” she says.

Mobile Devices The proliferation of mobile devices in the workforce is a benefit for business continuity strategies because it gives more flexibility for workforce recovery options, Dines says. “As compared to the days when employees only had desktops and laptops, the ability to remain productive without access to a computer via tablets and smartphones is a significant advantage,” she says. “Additionally, it means that employees should be easier to communicate with during a disaster.” Business continuity planning software vendors are putting more emphasis on ensuring that the software and information needed for business continuity can be accessible via mobile devices, Morency says. This includes information such as the current status of recovery, the locations to which employees should be going, what applications and services they can access and where they connect to get the latest emergency updates. “This is not only for telecommuters but for the workforce in general and the mobile sales folks who need ways to access the information that is most relevant to them, and be able to access this through the device of their choice,” Morency says. Enterprises “cannot depend on corporate headquarters or the datacenter always being

“Putting e-mail on the cloud is easy since it’s a standard app. But running a customized SAP on the cloud—from a BC perspective—is a different challenge. You need the right vendor with proper SLAs. —Anil Khopkar, VP (MIS) & CIO, Bajaj Auto

9 4 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set2.indd 54

VO l/7 | ISSUE/07

available following a disruptive event,” Morency says. “They have to ensure that critical plan content is always available [including to mobile users] regardless of what happened.” Many Imperial Sugar employees use smartphones, tablets and other devices for work, Muller says, and these devices would likely prove useful from a business continuity perspective because workers

business recovery situation,” Muller says. “A wireless PC can do the same thing, but a mobile device is smaller and easier to carry around and it costs less. You can do just about anything on a mobile device that you can do on a PC.”

Social Networks A Forrester report published in July 2011, entitled “It’s Time to Include Social Technology in

Social media is used by over 80 percent of the world’s population, Gartner says, and enterprises can’t afford to ignore it as a crisis communications tool. But effective use of a new communications channel requires planning and practice. would be able to use them to conduct business transactions and communicate with co-workers and customers from multiple remote locations. The key issue is ensuring that these devices continue to have access to the software and services that allow them to function optimally for applications such as messaging and collaboration. “If I’ve got a Blackberry Enterprise Server I just need to make sure that it’s something I can bring up at a remote business continuity or disaster recovery site” if needed, Muller says. The proliferation of mobile devices makes it easier for people to stay connected, “and certainly makes it easier to connect in a

Your Crisis Communication Strategy,” notes that while many risk professionals subscribe to automated communication services for reliable mass notification, “the widespread adoption of mobile devices and easy Internet access support the case for using social technologies like Twitter, Facebook, and Skype as critical components of your response plan.” As companies look for rapid, effective communication approaches with key stakeholders in crisis communications, they should strongly consider leveraging social technologies, the report says. Another report, “The Do’s and Don’ts of Using Social Media in Business Continuity

Management,” released by Gartner in January 2012, notes that social media “holds the promise of transforming enterprise business continuity management, especially crisis/incident management and communications practices.” Social media is used by more than 80 percent of the world’s population, Gartner says, and enterprises can’t afford to ignore it as a crisis communications tool. But effective use of a new communications channel requires planning and practice, and attempting to leverage social media for the first time during a crisis can cause more harm than good, the firm says. Among the key recommended steps are to determine which social platforms are already used by employees, customers and other stakeholders and use those platforms in crisis/incident management efforts; and use social media not only to communicate during a disaster, but to gather information and gain the support of outside resources that can help ensure ongoing business resilience. Business continuity management professionals should immediately begin assessing social media’s opportunities—and risks, the Gartner reports says. “Social networks are both a blessing and a curse” for business continuity, Dines says. “They have the benefit of being an additional communication channel to get in touch with employees during a [business disruption]. However, they can be a headache for crisis communications and PR as they try to control potential damages to reputation and the propagation of rumors.” CIO Send feedback on this feature to editor@cio.in

“We have evolved a BCP in such a way that we focus more on different platforms. The MDM strategy has been standardized on the basis of OS versions irrespective of the device one wishes to use.”

“Virtualization made it easy for us to prepare a BCP solution as it It reduced both capex and power and cooling requirements.”

—Vilakshan Jhaku, Sr. VP & CIO, BPTP

—Pertisth Mankotia, HeadIT, Sheela Foam

VOl/7 | ISSUE/07

Coverstory_BIG_IDEA_Set2.indd 55

phOtOgrap hS by rOhIt gUpta, Imag ES and dr lOh Ia

Cover Story

REAL CIO WORLD | M A y 1 5 , 2 0 1 2 9 5

5/11/2012 6:16:07 PM

Cloud Computing

IT Consumerization

Customer Focus Enterprise Risk Management Virtualization Business Continuity

CIO Career

the th 125 issue special

Beyondthe as the CIO role cements its place in India Inc, Reader ROI: What a CIO can bring to the CEO table The challenges of moving beyond CIO

What do you do when you get to the top of the enterprise technology heap? If your answer is a French shrug, you are not alone. It’s a question that’s gaining burning status as the CIO role in India hits its stride and gains growing maturity.

How to get ready

By Varsha Chidambaram

But noses pressed flat against the corporate ceiling, a growing number of CIOs are choosing to reframe the argument: They are only at the end of their careers if they remain CIOs. But can they be more than CIOs? What challenges they will face if they become CEOs or COOs? And aren’t some of the qualities that are inherent to being CIO diametrically opposite of those you need for the top job?

A Quick Over the Shoulder

“The CIO must first transform himself into a business CIO.” —Swaranjit Soni, Independent Consultant

M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

The CIO title made a modest entry into India Inc during the 90s. But if the title was new, the role wasn’t. “In those days they were called EDP managers or IS managers,” remembers N. Kailasnathan, an erstwhile CIO, and currently the EVP and COO of Titan’s Precision Engineering Division. Kailasnathan belongs to what’s being called the first generation of Indian CIOs. Most of this generation started out as programmers or coders, like Kailasnathan himself. “Those were the days before SAP,” jokes Kailasnathan, referring to how, back in the day, all applications were homegrown and a lot more programming went into the IT function. “Our capabilities were tested on how well we were able to develop and support applications. There was no standard. You knew processes because you developed the application.” In those days, the technology playing field was also very limited, a fact that cast a shadow on IT’s reputation. “I remember in 2000s, the only WAN link available was a point-to-point circuit. Look at

VO l/7 | ISSUE/07

Cover Story

What Else You Can Be: • COO • CEO • Consultant

CIO CIOs need to ask: What’s next? the choice we have now,” says Sanjiv Dalal, former CTO at Firstsource and current MD and CEO of Anunta Tech, a wholly-owned subsidiary of Firstsource. Dalal says that the lack of technology choices then led to CIOs being perceived as “status quoits”. That changed very quickly. Technology disruptions ensured that. In the last decade new technology, and technology delivery mechanism like outsourcing have freed up CIO bandwidth, allowing them to create solutions that address business needs —and maturing the role in the process. “Technology has undergone a dramatic change, making so much more available today,” says Dalal. From there, the CIO role really took off. Forward-looking IT leaders turned their departments from cost center to profit centers, from support functions to business enablers, from controllers to drivers of innovation. And then, at the top of their game, some of them left it all to do other things.

Why Change Tack? CIOs who have moved beyond the CIO role say they were motivated to do so by different things. For some it was natural progression of their roles within their companies, for others it was the ambition to build something of their own. But a common theme runs across their stories: They didn’t move because they felt that their Career Is Over.

VOl/7 | ISSUE/07

“Don’t look for a shift because you’re bored,” says Chinar Deshpande, formerly the CIO at Future Group before he became the CEO of Criti. Like many CIOs, Deshpande was an engineer and computer science student, which prompted him to join IT. However, after a few years in the US and an MBA later, he changed his career path (For another CIO who switched roles, turn to page 152). “My experience in large enterprises like Hindustan Unilever and Pantaloons gave me the opportunity to lead global projects and try out new business ideas. And working closely with a leader like Kishore Biyani, fuelled the spirit of entrepreneurship in me,” says Deshpande. “I wanted to start something of my own.” Another common characteristic among CIOs who have moved beyond the IT role is that they did a lot more than handle IT while being CIOs, making their shift to other roles less of a challenge. Take the example of Swaranjit Soni, former CIO of Indian Oil Corporation and currently an independent consultant. “As CIO, I headed a large team of about 400 dedicated professionals from IT, operations, finance, logistics and HR. This required not only IT proficiency but total business operations insight.” Kailasnathan is another example of CIOs who did more than IT. During his years as Titan’s CIO, he was invited to join

the board, no mean feat for a CIO even today. While heading IT, Kailasnathan also led numerous initiatives outside IT. He got into business excellence, knowledge management, ethics, social responsibility, and even corporate communications. His big break outside IT, he says, came from the top. “I moved when my boss asked me to. He felt I could do much more outside IT,” he says.

Don’t Move Without… Whatever be the move, a CIO must ensure all possible impediments are cleared before he can make the plunge. One of those is lining up a suitable successor. It helped that Kailasnathan had groomed a next-in-line that could take over his IT role. “I could move on thanks to a good deputy. If you want to move first make sure you have accomplished everything and more as a CIO. But also make sure you have someone you can trust to hand over the ropes to,” says Kailasnathan. Dalal was familiar with both sides of IT having co-founded his own software company years earlier. So when the opportunity came to lead Anunta, he grabbed the chance with both hands. But it wouldn’t have been as easy without a robust IT team that could fill up the void his move would create.

REAL CIO WORLD | M A y 1 5 , 2 0 1 2 9 7

5/11/2012 6:16:09 PM

the th 125 issue special

“I have been blessed by an old team at Firstsource that has been with me since I joined. Hence transitioning was a fairly straightforward job,” explains Dalal. Then there are the skills you need to master. The good news is that you don’t need to be born with these skills, you can acquire them. “The CIO must first transform himself into a business CIO,” says Soni. Dalal who is a self-confessed techie says he picked business skills as he floated up the corporate hierarchy. “My roots are in technology. But along the way I’ve acquired reasonable experience in finance, HR, business strategy,” he says. While some like Kailasnathan grow within an organization, some need to look out for friends who support their career and push them into new territory. “Networking is essential. When you’re looking for a change, you’ll need people who have faith in you,” says Deshpande, who got his CEO break through a well-wisher. Finally, CIOs taking on new roles need to be ready to unlearn, advices Kailasnathan. “You have to lose the tech orientation you acquired over the years. You need to develop a flair for dealing with the external world, dealing with financial numbers, costs and balance sheets. You have to produce month-on-month results,” he says. What about learned behavior—like minimizing risk—that comes with the CIO territory? Does that make it tricky to take on a CEO’s role, which demands a high risk threshold? “Absolutely not,” says Dalal. “I don’t think CIOs are averse to taking risks. The innovations happening in the tech space is changing the typical CIO profile. A lot of CIOs today are willing to look at alternative technologies and experiment.”

What a CIO Brings to the Big Boy’s Table Although there is much for an aspiring CIO to learn, there are also a number of skills they posses that give them an edge their c-suite peers don’t have. When

9 8 M A y 1 5 , 2 0 1 2 | REAL CIO WORLD

Coverstory_BIG_IDEA_Set2.indd 58

“Working closely with a leader like Kishore Biyani, fuelled the spirit of entrepreneurship in me. I wanted to start something of my own.” —Chinar Deshpande, CEO, Criti

“I don’t think CIOs are averse to taking risks. The innovations happening in the tech space are changing the typical CIO profile.” —Sanjiv Dalal, MD and CEO, Anunta Tech

Kailasnathan moved on to an operational role, for instance, he brought process excellence with him. “As a CIO, you have great knowledge of processes. I was able to bring process efficiency into our operations,” he says. A CIO’s analytical ability also makes them excellent consultants. “People must understand that devices are dumb and they have to be defined precisely. This skill of process engineering and the ability to define precisely, to the smallest detail, can be applied to any field making the CIO adept at many functions,” says Dalal. Then there is the ability to push the benefits of IT beyond what ordinary CEOs can. “Being an IT guy at heart, I have been able to introduce IT solutions and process automation with more ease. I’m now a customer to IT, but I get preferential treatment since IT guys know me well,” says Kailasnathan. That’s another common theme among CIOs who go beyond the role: A buried fondness for technology. “I miss the thrill of technology, of staying in touch with all that’s new and emerging. In business, everything is holistic and less technical,” concludes Kailasnathan. You can take the CIO out of IT, but you can’t take technology out of a CIO. CIO

“If you want to move first ensure you’ve accomplished everything and more as a CIO. Then make sure you have someone you can trust to hand over the ropes to.” —N. Kailasnathan, EVP and COO, Precision Engineering Division, Titan

Varsha Chidambaram is senior correspondent. Send feedback on this feature to varsha_chidambaran@ idgindia.com

VO l/7 | ISSUE/07

Everything Virtualization Under One Roof

Get the latest news, white papers, in-depth analysis, best practices, perspectives and case studies about Virtualization, including

Virtualization Zone

server, storage, desktop, applications, OS and network virtualization, management, security and more.

Get In the Zone Today! Log on to www.cio.in/zone/virtualization

the th 125 issue special

â&#x20AC;&#x153;You can outsource something like payroll, but business-driven creative solutions will only emerge when things are done in-house.â&#x20AC;?

Bhaskar Bhat Managing Director, Titan Industries

100

VFTT_May 2012.indd 46

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:13 PM

proud presenter of cio100

keYNote SeSSioN CIO is proud to announce Airtelâ&#x20AC;&#x2122;s continued association with CIO100 2012 for the 6th consecutive year as the presenter of the Keynote Session. Bringing you the best of thought leaders, industry experts and speakers, the keynote session is a defining moment of the CIO100 proceedings. EvEnt By

hostEd By

www.cio100.in/keynote-session

the th 125 issue special

“We see the CIO as a shrewd business leader and then a technology expert. That’s why the function is rightfully a business enabler.”

Harsh Mariwala Chairman & MD, Marico Industries

102

VFTT_May 2012.indd 48

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:14 PM

proud presenter of cio100

iNForMAtioN MASterMiND spEcial awards

In today’s information age, IT departments need to store, manage, protect and analyze their most valuable asset—information—in a more agile, trusted and cost-efficient way. The Information Mastermind Awards, recognize IT leaders who handle the rising information management challenges of business, exceptionally. EvEnt By

hostEd By

www.cio100.in/information-mastermind

the th 125 issue special

K.V. Kamath Non-executive Chairman of the Board of Directors, Infosys and ICICI Bank

104

VFTT_May 2012.indd 50

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

“Incomplete communication, inappropriate ownership and inadequate business understanding have to be the three biggest reasons why IT projects fail.”

Vol/7 | ISSUE/07

5/11/2012 3:43:14 PM

proud presenter of cio100

iNFrAStrUCtUre spEcial awards

A sound and scalable IT infrastructure is the key to building successful businesses. The Infrastructure Special Awards felicitate those extraordinary IT frameworks that have propelled their businesses to the next level. EvEnt By

hostEd By

www.cio100.in/infrastructure

the th 125 issue special

“There should never ever be finite goals. One set of goals must result in the next set of goals. Always.”

Kiran Mazumdar Shaw Chairman & MD, Biocon

106

VFTT_May 2012.indd 52

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:14 PM

proud presenter of cio100

iNNoVAtioN ArCHiteCt spEcial awards

In todayâ&#x20AC;&#x2122;s competitive environment, innovation is the only criterion for business success. The Innovation Architect Awards honor path-breaking innovations in IT implementations that give their businesses the winning edge. EvEnt By

hostEd By

www.cio100.in/innovation-architect

the th 125 issue special

Kishore Biyani Founder & Group CEO, Future Group

108

VFTT_May 2012.indd 54

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

“With technology, looking at the short-term is not wise. To witness its impact on business, look at the medium and long term.”

Vol/7 | ISSUE/07

5/11/2012 3:43:15 PM

proud presenter of cio100

SeCUritY SUPreMo spEcial awards

Today, business information is the most critical asset for any organization. The CIO100 Security Supremo Awards will recognize those IT initiatives that deliver the most robust security for modern threats and protect businesses from potential harm. EvEnt By

hostEd By

www.cio100.in/security-supremo

the th 125 issue special

â&#x20AC;&#x153;Focus on customers and deliver an enhanced experience to them. Delivering against the norm is just not good enough.â&#x20AC;?

Lakshmi Narayanan Vice Chairman, Cognizant Technology Solutions

110

VFTT_May 2012.indd 56

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:15 PM

proud presenter of cio100

greeN CrUSADer spEcial awards

Breakthroughs in technology need not harm the environment. The need of the hour is sustainable green computing that is energy-efficient and reduces carbon footprint. The Green Crusader Awards reward such eco-friendly IT initiatives. EvEnt By

hostEd By

www.cio100.in/green-crusader

the th 125 issue special

“Maintaining standards while growing inorganically is like changing the engines on a plane mid-air, but it’s the only way to profit and customer delight.”

Marten Pieters MD & CEO, Vodafone India

112

VFTT_May 2012.indd 58

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:16 PM

proud presenter of cio100

eFFiCieNt eNterPriSe spEcial awards

For IT departments, living up to businessâ&#x20AC;&#x2122; expectations is par for the course. But delivering technology solutions that help them do and achieve more is the key to success. The Efficient Enterprise Awards honor those IT leaders that have surpassed their IT goals. EvEnt By

hostEd By

www.cio100.in/efficient-enterprise

the th 125 issue special

N.R. Narayana Murthy Chairman Emeritus, Infosys

114

VFTT_May 2012.indd 60

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

“Being an early-adopter brings with it the possibility of failure. But if you’re not a pioneer it’s difficult to see what lies ahead.”

Vol/7 | ISSUE/07

5/11/2012 3:43:16 PM

proud presenter of cio100

Networking Pioneer special Awards

Networks form the backbone of businesses around the world, and the enormous requirement to scale, as businesses grow, is the IT departmentâ&#x20AC;&#x2122;s biggest challenge. The Networking Pioneering Awards recognize initiatives that have created efficient networking frameworks that address the issues of scalability and growth. Event By

hosted By

www.cio100.in/networking-pioneer

the th 125 issue special

“Competition is always good for growth. Never turn away from a fight, it will teach you a lot and will make you more efficient.”

R.S. Sodhi MD, amul

116

VFTT_May 2012.indd 62

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:17 PM

proud presenter of cio100

HALL oF FAMe When success repeats itself, it reďŹ&#x201A;ects the highest level of achievement. The 4th edition of Hall of Fame will felicitate those mavericks who have won the CIO100 Awards four times in recent years. EvEnt By

hostEd By

www.cio100.in/hall-of-fame

casefiles

Carzonrent

Carzonrent puts in place a robust revenue management system after it loses track of 1.4 percent of its transactions. Rajesh Munjal, VP-Business Operations, EasyCabs, saves his company Rs 1.6 crore a year by ensuring every transaction is captured.

118

Case Files.indd 56

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

By Sneha Jha

The Organization: Carzonrent has the numbers stacked on its side. The Delhibased firm, which drove into the car rental business in 2000, operates over 6,000 cabs ferrying 2,000 passengers everyday, and has raced ahead to become India’s largest car rental company. To fortify its position, it is adding 23,500 cars to its fleet, over three years, at an investment of Rs 2,000 crore. The Business Case: But its expansion plans needed more support from the company’s revenue management system, whose inefficiencies

resulted in revenue leakages. The company, which offers multiple payment options including cash, credit, direct payment and float (advance payment from corporate clients), sees, on average, 53,000 transactions a month. But due to its revenue management system, around 1.4 percent—about 735— transactions went missing, leading to direct losses. “Due to erroneous processes a significant number of transactions were going unnoticed,” says Rajesh Munjal, VP-business operations, EasyCabs. “This happened for various reasons including if a chauffeur failed to submit a bill to the backend, if there was a time lapse in the submission of bills to a customer, or if a company was unable to collect bills from its branches punctually.” Also its set-up failed to meet customer needs. “Some customers demanded post-journey payment, cash payment and customized MIS—along with supporting documents—to suit their ERPs. With the manual system we were incapable of meeting these needs,” he says. The Project: The only way forward was a robust revenue management system which could track every transaction from end-to-end, across various modes of payment and various customers. (Carzonrent offers chaufferdriven cars, self-driven cars, a limousine service, and an operating-lease service,

apart from its cab service, EasyCabs). But this required an organizational push. So, Munjal rounded up multiple stakeholders. “I constituted a team of people from finance, collection, operations and IT. Over five months we carried out a gap analysis of the manual system and drafted a project blueprint,” he says. Based on the team’s inputs, the IT team built an automated revenue management system on a .Net platform. Today, Carzonrent’s revenue management system is an online, real-time mechanism that tracks every transaction and ensures that each is closed, revenue is booked, and payment is received. The Benefits: The project, which cost Rs 2 lakh, delivered ROI swiftly. By plugging revenue leakages, it saves the company Rs 1.6 crore a year. The automated system cut manpower needs at central and branch locations from 26 to 13 saving Rs 23 lakh a year. Perhaps more importantly, the solution enhanced customer satisfaction and put Carzonrent miles ahead of its competition. “We are the only company in the industry with an automated revenue management system. Now, we are streets ahead of our rivals,” says Munjal. CIO Sneha Jha is senior correspondent. Send feedback on this feature to sneha_jha@idgindia.com

Vol/7 | ISSUE/07

5/11/2012 3:37:45 PM

the th 125 issue special

R. Seshasayee Executive Vice Chairman, ashok Leyland

Vol/7 | ISSUE/07

VFTT_May 2012.indd 65

“IT evolution is interesting. What was subject to an ROI test 10 years ago is now a pre-condition for any business strategy.”

REAL CIO WORLD | M a y 1 5 , 2 0 1 2

119

5/11/2012 3:43:18 PM

casefiles

Flipkart

P hoto by Srivatsa Shan dilya

By using a system that allows Flipkart’s engineers to launch multiple versions of its website in real time, IT drives a new level of innovation.

120

Case Files.indd 58

The Organization: Despite a slow start, e-commerce in India has grown by 70 percent year-on-year, according to the Internet and Mobile Association of India. Leading the pack of e-retailers is Flipkart. The brain child of ex-Amazon employees Flipkart has today become one of the most trusted avenues for e-commerce in India. The Business case: In 2010, thanks to the newfound confidence of the Indian online shopper, Flipkart’s numbers peaked. But for Amod Malviya, VP engineering, Flipkart, that came with a caveat. “We had to be careful to not let our rapid growth kill the innovative spirit of the company,” he says. That’s a valid fear. In the business of innovation, complacency holds no ground. Malviya knew he would have to empower users with new tools to innovate and stay ahead of the pack. But creating a new process wasn’t the solution.

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

* By Varsha Chidambaram

“Processes force people to do things in a certain way, killing their creativity. If you remove the bureaucratic headache, people are encouraged to think freely," says Malviya. While he admits that this approach opens new doors to risk, he knows that it also encourages a fearless culture of innovation—a must-have in the e-commerce business. The Project: With that goal in mind, Malviya implemented a framework. The framework has two components: One measures the performance of the website through various defined metrics. The second, more interesting one, uses an A/B framework (used to test the success of web marketing campaigns), allows multiple versions of the site to be live simultaneously. This helps the company conduct live experiments by siphoning off a small portion of the traffic and studying the results. Both components work in tandem. The metrics tool is a dashboard that measures the website’s performance on various parameters. For example, if the transaction rate falls below a certain limit, systems are immediately alerted. With the A/B component, Flipkart’s engineers can also rapidly implement their ideas. “When someone proposes a new idea, a lot of precious time is spent debating what-if scenarios.

Amod Malviya, VP engineering, Flipkart, introduced a framework that helped Flipkart doubled its revenue every quarter.

Now, we can implement an idea, while mitigating its risks.” For example, whenever an engineer wants to change the design of the homepage, the A/B framework redirects 10 percent of Flipkart’s traffic to the new design. They can evaluate the impact of the change with the metrics collection tool. If it leads to a dip in sales, they can immediately roll it back, and less than 10 percent of traffic is impacted. “We started streaming metrics on large screens on the engineering floor so that engineers could track performance in real time—

unlike most websites that review their performance only once in a week or a month,” says Malviya. This has been a huge hit with business users who can now float new products and toy with business ideas. The Benefits: Since the introduction of the tool in mid-2010, the company today sells more than 20 categories of products, clocking in sales of Rs 75 crore a month. In fact, in the last eight quarters, the company has doubled its revenue every quarter. CIO Send feedback on this feature to varsha_chidambaram@cio.in

Vol/7 | ISSUE/07

5/11/2012 3:37:46 PM

AN IDG CUSTOM SOLUTIONS INITIATIVE IN ASSOCIATION WITH

TRANSFORMING BUSINESS THROUGH JUDICIOUS APPLICATION OF IT

PLUS Battling inefficient manual systems, Maharashtra Gramin Bank was finding it hard to control leakages and service its customers. But C-Edge’s core banking solution turned the bank around and gave it’s customers an edge—in just 77 days.

INTERVIEW Satya Mishra, talks about how embracing cloud services and exploring non - linear business models can be a game changer for Indian banks.

TRANSFORMERS CASE STUDY

BANKING ON THE RURAL EDGE

Battling inefficient manual systems, Maharashtra Gramin Bank was finding it hard to control leakages and service its customers. But C-Edge’s core banking solution turned the bank around and gave it’s customers an edge—in just 77 days.

Company

Maharashtra Gramin Bank

Industry BFSI

Offering

Provides banking services in rural Maharashtra

ural banking in India poses a formidable challenge, requiring extraordinary logistical planning for what might be routine for an urban bank. In 2008 and 2009, three small Regional Rural Banks (RRBs) in rural Maharashtra were amalgamated to form a single, stronger RRB named Maharashtra Gramin Bank (MGB), operating in 16 districts across Maharashtra with headquarters in Nanded. This larger financial institution took up the task of improving the quality of banking services provided to its customers across all of its constituent banks. However, even the expanded Maharashtra Gramin Bank lacked the financial resources to embark on a comprehensive technology build-out in the face of daunting implementation challenges.

CUSTOM SOLUTIONS GROUP TATA CONSULTANCY SERVICES According to Philip D’ Silva, chairman, Maharashtra Gramin Bank, rural banks require the same technology infrastructure as urban banks. Yet a rural bank’s footprint calls for higher costs for implementation and operations. Also, a rural bank’s customer base consists of people that have fewer financial resources compared to their urban counterparts. As a result, rural banks cannot boast — or afford — sophisticated technology. “Remote rural areas are difficult to reach. They lack adequate transportation and communication facilities. Also, during the monsoon, floods can cut off access entirely. Other concerns include language barriers and lower literacy rates compared to urban areas,” D’ Silva said. As a result, customer service at rural bank branches tends to be both expensive and traditional despite the national mandate for greater coverage of the banking network. “Our rural branch relied on manual operational systems and manual ledger systems, making it difficult for branch managers to compile accurate financial information. In turn, branch officers were unable to supply adequate reports to regulatory authorities or to control leakage of income and expenditures. Furthermore, these manual systems did not distinguish between the bank’s best customers and defaulters —which affected customer service,” added D’ Silva.

needed to be reliable and provide easy access to regulators and risk managers in order to enable audits yet having a full complement of services for customers, high reliability for branch managers, and easy access to audits and reports for regulators and risk managers,” said D’ Silva. So, after evaluating several solution providers, MGB selected C-Edge Technologies, a TCS subsidiary and a joint venture with State Bank of India.

Need for Change

The C-Edge Advantage

According to Ashok B. Shrigondekar, general manager (IT), Maharashtra Gramin Bank, “The bank needed to gain access to powerful core banking technology without committing to high, multiyear capital expenditures on computer hardware, computer software, database management systems, datacenters, disaster recovery centers, networking, and other equipment. It was also not possible for the bank to hire the phalanx of IT professionals required to maintain and upgrade these systems, let alone keep pace with rapid technological developments. Moreover, the bank lacked the resources to implement a layer of vendor management in order to source technology from multiple providers.” “The desired approach was to find a single vendor, ideally an established corporate entity with an established core banking solution, capable of placing MGB in the mainstream of Indian banking. The bank needed a low-cost core banking solution with no incremental expenses, that doesn’t compromise customer service. It also

C-Edge combines IT services, business processes and core banking technology in a single, turnkey solution. Instead of having to invest in IT hardware, C-Edge customers share the cost of datacenters and disaster recovery centers, made available through a single, reliable, and technologically-advanced point of contact for all supplies and services. “With C-Edge, MGB only needed to invest in branch-level hardware, peripherals and LAN technology, with the remaining investments shouldered by C-Edge and made available on a perbranch, per-month basis regardless of number of transactions and accounts,” says Shrigondekar. The bank’s low infrastructure costs were fixed upfront for a period of five years, conferring the advantages of advance planning and certainty of expenses. Technology changes in response to regulatory requirements are also covered by the arrangement, which gives the bank the ability to respond to new regulations at zero cost. Governed by a rigorous ser vice-level agreement, C-Edge guarantees uptime for all banking applications

The CBS has enabled the rural population to be the customer of the bank rather than be the customer of the branch.” PHILIP D’ SILVA,

Chairman, Maharashtra Gramin Bank

PHILIP D’ SILVA

Chairman, Maharashtra Gramin Bank

77 DAYS

was all it took to go live with CBS to be implemented across Maharashtra Gramin Bank

TRANSFORMERS CASE STUDY and services. It also performs a comprehensive range of routine daily and periodic operations, including financial repor ting and regulator y reporting. Instead of managing the complexities of technology and operations in a difficult environment, the employees of MGB can now focus on the business of banking. As part of the agreement, MGB sought to support rural employment and to ensure that customers could receive multi-channel services in local languages. To achieve these ends, a local help was established to ensure quality, local-language services, using traditional, faceto-face banking as one of the primary points of customer contact. C-Edge also offers 24/7 remote support for all of its banking clients, enabling bank customers and employees to obtain answers to complex queries through any customer channel.

commencement of the project, and the data migration strategy was finalized before the start of coding. Guided by extensive experience in project management, C-Edge tracked milestones throughout the deployment to ensure prompt and timely delivery. The management team of MGB with the support of IT team of Bank of Maharashtra (Sponsor bank) also played a critical role in the success of the project. The bank’s business head monitored the overall status of the project, ensured the availability of sufficient resources, and tracked budgets, while the bank’s head of operations led a cross-functional team consisting of both business and technical staff, whose contributions to the project established their credentials for future banking initiatives. The branch managers were responsible for meeting the goals of the conversion schedule, including end-user training, “train-the-trainer” programs, and in some cases, basic technology skills. End-user involvement was an important component, as their inputs were provided during the requirement, acceptance, training, migration and implementation phases.

16 DISTRICTS across remote Maharashtra are covered by 335 branches of Maharashtra Gramin Bank

Selecting the Right Team With 335 live branches, implementing CBS in MGB was no easy task. However, the team comprising staff from MGB, Bank of Maharashtra and C-Edge were up to the task. The team was so committed that the first branch went live with a pilot program on 14th December 2010. C-Edge selected a project manager with managerial and supervisory experience, and implemented rigorous, field-tested project management techniques for project planning, change control, risk management, reporting, and frequent reviews by C-Edge senior management. To avoid delays, the process to establish business requirements was created before the

The CBS has facilitated operational efficiency of bank by improved housekeeping & preventing income seepages.” SHARADCHANDRA CHITALE

Chief General Manager, Maharashatra Gramin bank

77-Day Deployment The tasks of data extraction and data mapping were performed by specialists in legacy systems migration. To move from manual bookkeeping methods, C-Edge employed professional data entry operators on-site, working with intelligent data entr y systems that offered guidance, instructions, and data validation in order to prevent incomplete source data from being entered into the system. From there, experienced consultants at the regional or head offices performed data mapping between legacy data stores and TCS BaNCS. Finally, the cleaned-up, reformatted data was physically installed at each branch on the designated migration date. The bank also provided coordinators and program managers to act as liaisons between the branches and the bank’s headquarters, and their contributions were essential to the success of the deployment. “We had to use professional logistics services to counter the lack of transportation facilities. We also needed translators to address local language issues, and training programs and meetings with staff unions to build awareness of the benefits of the deployment to the bank, its employees, and its customers,” says Shrigondekar. While most of the challenges were expected and the deployment team

CUSTOM SOLUTIONS GROUP TATA CONSULTANCY SERVICES had a plan of action in place to meet these challenges, the actual implementation resulted in the arrival of some unexpected visitors—monkeys. At the branches, C-Edge had installed network equipment capable of meeting the rugged requirements of rural areas. Since the major infrastructure challenges revolved around ensuring uninterrupted power supply and establishing longdistance communications, concrete platforms had to be built to setup solar power modules, generators, and batteries along with satellite antennas and other network infrastructure. These became a favorite spot for the monkeys and they wreaked havoc with the communication and power systems. “We had to protect this equipment and hence cages were built around them,” laughs Shrigondekar. Drawing upon strong contributions from all participants, the C-Edge implementation of TCS BaNCS across 335 branches of Maharashtra Gramin Bank was completed on 1st March 2011— in just 77 days after the migration of its first branch.

Post-implementation Technology Environment “At the headquarters, the management now has a total view of its entire business with centralized consolidation of data and reports. New products can be quickly customized and launched, and the business has no constraints on scalability,” notes D’Silva. Now that branch staff has been relieved from manual reconciliations and bookkeeping, data quality has improved immensely, yielding stronger risk management and asset management practices. In turn, this gives management the flexibility to adjust interest rates, account policies, and exposure to various sectors based on market intelligence and branch-level data. Stronger control over data also gives regulators better information on faster timeframes, leading to greater understanding and trust. Instead of having to send several reminders to remote branches, regulatory offices have easy access to data and reports, better monitoring of funds, and the ability to automate the processing of uniform, standardized data. Helping the regulator also helps the bank through lower costs of communication, photocopying and couriers. At the branches, bank employees can gain a single view of customer relationships across multiple products, and have the ability to suggest the most appropriate complementary products for a given customer. For the first time, they can focus on the business without getting bogged down in the technology, engaging in marketing of bank products rather than routine chores. Thanks to these changes, customers have now started to come back to the bank, especially in the semiurban areas, as they are enjoying the same level of

With C-Edge, Maharashtra Gramin Bank only needed to invest in branch-level hardware, peripherals and LAN technology.” ASHOK B. SHRIGONDEKAR, General Manager (IT), Maharashtra Gramin Bank

service and selection offered by larger institutions, including multiple delivery channels and access to national-level payment systems. “The CBS has enabled the rural population to be the customer of the bank rather than be the customer of the branch,” summed up D’Silva.

What Next? The prestigious Asian Banker IT Implementation Awards jointly recognized MGB and C Edge for successfully implementing the CBS project, and was awarded best ASP programme in 2012. The bank has been a pioneer in assisting SHG- bank linkage programme and was awarded for best performance by NABARD under SHG – bank linkage programme in 2012 in Maharashtra. With MGB entering the mainstream of the Indian banking sector, the roadmap includes extending banking facilities within its area of operation, expanding financial inclusion for the unbanked rural centers, and widening the range of products offered. Also in the pipeline are enabling alternate delivery channels such as ATM debit cards, internet and mobile banking. NABARD has selected MGB for implementation of Aadhar enabled payments on Pilot basis. “We plan to expand our branch network to unbanked rural centers in newly allotted districts under financial inclusion and around seventy new branches are scheduled to be opened by March 2013. In addition to above we propose to introduce Rupay cards (interoperable) to our customers so that they can withdraw cash from any ATM,” concludes D’ Silva. Through these efforts, and with the power of TCS BaNCS and the value proposition of C-EDGE, Maharashtra Gramin Bank will be able to make substantive progress on the decades-long national project of promoting regional rural banking.

TRANSFORMERS INTERVIEW

BANKING ON THE CLOUD Satya Mishra talks

about how embracing cloud services and exploring non - linear business models can be a game changer for Indian banks.

Satya Mishra,

Head of Business Solutions, TCS India

Custom Solutions Group TATA CONSULTANCY SERVICES

What are the emerging business models that will help banks deal with a rapidly changing market place and customer needs in the coming decade? Cloud computing and mobility are the hottest technology and business topics today. There have been three main drivers of cloud adoption among banks so far: a preference for operating expense over capital expense; speed to solution; and flexible, scalable access to specialized resources â&#x20AC;&#x201D; be they technology, software, or people. The cloud infrastructure enables a customer to receive services remotely. This gives small and medium firms access to the same kind of technology that is enjoyed by large enterprises. Most banks are looking for ways to generate value from this new architecture and this has resulted in increased demand for mobile banking and other mobility-based capabilities. Cloud infrastructures can be a pillar of any serious mobility strategy, as banks look to move beyond baseline mobility capabilities to more sophisticated applications.Mobility encourages alternate solutions such as financial inclusion, and door step banking among others. TCS has made significant investment in these solutions and we have seen a lot of traction in the market place. How can enterprises drive operational efficiencies with a service outcome-based business model rather than an effort-based one? Traditionally, enterprises have looked to build their IT infrastructure and had invested time, resources and money to design the solution from scratch. This trend was replaced by a product-based approach where enterprises began to opt for pre-packaged software for applications such as ERP. While they did not build the software entirely, they would still have to customize it. Now, enterprises are looking at using the cloud platform to opt for specific services and solutions without having to worry about where the application is hosted. Enterprises can now choose the services that they require from a catalogue, and pay for only the selected services. The delivery mechanism would be taken care of by the vendor. How can businesses leverage established market positions and levels of trust to explore nonlinear growth models? A linear business model is when a company pays for what it consumes, in terms of effort required and units consumed. There are several limitations in this model and it restricts how quickly a business can grow, since the vendor is focused on giving the customer more volumes rather than the required solution. Non-linear models linking client expenses to business outcomes or usage instead of headcount and effort spent are becoming common. Vendors are able to provide this by effectively utilizing technology and using solutions that is not based on individual resources, but rather deployed as a service. Non-linear models result in higher revenue productivity per

employee and thus, improved margins for companies. As billing is no longer based on effort and revenues are linked with productivity, thereby ensuring vendors share productivity gains with clients, it is a win-win situation for both the parties. TCS has invested heavily in the non linear platforms and iON platform for small and medium businesses and C-Edge platform for banks are excellent examples for this. What are C-Edgeâ&#x20AC;&#x2122;s current initiatives to facilitate non-linear growth among Indian companies? C-Edge was set up to provide core banking services on the cloud on a pay-per-use basis. Unlike other applications on the cloud such as e-mail, offering core banking solutions requires overcoming complex challenges such as enabling efficient business, security and IT processes. C-Edge has successfully established the model to offer core banking solution on the cloud, making it the market leader in this segment. This has enabled small and medium banks along with RRBs to integrate all their branches and have a single view of the bank for effective management and control. It combines IT services, networking and core banking application infrastructure in a bundle which helps them to run their bank efficiently and in a cost-effective manner. If not for a cloud hosted solution, the banks could not afford this solution due to the effort, internal skills and cost required to build this solution. Today, there is an urgent need for innovation on multiple fronts â&#x20AC;&#x201C; across products, services, delivery models, pricing and branding. How can C-Edge help enterprises achieve this? Implementing core banking is the first step. Once the system is in place, the bank can use it to provide multiple offerings and identify new business niches, develop customized services, implement innovative strategies and capture new market opportunities. Customer Relationship Management, use of data analytics (business intelligence), and alternate delivery channels such as mobile and internet banking will play a crucial role in driving innovation. C-Edge is working with its customers to help implement the IT systems and processes to address these needs while leveraging on the Cloud infrastructure in place. Our next step is to help the banks move beyond core banking and provide more value to their customers.

Transformers is brought to you by IDG Custom Solutions Group in association with

In a fast-evolving marketplace which demands leadership that brings results, there exists a way of certainty: Tata Consultancy Services (TCS). With TCS as your strategic advisor and partner, the ever-changing new landscapes of business become new vistas of opportunity, from digitally connected consumers to big data to emerging markets to end-to-end solutions for transforming your organization. TCS offers you market-proven, world-class experience, expertise and guidance to show the way for your business to evolve. Visit tcs.com and youâ&#x20AC;&#x2122;re certain to learn more.

Action Plan

What's your plan of action to beat the slowdown? What's the most over-used yet the most ignored word in the corporate world? Plan. Few have good ones and almost nobody wants to push theirs. In tough times, that wont do. If there's anything that can help businesses keep their heads above the water, it's a planâ&#x20AC;&#x201D;a plan that's executed. A plan to rise above dropping numbers, a plan to get ahead of the competition, and if nothing else, a desperate plan to stay in business. Whatever your plan is this is probably the best time to test it. Slowdowns provide a solid ground for innovation, for leaning on cost-effective, yet cutting edge solutions, and for building more effective teams. All it calls for is a strategy and a willingness to execute it. That was the message of this edition of the CIO Leadership Summit. Indian CIOs and experts came together to share experiences and insights on what it takes to create and execute a plan. Here's what you missed.

Vol/7 | ISSUE/07

Leadership Coverage.indd 111

Private Practice Murali Krishna K., Infosys

Page 130

The Art of Sharing Tarun Pandey, Aditya Birla Financial Services

Page 130

Time for Innovation L.R. Natrajan, Titan

Page 133

The Road to Success Bert Cherian, Meta Results

Page 133

Citrix Virtual Workspace to Real Profit

Page134

Canon The New Mantra for Printing

Page 135

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

129

peer-to-peer

The Tactics of Strategy:

How I Did It

The CIO Leadership Summit had peer-to-peer sessions where CIOs shared their experience and best practices of implementing new technologies. CXOs and consultants came together to share their insights on innovation and self-management.

Private Practice Narrating the company’s journey to the private cloud, Murali Krishna K., senior VP and group head CCD, Infosys, shared the need, the opportunities and the challenges of private cloud implementations. “Our customers expected innovative solutions with speedy, quality service. But it was expensive to deliver,” he said. That’s when he turned to the cloud, he said. In the company's private cloud environment, each cloud cluster is custom-made for a different business need or user profile. To enrich user experience, Krishna said he built a portal which was integrated with the company’s asset and project management systems. As a result, for example, server allocation reduced from two days to 30 minutes, he said. Today, his IT staff spends negligible time on task allocation and employees enjoy faster services. Murali Krishna K., Senior VP & Group Head CCD, Infosys

The Art of Sharing Tarun Pandey, VP-IT, Aditya Birla Financial Services, provided Indian CIOs with best practices on how to harness the potential of an efficient shared services model.“To start with, CIOs should identify the common functions and processes across business entities and see if they can improve them,” said Pandey. He said that working in silos wasn’t the way forward and that CIOs should integrate all the elements of an organization into one single unit. For Pandey, migrating to a common e-mail platform was one such initiative. “With an effective shared services strategy, we were able to integrate different products to support collaboration technology along with effective e-mail messaging,” said Pandey. Tarun Pandey, VP-IT, Aditya Birla Financial Services

130

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Leadership Coverage.indd 112

Vol/7 | ISSUE/07

5/11/2012 4:43:46 PM

the th 125 issue special

“Challenge assumptions, generate alternatives, spur change and find new entry points. That’s how you outpace competition.”

Raman Roy Chairman & MD, Quatrro BPO Solutions

Vol/7 | ISSUE/07

VFTT_May 2012.indd 67

REAL CIO WORLD | M a y 1 5 , 2 0 1 2

131

5/11/2012 3:43:18 PM

the th 125 issue special

Rana Kapoor Founder, MD & CEO, yES Bank

132

VFTT_May 2012.indd 68

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

“Economic slowdowns create great opportunities. Persistently pursuing our business goals helped us sharpen our focus and identify new growth areas.”

Vol/7 | ISSUE/07

5/11/2012 3:43:18 PM

expert Speak

The Road to Success

Time for Innovation In his presentation, L.R. Natrajan, COO, Titan Industries, shared the strategic value of innovation with Indian CIOs. He narrated the innovation story of Titan and went on to explain how the company instituted a culture of innovation. Titan follows a bottom-up approach. “At Titan the task of the senior management is not limited to finding answers to business questions. Their task is to come up with questions that they need to answer. If you come up with new questions and strive to find answers then that’s the trigger point of innovation,” Natrajan said. Titan engages all its managers to formulate its fiveyear strategy. It has a structured process to involve the bottom of the pyramid in their strategic decision making. “Our vision, mission and values are co-created with our 2,500 employees. We encourage our employees to innovate and co-create value,” he said.

Bert Cherian, business transformation consultant and CEO, Meta Results, in his presentation, emphasized on the importance of team building, instilling confidence and motivating oneself and others. Cherian said the secret to achieve this lies in the PERMA concept coined by Martin Seligman, a renowned psychologist. PERMA stresses on the factors that contribute to a sense of achievement in human beings. The P in PERMA stands for 'pleasure', and this, Cherian said, is derived when people step out of their routine and indulge in things that make them happy. E stands for 'engagement'. Cherian said people should participate in activities that are enjoyable, yet challenging. R is for building 'relationships' with your colleagues to inculcate team spirit. M stands for ‘meaning’: The drive to achieve something big. And A stands for ‘accomplishments’ the feeling of content because people have managed to realize tangible goals, Cherian said.

"Today’s organizations are not designed to produce teams that celebrate a sense of achievement and contentment. But managers who can create a holistic process to do that are bound to be successful.” Bert Cherian,

Business Transformation Consultant & CEO, Meta Results

“At Titan, the task of the senior management is not limited to finding answers to business questions. Their task is to come up with questions that they need to answer. If you come up with new questions and strive to find answers then that’s the trigger point of innovation." L.R. Natrajan,

COO, Titan Industries

Vol/7 | ISSUE/07

Leadership Coverage.indd 115

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

133

5/11/2012 4:43:51 PM

Custom solutions Group Citrix

Leadership Summit I CIo Discussions

Virtual Workspace to Real Profit In a discussion hosted by Citrix, which was a part of the recent CIO Leadership Summit, CIOs discussed strategies that would help them get the best out of virtualization technology.

Prashant Veer Singh CiO, Bharti infratel

irtualization technology has evolved greatly over the years that today almost every part of the IT infrastructure is coming up with the ‘virtual’ tag attached to it. However, even though many organizations have realized several business benefits through virtualization, most of them have not been able to get the hundred per cent out of it. The versatility of virtualization enables it to cater to the diverse needs of diverse organizations. In fact, virtualization is capable of benefiting even niche areas, in India, such as research. Gopal Rangaraj, VP-IT, Reliance Life Sciences, illustrated this point when he said, “BYOD and collaboration are slowly gaining pace in medical institutions. The most important requirements in research are RoI and protection of intellectual property (IP). Availability of data is important as well. Virtualization looks promising in fulfilling these needs.” While what has been said above holds true for the scientific community, the BFSI vertical can leverage virtualization’s potential for a completely different need. Madhavan Kandadai, CTO, IndusInd Bank, spoke about his experience in the industry. He said, “The greatest pain point we faced was the 1 3 4 m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

geographical spread of our branches. We were also dissatisfied with the services our partners provided. Later, we started analyzing problems pertaining to software, hardware and printing. We are now looking to exploit the potential of virtualization and thin clients.”

End-point heterogeneity is one of the greatest challenges organizations face today. Citrix’s VDI technology helps overcome this.”

Murali Krishna K Sr. VP & Head, infosys

One challenge that is common to almost all IT decision-makers is convincing the management to adopt a certain technology. However, ultimately, the onus is always on CIOs when it comes to justifying the investment. Srinivasan, CIO, Sundaram Fasteners, put this point across fluently when he said, “It is never difficult to convince the management to implement technology that directly impacts, but one has to put in a lot of effort to convince them to adopt a technology which they consider ‘fancy’.” It is thus in the CIOs’ hands to take the necessary steps to make it possible. An interesting observation pertaining to virtualization in terms of cost savings is that IT decision-makers continuously miss on certain factors while calculating the RoI. Seemant Chaudhry, Director – Enterprise, Citrix Systems, educated IT heads on how they can achieve this. “Most CIOs fail to include factors such as electricity savings while making an RoI assessment. Truth is that a thin client consumes only one-seventh of energy that a PC consumes. CIOs can justify investment in virtualization and show real profits by keeping in mind such minute aspects," he said.

This roundtable is brought to you by IDG Custom Solutions Group in association with

SEEmAnT ChAuDhRy

Desktop Transformation Evangelist Citrix Systems India Vol/7 | ISSUE/07

Custom solutions Group CanOn

Leadership Summit I CIo Discussions

The new New mantra Mantra for Printing CIOs debate on how the managed service model is revolutionizing the printing process.

Ranganathan Ramani VP - it infrastructure, Vodafone india

anaged services model for printing has the potential to reduce costs, but some businesses are slow to transition on account of the existing number of legacy printers. This was one of the chief observations during the debate on the suitability of a managed services model for the printing needs of an organization during a round table session titled "Business Transformer: Is a services approach viable?" "Around the world, almost 80 percent of companies have gone for the managed services model, while in India it is only around 35 percent. We are trying to understand why," K Bhaskhar, Senior Director, Office Imaging Solution Division, Canon India said. The round table was moderated by Gunjan Trivedi, Executive Editor, CIO magazine and Bhaskhar. Vilakshan Jhanku, CIO & Senior VP, BPTP said that they had adopted a managed services model since the last four years. "When we transitioned to Canon, the additional monitoring mechanism helped induce a change. The number of prints was halved and we saved paper costs by around 50 percent," he said.

Vol/7 | ISSUE/07

Tarun Pandey, VP – IT, Aditya Birla Financial Services, mentioned how banks and other organizations are trying to educate customers on the need to cut down on prints to help save the environment. This has also

In India, 57 large companies have opted for the managed service solution and have expressed satisfaction.”

Yatendra Kumar Head - it, Gokaldas Exports

helped banks save on costs. Other CIOs agreed that education and awareness on reducing prints has brought about noticeable results. Ram Gollapudi, GM- IT operations, Tata Teleservices mentioned how their custom-built printers have screen displays indicating the cost of print in terms of water used and number of trees consumed. "This has brought about a reduction of prints by nearly 60 percent," he said. On the topic of billing for measuring print-related expenses, K R Bhat, GM-DIT, NABARD mentioned that, in their case, toners were purchased by another department, so the expenses on toner were only available on a quarterly basis. The separation of print, such as toner purchases, from other IT expenses, was often mentioned as hindering visibility into the combined IT costs. Bhaskhar noted that it would serve businesses to go for a replacement policy, where they could opt for new printers models as the cost of printing was often three times less as compared to printers of old models. “In India, 57 large companies have opted for the solution and have expressed satisfaction,” he said.

This roundtable is brought to you by IDG Custom Solutions Group in association with

K BhASKhAR,

Sr. Director - Office Imaging Solution Division

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

135

GOING GREEN

A growing number of Indian CIOs are imbibing greener practices, matching the board-level importance that corporate social responsibility has achieved.

he Green IT Enterprise Survey and Awards was initiated by CIO Magazine in 2009 as a quest to understand the green IT initiatives of Indian enterprises and to identify companies that are reducing the energy consumption of their IT equipment, and using technology to conserve energy, lower carbon emissions, and implement smarter and more efficient IT infrastructure and practices. In this third edition, we aim to throw light on the growth, over the last four years, of green energy practices in India. There is a significant increase in awareness among not just IT leaders, but also among business heads about the importance of ecofriendly practices and a stronger focus to have an effective and more efficient IT infrastructure.

Top Three Verticals Adopting Energy-Efficient Practices Manufacturing BFSI IT/ITES

Recycled Products Preferred

73% 67% 61%

2009

2011

2012

Focus on Energy Efficient IT

96%

Top Level Support

91%

Thereâ&#x20AC;&#x2122;s been a 11 percent increase in the number of Indian organizations that prefer to buy recycled products since 2009.

Of Indian organizations say that energy efficiency is a deciding factor in purchase decisions.

More CIOs Take to Outsourcing of Datacenter Management

of CxOs explicitly support green IT initiatives.

Plan to Outsource

Power Audits Gain Popularity

2011: 44% 2012: 50%

71% Of Indian CIOs say theyâ&#x20AC;&#x2122;ve had a datacenter power consumption audit, a 10 percent increase from 2009.

Have Outsourced

2011: 46% 2012: 47%

Presented by:

Hardware Refresh The number of CIOs replacing servers over three-years-old with energy- efficient models is increasing.

63%

67%

2009

69%

2011

2012

Virtualization Gains

2009 2010 2012 favor purchas-

71% 82% 87%

There's been a steady increase in the ing recycled adoption of virtualization. This trend could be an indicator of products an increased desire to use cloud-based services among Indian organizations.

Alternate Energy Heats Up*

25% 15% 2009

18% 2011

2012

*Refers to solar and wind energy

An average of

85% of Indian companies say that

they have managed to reduce IT energy cost by at least

5% every year.

78% of Indian companies have

managed to avoid building new datacenters by using a combination of efficient IT strategies including virtualization and consolidation.

Survey Methodology: The number of Indian companies using alternate energy has almost doubled since 2009.

Data for this survey was collated from surveys done in 2009, 2011 and 2012, adding to over 650 responses between. All companies surveyed were medium to large enterprises. The sample set represented a cross section of Indian enterprises with 22 percent from manufacturing, 19 percent from BFSI, a little over 13 percent from IT and ITES, 6 percent from the auto sector and another 6 percent from telecom companies, while the rest represented miscellaneous verticals.

Presented by:

TOP 15 GREEN IT ENTERPRISES

The Green IT awards, organized by CIO and APC by Schneider Electric, honor the exemplary efforts of those who have succeeded in reducing their organizationâ&#x20AC;&#x2122;s carbon footprint and ensuring a greener environment.

he Green IT Study and Awards presented by CIO magazine and APC by Schneider Electric, honors exceptional work in building smart, energy efficient enterprises. In its third edition in India, the award has evoked great aspiration going by the huge number of entries that we received this year. Three-hundred-fifty-five participants filled out the nomination form for the Green IT Study & Awards. To win this year, companies and their IT leaders had to demonstrate that they were able to reduce the energy consumed by their IT equipment and that they used technology to conserve energy and lower carbon emissions. CIO magazine and APC by Schneider Electric honored the winners at the CIO

Leadership Summit that took place in Bangalore recently. This year we not only recognized the Top 10 Green IT Enterprises but also honored fi ve companies from the midsize segment (revenues between Rs 500 and 999 crore). Judging methodology: Different questions in the survey were associated with unique weightages, based on the signifi cance of the parameter. Consequent tabulation and comparison of the responses helped us determine the winners. Also, a good deal of thought and effort was invested into fi nding out whether certain technologies that were touted to be game-changers in improving green IT had actually brought about a transformation.

WINNERS: LARGE ENTERPRISES

VENKATESH NATARAJAN

PRASHANT VEER SINGH

MURALI KRISHNA K.

V.V.R. BABU

Ashok Leyland

Infosys

Bharti Infratel

ITC

VIJAY SETHI

DEVESHWAR DAYAL MATHUR

MADHAVAN KANDADAI

ALPNA J. DOSHI

ASHISH PACHORY

RANGANATHAN RAMANI

Hero MotoCorp

Reliance Communications

HSBC

Tata Teleservices

IndusInd Bank

Vodafone India

WINNERS: MID-SIZED ENTERPRISES

ASHISH AGARWAL

Apollo Munich Health Insurance

RAMNATH IYER CRISIL

Most organizations continue to follow several tried-and-tested methods to ensure lower a carbon footprint. Some of these initiatives include promoting paperless offices, using video conference and other collaboration technologies, installing intelligent energy management systems and purchasing energy-efficient systems. The initiatives the winners took were not restricted to just IT practices, but included the overall infrastructure of their organizations. A majority of the winners were united in the opinion that ensuring green IT is not a one-time effort and that a sustained push is key if any of these initiatives are to be fruitful in the long run. Vijay Sethi, CIO and VP, Hero MotoCorp, reflected this

ARUP CHOUDHURY

Eveready Industries India

GOPAL RANGARAJ

Reliance Life Sciences

opinion when he said, “It is not today that we embarked on a green IT journey. Our organization is highly eco-conscious and has been pursuing green IT is a part of our working principles.” Similarly, smart ways of managing the datacenter and the use of virtualization are gaining traction among many organizations. The winners said that they are focused on further shrinking the carbon footprints of their datacenters. Arup Choudhury, CIO, Eveready Industries, spoke about how his organization’s green IT plans are predominantly directed towards datacenter improvement. He said, “We plan on further reducing the power consumption of our datacenter and getting our DR

RAVI SHARMA

Watson Pharma

site completely green. Another idea is to implement a modular datacenter.” Finally, CIOs are not treading only on the well-beaten path in their attempt to be more green. Their experience and expertise is helping them explore innovative ideas to ensure greener IT infrastructure. For example, Madhavan Kandadai, CTO of IndusInd Bank, said, “Nearly 25 percent of our ATMs are powered by solar energy now. We are trying to utilize solar energy wherever possible.” There is increased awareness about the need to enable green IT among organizations today. Selecting only 15 winners was a tough choice, and going forward, there is definitely going to be more competition as CIOs actively pioneer the cause of being environment-friendly.

the th 125 issue special

S. Ramadorai Vice Chairman, Tata Consultancy Services

140

VFTT_May 2012.indd 70

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

â&#x20AC;&#x153;Proactive investment increases the velocity of decision-making when a business opportunity presents itself. Chance will favor the prepared.â&#x20AC;?

Vol/7 | ISSUE/07

5/11/2012 3:43:20 PM

Essential

technology image by photos.com

A CLOSER LOOK AT virtualization

IT wants fewer, more comprehensive virtualization management tools. But for now, specialized vendors tackle different challenges.

A Single Pane of Glass By Robert L. Scheier

IT Management | Virtualization cuts hardware, power and real estate costs by combining multiple servers, networks and storage arrays into virtual pools. But for users like Pat O'Day, CTO at hosting and managed services provider BlueLock, managing those resource pools means wrestling with multiple applications. "There's a backup console, the SAN has a console, anti-virus has a consoleâ&#x20AC;&#x201D;everything has its own console," says O'Day. Buying all of those apps and training staffers to use them is costly and makes it hard to tune a virtualized environment to meet changing needs. Rich Phillips wishes he could instantly create a virtual machine and provide everything it needs, such as load balancers, firewalls and database connections, and then automatically register it with his configuration management database. But the tools he's seen that are designed to do that are either too expensive or "not fully baked," says Phillips, principal network engineer at Apollo Group, which provides IT services to the University of Phoenix and other schools.

Hurdles to the Single Console No vendor currently provides a "single pane of glass" for virtualization management. And to use a product like that, some organizations would have to combine and retrain separate teams that now manage servers, networks and storage. Moreover, customers who have invested in

Vol/7 | ISSUE/07

Essential_Tech.indd 81

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

141

5/11/2012 4:35:59 PM

essential technology

management frameworks from bigger companies would be reluctant to replace them with new systems. Many specialized vendors realize this and now offer plug-ins that feed data to higher-level management tools. Some of these products work either on their own or as part of a broader platform. Quest's Cloud Automation Platform, for example, integrates with existing management tools to provide cloud-based management of IT services. Apollo uses NetScout Systems’s nGenius Performance Manager, Service Delivery Manager, InfiniStream Console, 9900 Probes and Virtual Agents to monitor the performance of its network. Phillips says he wishes they could also monitor and troubleshoot the servers and storage arrays that can slow application performance. Vendors are working to develop tools that enable users to manage entire systems through a single console—or a ‘single pane of glass’—but for now, users must choose among products that manage only parts of their environments or focus on specific problems, such as security, backup or the sprawl of unused virtual machines.

Ted Waller, Internet operations engineer at Cvent, a vendor of online event management software, says he uses V-Commander virtual machine management software from Embotics because with it, he can ask users to set expiration dates for the VMs they request. Like many other tools, V-Commander can also send warning e-mails to owners of VMs that are due to expire, among other capabilities. Administrators can control VM sprawl by making users pay for the virtual resources they use (chargeback) or showing them the costs of the assets they use (showback). Showback systems are easier to implement than chargeback systems; they also help internal IT shops prove that they can match the prices of outside providers.

Security and Compliance As virtualization becomes more common, security and regulatory compliance become more critical. But dealing with those concerns isn't easy, because traffic flowing among VMs within a host is harder to track than traffic among physical servers passing over the corporate network, says Ken Owens, technology vice president for security and

Vendors are developing tools that manage entire systems through a single console but for now,users must choose among products that manage only parts of their environments. Life-cycle Management Even if obsolete or unneeded VMs aren't powered up, they take up expensive disk space. If they are running, they use computing cycles and network bandwidth and can cause performance or security problems. Life-cycle management systems find unused VMs by tracking the resources they're using or their scheduled expiration dates. They may also support templates that control the amounts of CPU, memory, storage and network bandwidth available to different types of VMs; the backup or fail-over policies associated with them; or their life spans. 142

Essential_Tech.indd 82

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

36%

The average amount that Indian enterprise servers are virtualized. Source: Indian Cloud Computing Survey

VMware's vShield products provide a single framework to secure virtual servers, networks, data and endpoints, and its vCloud Director creates ‘virtual datacenters’ that keep customers data and apps separate. That's vital for vendors that need to protect customer data in multi-tenant environments. HyTrust's Appliance provides automated administrative access control, "hardens" the hypervisors that manage VMs, and ensures that VMs are configured correctly. Enterasys Network's Data Center Manager identifies VMs by their MAC (media access control) addresses when they enter the network and applies the appropriate security policies. Products that identify VMs that ‘drift’ from desired states include CA Virtual Configuration, BMC BladeLogic Server Automation Suite and VMware vCenter Configuration Manager.

Integrated Management virtualization at Savvis, a managed services and hosting provider. Some data might have to be encrypted, or it might only be allowed to run on network segments with certain security configurations. Waller would like to tweak his network configurations using V-Commander rather than VMware, whose access controls he calls "clunky." Owens says Savvis chose Vtrust security software from Reflex Systems because it blocks threats and can monitor traffic within a virtualized environment and ensure that VMs have the proper security configurations.

Since virtualization makes it possible to pool servers, storage and networks, it's becoming increasingly important to manage those components as an interrelated unit. Storage is one area where some users would like better visibility. Waller, for one, says he has "no way to know if a VM is out of control or eating up more space than it should." O'Day says he would like to trigger space-saving de-duplication for an application right from the VMware management console, instead of logging into the SAN console to understand which logical unit numbers (LUN) or volumes support those apps.

Vol/7 | ISSUE/07

5/11/2012 4:35:59 PM

the th 125 issue special

“A key lesson learned from the last slowdown was the need to take a variable cost approach closely linked to the top-line.”

Sam Ghosh Group CEO, Reliance Capital

Vol/7 | ISSUE/07

VFTT_May 2012.indd 73

REAL CIO WORLD | M a y 1 5 , 2 0 1 2

143

5/11/2012 3:43:21 PM

the th 125 issue special

“Our core strategy is to launch in uncharted areas and take on unsolved problems. That’s the only way to stay sharp.”

Sanjeev Bikhchandani Founder & Executive Vice-Chairman, InfoEdge

144

VFTT_May 2012.indd 74

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:22 PM

essential technology

Thin provisioning is another concern. Its purpose is to reduce storage costs by promising applications more space than is available on arrays, but it can crash multiple applications if a host with many virtual machines runs out of space on a thin-provisioned volume without warning. Embotics, among other vendors, provides some storage visibility by monitoring available space and suggesting where to allocate storage for new VMs. Quest Software's vFoglight Storage and vOptimizer Pro provide performance and capacity management for storage in virtual environments, and vOptimizer Pro can automatically resize virtual machines to decrease storage requirements. Vendors with roots in network management use network traffic data to aid management. When Enterasys' Data Center Manager identifies servers as they join the network, it reconfigures the network for sufficient bandwidth. Network management appliances from Infoblox are designed to identify new VMs when they request IP addresses and then trigger the provisioning of resources such as firewalls, load balancers and switches for those VMs. Abiquo, a vendor of open-source management software, claims to offer "single pane of glass" management with a system that features policy-based controls of logical units made up of physical and virtual computing, network and storage resources.

Capacity Management Monitoring utilization trends and using predictive modeling to determine when to add capacity helps make wise virtualization investments. VMware's vCenter CapacityIQ provides visibility into servers and storage and (to a lesser extent) into the network; it also does predictive modeling. BMC's ProactiveNet Virtual Performance Management does both capacity and performance management. Technology that BMC acquired from Neptuny will let customers use business metrics to determine investments in virtual infrastructure. Embotics provides real-time capacity and performance management, and VKernel Capacity Analyzer predicts bottlenecks and

Vol/7 | ISSUE/07

Essential_Tech.indd 85

their sources, and offers capacity planning and management. Virtualization is worth little if users can't reconfigure resources to tune performance. For example, they might want to move VMs among physical hosts or devote more storage to a VM. VMware recently purchased Integrien, whose technology analyzes data from the VMware vCenter management platform and other tools to warn of problems. Hyper9's virtualization management software, recently acquired by SolarWinds, identifies possible bottlenecks that might arise when VMs contend for memory and CPU cycles. Quest's vFoglight highlights performance problems, provides detailed performance information, and issues alerts with recommended solutions. It also has the ability to automate fixes and allows users to see several virtual centers from a single interface. NetScout uses deep packet inspection and analysis of network traffic to recommend ways to fix (and prevent) performance problems and integrates with the management tools that perform the fixes. VMTurbo's virtual appliances automate operations such as workload balancing and capacity management. Abiquo claims that its system can manage virtual resources, using business policies based on security and compliance needs, energy costs, utilization and load balancing. Xangati's Xangati Management Dashboard offers realtime performance monitoring and provides in-depth information to uncover bottlenecks.

Disaster Recovery VMware claims that its snapshot capabilities make it easy to capture the data and settings in a primary site and replicate it to a disaster recovery environment, while its vCenter Site Recovery Manager automates key backup and recovery processes. But replicating LUNs in a virtualized environment requires labeling the affected LUNs and adding the remote site name to their descriptions. "And then you have to tell VMware to only put those VMs and those apps" on the disaster recovery site, says O'Day. "All I want to say is, 'This application wants to have a copy of itself over in Salt Lake City and another copy in Indianapolis.' "

Performance Management Myths Performance management has become the key element in maximizing any virtualization initiative, but many myths have emerged that, left unchecked, can stall an entire virtualization initiative. Here are three: Separate tools are OK in a virtualized infrastructure Reality: Understanding the causality of performance issues is critical. To do so IT requires integrated insight in a single systemâ&#x20AC;&#x201D;for example, insight into all objects' interactions with other objects that may be causing the problem. Virtualization is a dynamic infrastructure, and IT needs to monitor dynamic shifts as they occur to see correlation between objects and interactions. ROI for performance management is impossible to determine in virtualization Reality: Effective performance management gives IT a way to maximize the full ROI of their virtualization initiatives by reducing problem resolution time and extending their virtual footprint to include LOB apps. Both enhance virtualization's value to organizations and give IT the ability to easily communicate the long-term value of the technology beyond capex savings. Performance management doesn't have to be live Reality: To ensure performance of a virtualized infrastructure, you must deal with information associated with a huge number of objects in a live and continuous fashion. Without live, interactionally focused performance management you only have partial picture of what's happening in your infrastructure. Secondby-second insight allows IT to see what set of interactions caused a particular performance shift.

â&#x20AC;&#x201D; Nathanael Iversen

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

145

5/11/2012 4:35:59 PM

Products designed to tackle disaster recovery include CA ARCserve Backup, which can perform backup, fail-over and other functions from physical-to-virtual, physical-to-physical and virtual-to-virtual environments. Actifio Inc. claims that its VMware SRM tool offers a simple, low-cost way to replicate virtual machines by using commodity storage. Veeam Software's Backup and Replication 4.0 combines backup and replication, native support for thin-provisioned disks and hot mirroring of active production environments. Hewlett-Packard says that its Data Protector software supports all top server virtualization platforms, backs up both physical and virtual machines from multiple vendors through one interface, and provides eight methods of data protection. Symantec NetBackup 7 and Backup Exec support virtual environments. Symantec's recently announced ApplicationHA is designed to enable customers to set up highavailability VM clusters. CommVault's Simpana 9 provides automatic, policybased backups of VM data and a single console to manage backup of physical and virtual servers. Quest's vRanger is designed to speed full, incremental and differential VMware backup and replication and reduce storage needs. Its vReplicator is built to replace virtual machine images across networks to speed disaster recovery. And its vConverter converts physical systems into virtual images, and vice versa. Virtualization provides almost infinite ways to combine computing, network and storage resources. Finding a single tool to handle every management need is a pipe dream, at least for now. Focus instead on identifying your most critical virtualization needs and finding the products that address them. CIO

Scheier is a veteran technology writer. Send feedback on

Power at the VM Level energy |Datacenter managers are well versed in distributing power efficiently to physical servers. But the proliferation of virtualization, with multiple VMs and apps running on a single piece of hardware, has made this task a lot more complicated. That's why a Duke University researcher has partnered with Microsoft researchers to design a system that monitors the power needs of individual VMs and distribute power based on application priorities. Currently, IT shops use tools to over-subscribe power distribution, provisioning less power to applications than they could theoretically use, figuring that applications typically won't hit their peak power load. But while that method works out well on physical servers, it falls short with VMs, says Harold Lim of Duke. It's easy to cap the power to a whole server, but hard to cap the power of individual VMs and differentiate between applications. What's needed is an application-aware power distribution system that has visibility into the VM layer, he says. Lim, along with Aman Kansal and Jie Liu of Microsoft Research, designed a virtualized power shifting (VPS) system that budgets power with these considerations in mind. VPS dynamically shifts power among various distributed components to efficiently utilize the total available power budget, as workloads and power availability vary," they write. "Power is distributed among application components in the correct proportions to achieve the best performance. The system respects application boundaries and differentiates performance based on priorities." The system, they say, is more granular than existing technologies both in terms of examining individual VMs and providing customization in the method of power distribution. One challenge is making sure that throttling one set of applications doesn't affect another. "In contrast to existing techniques that use only one power control knob, typically frequency scaling, VPS uses multiple power control knobs and selects the optimal combinations of power settings to optimize performance within the available power budget," the researchers write. â&#x20AC;&#x201D; Jon Brodkin

image by p hotos.com

essential technology

On the Cutting Edge

this feature to editor@cio.in

146

Essential_Tech.indd 86

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 4:36:00 PM

the th 125 issue special

“No organization can succeed if the understanding of technology and its decisions are left to technology decisionmakers alone.”

Subhash Chandra Chairman, Essel Group

Vol/7 | ISSUE/07

VFTT_May 2012.indd 77

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

147

5/11/2012 3:43:23 PM

the th 125 issue special

“The factors that create emotional infrastructure are most difficult to replicate yet yield sustainable competitive advantage and value creation.”

Subroto Bagchi Chairman, MindTree

148

VFTT_May 2012.indd 78

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

Vol/7 | ISSUE/07

5/11/2012 3:43:23 PM

essential technology

Time for Mobile Virtualization? Virtualization is a reality in most datacenters these days, but now IT executives are looking at mobile virtualization as a result of the BYOD culture. By john Brandon "This involves longer sales cycles, meaning limited device reach, and many layers of people to go through," he says. Meanwhile, mobile virtualization software that runs as an app can mean easier deployment to more devices in a shorter timeframe. Type 2 virtualization is inherently less secure, he says, because the software does not work at the hardware layer. And, Type 2 may run slower than native apps.

Mobile Virtualization Meets the Challenge

Mobile virtualization | New ideas in IT go through a long distillation process. Someone invents the idea, vendors talk about new product concepts, analysts weigh in on the value. Soon a new category of hardware or software materializes, but rarely in a fully formed state. With mobile virtualization, the pedigree is sound: Most organizations use some form of server virtualization.

services to a more secure OS. There are two distinct approaches: Type 1 runs at the root hardware level and requires participation from the OEM phone maker, while Type 2 virtualization runs as a secure app on any device. As analyst Chris Hazelton with The 451 Group notes, there are pros and cons to each approach. Root level virtualization is more

image by photos.com

The idea of mobile virtualization is to create a partition between enterprise and consumer apps and data. Companies will be interested in doing this to protect their corporate data. Now, IT executives are faced with a new form of virtualization that takes place on smartphones. The idea is to run two instances of an OS on the same phone. That way, employees (and IT) can relegate personal apps and services to one OS and business

Vol/7 | ISSUE/07

Essential_Tech.indd 89

secure, he says, and means trusted access to root-level services such as Bluetooth connectivity or firmware changes. The downside is that this root level access often requires permission and co-operation from phone vendors like Samsung and Motorola.

Either approach will address a fundamental problem within many organizations: The dreaded BYOD conundrum. The reality of IT is that employees will bring their favored device into work, tap into company resources, and can compromise your security infrastructure. In fact, IDC estimates that 55 percent of all smartphones used in business will be employee owned by 2015. Mobile virtualization provides a way to meet this challenge head on, and even fully resolve it. "Enterprise data can be kept separate from consumer applications and potential mobile malware," says Hazelton. "Any data within the virtualized environment is encrypted, preventing outside apps from accessing or interacting with corporate data and apps. IT can mandate a password on the corporate side of the device, letting users avoid password protection for consumer apps. If the employee leaves or the device is lost or stolen, IT can wipe just the enterprise data.â&#x20AC;? "The idea of mobile virtualization is to create a partition between enterprise and consumer apps and data," adds Stacey Crook, a mobile enterprise analyst at IDC. "Once device virtualization is applied, the device can run two OS's that are completely separate from each other. Companies will REAL CIO WORLD | m a y 1 5 , 2 0 1 2

149

5/11/2012 4:36:02 PM

essential technology

be interested in doing this to protect their sensitive corporate data." As it stands, three companies: Enterproid, VMware and Red Bend Softwareâ&#x20AC;&#x201D;offer competing products in this market. Each has found a niche for the enterprise, and offers unique features geared for particular needs.

Enterproid Divide Enterproid (not available in India) offers the most straightforward approach. On an Android phone, the employee clicks one app and taps in a password to start a secure business instance of the OS. On the management side, IT can control which apps are installed, set policies and remotely swipe the business instance. Yet, IT also cannot touch the personal data of the employee or control app installs. Andy Zmolek, the director of solutions engineering at Enterproid, says one differentiator between Divide and the VMWare Horizon Model hypervisor approach, which also runs as an app, is that Divide does not require any cooperation with the phone OEM. The install does not require

VMware Horizon Mobile Virtualization VMware offers a hybrid approach to mobile virtualization. Its Horizon Mobile Virtualization, is not just a sandbox emulator that runs as an app, but instead offers some of the root-level benefits of a Type 1 hypervisor like Red Bend without requiring root-level access from the phone OEM. There is an app, but it is more baked into the OS than a virtual machine app like Enterproid Divide. Horizon Mobile addresses the trend in IT where more employees are using personal devices at work. Hoofar Razavi, a VMware product manager, says there are too many restrictions put in place for the personal use of smartphone in the enterprise. Yet, the product also makes it safe for employees to conduct "transactional" activities in a secure mode. For example, employees can use their personal device to check Facebook status, but they can switch to the business instance to create expense reports or answer businesssensitive e-mails. This combination is more fluid to daily work. "Mobile devices might be

Mobile virtualization can help reduce some complexity with UC.ITcan seamlessly merge one device into the enterprise as their business and personal phone become one. a low-level driver and uses the standard Android procedures for installing an app. Zmolek says other unique features include the ability for IT admins to send apps to the business instance based on employee role, control policies such as allowing copypaste between instances, and using 256-bit encryption for data. Zmolek says the Type 2 hypervisor for Divide allows more flexibility in deployment compared to a root-level hypervisor. "If you force the device OEM to do virtualization you will only have a few devices and it will take more time to bootstrap devices," he says. 150

Essential_Tech.indd 90

m a y 1 5 , 2 0 1 2 | REAL CIO WORLD

the only touchpoint employees use to interact with the enterprise," he says. Interestingly, VMware has offered both Type 1 and Type 2 hypervisors for mobile virtualization. The company started out using only hardware-level virtualization. He says most smartphones are only on the market for about 9-12 months, but it takes about two years for OEMS to develop the phones. That means, hardware-level virtualization will always be running behind the market. Razavi says the Type 2 hypervisor is wellsuited to the current BYOD climate because the apps run as fast as a native hypervisor,

Security Code for Virtual Mobile With a US Department of Defense contract in hand, Open Kernel Labs is working with LG to develop a secure version of the Prada Android phone for the department's workers. Employees who have the phones will be able to access government data using secure apps, according to OK Labs. The DoD can decide to let users switch between a personal section of the phone and a work section or simply load the secure apps onto the phones. OK Labs is working on securing other devices including tablets and devices running other mobile platforms in addition to Android.The goal is to allow government workers to carry one phone. Some workers use two phones: One sanctioned by their employer for security reasons and another that the user chooses based on personal preferences. For the OK Labs technology to work, OEMs must build software into the phones before they are shipped and then apps must be made compatible with the technology. The result is a secure app running in a virtual machine that can't be accessed by malware that might be loaded onto the phone. The company couldn't say what the phones would cost but estimates they will sell for 10 percent to 20 percent above the wholesale price. Subsequent phone models shouldn't take quite as long to produce, particularly for an enterprise that doesn't have quite as arduous a process as the DoD has for introducing a new device, Nerup said. Virtualization on mobile phones has been a hot topic recently. OK Labs,VMware and Red Bend are among companies virtualizing mobile phones so that the most securityconscious employees can use popular consumer phones for work applications.

â&#x20AC;&#x201D;Nancy Gohring

Vol/7 | ISSUE/07

5/11/2012 4:36:02 PM

essential technology

the virtual instances can take advantage of new improvements in processor architecture faster, and Type 2 can support new business apps that arise.

Red Bend Software vLogix Mobile The main advantage to choosing Red Bend vLogix (not available in India) for mobile virtualization, a Type 1 hypervisor, has to do with speed and control. Lori Sylvia, a Red Bend vice president, says the company has worked closely with several device makers and semiconductor companies to make the product a native, hardware-layer component. Native, driver-level hypervisor provides better performance, better security and tighter integration. That ways next-gen enterprises devices will be ready for deployment. One example of this is the new ARM A-15 Cortex processor currently in development. The processor supports native level mobile virtualization. With this chip, IT can create a secure enterprise domain for the phone that is used to deploy mobile OS for business. IT becomes like a service provider for the business platform, choosing the exact drivers, firmware, apps, and security. Red Bend is already familiar with this deployment model, since they provide the framework for many over-the-air firmware updates used by most major smartphone companies. For personal data and apps, the employee then relies on the standard mobile carrier. When a notification appears related to the business instance, the employee can return to a home screen and access that platform. To visualize the difference between Type 1 and Type 2 hypervisors: The change from one platform to another might occur at the actual phone lock screen, as opposed to switching apps. This provides more hardware-level security and faster performance.

IT User Acceptance One of the challenges with mobile virtualization has to do with user acceptance. When an employee beings an iPhone into work, the last thing he or she expects is to have to hand the device over to IT for gatekeeping measures. Fortunately, as Hazelton noted,

Vol/7 | ISSUE/07

Essential_Tech.indd 91

these employees will be more likely to go along with new mobile virtualization policies if they see the value in their job. For example, mobile virtualization can help reduce some complexity with unified communication. IT can seamlessly "merge" one device into the enterprise as their business and personal phone become one. Employees will also benefit from more streamlined security: Anytime they surf the Web, snap a picture, or chat over instant messaging, they won't have an IT hawk looking over their shoulder. Yet, Hazelton says, when they do engage in business activitiesâ&#x20AC;&#x201D;such as sharing a secure financial reportâ&#x20AC;&#x201D;they can use the approved business apps and an OS instance that is governed by IT. There's also no need for a complex password on the device when an employee wants to check the news. Employees are also free to download any app on their phone as long as they do so in the personal virtual OS. A major hurdle to widespread adoption: Most of the mobile virtualization software work only with Android phones today. That leaves the most popular phone in the world out of the loop: The iPhone. Hazelton says few organizations have standardized on only Android phones.

You Still Need Policies In the end, mobile virtualization does address some critical trends in the enterprise. The one caveat is that, mobile virtualization does not fully address rogue employee activity. There is a clear separation between personal and business activities, and IT can control which apps are approved for business use, but employees can still send personal e-mails that contain business data. They can still nap photos of financial records with their phone and transmit them over Yahoo Mail. Hazelton advises companies to still go to the root causes of security breaches and develop clear mobile policies. Virtualization can help, but it is not a fool-proof answer to the BYOD problem. CIO

Logical Partition A new virtualization technique lets users create two separate Android "spaces" on their smartphone, one for personal use and a kind of walled garden for work use. The beta software is from Cellrox. Using Cellrox Jade, this work "persona" can be fully secured and managed for enterprise data, applications and networks. Yet the owner of a personal device with Jade installed, still has complete freedom to configure it as he wants, with his personal choice of apps, social media and all the rest. It consists of an on-device client and server software that's either loaded behind the firewall or hosted by a provider is aimed squarely at enterprise IT groups, struggling to secure the mobile explosion. The private and personal "spaces" are color-coded: Blue for the workspace and red or orange for the personal space. Jade installs as a bar at the top of the phone's screen, showing the space you're active in, and reducing the other space to a colorcoded mini-tab on the bar. Just touching the bar will switch the user from one persona to the other, with no observable impact on performance. This "lightweight virtualization" technology was overseen by Jason Nieh, associate professor of computer science at Columbia's School of Engineering and Applied Science. The Columbia University researchers created a virtualization layer not between the OS and underlying hardware, but between two software elements: The OS kernel and the UI that runs above it. "We can use the same kernel, the OS core, and then create different containers [for the UI space] above that," Eifferman says. "We can even run more than two instances. In the future, you'll have on your smartphone a work persona and one for your private life." â&#x20AC;&#x201D;John Cox

Send feedback on this feature to editor@cio.in

REAL CIO WORLD | m a y 1 5 , 2 0 1 2

151

5/11/2012 4:36:02 PM

Things I've Learned

Alagu Balaraman, former CIO and current partner and MD India Operations at consultancy firm CGN & Associates, has spent 20 years doing different things and doing things differently.

152

M a y 1 5 , 2 0 1 2 | REAL CIO WORLD

the voice of experience

Learn to Let Go As a youngster, the biggest thing in my life was engineering design. Designs fascinated me and I nurtured that passion for years before my first job showed me that, at that time, India had limited scope for engineering design. Being able to let go of something that I had invested so much in—and do so with the assertion that whatever I had learnt would be a knowledge trove for the rest of my life—was a huge learning. A lot of unhappiness in this world comes from people’s unwillingness to let go—especially when people are trying to grow in an organization. They want to take up new roles but are held back by investments they’ve made to execute their current responsibilities. I keep telling people that when they are trying to reach the top of the ladder, they have to put one foot up—and simultaneously lift the other foot up off the ground.

a s to l d to d e b a r at i r oy

Know Your Potential Underestimating our potential is the worst thing we can do to ourselves. I remember when I was trying to start my own company, I needed to talk to people and do sales. The idea gave me cold feet. I wasn’t confident what people’s reaction would be and whether they would even be bothered to listen to me. So I kept putting it off until a friend pushed me. I made a few calls and after some meeting I realized how much I enjoyed meeting people. I love listening to their problems and trying to figure out a solution for them. Treasure Lies Below The way companies have been built today, its easy to choose if you want to build bureaucracy or not. For example, Britannia has a pretty flat hierarchal structure. The entire company has less than 300 managers, which makes it relatively easy to communicate down the line. If you want to create the best teams, you need to create a robust way of communications that permeates to the lowest level. Because, it’s the absolute hands-on, nut-andbolt guys that really matter. It’s extremely important that they are involved in what a CIO is trying to do, and have a say in what’s the best way to do it. Believe me, their experience with dayto-day issues means they can sometimes provide better ideas than senior boys.

Take Risks Over a career spanning 22 years, I have tried my hands at everything I wanted to do. I started by wanting to be a design engineer, moved to IT, have dabbled with consulting and have been a CIO. The ability to make transitions has contributed a lot to my life. I keep telling myself that I’m going to live this life once. Therefore, I chose to do as much as I can instead of brooding over choices that I made or didn’t make. Believe I don’t see why most senior people are so flustered about how people are performing. We paint a scarier picture of things than they generally are. I like to believe that people are not as bad as we make them to be. I don’t believe people are lazy. I believe that people don’t hate their work. They might hate policies, they might hate their bosses, but they don’t hate their work. Most people come to work believing that they want to do a good job. If we can open ourselves to that idea, we will come across teams that can create magic together and individuals whose growth is commendable. We just need to help them do their jobs better. CIO Alagu Balaraman has been an engineer at L&T, associate director at PwC, exec VP (IT & Corp. Development) at Godfrey Phillips India, and VP & Process Architect at Britannia Industries. Send feedback to debarati_roy@idgindia.com

VO l/7 | ISSUE/07

5/11/2012 3:32:23 PM