Express Computer (Vol.28, No.10) October, 2017 by Indian Express

INDIA’S LEADING IT MAGAZINE

WWW.COMPUTER.EXPRESSBPD.COM

@ExpComputer

EXPRESS COMPUTER AN INDIAN EXPRESS GROUP PUBLICATION

VOLUME NO. 28, NO.10, PAGES 16, OCTOBER, 2017, ` 75

8 | EVENT Technology Sabha, Goa Digital India: Moving on a mission mode

6 | OPINION

6 | FEATURE

13 | CASE STUDY

12 | FEATURE

Rana Kapoor, Managing Director & CEO, YES BANK and Chairman, YES Global Institute

RBL Bank’s journey from a legacy to a new age bank

IndusInd Bank turns fraud management model into a revenue stream

IndiaFirst Life wants to provide e-commerce like experience to the customer

How SBI is reinventing itself to be a digital bank In its bid to become one of the world's top 10 global digital banks, SBI has undertaken a slew of digital initiatives

Mrutyunjay Mahapatra, DMD and CIO, State Bank of India

EXPRESS COMPUTER | OCTOBER, 2017

EDIT

MORE INSIDE

EXPRESS COMPUTER Vol 28. No. 10. October, 2017 Chairman of the Board Viveck Goenka Sr Vice President - BPD Neil Viegas Editor Srikanth RP* Delhi Mohd Ujaley Mumbai Nivedan Prakash, Abhishek Raval Bangalore Rachna Jha

COVER STORY Srikanth RP, Editor srikanth.rp@expressindia.com

SBI: Digital reboot

FEATURE

DESIGN National Design Editor Bivash Barua Asst. Art Director Pravin Temble Senior Graphic Designer Rekha Bisht Layout Vinayak Mestry Photo Editor Sandeep Patil

6 | RBL Bank’s journey from a legacy to a new age bank

MARKETING Regional Heads Harit Mohanty - West Prabhas Jha - North Kailash Purohit - South Debnarayan Dutta - East

OPINION 6 | Rana Kapoor, Yes Bank 7 | Sharad Sadadekar, CISO, HDFC Life Insurance

Marketing Team Shankar Adaviyar Ajanta Sengupta Navneet Negi Amit Kumar Tiwari Circulation Mohan Varadkar Scheduling Ashish Anchan

Dr. Michael Gorriz, Group Chief Information Officer, Standard Chartered Bank

EVENT

PRODUCTION General Manager B R Tipnis Manager Bhadresh Valia IMPORTANT Whilst care is taken prior to acceptance of advertising copy, it is not possible to verify its contents. The Indian Express (P) Ltd. cannot be held responsible for such contents, nor for any loss or damages incurred as a result of transactions with companies, associations or individuals advertising in its newspapers or publications. We therefore recommend that readers make necessary inquiries before sending any monies or entering into any agreements with advertisers or otherwise acting on an advertisement in any manner whatsoever. Express Computer® Regd.No.REGD.NO.MCS/066/201517. RNI Regn.No.49926/90. Printed and Published by Vaidehi Thakar on behalf of The Indian Express (P) Limited and Printed at Indigo Press (India) Pvt.Ltd., Plot No.1C/716, Off. Dadoji Konddeo Cross Road, Byculla (East), Mumbai 400027 and Published at 2nd floor, Express Towers, Nariman Point, Mumbai 400021. Editor: Srikanth RP * * Responsible for selection of news under the PRB Act. (Editorial & Administrative Offices: Express Towers, 1st floor, Nariman Point, Mumbai 400021) Copyright © 2017. The Indian Express (P) Ltd. All rights reserved throughout the world. Reproduction in any manner, electronic or otherwise, in whole or in part, without prior written permission is prohibited.

MUMBAI Shankar Adaviyar The Indian Express (P) Ltd. Business Publication Division 2nd Floor, Express Tower, Nariman Point, Mumbai- 400 021 Board line: 022- 67440000 Ext. 527 Mobile: +91 9323998881 Email: shankar.adaviyar@expressindia.com

Branch Offices NEW DELHI Prabhas Jha, Navneet Negi The Indian Express (P) Ltd. Business Publication Division, Express Buliding, B-1/B Sector 10, Noida 201 301, Dist. Gautam Budh Nagar (U.P.) India. Board No : 0120 6651 500, Ext:270 Direct No : 0120 665 1270 Fax No : 0120 4367 933

4 | How SBI is reinventing itself to be a digital bank

TECHNOLOGY SABHA, GOA

8 | Digital India: Moving on a mission mode

FEATURE

“B

anks are IT companies with a banking license”. This statement by SBI’s DMD and CIO, Mrutyunjay Mahapatra, shows the intent and mindset of India’s largest bank, as it tries to reinvent itself, given the competitive landscape in the banking industry in India. The bank is conducting hackathons, has been publishing its APIs

SBI’s approach is a classic example of how a large enterprise can successfully compete with born in the cloud startups

for fintech companies to leverage its platforms and build apps, and has even rolled out an AI-powered chatbot for addressing customer queries. SBI’s journey towards complete digitization is interesting, as it has adopted a structured step-bystep approach, which has several lessons for its peers. The bank has defined close to 300-odd customer scenarios (such as account opening, transferring

Prabhas Jha Mobile : +91 9899707440 Email id: prabhas.jha@expressindia.com Navneet Negi Mobile No. +91 8800523285 Email: navneet.negi@expressindia.com CHENNAI Kailash Purohit/Amit Kumar Tiwari The Indian Express (P) Ltd. Business Publication Division, 8th Floor, East Wing, Sreyas Chamiers Towers New No.37/26 (Old No.23 & 24/26) Chamiers Road, Teynampet, Chennai - 600 018 Kailash Purohit Mobile No. +91 9552537922, Email: kailash.purohit@expressindia.com Amit Kumar Tiwari

money, buying a house). The objective -- enable the customer to perform any banking activity using a selfservice mode. This is crucial as the bank has a diverse set of customers -- aged between 18 and 108, and has accordingly devised 3-4 variations of the same application. The focus on simplifying the customer’s experience can be seen from different initiatives. For example, one of the basic principles behind user design of an application is to ensure that customers need not click more than four times for any service request to be completed. SBI has also rightly realized that in the platform economy, it is not feasible to build applications on its own, as the pace of technology adoption and change is too fast. The bank has hence opened up its platform via APIs and has invited startups to write code for the bank. This experiment has been a resounding success. In one of its open hackathons, close to thousand teams participated, and around 3000 people built code for the bank writing apps leveraging emerging technologies such as Artificial Intelligence. In the SaaS era, software is constantly updated. SBI today builds apps in an agile manner, and does monthly revisions of its applications, instead of once a year revision. SBI’s approach is a classic example of how a large enterprise can successfully compete with born in the cloud startups, by leveraging its unique strength (more than 500 million customers and 25,000 branches), while simultaneously emulating the best practices of startups.

Mobile No. +91 8095502597 Email: amit.tiwari@expressindia.com BANGALORE Kailash Purohit/Amit Kumar Tiwari The Indian Express (P) Ltd. Business Publication Division 502, 5th Floor, Devatha Plaza, Residency road, Bangalore- 560025 Kailash Purohit Mobile No. +91 9552537922, Email: kailash.purohit@expressindia.com Amit Kumar Tiwari Mobile No. +91 8095502597 Email: amit.tiwari@expressindia.com HYDERABAD Debnarayan Dutta/E.Mujahid The Indian Express (P) Ltd.

Business Publication Division 6-3-885/7/B, Ground Floor, VV Mansion, Somaji Guda, Hyderabad – 500 082 Debnarayan Dutta Mobile No. +91 9051150480, Email: debnarayan.dutta@expressindia.com E.Mujahid Mobile: +91 9849039936, Fax: 040 23418675 Email: e.mujahid@expressindia.com KOLKATA Debnarayan Dutta, Ajanta Sengupta The Indian Express (P) Ltd. Business Publication Division, JL No. 29 & 30, NH-6, Mouza- Prasastha & Ankurhati, Vill & PO- Ankurhati, P.S.- Domjur

12 | IndiaFirst Life wants to provide e-commerce like experience to the customer Email, application and OS whitelisting key to neutralising ransomware

CASE STUDY 13 | IndusInd Bank turns fraud management model into a revenue stream

EVENT Nutanix BFSI Digital Leaders Summit

INTERVIEW 14 | Srinivas Prasad, CEO, Philips Innovation Campus Milind Mungale, Senior VP & CISO, NSDL e-Governance Infrastructure

(Nr. Ankurhati Check Bus Stop), Dist. Howrah- 711 409 Debnarayan Dutta Mobile No. +91 9051150480, Email: debnarayan.dutta@expressindia.com Ajanta Sengupta Mobile: +91 9831182580 Email : ajanta.sengupta@expressindia.com AHMEDABAD Nirav Mistry The Indian Express (P) Ltd. 3rd Floor, Sambhav House, Near Judges Bunglows, Bodakdev, Ahmedabad - 380 015, Mobile No. +91 8866874517 Email: nirav.mistry@expressindia.com

EXPRESS COMPUTER | OCTOBER, 2017

4 | COVER STORY

HOW SBI IS REINVENTING ITSELF TO BE A DIGITAL BANK In its bid to become one of the world's top 10 global digital banks, SBI has undertaken a slew of digital initiatives. In a detailed interview with ECâ&#x20AC;&#x2122;s Nivedan Prakash, Mrutyunjay Mahapatra, DMD and CIO, State Bank of India, states how the bank is acquiring the agility of a startup by embracing digital technologies

Mrutyunjay Mahapatra, DMD and CIO, State Bank of India

EXPRESS COMPUTER | OCTOBER, 2017

COVER STORY Today every bank is functioning like a technology company and the whole business is seen through the lens of digital technologies. What are your observations about the banking industry? The digital technologies have transformed every industry. There is no public or private sector – it is impacting every segment. Everybody has to embrace digital and the digital maturity level will distinguish men from boys. There are various maturity levels – firms who have started their computerization journey only based on automating the manual system as a productivity thing will now have to re-invent their own experience -- both internal as well as external. For a large organization like State Bank of India, which has 300,000 employees, 25,000 branches, 60,000 ATMs, 100,000 banking correspondents, and 500,000 POS machines, our technology ecosystem will be different. But technological maturity in the digital age is different from the quantity of technology you have. If you look at the components of digital, there are 4-5 things defining digital. These include Social Media, Mobility, Cloud, Analytics, and Internet of Things (IoT). For example, if account opening was done in a bank in the manual manner, it has been re-imagined now. In the digital era, the customer is working in a 'self-service' mode. He wants to do banking in a way, place, and at the time of his choice. Another important aspect of digitization is called 'platformization', where you may not be a bank but you still can provide banking services. You can look at Uber or Ola, where you create a partner ecosystem that will have to be managed by technology where many-to-many transactions will take place. While many people will be providing the service, many will consume it. The bank only gives a platform. This is where digital is going. And of

course, new technologies like cloud mean that firms don't have to buy a complete appliance. You just buy off-theshelf products and the rest can be downloaded from the cloud. These are the things that are defining banking today. SBI is aiming to become one of the world's top 10 global digital banks. What are the initiatives taken by the bank to achieve this feat? Digitization has to happen at both an internal as well as at the customer facing front. Every bank has 3 pillars – people, processes, and technology. We have to redefine all these 3 pillars. At SBI, we are doing one large project, called 'Digital Bank'. Here, we have created 3 streams – online marketplace, financial superstore, and endto-end digitization. For these three areas, we have defined 300-odd journeys like customer account opening, address, transferring money, buying a house, etc. Here, we are completely re-orchestrating the process, so that the customer will have an omni-channel and self-service kind of mode. Another significant project is called 'Office 365', which is the world's largest deployment in terms of number of people using it. So far, it has been deployed for 150,000 people. This will be a complete web-based and cloudbased solution. And we are the first bank to adopt 'public cloud'. We are doing another project, called 'Branch Virtualization'. Earlier, every branch had to have one server serving the network of 40-50 people working in a particular branch. Now, we are removing the server and putting our application on the cloud so that the banks will only have the terminal. Besides, we are rolling out 'Customer Relationship Management' software that will be end-to-end and have 365 degree view, campaign management, lead management, complaint management, and customer wallet share management. Internally, we are using integrated risk management as well. These are some of the

projects that we have undertaken and each one of these projects is a multihundred crore project. What's the progress on all these projects? Are they already up and running? Some of these projects have started running. All these are being deployed in the agile fashion. Here, we don't aim for perfection but for a minimum viable product, something which a customer can use, then we can keep on coming back, and re-define, re-imagine, enhance, and release it again after 3 months. There will be various editions unlike earlier, where we used to do once a year revision of Internet banking. Now, we will do monthly revisions.

Today banks are the IT companies with a banking license. In such a scenario, CIO will play a very important role that will be difficult and challenging

In your journey of digital transformation, how are you tackling the roadblock in terms of changing the traditional mindset of internal as well as external stakeholders? This is a very pertinent question. Unlike the Western countries that are at the forefront of digital adoption, we do not have homogenity in our population. For example, people in Tamil Nadu will have a different culture in comparison to that of Chandigarh. Digitally speaking, we have 4 buckets of customers – digitally native, digital migrant, digital fencesitters, and digitally averse. The digitally native people would like to do everything on their mobile phones, social media, or

with peer-level pressure. Digitally migrant (people in the age of 35-50) accept digital technologies but accept it in slow doses. It should stay in hybrid mode. The digital fenceseaters (people who have a lot of money and achieved everything in life) try to decide. While they will be okay with ATM, they are not comfortable with mobile banking. They may be okay with computerised money transfer but not with wallets. And then there are people like digitally averse who want everything in the 'assisted mode' like pensioners who would like to visit the branch, talk to branch managers, and avail pension. They believe that banking is an experience that can be experienced only in a branch. Given the fact that we have such a wide variety of customers (SBI has customers aged between 18 and 108), we need to have 3-4 variations of the same technology. Even our employees are aged between 20 to 60. The pace with which technology is changing, it is sometimes mind-boggling and very numbing. Hence, change management and pace of roll out is a big challenge. The user interface has to be very simple and intuitive like WhatsApp. Our efforts are in making the applications very simple so that even a layman can use it with ease. Which are the key technologies that you are closely looking at and that you think will disrupt the industry? We are looking at open source rather than proprietary technologies. Some of our database, engineering and architecting has been done on robust proprietary technologies like Oracle databases, Microsoft technologies in terms of programming, or Java. But today, since open source is a community developed technology, it has become so popular and developers are coming up in a big way and learning new areas, we are also thinking of creating a few centers of excellence. For example, we recently did an open hackathon and we are

SBI’s DIGITAL INITIATIVES ◗ The bank has introduced ‘No Queue’ app on mobile, which enables customers to book a Virtual Queue Ticket (e-Token) for select services at select SBI branches. ◗ Understanding the uniqueness of India, SBI has introduced 'Missed Call

Banking' where users only need to give a missed call to pre-defined mobile numbers and avail of services such as balance enquiry and mini statement.

◗ Understanding that local language is extremely important for quick adoption, the State Bank of India has ensured that its mobile wallet application is available in 13 Indian languages. It is the first bank in India to do so. ◗ IN parts of India, where network connectivity is extremely poor, the bank has innovated by creating an offline OTP app, where an OTP can be generated in the absence of mobile networks or Wi-Fi. ◗ Another initiative called the SBI Digi Voucher has been undertaken with the intention of cutting down paper-based transactions. ◗ The bank has also embarked upon an initiative called SBI Scribe, which facilitates digitization of customer acquisition and the account opening process.

building a middle layer called service oriented architecture, because for SBI, ‘Core Banking’ is such a massive project where we do application design to handle 15,000 transactions every second. In this case, you cannot be loading the CBS more and more. So, we are calling the application program interfaces (APIs) and we are building these APIs and co-innovating with a lot of companies, Fintechs, and start-ups. As part of the open hackathon, around 1000 teams participated, and around 3,800 people built code for the bank. This is first time ever anywhere in the world, that such a big experiment has been done wherein we exposed our own APIs and very innovative experiences were brought out by the participants like chatbots, artificial intelligence, and face as a factor of authentication among others. I believe open source, IoT, data lake technology are some of the technologies that will completely disrupt the market. What's the update on Project Ganga? We have now expanded the Project Ganga. Earlier, it started with identifying those areas where our capital is blocked where sufficient data is not available and we have to provide additional capital. But today, it is debugging and cleansing of data and we are

doing on a day-to-day basis. We have increased the team and have put machine learning for validation of data so that this project goes through a process of automation. Given the sheer size and number of transactions, it is a journey where we have to continue cleaning such a huge database. How do you see the new-age Fintech companies who are poised to disrupt the market? The market is undergoing a churn. While a lot of Fintech companies are in the valuation game, we are in the 'Value Creation' game. We will have to be very careful in whatever we are doing, as we have built a trust over the years. People ask me about the market disruptors and I just say that we have the great ability to disrupt the disruptors. The superiority of data, technology, and comprehensiveness of the experience that a bank like SBI can offer, gives us tremendous ability to checkmate these disruptors. However, it is good for the ecosystem to have these startups having a fair play in the market as well. It is bringing innovation, speed, and new thought process to the market which is good in consumer interest. Ultimately, it has to be a win-win situation for all the parties. While the new age companies will keep on operating on the fringes as they

don't have that kind of money, we will continue developing the platforms and robust systems along with security. Will it be correct to say that in the digital disruption age, the role of a CIO has transitioned to that of a Chief Digital Officer (CDO)? The role of a CIO has already transformed into a CDO. There is a common saying that large IT centric organizations will not need a CIO because the CEO will act as a CIO. For instance, the CEO of any bank today talks either about digital technology or MPS. Hence, the technology and CIOs role has become one of the topmost headlines of any enterprise today. Now, many CIOs like me will sit on the board of the organization and all CDOs are reporting to me. But the business side of digital is likely to converge and the digital-only would be like a separate vertical and business unit going forward. It is very important that we get prepared for simultaneous organizational changes. In the coming years, IT is going to be the focus area for any enterprise. In SBI, CIOs always come from the business. As rightly pointed out in the beginning, today banks are the IT companies with a banking license. In such a scenario, CIO will play a very important role that will be difficult and challenging.

“Investments in cyber security should be futuristic” How do you see the present structure of digitization in the Indian banking sector? There are two kinds of digital activities that are happening in the banking space. There are activities visible to all and the others are the unseen activities taking place at the backend and usually the customers are not aware of them. The visible part of digitization is what we are doing in terms of offering customer experience, delivering banking products and providing services in digital platforms like mobile, web, ATMs, channels, etc. At the same time, we are doing a host of invisible digitization activities, which include initiatives like collection of payment data, cash movement data, last mile infrastructure and connectivity where the platform is required to be robust, scalable and reliable. There are many aspects of technology - citizen-centric, governmentcentric, and business-centric - which are getting delivered unseen. And those have been taken as part of the hygiene of the ecosystem. This shouldn’t have been possible without adopting a digital ecosystem. Digital in my view is what we are doing in the public domain, whether it is Internet of Things, payment system, cloud, or mobility. In addition, there are large system of productivity oriented, security oriented, and governance oriented initiatives which are happening in digital. Why cyber security is considered to be the biggest concern for banks ? The banking sector has to be always prepared. The coefficient of magnification of same cyber incidents in any other sectors like manufacturing would gain the same amount of prominence in other sectors. But in banking the magnification is too much. Here a small incident could be blown out of proportion because people are concerned about their hard earned money and overall financial security is at the stake. The truth is whatever we do, we cannot avoid incidents happening, because whoever are the cyber criminals, they have the ability of innovating and striking at will. Even if five percent of their efforts succeed, they could bring havoc to the system. For example, a DDoS attack, Distributed Denial of Service, the rogue traffic has essentially stopped benign traffic or genuine traffic from going to our applications. And every application has an inherited capability to stall it. So, it goes into hyperactive mode and the application gradually comes around. Therefore, whether it is DDoS, SQL Injection or any other newer methods we will have to be prepared for it. What measures can be taken to mitigate advance attacks like DDoS? What is the strategy of SBI to combat such security threats ? As DDoS attacks can come from anywhere in the world, geographical boundaries are no constraint, the moment it pierces the firewall it will hit your critical system. The only thing that can be done is preparedness, how robust is your scrubbing services as compared to the speed that these DDoS attacks are coming. Everytime, you will have to be futuristic when it comes to investing in cyber security. This is what we are doing at SBI. Second is the security practice compliance. I remember my candid conversation with Oracle CEO, where he was telling that whenever they acquire a new company, they bring down that application for periods ranging from one week to several weeks to develop those patches so that they are best security practice compliant. And we are also doing the same thing. We would rather bring down an application, patch it up, and promote

it rather than allowing vulnerable applications working with them. In terms of our strategies of mitigating cyber security risks, we are the first bank in this country that has deployed ethical hackers. And these hackers are continuously trying to exploit the weaknesses in our system and telling us that these are the areas in which improvements are needed to be made. We have preventive practices like security coding, employee frisking, master data management, robust data dictionary, all these are meant for preventive security. T hen, on-the-go security includes analyzing traffic, engaging struggling services, and isolating applications. This is one practice that we are diligently following. We are investing heavily in the security operations center. We are hiring people from the market. We are one of the biggest recruiter of security experts in the banking space. And engaging with partners like Oracle is making things easier for us.

In the banking sector, the first application of blockchain happened in trade finance and thereafter SBI, we are promoting a chain called Prime Chain and are members of a consortium called the R3. There are companies like IBM and Infosys that are working on blockchain. No doubt blockchain has a great potential and there are multiple use cases. But as of now, with the lack of standardization and lack of agreement on the protocols, blockchain is yet to have any significant impact on the banking industry. We are using it for consortium financing, development operation, and KYC among other areas. Innovative uses of blockchain have to come, standardization has to happen but for this to happen, people must agree for the same protocol. Existing players will also innovate. I see the adoption of blockchain happening quite faster in the payment space, where we are seeing more application of blockchain.

Banking is one of the sector where a lot of data sets are generated How do you see the progress of startups in fintech space and how is regularly. So how is Big Data and analytics being used by SBI ? SBI associating with them? It is rightly said that data is the new oil and, therefore, it requires a One thing which is not so good about startups and fintechs is that they refinery of data to get meaningful insights. The State Bank of India don’t have the deep pockets to invest in security. They generates data every moment. We do 5000 transactions want something to be up and running very quickly. Also, every second. This means every minute we have 300,000 they don’t have the scalability as well as security transactions. We have 270,000 tellers who are logged in. capabilities. Hence, we are doing the multi-modal Here, we are looking at explosion of data at every touch SBI is investing partner selection, investing in a security, coding, and point. The first challenge here is to recognize these data prevention. points, as we don’t have the ability, time and money to heavily in the convert every data into structured data and store it in security Today, most of the cyber incidents are spreading data warehouse. This leaves us with no choice but to work operations through insiders and others are not even reported. with unstructured data. And the moment we speak of In such a scenario, what kind of security structured and unstructured data working together, the center. The bank framework is required for an organization and role of Big Data comes into play. Big Data is an area where is one of the what is SBI doing ? we are investing heavily. And companies like Oracle are biggest A few years back, security used to be a tick box working with us closely in doing analytics, giving insights kind of an exercise. You take a framework and you tick into it, and also helping us deploy technology to slice and recruiters of it and then people become defensive and don’t want to dice data. security experts report it. We are building communities now, where at We are also working with Oracle cloud machine, which in the banking least in a closed room people will tell what has is placed inside our firewall. While it has all the happened. Otherwise, there is a fear of misreporting, properties of the public cloud, we have the ability to keep space people don’t tell it or believe that it is unique to them it inside our firewall wherein the physical security is also and they don’t share it. Around 90 percent of the with us. Oracle cloud machine provides one platform events happen by negligence of the insiders where the from development through production with full workload standard operating process is not followed, portability, rapid application development across public everything is going right, so nobody cares. Swift, for an example, always and private clouds with no rewrite, and is much secure and compliant data say that nobody can violate their system, which may be true, but that at reasonable pricing. brings complacency in their operations. I think, howsoever secure your house, maybe, if your doorways are not guarded, there will be a problem. As one of the pioneers in the IT space, what will be your message to At SBI, we know that things will happen, and that's why we are devising the CIO fraternity? How do you see the future CIOs as a torch bearer a standard operating process for everything, which includes processes like for the economy? escalation matrix and formation of war rooms. Once things happen, how Futuristic CIO has to be exposed and connected because the world is quickly we gather a bunch of experts, who can come together and start becoming boundary less. Secondly, he has to allocate a separate budget for driving things from the front end. Then failover mechanisms like DR sites, innovation and experimentation. He cannot only keep the lights on. The near hot sites, how robust they are, recovery time, objective monitoring, third is that the approach should be towards the business side of the recovery point objective monitoring, those have to be robust, then technology. Hence, he must learn how to build friendships and networks deployment of the frameworks. All these are the multimodal activities we with his business counterparts. C-suite is a difficult position, but CIO will are doing to secure our environment in security. be more difficult. And last but not the least, he must know how to lead people. You must keep the morale high and push people, but at the same How do you see the role of blockchain technology in the banking sector? time, be friendly with them.

EXPRESS COMPUTER | OCTOBER, 2017

6 | FEATURE

RBL BANK’S JOURNEY FROM A LEGACY TO A NEW AGE BANK IN THE LAST six years, the bank has come a long way from a legacy, disconnected branch network to a banking-as-aservice platform

Abhishek Rawal abhishek.rawal@expressindia.com

BL Bank, operating in the scheduled commercial bank category started off with IT systems, which were rudimentary and disconnected. The branches were working in isolation with their independent systems. The need was to have a Core Banking Solution (CBS). Finacle was shortlisted after a thorough evaluation of other similar systems in the market. At the same time, the supportive structure like networking and infrastructure was also overhauled. These systems act as veins that help the data flow to and from the CBS. Access controls, data security, policies and putting the networks in place basis the geographical location was all established. It was a ten month project. All the branches were then working on Finacle. This was the end of the first phase of the tech upgradation at RBL Bank. So, what did it achieve ? The CBS

offered anywhere banking to the customers. The bank was able to offer products, which any other bank could. Specific new products could also be offered. Process centralisation happened as a result of the new CBS. This was about RBL Bank 1.0, which involved putting the basic hygiene infrastructure in place. RBL 2.0 was about having an enterprise architecture around the CBS that will further enhance the bank’s capability to expand the service arsenal of the bank. Moreover, it will add processes like HR, cash, wealth management systems offering products in the space of retail, corporate banking etc. The attempt was to move the bank towards becoming universal, offering most of the services offered by other banks. However, because of these multiple additions, the IT architecture became complex. To simplify the architecture, IBM’s Enterprise Service Bus (ESB) was employed. “We took the IBM stack and made a standard stack for our data centre and then added BPM,” informs Sanjay Sharma, Head- Technology. Innovation & Customer Fulfilment, RBL BANK. The bank had the opportunity to have an ESB to simplify the intercommunication between services, processes and applications vis-a-vis a bank having a legacy system with a complex networking architecture with applications talking one-to-one. The ESB provides a seamless routing architecture. Every communication between a process, application or service is routed through a single ESB. After having an ESB in place to support multiple channels to talk with each other, IBM Worklight was bought, in order to activate mobile devices pulling data from systems.

This also led to the launch of mobile banking app- RBL MoBANK and net banking. In the last eighteen months, the bank has been working more on developing mobile applications. RBL Pay was the first UPI certified app. This IT upgradation also helped to easily manage a business acquisition: RBL Bank bought Royal Bank of Scotland’s (RBS) credit card portfolio and the associated data was migrated to the bank’s systems. Then the the card application for mobile was launched. Ninety percent of the bank’s card customers belong to other banks. The IT systems would also help the account managers to explore the potential for offering other services to the same customers. Another focus area was API banking. “We launched a portal on which our APIs were exported and the customers can use it. It was subscription based. We were the first ones to do so,” informs Sharma. Remittances is also a large part of its business. Partners were onboarded on the RBL Bank portal using APIs to accept remittances. The objective was to empower new business models. After API, open banking and payment as a service,Sharma’s plan was to gradually move over to ‘Banking as a service’ wherein any partner (it can be a fintech, payment provider, payment company) can use RBL Bank’s infrastructure to provide any banking service or products. This can be a huge opportunity for payment banks because they are only supposed to offer a limited amount of services set under the regulation. RBL Bank can supplement or complement them and partner to offer the services

which they cannot provide. This can again be done using API and seamless integration. “One important decision was to host the data centre on a private cloud instead of having a captive data centre. The bank hosts its datacentre with Netmagic. The idea is to first experiment on a private cloud and work on an Opex model. Probably we were the first ones to

Intelligence (AI) based reader that can read the SMS, Whatsapp messages and other relevant platforms to send an alert to the customer that the payment is due. It’s a simple to use, interactive and very effective tool. Not only payments, but it can also be applied to other services. A blockchain-based suggestion on how a loan approval can be

To simplify the architecture, IBM’s Enterprise Service Bus (ESB) was employed. “We took the IBM stack and made a standard stack for our data centre and then added BPM Sanjay Sharma Head, Technology, Innovation & Customer Fulfilment, RBL Bank experiment with a private cloud,” says Sharma. On the path of innovation RBL Bank partnered with IBM, PwC, Microsoft to launch its maiden hackathon. The bank exposed its API and was able to garner interesting ideas. One startup came with an idea of a payment ring. It has a chip embedded on it and is similar to a NFC phone / card. The customer can tap the ring and the payment is processed. The bank will launch this soon. It’s under the stage of getting the required certification. Another startup came up with an Artificial

vetted with a bank consortium was also one of the ideas discussed at the Hackathon. The loan proposal is sent to the bank consortium to check for any pending payments and loan history. This can be a useful tool for maintaining high asset quality. The bank is already a part of some Blockchain consortiums in India. Many technology innovations were also showcased by the fintech companies working in the space of financial inclusion on how micro transactions can be carried out. It was a useful exercise for the bank employees. They got a cue on how to

think differently than how they have been thinking thus far. Going forward Financial inclusion will remain to be a big focus. It’s a separate line of business. The bank launched micro ATMs combined with a tab. It has Aadhaar based authentication and a card slot for reading customer details. It not only onboards the customer in a quick way but also does collections. These devices have been provided to the business correspondents, apart from the bank’s employees who source the financial inclusion business. The important part in this business is how to use partners to garner more business. The bank has been able to acquire one lakh accounts per month using this platform. On the digital side, in retail banking, the bank launched an online paperless account opening process. The focus is to use digital channels to acquire customers through non traditional sources. “We are also acquiring customers through the payment providers. The customers download the app through the bank’s platform but we also offer them our products. The payment providers use our platform to onboard their customers. Since we house the customer data, we also get to offer our products to them,” says Sharma. RBL Bank plans to be a digital first bank by 2020. The thrust now is on implementing Robotic Process Automation (RPA), which is to make the software do the clerical work which thus far was done by humans. This becomes possible by doing Straight Through Processing (STP) at the back-end so the processes are also automated. This saves tremendously on the drain that it brings to the manual resources during the month end in particular and during weekdays in general. Also, when the customer opens an account, he gets a superior experience as far as activation of various channels and services is concerned. It’s much more fast as compared to how was it done earlier. In the next six to nine months, all the major processes will be made RPA enabled.

OPINION

Rana Kapoor, Yes Bank

Organizations of the Future: Role of DICE

n a world where disruption and exponential change is the new normal, it has become imperative to build a company that is agile enough to change, and adapt with the times; if not ahead of the times. The objective should be to bring the future into the present. Digital transformation is impacting all spheres of business; no organization is

protected from intense, unpredictable and disruptive competition. I believe that successful organizations of the future must be designed for speed, agility, and adaptability to enable them to compete and excel in the constantly evolving global business environment. In the past, organizations were designed for efficiency and effectiveness; which led to

creation of complicated silos. However, successful companies are always looking for new ways to compete in the marketplace. One approach which has taken the corporate world by storm is Design Thinking. I strongly believe Design Thinking is a ‘power tool’ for empowerment and has the potential to transform and make a positive difference to

businesses across the board. The Design Thinking we are talking about is not visualization of aesthetics, but Design Thinking for Business Innovation – how businesses should think, innovate, operate and devise effective means of gaining a competitive advantage in their industry. I believe that Design Innovation Creativity-led

Entrepreneurship truly characterizes the rise of the ‘entrepreneurial economy’ in India. Design thinking has more to offer the modern organization as a means to cultivate creativity and innovation in an organization. Steve Jobs once said, “Design is not what it looks like and feels like. Design is how it works.” Corporate goliaths like

Apple, Google, and Airbnb have design at the core of their business. Design–driven organizations are not problemfocused but solution focused. Such action-oriented, logic driven and imaginative organizations are more adept at exploring possibilities and creating desired outcomes. Design-led innovation is ‘human centered’ – it puts people first, not technology. As a result, when design principles are applied to strategy and innovation, the success rate for innovation dramatically improves. For innovation to flourish, organizations must create an environment that fosters creativity. Decision making process in innovative organizations involve openminded, passionate and adaptable leaders who are not averse to taking risks. Modern organizations have a sharp focus on design management to encourage creativity and professional entrepreneurship. In fact, many Fortune 500 companies and even Governments of more developed nations have C-level positions focused on design & innovation. Almost every bank has a Chief Digital Officer or a Chief Innovation Officer. With the growing interest in fintech, the Monetary Authority of Singapore has appointed a Chief Fintech Officer which has not been seen in any other country until now. I feel the day is not far when we will see large global corporations run by designers or even boardrooms full of designers. Consumer demand-led market forces, disruptions in technology and Innovations

across operations & customer service are all synergizing well towards the creation of a new ecosystem. This is not very different from what happened at the Silicon Valley in USA over the past 2-3 decades. We are at a juncture now, where creativity & innovation emanating out of India is altering the dynamics of the global economy. This new entrepreneurial phase emphasizes that educational institutions are the best place to ignite entrepreneurial spirit. Globally the paradigm of ‘the innovation district’ is providing entrepreneurs and startups an ecosystem designed to spur economic development. With over 80 official innovation district globally including Silicon Valley, Boston Massachusetts and Barcelona, Spain; the concept is changing the landscape of innovation globally. In India, similar endeavors like Lower Parel Innovation District (LPID) are providing building blocks using the disciplines of design & innovation to play a significant role in addressing issues of economic development and social improvement. Even as the Government and policymakers are making significant strides to nurture entrepreneurship and innovation, I believe Design Thinking and Creativity are key skill sets that must be encouraged by legacy and new organizations alike – especially at our educational institutions. Authored by Rana Kapoor, MD & CEO, YES BANK and Chairman, YES Global Institute

EXPRESS COMPUTER | OCTOBER, 2017

OPINION Sharad Sadadekar, CISO, HDFC Life Insurance

Top 15 guidelines to be implemented against Ransomware

he WannaCry ransomware has brought the enterprise, government agencies to their toes and organisations have swung into action to manage and prevent the threat. There is speculation that more is yet to come. Sharad Sadadekar, CISO, HDFC Life suggests a comprehensive guide on the best practices to shield organisations against such threats and even, for those who are affected, what are the steps to be taken. “The Information Security community has got into a huddle to take on the WannaCry swamp and we have been able to do in a matter of two-three days, something that could have taken weeks”, a CISO said on the condition on anonymity. This guide can prove to be a step in that direction. Reports of ransomware attacks in Spain, UK and US began early morning on 12 May 2017 and later it started spreading like wildfire in other countries including India. Shortly thereafter, it was confirmed to be WannaCry ransomware using an Microsoft SMB vulnerability exploit techniques. Once this malware/ransomware gets installed, it encrypts the files (using AES and RSA encryption) and prompts for ransom. Impact The ransomware cyber-attack targeted tens of thousands of computers in 150+ countries including India. It has crippled leading healthcare services, financial and logistic service systems and has been creating havoc across the globe. Affected Software This ransomware appears to have exploited Windows vulnerability for which Microsoft released a patch in March called MS17-010. The flaw was in the Windows Server Message Block (SMB) service, which Windows computers use to share files and printers across local networks. WannaDecryptoris ransomware has multiple names like WannaCry, WCry, WanaCrypt and WanaCrypt0r – with encrypted files extensions wnry, .wcry, .wncry and .wncrypt. This ransomware leverages the AES-128 cryptosystem to lock data down, therefore any further manipulations are only efficient as long as the secret AES key is at the victim’s disposal. Microsoft Windows systems using Samba (SMB) and Unpatched or End of Life Microsoft Windows systems like windows 2003, XP are at higher risk of infection. Top 15 controls and measures which should be considered and implemented: 1. Newly released Intrusion Prevention signature should be configured on Firewall / IPS which will block any internet based attacks. 2. Disable uPNP on all your gateways, firewalls, routers and proxy servers. 3 Blacklist malicious IP addresses and website URLs received as part of multiple threat intelligence alerts and advisory groups. 4. Update the signature and block suspicious keyword patterns and emails at SPAM gateway. Establish a Sender Policy Framework (SPF) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes. 5 Download latest antivirus signature to detect and prevent such attacks. Roll out across all end point systems and servers.

6 Download the latest operating system patches to address the vulnerability (Microsoft vulnerability MS17-010). Roll out of patches across all applicable endpoints and servers. 7 SMB port access and RDP (Remote Desktop Protocol) to all computers from the internet. Port 445 and 139 for SMB and 3389 for RDP should be blocked.

24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea 04703480b1022c

domain – gx7ekbenv2riucmf.onion domain – sqjolphimrr7jqw6.onion domain – xxlvbrloxvriy2c5.onion)

24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea 04703480b1022c

CnC IP addresses be blocked or watched 38.229.72.16

2c2d8bc91564050cf073745f1b117f4ffdd6470e87166abdfcd 10ecdff040a2e

188.166.23.127:443

8 Strictly adhere to the NAC policy to restrict devices on network. Ensure updated AV and patch before connecting to the network.

193.23.244.244:443

9 Block domains which are high risk at gateway level. Refer Annexure1.

146.0.32.144:9001

7a828afd2abf153d840938090d498072b7e507c7021e4cdd8c 6baf727cafc545

2.3.69.209:9001 a897345b68191fd36f8cefb52e6a77acb2367432abb648b9ae 0a9d708406de5b fb0b6044347e972e21b6c376e37e1115dab494a2c6b9fb28b9 2b1e45b45d0ebc

50.7.161.218:9001 10 Disable SMB on end of life systems and harden the same before connecting on network.

213.61.66.116

11 Disable office macros through a group policy.

217.79.179.77

12 Backup all critical data or data of critical users on centralized system

128.31.0.39

9588f2ef06b7e1c8509f32d8eddfa18041a9cc15b1c90d6da4 84a39f8dcdf967 b43b234012b8233b3df6adb7c0a3b2b13cc2354dd6de27e09 2873bf58af2693c

212.47.232.237 13 Stop granting any privilege access to users who want to run an unknown program as an administrator. 14 SOC (Security Operation center) team to be on high alert and monitor and block all suspicious activities.

4186675cb6706f9d51167fb0f14cd3f8fcfb0065093f62b10a15 f7d9a6c8d982

81.30.158.223

09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d 0c238ee36421cafa

79.172.193.32 89.45.235.21

15 Ransomware Attack – Advisory awareness mailer to all users and Leadership. What if you are already infected? If you notice that you are a victim of this ransomware. Follow these steps immediately to reduce the impact: ◗ Disconnect all network connections and external storage immediately. ◗ Inform your IT Or Infosec team ◗ Do not pay any ransom to the hacker as this will fuel the illegal ecosystem and there is no guarantee that you will get the data back. ◗ Safeguard and keep your backups ready before experts assist you. Annexure1 ◗ Indicators of compromise (IOCs) ◗ File names d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106 d6a6a794c3e746f4fa b.wnry 055c7760512c98c8d51e4427227fe2a7ea3b34ee63178fe 78631fa8aa6d15622 c.wnry 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339 940cf6b29409f2a7c r.wnry e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086 c8bee037436dff4b s.wnry 4a468603fdcb7a2eb5770705898cf9ef37aade532a79646 42ecd705a74794b79 taskdl.exe 2ca2d550e603d74dedda03156023135b38da3630cb014e 3d00b1263358c5f00d taskse.exe 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9e ba5140688e7bc0ae6 t.wnry b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf84 6bb9b560d81391c25 u.wnry ◗ Domain to be blocked or watched domain – 57g7spgrzlojinas.onion domain – 76jdd2ir2embyv47.onion domain – cwwnhwhlz52maqm7.onion

Excellent reference and advisory 188.138.33.220 Known hash values ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5 babe8e080e41aa c365ddaa345cfcaff3d629505572a484cff5221933d68e4a521 30b8bb7badaf9 09a46b3e1be080745a6d8d88d6b5bd351b1c7586ae0dc94d 0c238ee36421cafa 0a73291ab5607aef7db23863cf8e72f55bcb3c273bb47f00edf 011515aeb5894 428f22a9afd2797ede7c0583d34a052c32693cbb55f567a602 98587b6e675c6f 5c1f4f69c45cff9725d9969f9ffcf79d07bd0f624e06cfa5bcbac d2211046ed6 62d828ee000e44f670ba322644c2351fe31af5b88a98f2b2ce2 7e423dcf1d1b1 72af12d8139a80f317e851a60027fdf208871ed334c12637f49 d819ab4b033dd 85ce324b8f78021ecfc9b811c748f19b82e61bb093ff64f2eab4 57f9ef19b186 a1d9cd6f189beff28a0a49b10f8fe4510128471f004b3e4283d dc7f78594906b a93ee7ea13238bd038bcbec635f39619db566145498fe6e0ea 60e6e76d614bd3 b43b234012b8233b3df6adb7c0a3b2b13cc2354dd6de27e09 2873bf58af2693c eb47cd6a937221411bb8daf35900a9897fb234160087089a0 64066a65f42bcd4

CERT-In is constantly updating its webpage, please refer for latest update: http://www.cyberswachhtakendra.gov.in/alerts/wannacry _ransomware.html Windows OS Update: In order to prevent infection, users and organizations are advised to apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17- 010. https://technet.microsoft.com/library/security/MS17-010/ Microsoft has released SMB patch update for unsupported Windows Versions - XP, Vista, 8, Server 2003, 2008, etc. http://www.catalog.update.microsoft.com/Search.aspx?q =KB4012598 If you are not infected then try out NoMoreCry CCNCERT’s tool to prevent the execution of the ransomware WannaCry This tool is available to all organisations that need to use it. It creates a mutex (mutual exclusion algorithm) on the computer that prevents the execution of the malicious code WannaCry 2.0. It is important to note that this tool is Not intended to clean compromised machines. CCN-CERT indicates that the tool should be run after each restart. This process can be automated by modifying the Windows registry or through the implementation of the proper policies in the domain This tool works on all versions of Windows. CCN-CERT NoMoreCry Tool is located in CCNCERT’s cloud, LORETO. In this location there is also available a complementary Script that prevents the execution of the malware on Windows computers in English and Spanish.

Dr. Michael Gorriz, Group Chief Information Officer, Standard Chartered Bank

Join the data revolution

he explosion in data sources – mobile data, real-time social data, and the Internet of Things – combined with the coming of age of data science and open-source data technologies, has created a clear divide between the banks that are ready to embrace the data revolution, and those that are not. Banks need to re-invent how they work, given the exponential speed at which technology is evolving. Harnessing data assets must become a key business priority. Data ownership and privacy Our data-driven world raises questions about privacy and who owns the data when someone starts to share their personal information. This debate has existed since the advent of the internet. Organisations that collect Big Data want to run analytics to understand their customers and improve the quality of their services, while others are advocating for users to regain

data sovereignty. Collecting and storing data, in addition to abiding by everincreasing levels of privacy and regulatory compliance, make for a deeply complex operating environment for banks. Some have suggested that privacy will become mathematically impossible in a matter of years when artificial intelligence (AI), combined with data analytics, can start to plug knowledge gaps by inferring from known data. What is important is making sure people have more direct control over their data and can choose what they make available. Generally, people don’t mind giving out data if they get something in return. As long as customers are given a choice, see the benefits and are asked for their agreement, they are more likely to share their data. Banks and other service providers have to tread a fine line between being helpful and being intrusive. When used correctly, Big Data is very powerful. Our team in India has worked out

how data analytics could be used to identify potential instances of money laundering, and address financial crime risk. With the rise in regulation since the 2008 financial crisis, we are also exploring solutions to improve reporting that

meets the requirements of central banks. We have invested to build our own ‘data lake’ – a state-ofthe-art platform that allows us to embrace the data revolution and depart from the traditional data warehouses that were

functionally limited, expensive and slow to use. Trustworthy data The success of any venture into Big Data depends on data you can trust. Indeed, data quality is one of the biggest

problems in the Big Data space, exacerbated by the diverse nature of data coming from both internal and external data sources. Making sense of data in a unified model is crucial. Without that, we end up with data but not information. As a bank, we are focusing on the root of this problem. We are looking at open standards like FIBO (Financial Industry Business Ontology) to help us achieve this. There are also novel techniques in the areas of machine learning and AI that are accelerating the convergence of data models across disparate sources. Despite the prevalence of smart algorithms capable of using data to derive intelligent conclusions, I’m of the view that we remain years away from being able to be rely on machines to run our lives. A colleague described a situation in which he received a threatening call from a debt collection agency, only to find out later that the machine had matched him with the data of

someone else with the same name. Clearly, banks and many institutions still require experts in data quality governance. While it is important for banks to strive to become truly data driven, the financial services business isn’t a technical machine with input and output factors. Big Data is a means to an end and not an end in itself. We don’t measure success by the amount of data that we are able to harness or the number of apps we’re able to invent, but by the extent to which Big Data helps us gain more insights into the real, human needs and desires of our clients. I’m a firm believer that with the advancements in machine learning, humanity will still be the architect of the world that we live in. Standard Chartered Bank’s Group Chief Information Officer, Dr Michael Gorriz, on how banks can change with the times

EXPRESS COMPUTER | OCTOBER, 2017

8 | EVENT TECHNOLOGY SABHA, GOA

Digital India: Moving on a mission mode THE 22ND EDITION of Technology Sabha was held from August 17- 21, 2017 at Novotel Spa & Resort, Goa. The event was focussed on e-governance and Digital India

The 22nd edition of Technology Sabha was held from August 17- 21, 2017 at Novotel Spa & Resort, Goa. As a continued extension of its support to the Digital India initiative, this edition showcased exemplary success stories from central and state departments, and shared best practices from government thought leaders. The theme for the 22nd edition of Technology

Sabha was Digital Inspirations: Best Practices From India’s eGovernance Digital Thought Leaders’. The conference began with an inaugural session which saw the participation of Mridula Sinha, Hon'ble Governor, Goa and J Satyanarayana, Chairman, UIDAI and Advisor to AP Government. The three day conference focussed on various topics related to Digital India and progress of e-governance in the country.

DAY -1

Keynote address

J Satyanarayana, Chairman, UIDAI and Advisor to Andhra Pradesh Government

Satyanarayana highlighted Prime Minister Narendra Modi's address in which the PM had mentioned that there would be a New India by 2022 - when the country will mark 75 years of Independence.

Satyanarayana said that the dream of New India will be around Digital India where technology will be at the core. India’s digital transformation will significantly improve the quality of government services and increase transparency in its style of working. He mentioned about ‘IndEA—India Enterprise Architecture’ as an idea that aims to create resonance and

Accelerating digital transformation

Barun Lala, Director, Sales, HPE

n 2015, the number of mobile devices crossed the number of people on earth, said Lala. "The wave of digitization that is closely touching every human being in the world. In India, Aadhaar is one of the finest example of it. Aadhaar is

going to become the single payment system and is going to remove all kinds of credit cards," he added. Elaborating on HP Hybrid IT infrastructure, he said that enterprises must evolve rapidly to stay competitive in the modern, fast-paced world. This puts a strain on IT and can lead to a chaotic mix of workload-specific hardware platforms and shadow IT that is costly, difficult to manage and high-risk. By transforming your infrastructure in a way that avoids disruption to the business, you can solve your most pressing issues and prepare for future success. Hybrid IT combines the right mix of traditional IT, private cloud, and public cloud to meet your business and IT goals, so you can integrate new technologies where needed and maintain legacy systems where appropriate. Smart City, rural education, future classrooms, HPE eHealth centre were some of the broad topics that were discussed in his presentation.

value for this project in the minds of the citizens. The state government has designed different models and will be submitting its technology framework proposal to the government for a national rollout. Even Aadhaar would be a key enabler as it is a single platform that handles billion plus people as the number of transactions is into hundreds of crores. Around 1.3 trillion calculations are done to issue one Aadhaar. He also talked about the realtime governance initiative of the Andhra Pradesh Government where information about various services is monitored in real time through a dashboard from the CM's office and data driven decisions are taken. He announced that the state of Andhra will soon be launching India’s biggest Command and Control Center.

Mridula Sinha, Hon'ble Governor, Goa

Prashant Gupta, Principal Director, Microsoft India

upta's presentation focussed on the fact that AI and machine learning is going to be the main driver of future innovation. Microsoft has successfully initiated a project in the state of Andhra Pradesh which will help in minimizing school dropouts and increasing the employablity of students in the state. The application that is based on AI helps the state education department

J Satyanarayana, Chairman, UIDAI and Advisor to AP Government,

technology. Sharing her tryst with technology, she said that for her technology may be limited to use of mobile phone but she is happy to notice that young people have adopted it quite easily. “There has been transformation in the society but speed at which it is happening now is quite fascinating. Technology has really disrupted and it is good for the society,” she said. On Prime Minister Narendra Modi's vision of Digital India, she asserted that the country is truly moving towards a digital economy and time is not far when the entire country would be digitally reachable and connected. She praised the Prime Minister’s keeness to promote adoption of digital.

ridula Sinha started her address by recollecting her childhood memories and how paying money for a particular service was a luxury as most trade used to happen through barter. Even farmers of that time were given food grains for their labour. She said that the world kept on changing and India also witnessed a huge change that came through digital in the last 10-15 years. She said that the potential of technology is huge in all fields of life, specially mentioning about the role that it is playing currently in the country. She emphasized that today, government to citizen services are easily accessible due to use of

Intelligent cloud for Digital India

Fireside Chat with J Satyanarayana

in predicting school dropouts. Based on Azure Machine Learning, this tool processes complex data consisting of student performance, school infrastructure, and teacher skills to find meaningful patterns. The outcome of the analysis is used by the government to align its schemes, programs, and investments in the most important areas. Microsoft has been using Power BI, machine learning and data mining techniques to unlock insights and help tackle avoidable blindness. India currently has 11,500 ophthalmologists against six million people who are affected by the disease. Using Artificial Intelligence techniques can significantly improve the speed, efficiency and accuracy of identifying eye-disorders at an early stage, before they become a major problem. By using machines to perform automated detection, the diagnosis can be made more accurate and efficient – and could prove invaluable in remote areas, where the required expertise is not available.

Empowering vital information for a Digital World

Dhiren Pandya, Head, Govt & Infrastructure Vertical, Vertiv Co

eadquartered in Columbus, Ohio, Vertiv has more than 20,000 employees and more than 25 manufacturing and assembly

He added that large transitions are happening in India. The country is moving from wire to wireless. He explained this by sharing some of the major projects being undertaken by HPE such CCTNS project, Mumbai Wi-Fi project among others. Sharing his views on the role of a private company in the public sector,

J Satyanarayana stated that companies like HPE has a global outlook. “They should try to find out problems in the system and help to solve the same,” he said, adding that public-private partnership is needed for technology adoption but cautioned that the private company should find the problem, not create it.

facilities around the world. Vertiv, formerly Emerson Network Power, is a global provider of mission critical equipment for vital applications in data centers, communication networks, and commercial and industrial environments. Vertiv designs, builds and services critical infrastructure that enables vital applications for data centers, communication networks and commercial and industrial facilities. Pandya said that the company supports today’s growing mobile and cloud computing markets with a portfolio of power, thermal and infrastructure management solutions. "We offer problemconfigured critical infrastructure technologies, rapidly deployable intelligent hardware and software, and customized solutions to meet your specific requirements and needs. Our focus is to provide unsurpassed global scale and broad expertise, built from our heritage as Emerson Network Power," he stated.

Enabling Smarter Governance through Mobility Sukesh Jain Vice President, Samsung India Electronics

Barun Lala, Director Sales, HPE he Fireside Chat, a new addition in Technology Sabha began with the editor of Express Computer, Srikanth RP, presenting an overview of how the government is pushing with technology for ensuring better governance. He emphasized on few projects that the central government has taken in the recent past and asked Barun Lala to share his thoughts on how he sees the government business in India and what way HPE is collaborating with the government. Barun Lala said, “India is a land of opportunity. We do close to 700 million business in the public sector. It is one of the fastest growing verticals in India.”

Address by Chief Guest, Mridula Sinha, Hon’ble Governor, Goa

ukesh Jain quoted Prime Minister Narendra Modi,"We will transform governance, making it more transparent, accountable, accessible and participative." Jain said that the role of mobile in the future economy is going to be immense and mobile governance will be a turning point for digitization. It has the potential to make development a truly inclusive and comprehensive mass movement. It puts governance within everyone's reach. He said that with the country moving towards being a complete digital economy, security is going to be taken very seriously. He spoike about the Galaxy Tab

Iris featuring iris-recognition technology that is ready for Aadhaar authentication through an integrated and highly secure biometric device. The Galaxy Tab Iris is meant to

provide cashless and paperless services in various applications such as banking, eGovernance services such as passport, taxation, healthcare and education. The easy-to-use biometric technology, currently incorporated in the Galaxy Tab Iris is helping India spread its Digital India vision of providing technology so that every citizen of the country can has access to financial inclusion benefits. The solution is supporting the government's benefit programs and enabling banks and financial institutions to streamline the process of an individual’s authentication, regardless of language and literacy barriers. He also spoke about Knox; which is Samsung's defense-grade security platform built into the company's latest mobile devices.

EXPRESS COMPUTER | OCTOBER, 2017

EVENT Dynamics of next generation data center Rajesh Kumar S, Advanced Technology Specialist, Juniper Networks

ajesh Kumar S said that the data center has now become the architecture for all kinds of applications. Talking about the software defined secure networks, he

mentioned that the hybrid and the multi-cloud is now the reality. “In vertualised world, security is different as compared to the physical world. Today cybercrime is a massive, organized business that generates over $2 trillion a year, more revenue than the GDP of many countries.

To address a risk of this magnitude, enterprises need to think differently about security and consider a new option— an option in which your network components are orchestrated into an endto-end defense domain. The network itself has the power to deliver highly effective

protection from today’s sophisticated and everevolving threat landscape,” stated Kumar, adding that with a Software-Defined Secure Network (SDSN), businesses can benefit from unified defense across multivendor environments, private clouds, and public clouds.

DAY - 2

Power Breakfast with Infiflex Technologies

nfiflex Technologies is a cloud computing company offering a comprehensive portfolio of products and services. The presentation centered on its cloud framework, Giffy, which was started in the year 2002 with the mission to achieve excellence in cloud solutions market and build long-term client relationships based on industry best services as well as mutual trust. Infiflex also offers its customers expert consultation, setup and deployment, training and support services on G Suite as well as Google Cloud Platform (GCP). Its value proposition includes reduced total cost of ownership, fast and quality computing, high

scalability, reduced security risks and superior performance. "We are always looking for ways to help our clients simplify the way they do

business and at the same time reach high levels of success. Businesses no longer have to worry about key concerns such as data security and

server maintenance, empowering them to move forward efficiently and with confidence,” said the company spokesperson.

Keynote address

Power Breakfast with Juniper Networks

he power breakfast organised by Juniper Networks started with Rajesh Kumar S, Advanced Technology Specialist, Juniper Networks giving broad overview of routing and switching evolution. In his initial address, he explained the journey of Juniper Network. He said, "Juniper Networks is a multinational corporation headquartered in Sunnyvale, California. The company develops and markets networking products like routers, switches, network management software, network security products and software-defined networking technology." The company was founded in 1996 by Pradeep Sindhu. It was in 1996 that a router had SDN capability for the first time. Since then,

Juniper Networks has made data centre, networks, and router more smart and agile for businesses. Responding to the query on how the company is

doing in India, Kumar shared that Juniper Networks has witnessed continuous growth in India. “More recently we won a 1000 rack data centre from a BFSI firm,” he added.

Kumar and his team also explained to the participants about the current trends and the kind of solution that Juniper offers to ensure security and better traffic analysis.

Microsoft Book Launch

Suresh Prabhu, Former Union Minister for Railways

he former Union Minister for Railways, Suresh Prabhu began his video address by congratulating the Indian Express Group for organizing Technology Sabha. In his address, he spoke about the number of IT initiatives that have been taken by Indian Railways to save cost, increase transparency, reduce corruption and boost efficiency. He specifically highlighted Indian Railways One Information and Communication Technology Platform (IROneICT) project.

He said, “An integrated system model is being created under this platform to enable IR to deliver goods and services in tune with the demands of the fast growing economy by creation of logistics and transport capacity enabled by digital platform.” He

Fireside Chat with Sanjay Gupta, CMD, Konkan Railways

said that once fully rolledout, the platform would help in better connecting goods and services with the market and efficient internal management, leading to higher customer satisfaction. Prabhu also highlighted Google and RailTel Wif-Fi

project which aims to provide free Wi-Fi services to people at major railway stations. He said that the experience of the people with this project has been satisfactory and it has the potential to connect one of the biggest railway networks of the world.

We are at war, cyber war

presence of Sanjeev Gupta, General Manager, Public Sector, Microsoft India along with Sanjiv Saran, ACS, IT &

Connecting Digital India & enabling intelligent edge

Electronics and Planning, Government of Uttar Pradesh; Lt Gen Nitin Kohli, Rajesh Aggarwal, Joint Secretary, Ministry

of Tribal Affairs, Government of India; and Sanjay Gupta, CMD, Konkan Railways.

Cryptography and security

Santanu Ghose, Director, HPE Aruba

Sanjay Gupta, CMD, Konkan Railways & Santanu Ghose, Director, HPE Aruba his fireside began with an initial introductory address by Sanjay Gupta, CMD, Konkan Railways. Gupta mentioned how Indian Railways is creating its own cloud and ERP system. He emphasized on the security part of the technology adoption, and was of the view that Indian Railways' infrastructure is critical to the country, therefore, IR has to create its own system. Pointing out that Indian Railways has implemented ICT in specific areas with significant benefits, Gupta said, “The approach has been process specific. Further improvements are possible when an integrated systems model is deployed to create an enterprise wide system. Innovative partnership models are required to be developed for implementation, operations, management and maintenance of the integrated ICT system of Indian Railways.” Santanu Ghose explained how HPE is working with Indian Railways. He said that India is on the right path as digital is seen everywhere. "HPE is ready to support the government and any enterprise who wish to adopt digital transformation," added Ghose.

book by Microsoft India was launched by Suresh Prabhu through video conferencing in the

Harshil Doshi, Strategic Security Consultant, India, Forcepoint

arshil Doshi began his presentation by giving an overview of how the vector of cyber vulnerabilities has spread over the years. With the proliferation of smartphone and higher adoption of technologies, the space for cybercrime has also increased. He also shared some of the best practices to mitigate the challenge and how Forcepoint is enabling the government sector and enterprises to secure and safeguard its data. On the challenge of cybersecurity, he said, “Business goals can drive poor decisions resulting in bad behavior. Corporate-incentivised insider abuse of customer PII is too tempting and regulations will further restrict corporate and personal access to digital information.” He was of the view that security challenges emerged from the convergence of the digital and physical worlds. So, treating each world as insulated is an obsolete view of the world.

uring his presentation Santanu Ghose, Director HPE Aruba focused on mobility, cloud and IoT in enabling the future livable city. He said that mobility is real and it is driving innovation across different verticals. He was of the view that mobility will play a key role in creating a decent livable city of the future. In his presentation, Ghose cited Paytm as an example to tell how it has disrupted online payment. To explain the role of mobile in today’s world, he also mentioned about some of the work being done by HPE in India on smart cities. Ghose was of the view that HPE Aruba virtual network platform helps organisations to better connect mobile and Internet of Things connections as well offers tools to automate deployments of sensors and various end points to connect autos, buildings, and cities. He said, “HPE's Mobile Virtual Network Enabler is a platform that is a cloud-based tool that includes established deals with telecom carriers around the world.” Ghose also highlighted the Universal IoT Platform from HPE, which is designed to push automation to lightweight sensors for things like smart parking. “The Universal IoT Platform can provide device management as well as provide physical and electronic SIM cards,” he added.

Braj Bhushan, Sales Manager, Government & Telco Sector, Thales e-Security, India

he speaker began the presentation by showing a picture and asking the audience what they can make out of it. Subsequently, he explained that security of data, especially the personal details have become challenging as hackers are able to do sophisticatsed attacks now. He shared in detail about the role played by cryptography in security details. He said, “Cryptography is derived from the Greek word meaning “hidden secret”. Cryptography is about constructing and analysing protocols that prevent third parties or the public from reading private messages. Modern cryptography is heavily based on mathematical theory and computer science practice. " He was of the view that with the adoption of BYOD and digital, it is the time that organizations take measures to ensure cyber security. He gave an overview of his company and how it can help organizations in securing their digital assets.

EXPRESS COMPUTER | OCTOBER, 2017

10 | EVENT Using drones for better governance Rama Rao Atluri, Executive Director-Tech, AP State Fiber Net Limited

Nikhil Bagalkotkar Chief Technologist, Citrix Systems India

he presentation by Rama Rao Atluri focused on drone based services for RealTime Governance and how the Government of Andhra Pradesh is using it. He said that the key objective of the government is to enable real-time governance, ensuring effective service delivery, facilitating innovation, and adoption of advance technology. In all these, technology like drone can play a key role. He said, “Drone based services

could be used for security and surveillance, land survey and mapping, forestry, disaster management, tourism, quantity surveying, infrastructure and project monitoring among others.”

In his presentation, Rao gave examples of use of drone in each of these departments. He said, “Police can use drone for crowd and traffic control, security planning, night surveillance in restricted

areas, real-time emergency response – first level information gathering, search and rescue. Similarly, other department like forest or agriculture could use it for doing regular survey.”

Joel Sequeira, Technology Sales Specialist, Suse

containers to break up physical resources into smaller, more modular pieces that can be used for

specific application purposes with the capability to scale specific services based on demand. Leading to the need for automated and orchestrated IT processes, to improve IT efficiency, reduce human error and increase IT agility.” The company must also have tools for consolidated management of resources, so that the IT staff can quickly and easily manage the infrastructure resources no matter where they sit (in data center or in the

Securing Aadhaar Number as per UIDAI’s mandate Ruchin Kumar, Business Head of Government & Defense, Identity & Data Protection of Enterprise & Cybersecurity, Gemalto

emalto helps its clients to deliver a vast range of trusted digital services for billions of individuals and things across the globe. It is a world leader in digital security, serving six markets. While talking about Aadhar in detail, Kumar said that Aadhaar is a 12digit Unique Identification number (UID) issued to all Indian residents based on their biometric and demographic data. It is one of the largest biometric ID systems in the world. It contains Personally Identifiable Information (PII) and requires secure protection and the necessary enforcement of

the protection of PII under the provision of Aadhaar Act and Regulations, 2016. Gemalto helps in security digital asset. Gemalto (SafeNet) invented the HSM technology along with the IPSEC and SSL (for Netscape) protocols of encryption. It started large a R&D center in India in 1999 (1250+ encryption engineers catering WW) and helped institutions like RBI to launch projects like RTGS in 2002 by implementing HSM based PKI security for payments.

Fireside Chat with Rajesh Aggarwal

Dharmendra Kumar, Country Manager, HPE Aruba Rajesh Aggarwal, Joint Secretary, Ministry of Tribal Affairs, Government of India

oderated by the editor of Express Computer, Srikanth RP, this Fireside Chat focused on governance and automation. Both Aggarwal and Kumar agreed that automation is needed and technology helps in enabling it, but Aggarwal was of the view that we also

have to ensure that the process of automation should be done properly, it should not become an exercise for exclusion of poor people. Kumar shared his views on some of the projects that HPE is doing with different organisations for different states in the field of healthcare and education. While highlighting the project of ICT in education, he said that ICT has helped in improving the quality of education in rural areas, similarly some of the telemedince projects are also helping people.

Kumar informed that today all payment systems like RTGS, CTS, UPI, BBPS, BACH, AEPS, UIDAI enabled, etc., run with Gemalto based PKI. NPCI and RBI sites can be referred to check and verify. “All banks connecting to NPCI or RBI network uses Gemalto/SafeNet HSMs to secure the channel. All mission critical projects like UIDAI, GSTN, CCTNS, IGRS, Treasury, etc., use SafeNet HSMs to secure their encryption and signing keys. Regulators like IRDA, SEBI have mandated HSMs and institutions like BSE, NSE, NSDL, and CDSL are using Gemalto/SafeNet HSMs to secure the data transmission. Kumar was of the view that a robust R&D and local support structure enables Gemalto to support all mission critical projects in India.

nterprises and governments are expanding perimeters and their assets, so it is key that those assets and endpoints are secured. Nikhil Bagalkotkar was of the view that in today’s workplace there is lot of heterogeneity as companies are using different devices, services, hence security become key a differentiator.

He informed that Citrix Secure Digital Workspace

is based on software defined perimeter and it

helps organizations improve their efficiency. “In each thing we do, we ensure utmost security, we address the security challenge of secure access, mobile security, data & IP protection, compliance and governance, and ensure business continuity.” He said time has come for isolating the user from the Internet cesspool with remote browsing. He gave an example of Singapore and how their bureaucrats are going to use the system without internet connection.

Empowering the nation by ‘Make in India’ technologies

Software-defined infrastructure: road to future oel Sequeira stated that the key element of software-defined infrastructure is to remove the complexity of the physical infrastructure using software, and then ask “What are the elements of a successful software defined infrastructure?” He said, “First, we need modular solutions. This could be done with virtualization or

Face the challenge - reducing cybersecurity risks

cloud). "Solutions that have the capability to quickly identify increased demand or issues with response time and can automatically heal themselves will also reduce the burden on IT," he added. Sequeira mentioned that the ultimate goal for many when implementing a SDI is to improve IT’s ability to provide needed resources to the business, ensuring the SDI solution provides a self-service component to gain the most value from SDI.

Dr. Rajeev Papneja, EVP & COO, ESDS Software Solution

r Papneja started the session by giving an overview of ESDS and its niche products around cloud and data center and how governments and enterprises could use them to make themselves more efficient and agile. He emphasized that these products are made in India. While explaining the benefits of solutions like eMagic, Dr. Papneja, said,

B2B solutions for your business

Vijay Wadhawan, Business Head-SSD, Panasonic India

anasonic Corporation is a world leader in the development and manufacturing of electronic products for an extensive range of necessities in the

“eMagic is a web based system that is widely used for IT asset management, device deployment, and comprehensive server monitoring and network management in datacenters spread across different geolocations.” He further said that eMagic works on three click concept – build, deploy and manage. With three clicks concept, devices of multiple datacenters across multiple geo-locations can be managed easily. Dr Papjena also spoke

industrial, commercial and consumer level. “Panasonic has a commitment to create value for customers, offering security, warranty, comfort and convenience, contributing to the creation of a ubiquitous networked society and coexist with the global environment," said Wadhawan. Panasonic business structure is divided in 4 companies – AVC Networks Company, Appliances Company, Eco Solutions Company, Automotive & Industrial Systems Company and they are globally responsible for R&D, production and sales. During his presentation, Wadhawan showcased B2B products from security, display, and IT/communication. He pointed out that all Panasonic products are aimed at making organisation business easy and successful.

about eNlight 360° cloud solution from ESDS which comes with a full blown hybrid cloud orchestration layer along with complete datacenter management suite – eMagic (DCIM) and security scanner (MtvScan). He said, “It is the most unique offering in the market today. It’s a next generation hybrid cloud orchestration software suite and can be setup in businesses' own premises thus, giving them the security of private cloud and scalability of public cloud.”

Panel Discussion: Emerging Technologies for Smart Governance

he panel discussion on “Emerging Technologies for Smart Governance” broadly covered the various opportunities offered by emerging technologies like cloud, artificial intelligence, mobility solutions for government organisation

and how states are using these. In his opening remark, Dr. Murthy said, “Government of India is using emerging technologies with the view to give best possible governance to people.” He was of the view that the all the states and departments should adopt

technology at faster pace. Participating in the discussion, Abhishek Singh said that Panta Municipal Commission has already started using some elements of smart technology to make Patna smarter. Saadut Hussain was of the view that capacity has to be built to use technology for both citizens and government staff. Both Dr Avik Sarkar and Sumnesh Joshi emphasized on the data and its analytics for better use of technology. Kamal Kashyap said technology helps in automation leading to better efficiency, while Piyush Somani was of the view that the Government of India has become more progressive as there is concerted efforts to use emerging technology to ensure good governance.

Power Discussion with HPE

Power Discussion with Citrix

Power Discussion with Tableau

ith an aim to address the challenges faced by the industry in terms of cyber security, Citrix discussion revolved around how to manage risk by protecting apps, data and usage. The company securely delivers apps and data to a mobile government workforce, and improves efficiency while cutting operational costs and enhancing user experience. Citrix application and desktop

PE Power discussion began with a presentation by Santanu Ghose, Director, HPE Aruba and Kamal Kashyap, Country Manager-Government & Public Sector, Hewlett Packard Enterprise. Kashyap focused on CSR initiatives of HPE and its impact in rural areas. Santanu Ghose highlighted the link between technology and education and how they could come together to impart quality education.

He was of the view that students in the metro cities are able to get good facilities like tuition, books, etc., on time but the same is in not available in far flung areas and hence those students are not able to perform the way urban students do. He said this gap could be bridged with the help of ICT. Both shared some of the projects in which HPE is partnering with NGOs and reaching out to the states to provide education and healthcare services.

virtualization solutions allow the government to reduce cost and increase productivity. Its enterprise mobility management solution enables a mobile government workforce. The solutions provide network optimization and security to ensure data is accessible and secure from any device on any network. It allows file sync and share to meet the mobility needs of users while keeping sensitive data secure.

anish Gupta, Head Public Sector and Defense India, Tableau Software highlighted the benefits of Tableau Desktop and Server offerings and the way these products are helping organizations across all industries in their data analysis. While Tableau Desktop and Server are rapidly converging their end-user development capabilities, they have some significant differences and pricing variations. He also talked

about Tableau Public, which is a a free platform that allows anyone to analyze data and publish their visualizations and data stories to the web. Gupta further helped the audience understand the difference between Tableau Software and Microsoft Power BI and the areas where Tableau score over the latter. As a reference, he also gave an example of Rajasthan government's Single Window Clearance System that is using analytical tools to get actionable. insights.

EXPRESS COMPUTER | OCTOBER, 2017

|11

EVENT

Technology and EPFO

DAY - 3

Power Discussion with ESDS Solution

he discussion at this round table began with Dr. Rajeev Papneja, EVP & COO, ESDS Software Solution and Piyush Somani, CEO, ESDS Software Solution presenting their views on what kind of interoperability is needed with different virtualisation solutions in data centre and how data centres in cloud could be made more agile and flexible. They also spoke about the solutions from ESDS. The ESDS team said that there is lot of

complexity with data centres today. Both government and enterprises have different solutions from different vendors in their data centres, creating huge challenges on interoperability. However,

with the use of ESDS solutions, the same could be addressed. Somani informed that ESDS is the only company to have a patent on real time detection of resource requirement and automatic adjustments. He said,

“ESDS Cloud Solutions and Data Center Services bagged the US Patent for the method and system for real time detection of resource requirements and automatic adjustments. The company happens to be the first IT organization in India to receive such a patent in the field of IT innovation, transforming the traditional commodity based computing to utility pay-per-consume model.” They also explain the benefits of solutions like eMagic. Dr. Papneja said, “eMagic is a web based

Cloud for good Ashutosh Chadha, Group Director, Government Affairs and Public Policy, Microsoft India

shutosh Chadha's presentation focused on equitable growth and technology. He said that all of us one day will have some type of disability which could be situational or natural therefore it is important that technology addresses

those problems too. He said, “Technology like cloud has done a

Webel Technology Limited - an overview

Col. H.P.S. Bawa, CEO & Whole Time Director, Webel Technology Limited (WTL)

ol. H.P.S. Bawa began his presentation by stating that Webel Technology Limited has been an independent entity under the Government of West Bengal. He explained about the work done by his organisation to promote egovernance and information technology in the state. He said, “Webel Technology is a West

Bengal undertaking under the control of PAR & e-Gov Department, Government of West Bengal.” Governor of West Bengal has authorized WTL both as the state nodal agency(SNA) and state implementing agency(SIA) for all eGovernance related activities in the state. WTL was incorporated in April 2001 and has been profitable since inception. Since the last five years, WTL has shown stupendous growth and is one of the fastest growing government undertakings. “We are partnering the state government in all its major e-Governance initiatives.” WTL has been following a “Look Outword” policy and is doing a number of national projects and projects in various state governments.

marvellous job, and can it help people with disability.” Sharing some of the works done by Microsoft in this regards, he shared a video which highlighted how use of cloud technology helps a woman write, irrespective of the fact that she is a Parkinson's patient and her hands continuously moves. He said, “We all technologists need to think about people in need. Solutions and products

should also be made for them. Technology is for everyone. But how best we use it for the benefit of large number of people as well as the people with special need is in our hand.” Chadha also highlighted some of the initiatives of Microsoft India in the area of health and education. He said, “In all these, cloud technology is playing key role. Now time has come to take to the people with special needs.”

VP Joy CEO, EPFO system that is widely used for IT asset management, device deployment, and comprehensive server monitoring and network management in datacenters spread across different geo-locations.” He further said that eMagic works on three click concept – build, deploy and manage. With three clicks concept, devices of multiple datacenters across multiple geo-locations can be managed easily. In addition, other key products from ESDS were also discussed.

PFO is one of the largest social security providers in the world. To ensure efficiency and improved governance, the organisation has now set a goal to become paper free within a year. “We set the target to be fully digital and completely paper free within a year,” said VP Joy. While talking about digital initiative at EPFO, he said that Universal Account Number (UAN) which launched a few years ago enables employees to have

Digitization initiative by Govt is leading to innovations in datacentre power solutions Robin Roy, Director, MCIS, Delta Power Solutions (India)

Government of India focusing on Digtital India programme and smart cities initiatives, there has been wide acceptance of digitisation across the country. Now, all government departments are aiming to be digital and hence, there is need to improve the data centre. "Most organisations already have some level of data center activity but

obin Roy's presentation on the third day of Technology Sabha focused on how digitization initiative by the government is pushing innovation in the data center power solutions space. He said that with

Preparing a data platform Growing cases of for data governance ransomware and be expedited and adopted Digital India by others.

Dr Avik Sarkar, Head-Data Analytics Cell, NITI Aayog

r Avik Sarkar's presentation focused on the importance of data platform for the government for various programmes. Highlighting the use of data analytics in the government, he remarked that organisations like Niti Ayog is already using data analytics tools to suggest better policy and programmes but these stand alone efforts have to

Dr Sarkar shared role of analytics in various government departments including agriculture, forest, health, education, land and revenue among others. He advocated for simple evidence-based policymaking (EBPM) which implies policy making decisions driven by Big Data insights. He was of the view that once there is a good data pool, organisations can use technology to harness data and drive insight out of it, which is beneficial for the people. It could be the use for policy making and better distribution of subsidies among many other things. He also emphasised that security of the data has to be maintained in the best possible way.

their Provident Fund account portable in digital mode which is hassle-free and universally accessible. He also informed that

117 EPFO offices out of 120 offices have migrated to the consolidated database at the National Data Centre for seamless interface across the country. “The six banks have signed agreement with EPFO for collection of contributions and payments at zero transaction charges. This is in addition to five existing banks,” stated Joy. He also said that Aadhar seeding software has been introduced in all 249 EPFO offices. “Aadhar seeding for UAN has been made mandatory from July 1, 2017,” he said.

Rudramurthy KG, Chief Information Security Officer - Digital India, Ministry of Home Affairs, Government of India

udramurthy KG began his presentation by giving a brief history of ransomware – its origin, evolution and present day status. He said, “Ransomware is a type of malicious software from

cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.” Speaking about WannaCry ransomware cases, he mentioned that such kind of attacks will continue but government and private firms can safeguard themselves by ensuring proper updates and patches on time.

they need to modernise now due to increasing load," said Roy. Delta Power Solutions has helped lot of global as well as India companies improve overall efficiency of their data center. He showcased one of the products from Delta which promises to take less space, provide better cooling and smooth data center operation.

Power Discussion with Microsoft India

he Microsoft India Power Discussion began with the presentation from Manish Tiwari, Chief Information Security Officer, Microsoft India. He gave a brief overview of growing cases of cyber vulnerabilities across the globe and emphasized that government organizations need to be ready to thwart any cyber-attack. He informed that Microsoft invests huge amount of money and resources in cybersecurity to ensure

that the best cybersecurity solutions are made available to businesses and government. Tiwari also said that cloud is one of the most secure platform and there is growing adoption of cloud technology in the public sector. He was of the view that gradually not only the young age companies, but large organizations with legacy based systems would also move to the cloud, as it offers better security and saving.

What makes e-governance projects fail

Rollout citizen services with one click

Rajesh Aggarwal, Joint Secretary, Ministry of Tribal Affairs, Government of India

Naresh Purohit, Head-Systems Engineering, Nutanix Technologies India

ajesh Aggarwal said that not all the e-governance projects fail but there are large number of projects that do not deliver the intended outcome. He attributed the reasons to non-planning and not

taking of the owneship. He said that like the famous quote on democracy which

says that democracy is of the people, by the people for the people, today's egovernance projects have become something like "eGov projects are of a few bureaucrats, by the consultant, for the vendor." “Among all these people are missing. People play a key role in e-governance projects. They are the ultimate beneficiary of government projects,

therefore they should be first taken on board. A capacity mechanism must be created for them,” he said. Aggarwal also advised that government departments should adopt modern and more effective way of flouting government contracts. “They should not completely rely on L1 because in L1 you pay less, so you get less,” he said.

ase of accessing government services is must for any government department if they want to really improve their interactions with the people. Purohit cited some of the examples of e-governance projects

that have successfully improved G2C interactions, like Passport Seva Project. While talking about his company Nutanix Technologies, he said, “Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends

web-scale engineering and consumer-grade design to

natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine intelligence." Nutanix enables government departments to roll out citizen services without going too much into coding or other IT requirements. “Our solution agile are easy to roll-out,” he asserted.

Future proofing your data centres for artificial intelligence & machine learning

Secretaries Roundtable: Tabulating best practices for e-Governance

Vineeth Nambiar, Technology SpecialistIndia, Mellanox Technologies

he panel was moderated by Muktesh Chander, who stated that in eGovernance the word 'e' is the facilitator. “As long as we don't improve the governance, the e-part won't be much of a relevance,” Chander asserted. Siddiqui affirmed that the major function of eGovernance should be to make the overall governance more responsive, efficient and effective. “Without keeping the views of the citizens in mind no eGovernance project can succeed. In Indian scenario the business process re-

Sachin Jain, Sales Manager, India Mellanox Technologies

he speakers began the presentation by introducing the company. Mellanox Technologies is an Israeli supplier of computer networking products using InfiniBand and Ethernet technology. Mellanox offers adapters, switches, software, cables and silicon for markets including company data

centers, cloud computing, computer data storage and financial services. The speakers mentioned that data centres in the future should fully ready for anything. Going forward, there will

huge use of artificial intelligence and machine learning, so the data centres have to be agile, smart and most importantly secure to handle emerging technology.

The solutions of Mellanox Technologies help the government as well as private companies improve their digital journey. “The demand for more computing power, efficiency and scalability is constantly accelerating in the HPC, cloud, machine learning, data analytics, and storage markets. To address these demands Mellanox provides complete end-to-end solutions (silicon, adapter cards, switch systems, cables and software) supporting InfiniBand and Ethernet networking technologies,” said Jain and Nambiar.

engineering is very important for eGovernance,” added Siddiqui. Speaking about some of the major eGovernance initiatives in the state of Uttar Pradesh, Sanjiv Saran highlighted on the Dial 100 project. Under this project, in case of emergency, a person can communicate with the Dial 100 call centre through phone, texts or any other communication method and in turn the government ensures immediate relief and help. Saran informed that there are 300 people monitoring a huge TV screen, they receive around one lakh calls every day and

have 3500 vehicles to ensure quick response to the incident sights. Lt. Gen Nitin Kohli informed that his state has achieved around 35 to 40 percent of eGovernance projects. “We are using eGovernance and automation within the state

to bring a major transformation,” he said, adding that one of the biggest challenges is to get appropriate funds for eGovernance projects and make the finance head understand its true potential.

EXPRESS COMPUTER | OCTOBER, 2017

12 | FEATURE

IndiaFirst Life wants to provide e-commerce like experience to the customer THE COMPANY HAS designed a Service Oriented Architecture (SOA), which essentially allows customers to access services on demand with minimal human intervention

Abhishek Raval abhishek.raval@expressindia.com

oing forward, customer experience will define one player from the other in the BFSI space. What’s changing is the way the customer wants to interact with the company. It’s automatically compared to how it’s happening in other industries. For example, in an ecommerce site, the buying process is very easy. “My

efforts are to bring in those kind of processes at IndiaFirst Life Insurance. Effectively, this is Bi-modal IT. A layer is built above the core system and data is consumed from these places giving the desired customer (at times an ecommerce like) experience,” says Mohit Rochlani, Director, Operations & IT, IndiaFirst Life Insurance Company. IndiaFirst has developed on top of the basic core system, a sales process engine, which is working on a tablet. The policies can be sold using the app on the tablet. End to end. From origination to closure including the policy information documents. Hence, no need for the sales person to carry policy related documents. The app provides functionalities for the sales executive to show to the customer various combinations of policies and the associated cost/benefits. The app is Aadhaar enabled. In case the, the customer doesn’t have any authentication documents, he can give the Aadhaar number to verify himself after getting an OTP. The advantage with Aadhaar is, it enables the verification of both the age proof and the

photo ID. The policy after proper verification can be issued, after completing the bank related details are filled. At one go, the process can be completed and the policy is issued via email or a physical paper is despatched at the postal address. One of the other customer / distributor requirements is speedy query resolution without any human intervention. IndiaFirst Life has recently introduced a Bot, which replies back to general queries. It has taken over the role of the brochures and other policy information related documents. The third initiative being experimented is an arrangement to train the salesforce without any need to congregate them in a classroom environment. A self service based training. A knowledge base has been created and updated. The sales executive can solve quizzes over the training modules. This would keep him explained and aware about the new policies launched. The core philosophy is to invest in technologies that can work over the business processes. The core system of the company can be exposed

to APIs, through which the data can be criss crossed across the business processes and other systems. The IT architecture of IndiaFirst Life Insurance is built on a Service Oriented Architecture (SOA). It essentially means, all the details can be asked through services. Benefits: It helps in moving the asked information to the customer faster. Secondly, the company can easily integrate its systems with the distributors faster and seamlessly. For example, banks distribute policies of IndiaFirst Life and they can pull out the customer details on demand because of a service based model that easily enables the bank to extract the customer detail. The information exchange happens server to server using the service based model. From the IndiaFirst Life’s server to the bank’s server. A pertinent example is GST enablement using the SOA. The bank’s were able to pay the premium from the very next day GST was announced. IndiaFirst Life was formed in 2009 and since then, we started operating with an SOA architecture and we have only evolved from thereon.

Experimenting with new technologies “We are running a PoC and exploring AI powered bots. Another area, where a PoC is underway is profiling and thus underwriting the customers by finding alternative ways of

The ratio of investments into new projects and experiments to keeping the lights on, upgrades and annual maintenance kind of expenditure is 15:85 Mohit Rochlani Director, Operations & IT, IndiaFirst Life Insurance Company

extracting customer related data from unstructured sources, like publicly available data, data residing on social mediums, etc by AI powered information gathering mechanism,” says Rochlani. The objective is to find relevant information, converting them from unstructured to structured and then offering the right product. The company has approached multiple opensource vendors and implementation partners, on voice based speech working on AI. The bot hears the speech, decides on the context, convert to text, which is then understood by the computer, which gets further converted into an answer into text, and then takes a voice form and answered back to the customer. The IoT technology has the potential to allow the life insurance players to approach the regulator and furnish evidence on how Insurance products can be priced differently to the customers based on their health parameters. Currently, specific regulations doesnt allow differential pricing. There is a common pricing mechanism, which applies uniformly to all customers. “We are working

with vendors to bring about this change,” says Rochlani. IT Budget The ratio of investments into new projects and experiments to keeping the lights on, upgrades and annual maintenance kind of expenditure is 15:85. The focus is to invest in making more and more processes digital and automate them. Rather than investing in manual processes. “Our underwriting, claims management, information exchange with IRDAI is automated,” informs Rochlani. Even before the IT security guidelines were out, IndiaFirst Life had started working on them in terms of doing the gap analysis partnering with E&Y. A Data Leakage Prevention (DLP) tool has been implemented. All our mobile devices have an Airwatch, an enterprise mobility management software, which is basically an app container. It acts as a common security framework for all the apps put together in the mobile device. The container also has a browser inside, which doesnt allow confidential data to be transferred. As well as it acts as an added layer of defense against phishing.

Email, application and OS whitelisting key to neutralising ransomware because it’s not on the whitelist. The file will be blocked. It will trigger an alert to the security manager. This is a secure practice but it has to be well backed up by regular patching of the OS and end point.This will thwart 90 percent of the ransomware attacks. For the rest 10 percent, there are two practices to be followed. One- Inculcate the habit of backing up data. Secondly, awareness is important that mails from unknown sources should not be clicked upon. Application whitelisting will ensure that only the ticked applications will run on the endpoint. The DLP has to be kept in the blocking mode. It only allows what is supposed to run. In all, three steps of email, application and OS whitelisting and two more steps about generating awareness and backing up data is a wholesome strategy to get around the ransomware threat vector.

THE PETYA RANSOMWARE attack struck many countries, taking under its grasp loosely patched systems. K K Chaudhary, Group Head IT, LANCO Group prescribes the strategy to tackle ransomware Chaudhary shares his perspective on the steps taken by the Lanco group against threats like ransomware; where are other companies making mistakes and the importance of application whitelisting

What are some of the steps taken to shield the enterprise against ransomware? The mail whitelisting should be done at the gateway itself. The Lanco group has conducted rigorous exercises in perfecting the email whitelisting practice. If the

email gateway is configured such that emails from only known sources are allowed. The system has been whitelisted with people who are supposed to send mail to the company. The rest are not allowed. The mail with a suspicious payload will be blocked at the gateway. Other mails, which are genuine but not whitelisted will be sent to the concerned email ID in a quarantine folder. If the user feels it’s a genuine mail, he will open it otherwise, it is binned. After confirming the genuineness of the mail, the IT should be informed about the

respective mail ID of the sender for whitelisting. So the next time, the email from the same person is received it directly hits the inbox without any need for a quarantine folder. Suppose a suspicious mail with an attachment from a genuine email ID but from a suspicious person has been clicked through, then too the system can be protected. After clicking the attachment, the malware will strike the hard disk and will try to run the file. In that case, the next layer of defense i.e the Data Loss Prevention (DLP), will not allow the .exe file to execute

Where are companies missing the plot with respect to ransomware? The primary reason being the absence of a sound DLP strategy. Even if the companies do have a strategy, the DLP is configured in monitoring mode and not in the blocking mode. Most of the organisations will have their DLP in a monitoring mode. “The reason why DLP is not kept in a blocking mode is because it may result in many performance issues for the enterprise. In that fear, the IT department is not able to have its way, “says K K Chaudhary,

Group Head IT and IS, LANCO Group. They should be able to convince the business about making sure that the business will be as usual and there will not be any hiccups. Another miss on the part of the enterprise is not having adequate backups. Data backups nullifies any need for a ransom. What is the importance of application whitelisting? A ransomware did attempt to intrude in the IT systems of LANCO group, three months back. “A few phishing mails had come,” says Chaudhary. However the company was not affected because the endpoints were protected. The malware comes with a payload. The moment the attachment is clicked, some executive or COM file will get downloaded on the hard disk and then it will execute. But the endpoints were in the block mode. The DLP too. It doesn’t allow any application to run unless that application comes into a whitelist. The DLP client only runs selected files and nothing else. “The applications have been whitelisted and thus even though the malware landed in our systems but could not crank up,” The moment an alert was triggered from the DLP about a suspicious file trying to execute, it was blocked. “Some 53 suspicious emails had hit the inbox an hour’s time. But none of them were opened. Even if it was opened, no damage would have been done because the DLP has been blocked,” What about mobiles? WIth the growing use of

The reason why DLP is not kept in a blocking mode is because it may result in many performance issues for the enterprise K K Chaudhary Group Head IT and IS, LANCO Group

mobility devices and enterprise mobility solutions, the employees use their phones for official work, hence it’s important to protect the mobility devices too in addition to desktop systems. The enterprise data does not directly reside on the mobile phones. Even if the device is encrypted, the data is on the server. So, even after the device getting affected by ransomware, the data can be again taken from the endpoint or the server after the device is formatted. The device only holds a copy of the data. It’s not the only copy. However an employee using the mobility device under BYOD and if his device is affected then the personal data can be hold to ransom. But if the Mobile Data Management (MDM) tool is implemented then no official data will be lost.

ec-13-Case study-Nutanix lawande.qxd

10/23/2017

2:44 PM

Page 13

EXPRESS COMPUTER | OCTOBER, 2017

|13

EVENT

Nutanix BFSI Digital Leaders Summit THE SUMMIT COMPRISED of a presentation from Gaurish Lawande, Director- System Engineering, Nutanix and a panel discussion of senior leaders from the BFSI Industry to explore issues around the potential of cloud computing

he Indian Express Group and Nutanix organized the BFSI digital leaders summit in Mumbai. Gaurish Lawande, Director- System Engineering, Nutanix spoke about the USP offered by Nutanix’s Hyper Converged Infrastructure (HCI). Nutanix’s customer, National Stock Exchange (NSE) spoke about the benefits from the HCI solution. A panel discussion was also organized as a part of the summit, which saw the participation from Gaurish Lawande, DirectorSystem Engineering, Nutanix; Bineet Jha, Assistant VP, NSE Infotech Services; Rajendra Mhalsekar, Head, Corporate Banking Technology, YES Bank and Dr N Rajendran Chief Technology Officer (CTO), National Payments Corporation of India (NPCI). Nutanix offers a software based unique proposition of

consolidating network, compute, storage and many other IT resources into a single box thus reducing IT infrastructure complexity. It’s more popularly termed as Hyper Converged Infrastructure (HCI). Strikingly, the company runs critical applications like private cloud, exchange server, Virtual Desktop Infrastructure, SAP and all other kinds of critical apps on its HCI. Hitherto, the enterprise customers considered HCI to run only noncritical applications. Nutanix brings the best of both the private and public cloud. For example, the HCI technology brings the optimization of virtual machines and the consumption pattern of AWS together. Gaurish Lawande, Director- System Engineering, Nutanix says, “In the last six years, since inception, Nutanix has done business worth

CASE STUDY

IndusInd Bank turns fraud management model into a revenue stream

ne of the fastest growing banks in the Indian market, IndusInd Bank, has always used technology as a competitive advantage. Be it the video branch service or be it the service where the customer gets the choice to withdraw money from the ARM in the denomination of his or her choice, the bank has always taken some bold pioneering initiatives.

to correlate data from multiple systems and have an integrated view. Instead of the earlier silo based approach, today, the bank has created one view of the entire transaction flow by connecting 15 real-time and 7 batch systems. This includes systems across products (Cards, Current Accounts, Loans, etc.) and Channels (ATM, POS, Branch, Mobile, etc.). This has helped the bank in proactively detecting and

By using insights from the fraud management system, we can better understand the way a customer transacts and get more intelligence on his or her transactional behavior. We can look at common patterns and make our marketing campaigns more effective Mridul Sharma CIO, IndusInd Bank

One more recent innovation is the way the bank has turned fraud management into a revenue opportunity. Insights from the same analytics system that is used for real-time fraud detection and prevent fraud can be used for better understanding customer behavior too. “By using insights from the fraud management system, we can better understand the way a customer transacts and get more intelligence on his or her transactional behavior. We can look at common patterns and make our marketing campaigns more effective,” states Mridul Sharma, CIO, IndusInd Bank. IndusInd Bank has realized that fraud and revenue can be two sides of the same coin, and converted this into an opportunity. The genesis of this platform was laid when the bank recognized the importance of integrating insights from different delivery channels into a single platform. To enable realtime detection across different online channels and products, it was essential for IndusInd Bank

blocking potential fraud transactions. But, while the same detection capabilities are used for preventing fraud, the system can be modified to use the same data for leveraging cross-selling opportunities. Parameters such as location and client behavior that are useful in detecting frauds can be used for improving the effectiveness of marketing campaigns. “Though this activity is new, we are seeing a significant improvement in the open rates for our online mailers. We can now target customers more specifically,” says Sharma. For this innovative use of technology, IndusInd Bank won the Celent Model Bank 2017 Global Award for Fraud Management and Cybersecurity for driving a unique initiative. Celent noted that IndusInd Bank not only implemented the realtime enterprise wide crosschannel fraud and AML management platform, but also began reusing in-memory data to offer simultaneous real-time cross-sell and upsell.

thousands of crores.” Twenty percent of the company’s business comes from the United States Department of Defense (DoD). “This is because of the security certifications and the belief in the US government that Nutanix has the most secure hypervisor. Nutanix has partnered with Dell and Lenovo as appliance vendors,” says Lawande. Along with AWS, Nutanix is the only vendor to have created an ecosystem of its own and control the stack like how Tesla controls it’s own batteries. The other panelists in the panel discussion, spoke at length on the various topics around the cloud adoption in India. Some topics that were discussed included: Putting critical and non critical applications on cloud; security of data on cloud; how digitization will impact cloud adoption.

BUSINESS AVENUES

EXPRESS COMPUTER | OCTOBER, 2017

14 | INTERVIEW

We are working towards creating meaningful innovations PHILIPS INNOVATION CAMPUS, organized its third Digital Healthcare Conclave which focused on why connected healthcare is the need of the hour for our country and how it can solve the existing healthcare problems. In a conversation with EC’s Rachana Jha, Srinivas Prasad, CEO, Philips Innovation Campus, discusses key challenges and possible solutions for the Indian healthcare sector What do you think are the main challenges Indian Healthcare and what are the steps that Philips is taking to overcome them? Indian healthcare system is burdened with numerous challenges. While it is seen that innovative solutions using digital technologies have been able to address these challenges effectively, there is a long way to go. Connected healthcare solutions are a key to this. But for this to work, it requires an ecosystem where health data is available to care givers. But India lacks a common health data repository. The PHCs (primary healthcare centers), DHCs (District Healthcare Centers) and CHCs (Community Healthcare Centers) are not connected. If we are able to connect these care will be accessible and also become affordable. Philips has been at the forefront of using digital technology in healthcare. Its various connected care solutions have increased accessibility to care in remotest corners of the world, empowered patients to manage their health while also giving health providers tools to improve patient outcomes. With our mission to touch more than 3 billion lives by 2025, Philips is working towards creating meaningful innovations that will make healthcare accessible to all.

How is Philips using digital technology to provide healthcare solutions? There are numerous solutions that PIC has delivered that keeps Philips abreast with digital technology, some solutions that we have developed and have been successful are as below: ◗ MoM: The Philips Mobile Obstetrics Monitoring (MOM) software solution helps community caregivers and doctors work together to identify and manage high-risk pregnancies, bringing care to where it’s urgently needed: primary health centers and patient homes. MOM features a way for community caregivers to capture vital information so that a clinical decision support (CDS) pregnancy risk level can be calculated. This helps standardize pregnancy risk stratification so that high-risk cases are not missed. Mobile applications connect doctor, caregiver, and patient for diagnostic assistance and progress assessment. ◗ Chest Pain Clinics (CPC): These CPCs serve as the first point of contact for the patient and are usually run by general physicians or noninterventional cardiologists. The pre-requisite for a CPC is that it should be: Capable of performing ECGs on patient. They are equipped with Philips Efficia ECG 100 an innovative,

With our mission to touch more than 3 billion lives by 2025, Philips is working towards creating meaningful innovations that will make healthcare accessible to all

portable, easy to use ECG machine, with diagnostic quality ECG machine intended for acquisition, recording, measurement, display and printing of simultaneous 12 channel ECG waveforms of patients in ECG room for both in-patient and outpatient. In this model, CPCs will constitute the spokes for the ‘hub’ hospital. Once a patient arrives at one of the spoke CPCs, the local physician evaluates the patient’s symptoms and, performs an ECG via the Philips Efficia ECG 100. This ECG is wirelessly transmitted to the on-call cardiologist. Once Cardiologist reviews the ECG,

he instructs the general physician on the next steps for treatment of patient. ◗ IntelliSpace Consultative Critical Care (ICCC) solution: Using the ICCC solution, one can now monitor multiple intensive care units from a central command center that may be located in a geographically separated area. The state of the art hardware and software products that are provided as part of the solution enable clinicians connect to and monitor multiple intensive care units from a central location. Trained Intensivists and intensive care nurses

stationed at the command center can monitor the patients in the peripheral ICUs on a 24/7 basis. The solution enables the establishment of a “hub-andspoke” model where the central command center acts as the hub and the peripheral ICUs act as the spokes. The central command center has multiple “monitoring stations”. The qualified specialists sitting in a command center can effectively guide and advise less qualified care givers functioning at peripheral smaller hospitals. How is Philips Data Science Platform is doing its part? This Platform empowers

healthcare organizations to spend more time understanding their data, freeing them from the responsibility and expense of building, maintaining and deploying data science capabilities in-house. With these advanced analytics and artificial intelligence methods, organizations can rapidly create predictive models, optimize operational workflow, and accelerate development of analytics offerings. DSP comes prepackaged with most of the open source tools, frameworks, libraries etc. that data scientists use. DSP comes with a rich set of pertained clinical models for Medical images and clinical reports – that can either be consumed directly within a hospital workflow or by data scientists to build their own custom specific models/apps. How can technologies like AI and IoT improve medical access to common people? We are conducting a pilot study using MOM in Shorapur Taluk in Yadagir District, Karnataka since December 2016. The Clinical Decision Support algorithm in MOM takes into consideration various parameters from the pregnant woman’s obstetrics history and comes up with a pregnancy risk score and risk level for the woman. The algorithm is fairly comprehensive. The output of the algorithm is to classify the risk of the pregnancy. Based on

this classification the caregivers can then make critical decisions like referring all high-risk pregnancies to a larger hospital or to an OBGYN specialist. This ensures that a meaningful intervention is made early to address pregnancy complications. This approach is in line with the growing trend of AI applications across different industries including healthcare. The use of AI becomes particularly important for healthcare solutions in low-resourced settings as typically the users tend to be minimally trained and not specialists. The availability of such AI-based solutions makes it easier for the users to ascertain the risk correctly and ensures that chances of missing high-risk factors are significantly reduced. Such solutions complement the medical expertise on the ground in delivering more robust care to the patients. In next few years what would be the innovations we can see from Philips? Any upcoming projects or programs? I foresee Philips Innovation Campus coming up with more end-to-end solutions like the chest pain clinics and extending care into the homes of people. The hub and spoke model of centralized clinical care with delivery happening close to the customer.

Balancing customer convenience and ransomware kind of security issues THE PETYA RANSOMWARE was a reminder to the CISOs of the imposing and perennial threat. That said, the importance of the customers and employee convenience in accessing and working on the various systems cannot be undermined. EC speaks with Milind Mungale, Senior VP & CISO, NSDL e-Governance Infrastructure, who explains how his organization tries to ensure robust security Email whitelisting, application whitelisting is an important precaution to keep threats like ransomware at bay. What strategy have you put in place ? Email whitelisting is a difficult proposition for a highly customer facing organisation like NSDL e-Governance Infrastructure Limited. Email is an important medium of communication between the company and the customers. Nevertheless, we have installed multiple level of spam controls, and equal number of anti-virus and detection mechanisms. The email traffic gets filtered at each level where there are gateways i.e at the ISP level and the other is the native gateway of the company. Even after two levels of filtering, there are restrictions on the type of files which can be sent to the end user inbox. If there are attachments with files that are executable, the same are blocked and only intimation is sent to the end user. About application whitelisting, the social media and private email services such as gmail, rediffmail, etc.are blocked. Even to the extent that the company’s vendors are allowed to send mails using non official IDs only after specific whitelisting requests and process of approval. Otherwise the

vendors are not allowed to use their corporate email IDs from our network. Any DLP implementation can be in either monitoring mode or blocking mode. We have implemented. The DLP is in a blocking mode. Usually it’s found that enterprises keep the DLP in a monitoring mode because there is a concern that if DLP Policy is not properly configured, it could lead to blocking important and legitimate emails also. The DLP implementation is six months old in the company. We are going step by step. In the first 3-4 months, the DLP was running on a monitoring mode for the departments to do their traffic analysis. Subsequently, the false positives have been identified and now the blocking mode is switched on. To keep the DLP in a blocking mode right from the word go may prove to be detrimental from an employee productivity perspective. Strict policies would put employees to operate under tighter controls and thus hamper their work speed. Apart from the above, proactive measures like patching of systems, discipline of vulnerability assessment, user / employee awareness, vigil by the Info Security team and Management commitment to protect the organization interest at any cost are some of

We purposefully chose to ensure that each and every endpoint is having their individual blocking so that due to any innocent employees’ mistake, there should not be any harm to the organization assets the key best practices which definitely help defend the cyber threats, ransomware included. Which extra measures you had taken after WannaCry ? As soon as the alert was received, first and foremost thing that our team did was extract out the inventory and sorted it based on the OS version. Also, the list was bifurcated in external facing / interfacing and internal systems. Using this list, assessment of which machines (such as some old XP machines used only for certain testing

that is required by business) was done and such systems were immediately removed from the network. The other Windows OS systems were verified for the patch level. We observed that few systems did not absorb the patch automatically. The patch has been updated manually. The SMB version 1.0 was blocked at both, perimeter and the endpoints. We purposefully chose to ensure that each and every endpoint is having their individual blocking only to ensure that due to any innocent employees mistake, there should not be any harm

to the organization assets. Finally, every system has been inspected to check the patch level updates; Some did require a reboot or repatching. The registry in some machines would not get changed due to strict controls. Such machines had to be configured manually. What kind of cyber security drills does your firm do on a regular basis ? Like many other organizations, we do follow good practice in this aspect and have the endeavor to keep improving our practices. We are always open to learn from

our peers and competitors. The DR shifting is done periodically and we also have regular IT audits etc. The VAPT exercise is conducted as per the set cycle and at times we do random checks too. We also do certain “What If “ table top analysis of certain scenarios and review our ability to handle the same. Your opinion on the use of AI in ensuring cyber security? Machine Learning technology, a subset under AI can help but unless it is matured to certain stage, one cannot fully depend on it. Full

dependency may be atleast one more generation away and there will be extra load on the human intelligence. All said and done, AI will provide faster and more accurate inference, but certain things will have to be finally decided outside of AI technology. Cyber security awareness has to be a regular activity. Companies instead of using run of the mill ways for generating awareness, rather go for innovative ways to make it more interesting. Have you employed any agency or ways for cyber security awareness campaigns We do have some selflearning AV based training mechanisms of Information Security awareness and preventive methods for such issues. It is not just a training but it also has an assessment model associated. It is monitored regularly as to who and how many employees go through these modules and undertake assessment. Scores are shown immediately to users so that they can identify what improvement is required. We also conduct Cyber Security awareness campaigns by engaging external speakers / experts and conduct the same in multiple batches to cover all employees as well as contracted / outsource / vendors working with us.

Everything you need to know to stop ransomware.

Know Your Enemy

Stop Ransomware Now

Ransomware is a $1 billion dollar business that often evades traditional anti-malware.

Sophos InterceptX is proven to stop ransomware in its track by blocking unauthorized encryption of files.

Stop Ransomware with Sophos Intercept X The proven CryptoGuard capabilities in Sophos Intercept X block ransomware as soon as it starts trying to encrypt your files, returning data to its original state: • Protects endpoints from ransomware attacks • Automatically rolls back encrypted file changes with no loss of data • Stops both local and remote file encryption

For more details visit www.sophos.com/ransomware Tel: +91 79 66216838 Email: indiamarketing@sophos.com

REGD.NO.MCS/066/2015-17, PUBLISHED ON 28TH OF EVERY PERVIOUS MONTH & POSTED AT MUMBAI PATRIKA CHANNEL SORTING OFFICE, DUE DATE 29 & 30 OF EVERY PREVIOUS MONTH, REGD. WITH RNI UNDER NO. MAHENG/49926/90