Edit
How every Indian can own a mobile phone
A
The cost of phones has been steadily declining and service plans have reached rock bottom prices. So why doesn’t every Indian adult own a mobile phone yet?
s I write this editorial on boxing day (the day after Christmas), e-mails on technology trends and outlook for 2012 continue to hit my inbox. Before I comment on one major trend, let me first wish all our readers a very Happy New Year - 2012! Thirty years after the Personal Computer was launched (1982), the PC base in India is only 22 million. Sixteen years after the Internet was launched in India (1995), we have just 100 million active Internet users. According to latest reports from TRAI, there are 881.40 million mobile subscribers in India, and this was achieved over the same period (16 years). The astonishing fact is that Indians took to mobile phones faster than any other technology. So why doesn’t every Indian adult own a mobile phone yet? The cost of phones has been steadily declining and service plans have reached rock bottom prices. There are a couple of incidents that need to happen before every Indian adult owns a mobile phone. Firstly, the per capita income levels and the cost of handsets are disproportionate. Telecom service providers rarely subsidize the cost of the handset through a two-year plan, as is common in the West. Even prices for used handsets may not be within reach of many people below the poverty line. The solution is to look at a model similar to that of the Akash tablet. The government should encourage local manufacturing and drastically cut duties on imported components, and also taxes. Secondly, the phone’s interface needs to be in all 22 official Indian languages. And if that is not possible in the short-term, then speech-totext and speech driven interfaces need to become common on Indian handsets. Many can recognize an English or Hindi numeral or alphabet. But almost everyone can speak a language. So one can speak the name or number of the person he wishes to call and the phone will dial that number. We already have that technology today (Apple Siri and Android Cluzee). Thirdly, address the issue of running costs and monthly bills. Again, consider the per capita income and have plans that are subsidised by the government. So, is the Ministry of Communications and Information Technology listening?
u Brian Pereira is Editor of InformationWeek India. brian.pereira@ubm.com
4
informationweek january 2012
www.informationweek.in
contents Volume 1 | Issue 03 |
January 2012
Cover Design : Deepjyoti Bhowmik
22 cover story Mobile technology: Empowering consumers and enterprises India is witnessing fast-paced growth of innovative solutions centred around mobile technology. The trend is not only benefitting the masses, but is also giving businesses a strong competitive edge
29
Mobile app development gains traction in the Indian enterprise
Mobile solutions offer businesses the speed of delivery and faster decision making, which directly impacts a company’s bottomline
case study
34
Essar turns BYOD into an advantage Faced with the growing trend of many of its employees bringing their own devices to work, Essar addressed this challenge by implementing a comprehensive solution from Juniper
feature
36
38 40
Cisco Cius: The little tablet that could What chance does another tablet have in a crowded market — one that’s dominated by Apple and Samsung? During the demo it became clear that Cisco has cleverly linked its Cius tablet to its ecosystem of telepresence, Unified Communications, telephony, and collaboration tools. It even has its own App store with business apps. So we think this 7-inch tablet comes with a lot of potential, and is likely to succeed, in a Cisco ecosystem
HP uses mobility to fight fraud With existing technologies failing to make an impact in controlling fraud, HP is betting on an innovative low-cost cloud-based mobile solution that just needs a simple SMS to work
Why Standard Chartered Bank embraced the iPhone
feature
42
Pocket guide to securing mobile device
44
5 smartphone location tracking myths, busted Apple, Google, and Microsoft are taking renewed heat over smartphone location tracking, but the topic is fraught with misunderstanding
46
The bank has provided 12,000 iPhones to employees across 70 countries and has developed a range of custom-built apps to streamline internal processes Do you Twitter? Follow us at http://www.twitter.com/iweekindia
6
informationweek january 2012
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device
Find us on Facebook at http://www.facebook. com/informationweekindia
Mobile security’s future: 4 expert predictions Security pros weigh in on major trends that will change the way enterprises handle mobile threats, such as separate personal and work spaces on devices and faster patching If you’re on LinkedIN, reach us at http://www.linkedin.com/ groups?gid=2249272
www.informationweek.in
cover story opinion
47
Mobile device management: What’s still missing?
THE BUSINESS VALUE OF TECHNOLOGY
case study
54
By eliminating the need for paper records, the hospital has given its doctors the ability to access information related to scans or X-rays from anywhere
MDM can help extend IT management all the way to the new edge of the enterprise network. But it’s only one part of the solution really needed to maximize enterprise mobility
48 50 52
4 steps to assess mobile security risk Analyzing how mobility could lead to data loss feels like taking a shot in the dark at a moving target, with a blindfold on. But there are ways to quantify the threat
58
‘RCOM has been actively involved in Big Data solutions’ Alpna J Doshi, CIO, Reliance Communications talks to Vinita Gupta about the enormous growth of data and the solutions Reliance Communications is using to handle it
When employees use their own devices at work, problems can result. Here are seven ways to cope
event
interview
Asian nations pledge to use ICT to collaborate and share knowledge
‘Provisioning apps on devices without manual intervention is a challenge’
News British Telecom bets big on India Microsoft Dynamics signs 2,000 customers in India
13
interview
7 ways to survive the BYOD revolution
The popularity of enterprise mobility is on the rise and companies across verticals are looking at mobility solutions to optimize customer reach and reduce costs. Anil Bajpai, SVP and Head, Research and Innovation, iGATE Patni discusses trends in India and the challenges it is going to throw to the IT department
12
SevenHills Health City signals new era in patient care with paperless hospital
CIOs adopting cloud computing are more ambitious: CA Technologies
60 62
Delegates and speakers explored ways to leverage ICT for inclusive growth at SEARCC 2011 conference in Mumbai
feature 10 social networking tips for CIOs Adding a robust enterprise social network to your priority agenda is a must. Here’s how to get going
EDITORIAL.........................................................4 INDEX..................................................................8 Chirpings from twitterati................... 10 Social Sphere...............................................11
IBM takes analytics to universities
14 16 17 18
Happiest Minds on a growth trail
analyst angle........................................... 63
Security drives majority of desktop virtualization deployments
secret cio.................................................... 65
Persistent Systems partners with IL&FS Education
technology & risks.................................67
66 percent of lost USB sticks found to carry malware: Sophos study
global CIO................................................... 68
India tops in flouting IT regulations at workplace
practical analysis................................. 69
RIM can now manage iOS and Android devices
down to business..................................... 70
january 2012 i n f o r m at i o n w e e k 7
Imprint
VOLUME 1 No. 03 n January 2012
print online newsletters events research
Managing Director Printer & Publisher Director Group Commercial Director Editor Senior Associate Editor Principal Correspondent Principal Correspondent Senior Correspondent Copy Editor
: Sanjeev Khaira : Sajid Yusuf Desai : Kailash Shirodkar : Pankaj Jain : Brian Pereira : Srikanth RP : Vinita Gupta : Ayushman Baruah (Bengaluru) : Amrita Premrajan (New Delhi) : Shweta Nanda
Head Office UBM India Pvt Ltd, 1st floor, 119, Sagar Tech Plaza A, Andheri-Kurla Road, Saki Naka Junction, Andheri (E), Mumbai 400072, India. Tel: 022 6769 2400; Fax: 022 6769 2426
Design Art Director Senior Visualiser Senior Designer Designer
: Deepjyoti Bhowmik : Yogesh Naik : Shailesh Vaidya : Jinal Cheda
Marketing Deputy Manager Advertising Co-ordinator
: Sanket Karode : Jagruti Kudalkar
associate office- pune Jagdish Khaladkar, Sahayog Apartment 508 Narayan Peth, Patrya Maruti Chowk, Pune 411 030 Tel: 91 (020) 2445 1574 (M) 98230 38315 e-mail: jagdishk@vsnl.com International Associate Offices USA Huson International Media (West) Tiffany DeBie, Tiffany.debie@husonmedia.com Tel: +1 408 879 6666, Fax: +1 408 879 6669
online Manager—Product Dev. & Mktg. : Viraj Mehta Deputy Manager—Online : Nilesh Mungekar Web Designer : Nitin Lahare
(East) Dan Manioci, dan.manioci@husonmedia.com Tel: +1 212 268 3344, Fax: +1 212 268 3355
Operations Head—Finance Director—Operations & Administration
EMEA Huson International Media Gerry Rhoades Brown, gerry.rhoadesbrown@husonmedia.com Tel: +44 19325 64999, Fax: + 44 19325 64998
: Yogesh Mudras : Satyendra Mehra
Sales Bengaluru Manager—Sales : Kangkan Mahanta kangkan.mahanta@ubm.com (M) +91 89712 32344 Delhi Manager—Sales : Rajeev Chauhan rajeev.chauhan@ubm.com (M) +91 98118 20301 Mumbai Manager—Sales : Rakesh Tendulkar rakesh.tendulkar@ubm.com (M) +91 97696 42004 Production Deputy Manager : Prakash (Sanjay) Adsul Circulation & Logistics Assistant Manager : Bajrang Shinde Subscriptions & Database Manager Database : Manoj Ambardekar manoj.ambardekar@ubm.com Senior Executive : Deepanjali Chaurasia deepa.chaurasia@ubm.com
Japan Pacific Business (PBI) Shigenori Nagatomo, nagatomo-pbi@gol.com Tel: +81 3366 16138, Fax: +81 3366 16139 South Korea Young Media Young Baek, ymedia@chol.com Tel: +82 2227 34819; Fax : +82 2227 34866 Printed and Published by Sajid Yusuf Desai on behalf of UBM India Pvt Ltd, 6th floor, 615-617, Sagar Tech Plaza A, Andheri-Kurla Road, Saki Naka Junction, Andheri (E), Mumbai 400072, India. Editor: Brian Pereira, Printed at Indigo Press (India) Pvt Ltd, Plot No 1c/716, Off Dadaji Konddeo Cross Road, Byculla (E), Mumbai 400027.
Editorial index Person & Organization A Appadurai, HP India ������������������������������������������������ 39 Alpna Doshi, Reliance Communications ������������ 58 Anil Bajpai, iGATE Patni ���������������������������������������������� 52 Annie Mathew, Research In Motion ��������������������� 32 Anthony Wong, SEARCC ������������������������������������������� 61 Arindam Sen, Advanced Micronic Devices �������� 32 Ashish Dhawan, Juniper Networks India ������������ 35 Bob Tinker, MobileIron ����������������������������������������������� 25 Chandrakant Deshmukh, Mastek �������������������������� 30 Jayanta Prabhu, Essar �������������������������������������������������� 35 Karthik Ananth, Zinnov ���������������������������������������������� 20 Kartik Padmanabhan, IBM Software Group India/South Asia ���������������� 26 Katyayan Gupta, Forrester Research �������������������� 27 Kevin LeBlanc, McAfee ���������������������������������������������� 26 L Sunderrajan, Rewire ������������������������������������������������� 31 Leif-Olof Wallin, Gartner ������������������������������������������� 26 Matthew Norris, Standard Chartered Bank India ������������������������������ 40 MD Agrawal, CSI ���������������������������������������������������������� 60 Peter Sondergaard,Gartner �������������������������������������� 23 Pravin Savant, Lowe Lintas ��������������������������������������� 30 Puneet Jetli, Happiest Minds ���������������������������������� 14
RNI NO. MAH ENG/2001/4730
Santosh Ostwal, Ossian Agro Automation Pvt. Ltd. ������������������������� 23
ADVERTISERS’ INDEX Company name Page No.
Website Sales Contact
Avaya
2 & 3
www.avaya.com/in
Zoho
5
www.ManageEngine.com/it360 india-sales@ManageEngine.com
Tyco
9 www.tycoelectronics.com in.netconnect@tycoelectronics.com
Trendmicro
15 www.trendmicro.com
sales.in@trendmicro.com
Microworld e-scan
19
www.escanav.com
marketing@escanav.com
Interop Announce 2012
33
www.interop.in
surajit.bit@ubm.com
Cloud Connect
41
www.cloudconnectevent.in
surajit.bit@ubm.com
Virtual Interop ThankYou
51
www.interop.in
surajit.bit@ubm.com
Vaidya Nathan, Classle Knowledge ���������������������� 23
Dell
71 www.dell.com
suresh_muppavarappu@dell.com
IBM
72 www.ibm.com/facts/in
ibm.com/smarterplanet/in/analytics
Vikas Tyagi, Themis Medicare ���������������������������������� 39
indiasales@avaya.com
Sudhir Narang, British Telecom Global Services, India ����������������� 12 Sunil Lalvani, Research in Motion India �������������� 27 Sunny Neogi, Aditi Technologies ��������������������������� 31 Suresh Kumar, SevenHills e-Health ����������������������� 54 Todd Schofield, Standard Chartered Bank ��������� 40
Important Every effort has been taken to avoid errors or omissions in this magazine. In spite of this, errors may creep in. Any mistake, error or discrepancy noted may be brought to our notice immediately. It is notified that neither the publisher, the editor or the seller will be responsible in respect of anything and the consequence of anything done or omitted to be done by any person in reliance upon the content herein. This disclaimer applies to all, whether subscriber to the magazine or not. For binding mistakes, misprints, missing pages, etc., the publisher’s liability is limited to replacement within one month of purchase. © All rights are reserved. No part of this magazine may be reproduced or copied in any form or by any means without the prior written permission of the publisher. All disputes are subject to the exclusive jurisdiction of competent courts and forums in Mumbai only. Whilst care is taken prior to acceptance of advertising copy, it is not possible to verify its contents. UBM India Pvt Ltd. cannot be held responsible for such contents, nor for any loss or damages incurred as a result of transactions with companies, associations or individuals advertising in its newspapers or publications. We therefore recommend that readers make necessary inquiries before sending any monies or entering into any agreements with advertisers or otherwise acting on an advertisement in any manner whatsoever.
8
informationweek january 2012
www.informationweek.in
M-governance will usher in new era of governance Across India, government departments are aggressively using the mobile platform to quickly deliver effective services to the masses http://bit.ly/rtvH5L
SIBARSHIS tweeted:
M-governance will usher in new era of governance
http://www.informationweek.in/Government/1112-15/M-governance_will_usher_in_new_era_of_ governance.aspx?page=2 via @iweekindia
Cherry M Philipose tweeted:
M-governance will usher in new era of governance. In the report Kerala is cited as an example http://goo.gl/eE9wR
Prema Sankar tweeted:
M-Gov has huge potential in India-reach, quick learning curve and support for multiple languages� Sanjay Vijayakumar http://bit.ly/tWtXxs
Hardik Shah tweeted:
M-governance will usher in new era of governance: Across India, government departments are aggressively using the mobile platform http://bit.ly/rC84QF
Davis D Parakal tweeted:
Government > M-governance will usher in new era of governance http://disq.us/4l0h8y @mobmewireless
Government of India shares plans to increase broadband penetration At the inauguration ceremony of the recently concluded SEARCC 2011 conference in Mumbai, two ministers shared plans to increase broadband penetration and Internet usage in India http://bit.ly/w18BEc
Security solution prevents leakage of reports at Fugro Survey The company solved about 95 percent of its security threats by restricting the leakage of its reports to competitors, thus preventing business loss http://bit.ly/tWgOnZ
ritupande tweeted:
Security solution prevents leakage of reports at Fugro Survey http://disq.us/4jz8e3
How Walmart plans to use Big Data By analyzing the huge volume of data produced every day on social media, Walmart is trying to shape the future for retail http://bit.ly/uEFYNt
ABIBA Systems tweeted:
How Walmart plans to use Big Data tinyurl.com/csgmtvu
CSS Corp R&D Labs tweeted:
#Walmart plans for Big Data http://informationweek.in/Storage/11-12-19/How_ Walmart_plans_to_use_Big_Data.aspx #Data
@http_web WEB tweeted:
How @Walmart 2 use #BigData http://bit.ly/tsAfrb By analyzin huge volum of #data producd evryday on #socialmedia, http://ow.ly/1gfL0L
Googlyfish India tweeted:
http://tiny.cc/k23d5 Government of India shares plans to increase broadband penetration http://ow.ly/1gamtG
Dheeraj Nostromo tweeted:
Government of India shares plans to increase broadband penetration: The conference was organized and hosted by the Computer Society of India http://bit.ly/veIssE
10
informationweek january 2012
Follow us on Twitter Follow us on Twitter @iweekindia to get news on the latest trends and happenings in the world of IT & Technology with specific focus on India.
www.informationweek.in
Social Sphere Join us on facebook/informationweekindia
Home
Profile
Friends
Inbox
Search
Wall Info Photos Boxes Discussions
InformationWeek India Share:
Post
Photo
Write something... Share
Be the Fan of the Month LIKE us, TAG us and SHARE us on Facebook! WIN a prize! For every ‘Like’ you get 2 points, for every InformationWeek story you ‘Tag’, you get 4 points and for every story of ours which you ‘Share’, you get 5 points. The person, who collects the maximum points by 20th of the month will become the ‘Fan of the month’ and will find himself or herself in the InformationWeek print issue of 2012. Like
Comment
l
l
Share
Fan of December Ahzaz Nagad, based in Surat, is a computer hardware technologist. He has been actively following and joining discussions on Facebook InformationWeek page. He believes ‘If you’re going to take big steps, make sure your gear is up for the task. Breathe deeply. Tread lightly. Smile brightly.’
Wall Info Friend Activity Photos Events Website
Like Comment
Tag Photo Like
l
Comment
l
Share
About InformationWeek is the leading news and information source for information...
Ravindra Anant Naik InformationWeek India My Favorite enterprise news portal. :)
More Like
Like, Tag and Share us on Facebook
l
Comment
l
Share
InformationWeek India
Get links to the latest news and information from the world of IT & Technology with specific focus to India. Read analysis, technology trends, interviews, case studies whitepapers, videos and blogs and much more…
“I’m 01100110 01100101 01100101 01101100 01101001 01101110 01100111 00100000 01101100 01110101 01100011 01101011 01111001 00001010.”
Participate in quizzes and contests and win prizes!
111 People Reached • 2 People Talking About This
Guess what is this??? This is Google’s first ever Twitter post. The message was sent in February 2009 IT Tidbits > Google Rents Goats informationweek.in
Like
l
Comment
l
Share
l
November 16 at 11:52am
january 2012 i n f o r m at i o n w e e k 11
o h MHI) ed their gic
M with form The bled
News
British Telecom bets big on India Even as global economic conditions signal recessionary trends, British Telecom (India) is betting big on India, as it continues to see robust demand led by global MNCs that are expanding in India. “We are present in more than 170 countries. From our research, we have found out that approximately
BM’s
aid nich
ous
ble
es
ty s
ht ity ure
S o f t wa r e
Telecom
Sudhir Narang, MD, BT Global Services, India
80 percent of British Telecom’s largest customers are expanding in India,” states Sudhir Narang, MD, BT Global Services, India. Narang says that while the first wave of growth came from the IT sector, which was creating services on top of the telecom sector, the next wave came from companies in the media & broadcast sector. Today, domestic companies in India are going global,
and BT is supporting these companies. “Compliance is a big issue for most IT services companies. As we understand the unique nuances of regulation in each country, we are better placed to support companies in global markets,” says Narang. BT is also looking at encouraging companies in the IT sector to embrace technologies that help in increasing revenues. A case in point is the agreement signed with IT services company Wipro Technologies, to provide a fullymanaged video conferencing exchange service running on BT’s global MPLS network. Under the agreement, BT will provide B2B exchange connectivity, which will enable seamless video and voice communications between Wipro, its partners and customers. While this was aimed at helping Wipro cut costs and improve collaboration, Wipro can also offer this service to its customers. “An internal communication tool became a revenue generation tool,” states Narang, on how Wipro has used the technology to grow its revenues. Going forward, BT expects the IT/ ITeS sector to continue to contribute strongly to its growth, in addition to sectors such as BFSI and FMCG companies. —Srikanth RP
Microsoft Dynamics signs 2,000 customers in India Microsoft Dynamics ERP and CRM solutions have crossed 2,000 customer milestone in a timeframe of less than five years across various industry sectors. The company cited easy-to-use interface, along with capabilities such as quick implementation and adaptability to localized requirements as the reason for the achievement. Subhomoy Sengupta, Group Director – Microsoft Business Solutions said, “Microsoft Dynamics solutions shows clear business ROI and integrates easily with existing technologies that customers are familiar with or already have installed.” Microsoft has also made it easy to acquire ERP and CRM solutions in India by offering a pay-as-you-go hosted model that eliminates upfront investments and also reduces the costs of in-house IT personnel. It offers a competitively priced ERP for growing businesses that can be deployed in two weeks. —InformationWeek News Network
Virtualization will be at the top of the list for many SMBs in 2012 Source: Symantec
12
informationweek January 2012
www.informationweek.in
Cloud Computing
BI
CIOs adopting cloud computing are more ambitious: CA Technologies Around 60 percent of Indian CIOs believe that cloud computing has enabled them to spend more time on business strategy and innovation, as per The Future Role of the CIO 2011 report released by CA Technologies. According to the report, CIOs who have adopted cloud computing are more ambitious than non-cloud
adopting CIOs. Almost all CIOs (93 percent) who have adopted cloud computing, see their position as an opportunity to other management roles, compared to only 30 percent of non-cloud adopting CIOs. More than half of the CIOs surveyed said they felt ideally positioned to move to the CEO role because cloud computing allows them to spend more time on innovation, business strategy
and driving business effectiveness. However, they face fierce competition; 43 percent acknowledged that whilst they do have the necessary skills to step up to the CEO role, other job roles have greater experience of those skills. The CIO role today is still viewed as a technical role, according to 43 percent of CIOs and this is the reason why relatively few CIOs have successfully made the transition to the CEO role. A lack of ‘digital literacy’ in the boardroom is compounding this problem with 40 percent of CIOs stating that their board was ‘digitally illiterate’ and did not understand the impact of new and emerging technologies. A further 42 percent of CIOs said that the board did not understand the value that IT brings to the business causing a lack of responsiveness to the market. Perceptions are changing; since 54 percent of CIOs report that the C-level management team sees the role of the CIO as becoming increasingly important within the organization which suggests that the board’s view of the CIO is already changing. —InformationWeek News Network
IBM takes analytics to universities To address a growing market demand for analytics savvy graduates, IBM is working with universities around the world to bring advanced analytics training directly into the classroom. The company is expanding its Academic Initiative for business analytics with new programs in India, China, Ireland and Scotland, helping students keep pace with today’s competitive job market by gaining skills in this fast-growing field of technology. In India, IBM is working with faculty members from 500 universities to help more than 30,000 students develop skills in analytics. As part of the program, IBM will conduct a series of training programs with business school faculty concentrating on predictive and business analytics, in 15 major cities throughout India. The faculty members will complete a certification process in analytics at the end of the program. After certification, students will learn how analytics can be applied to their topic of study. —InformationWeek News Network
010101010101001110010101001010101000000100111100 001011101000011@11110101010111011000101010101010 010101010101001110010101001010101000000100111100 001011101000011011110101010111011000101010101010 010101010101001110010101001010101000000100111100 0010111010 PHISHING10101010111011000101010101010 010101010101001110010101001010101000000100111100 001011101000011011110101010111011000101010101010 010101010101001110010101001010101000000100111100 010101 ID FRAUD 0111001010100101010100000010011100 0010111010000110111101010101110110001010101@1010 010101010101001110010101001010101000000100111100
2012 will be a year of action for SMBs, where they’ll start taking tangible steps to protect their businesses from cyber threats
Source: Symantec
january 2012 i n f o r m at i o n w e e k 13
News S o f t wa r e
Happiest Minds on a growth trail In a short span of its operations and despite the macro-economic challenges, Bangalore-based startup Happiest Minds Technologies has gained significant momentum with seven customers in its kitty till date and a strong pipeline. The clients which are from the U.S., U.K. and India, are spread across its three lines of businesses namely IT services, infrastructure & security and software product engineering. “Of the seven customers, two of the deals are advisory-led, some of them are projects and some are long-term relationships,” said Puneet Jetli, Co-CEO of IT services, Happiest Minds.
He did not comment on the financials of the deals but said they are from a mix of industry
verticals such as high-tech companies, consumer-oriented companies like leisure & entertainment, media, BFSI and services. The mid-sized company believes the global slowdown in the market does not impact its specific targets. “The fundamental value we plan to offer to the enterprise remains unaltered,” said Jetli. “First, we are a startup with an objective of achieving few millions of dollars in a specific time period, which is an insignificant share of the trillions of dollars in the global market pie. Second, we are convinced about our value proposition of disruptive technologies, which by default allows end customers to be more disruptive and do more with less. And slowdown is the best time to test the waters,” he said. Next year, the company plans to expand its presence to emerging geographies such as other parts of the Asia-Pacific ranging from the Middle East to Singapore, Australia, and other parts of Europe including Continental Europe and the Nordic countries. The company will at the same time be looking at growing its existing business in the U.S., its largest market. “Despite of what we hear in the media, the biggest markets are still in the U.S. and Europe
and since we are offering services around next-generation applications, there is still much more scope for us to expand in the mature markets as well,” said Jetli. The company also plans to leverage the cloud model to spread out its geographic footprints. “As you begin to create more IP, which can be delivered through the cloud, your ability to reach more countries will exponentially increase. The beauty of the cloud is that you can create something and put it on the cloud. You can even work through partners. The cloud model gives you access to markets where it could be very costly to have a sales and marketing office,” said Jetli. Former MindTree Chairman Ashok Soota launched Happiest Minds Technologies in August this year as a next-generation IT solutions & services company focused on emerging technologies like cloud computing, social media, mobility solutions, business intelligence, analytics and unified communications. Just in a few months, the number of employees in the company has reached close to 100 and it plans to add more in the days to come. —Ayushman Baruah
50% of enterprise e-mail users will rely primarily on a browser, tablet or mobile client instead of a desktop client by 2016 Source: Gartner
14
informationweek January 2012
www.informationweek.in
News S o f t wa r e
V i rt u a l i z at o n
Security drives majority of desktop virtualization deployments Around 91 percent of organizations surveyed have implemented desktop virtualization or plan to do so before the end of 2013 according to global research commissioned by Citrix. Of these organizations, 92 percent are adopting desktop virtualization to improve information security. Senior IT decision makers at these organizations attribute three principal security benefits, namely secure access to data from user devices, improved security of data and applications and simplified risk management, to desktop virtualization. “Desktop virtualization delivers centralized control and management of desktops, applications and data delivered to any endpoint device. It also offers granular, policy-based access control and supports compliance requirements. It embeds an important infrastructure-level of information governance that enhances risk management, across information security and compliance,” said Kurt Roemer, Chief Security Strategist, Citrix. Around 86 percent of senior IT decision makers believe that desktop virtualization offers a strategic approach to improve information security,
regardless of whether or not they intend to use desktop virtualization within their own organization. Of the senior IT decision makers who will have desktop virtualization in place at the end of 2013, 95 percent believe it is very effective at protecting information while providing workers with fast and effective access to the information they require. Nearly 97 percent said that they expect desktop virtualization to help their organization respond to new and emerging security threats. At a device level, 74 percent envisage using desktop virtualization to instantly update an entire estate of PC and computing devices. Also cited as key benefits were immediate provisioning and de-provisioning of desktop access (60 percent), instant isolation of a compromised application (54 percent) and the ability to remotely wipe data from a computing device (32 percent). Nearly 66 percent of senior IT decision makers cite the secure delivery of applications and data as a critical security capability that led them to implement desktop virtualization. —InformationWeek News Network
Persistent Systems partners with IL&FS Education Persistent Systems announced that they have partnered with IL&FS Education and Technology Services to develop a series of mobile-based learning applications on IL&FS Education’s learning platform, Exploriments. Exploriment is a simulationbased interactive learning platform designed for enhancing students’ conceptual understanding in science and mathematics. As a technology partner, Persistent Systems will be developing mobilebased applications on the Exploriments learning model for various mobile platforms like tablets and other handheld devices.Exploriments, designed primarily for tablets such as iPads, will also be compatible with various other devices such as handheld PCs and netbooks. —InformationWeek News Network
2012 will be the year of BYOD and Big Data Source: Brocade
16
informationweek January 2012
www.informationweek.in
Security
Security
66 percent of lost USB sticks found to carry malware: Sophos About 66 percent of lost USB sticks carry malware, revealed a study carried out by IT security and control firm, Sophos. The company’s Australian office conducted the experiment by purchasing a job-lot of found USB sticks from a lost property auction run by major transit authority in Sydney, ‘RailCorp’. The study revealed that twothirds of the 50 tested USB sticks were infected with malware, and contained
information about many of the former owners of the devices, their families, friends and colleagues. Files contained on the unprotected devices included tax documents, school and university assignments, AutoCAD drawings of work projects, photo albums of family and friends, and software and web source code.
Disturbingly, none of the owners had used any sort of encryption to secure their files against unauthorized snoopers. Graham Cluley, Senior Technology Consultant, Sophos said, “It seems that commuters are not only losing their USB sticks, and oblivious to the fact that they were carrying malware around in their pockets, but are also at risk of losing their identity and personal information through sloppy security. Although this study was done in Sydney, Australia, there’s no reason to believe that we wouldn’t see a similar story in Delhi or Bangalore Metro and Mumbai’s suburban local trains. Folks need to wake up to the threats, and take appropriate preventative steps.” It is of vital importance that computer users encrypt all personal and business data before storing it on USB keys so that it cannot be accessed if devices are lost. In addition, by running up-to-date antivirus, users can prevent spreading malware. —InformationWeek News Network
India tops in flouting IT regulations at workplace About 79 percent of employees surveyed in India flout the company’s IT policy all the time — score highest in all regions surveyed, according to Cisco Connected World Technology Report. The report revealed that the desire for on-demand access to information is so ingrained in the incoming generation of employees that many young professionals take extreme measures to access the Internet, even if it compromises their company or their own security. Such behavior includes sitting in front of businesses to access free Wi-Fi networks, and borrowing other people’s devices without supervision. The report also revealed that 59 percent of students expect their future employers to be open about their need to stay connected with their personal life along with work. —InformationWeek News Network
BI
Open source BI tools production deployments will grow five-fold through 2012
Source: Gartner
january 2012 i n f o r m at i o n w e e k 17
News Mobile
RIM can now manage iOS and Android devices There’s some good news for BlackBerry handset owners. International roaming calls from your BB handset will now be a fraction of the usual cost. If your company has limited BlackBerry Enterprise Server (BES) licenses you can still sync your calendars and folders, if your IT administrator downloads and installs a free application called BES Express. The plethora of devices is a security nightmare for the IT Head. But these can all be managed with robust device management software called Blackberry Mobile Fusion — yes Android and iOS phones too! But will these enterprise and security features regain lost market share for RIM? Speaking at a media roundtable in Mumbai, Sunil Lalvani, Director, Enterprise Sales India, RIM said, “We see that the penetration for BYOD in the enterprise is the highest in India at 75 percent (as against the global average of 56 percent). This poses a security risk and is a challenge for CIOs today. We have taken a three-step approach through BES Express, Blackberry Balance Technology, and Blackberry Mobile Fusion.” RIM just launched BES Express, a “trimmed down” version of its widely used BlackBerry Enterprise
Server software. Organizations can download this software for free and access a smaller set of 75 IT policies for managing end-point devices. The full version of BES offers 450 IT policies. The latest version of the free software adds a number of new administrative tools and features, as well as new user self-service utilities. After installing BES Express users will be able to synchronize their e-mail folders and calendars, or create
follow-up messages, which until now was not possible unless your organization issued an BES enterprise license to you. For company-issued handsets, RIM is offering BlackBerry Balanced Technology to create personal and professional partitions on the handset. And data cannot be copied from the professional to the personal partition. So if you leave the company, only the professional partition is wiped clean, and you can continue using the handset
as a consumer device. Blackberry Mobile Voice System (MVS) is aimed at international travelers. “With MVS, you do not miss any calls since all calls from your office PBX get routed to your device. It is useful for executives who travel frequently, or for organizations that have multiple branches. And this solution can control roaming costs,” said Lalvani. According to RIM, with MVS one pays just USD 40 instead of USD 120 (approx ` 6,000) for a 20-minute call. This is because the in-country PBX dials him out — so effectively, the roaming user is just receiving a call instead of making a call back home. The most recent announcement from RIM is an application called Blackberry Mobile Fusion. This is essentially an end-point or device management solution for BB, iOS and Android platforms. This solution will be available in India “in a few months” – RIM officials did not specify when. The solution offers a single console to manage Android, iOS and Blackberry handsets. It eliminates the need to have separate consoles and training for multiple platforms, thus helping CIOs and IT administrators countering the BYOD challenge. —InformationWeek News Network
By the end of 2012, cloud customers will already be using more than 10 different cloud apps on an average Source: Forrester Research
18
informationweek January 2012
www.informationweek.in
News Analysis
Software products — The next wave in the Indian IT industry? Myriad changes in the ecosystem are making the current environment more conducive for software product development in India By Ayushman Baruah The technology products sector in India, which for the last two decades has been dormant and overshadowed by the country’s USD 76-billion software services industry, is on a steep growth trajectory. India is emerging as a software hub globally with over 2,400 product firms generating USD 2 billion of revenues, according to NASSCOM. Around 1,100 product startups have been launched in the last five years alone with an impressive 22 percent growth in revenues during the period. The startups are focusing on localized India-specific solutions built around key areas such as mobility, SMBs, e-commerce and education. They are targeting four broad industry verticals, viz., B2C (business to consumer), B2B (business to small business), B2E (business to large enterprise) and B2G (business to government).
Why Now?
So, what has changed in our ecosystem today that did not exist in the past? Karthik Ananth, Director of research firm Zinnov, points out three key changes that have occurred in the Indian market place. First, there is a strong and growing demand for local products in the domestic market today. Right from banks to cab services like Meru — all make use of high-tech software and technology to reach their customers. This was non-existent even a decade back. The second aspect is the evolution of the entire IT industry in the back of IT services model that focused on providing people (services) for solving customer problems. As Indian companies spent more time with global customers, they gained deeper understanding of the end customers’ business and the ability to develop end-to-end capabilities to build products around it. Third, MNCs have been increasingly using India as a base to build global products, which is creating a culture of innovation within Indian companies. The funding ecosystem has also seen significant improvement. The investment community in India largely comprises of venture capitalists (VCs), angel investors and various other state and national government schemes. Indian success stories such as MakeMyTrip, Flipkart, and inMobi have increased the confidence of global VCs to invest in Indian product startups. Industry veterans are increasingly championing the cause of startups in their chosen areas. For example, in 2009, Infosys Co-founder NR Narayana Murthy started Catamaran Ventures, a VC fund for incubating Indian startups. Ventureast, one of India’s oldest VC firms
20
informationweek january 2012
has a dedicated BYST growth fund specifically for the SMBs. Global MNCs such as Citrix have also started incubators and seed funds to attract product startups. The emergence of disruptive technologies such as cloud, mobility, sustainability and social networking are adding up in making the ecosystem conducive for product development. The number of engineering graduates passing out of India is growing at more than 20 percent, which provides the required talent pool. Interestingly, the number of product firms from tier-2/tier3 cities has almost doubled in the last three years. Over 330 product companies are based in tier-2/tier-3 as of 2011, as per NASSCOM statistics. This trend is because the cost of setting up a product startup has significantly gone down with the zero-CAPEX model of the cloud. The other reason is improved Internet/wireless connectivity (3G, LTE and broadband).
Billion Dollar Companies Emerge
Product companies have finally started to take off in the country. For instance, Zoho’s enterprise products claim to have 15,000 global customers and its web products have 5 million users, according to the company. Zoho, which offers an alternative to Microsoft Office and Google Docs, generates more than USD 100 million in revenue every year. Bangalorebased Tringme provides a VoIP telephony platform that handles over 42 million minutes of calls per month and serves over 11 million users worldwide. Founded in 2007, Ozonetel’s flagship offering ‘Kookoo’ is India’s first cloud telephony platform for entrepreneurs who want to develop their own apps that use the telephony channel. NASSCOM Product Forum Chairman, Sharad Sharma, forecasts that India will have at least a USD 1 billion tech startup per year for the next three years and many more over the next decade. Nasdaq-listed online travel company MakeMyTrip is already valued at over USD 1 billion. The others in the pipeline to join the billion-dollar league are companies like mobile ad network InMobi, online retailer Flipkart, and India’s largest coupon site SnapDeal. Going by the trend, it’s clear that the Indian IT industry has come a long way since its humble beginning by helping American companies fix the Y2K bug in the late 90s. Given the changes in the funding ecosystem, emergence of disruptive technologies and a cultural shift towards greater innovation, there is no doubt that more products will be incubated from India in the years to come. u Ayushman Baruah ayushman.baruah@ubm.com
www.informationweek.in
Mobility Facts
The average mobile worker works
240 hours a year longer
than the workforce in general (Source: iPass Global Mobile Workforce Report)
India’s mobile workforce will grow
53%
over next 4 years
to reach 205 million by 2015 (Source: Springboard Research)
2/3rd
of India’s mobile workforce to own
smart mobile device by 2015 (Source: Springboard Research)
Mobile workers
age 34 and under wake most often to check their smartphone or tablet during the night
46% 10%
wake at least sometimes
35%
wake every night
(Source: iPass Global Mobile Workforce Report)
of mobile workers
check e-mails
before anything else when they wake up in the morning (Source: iPass Global Mobile Workforce Report)
january 2012 i n f o r m at i o n w e e k 21
Cover Story
Mobile technology: Empowering consumers
and enterprises
India is witnessing fast-paced growth of innovative solutions centred around mobile technology. The trend is not only benefitting the masses, but is also giving businesses a strong competitive edge By Amrita Premrajan & Brian Pereira
I
t’s 9:30 in the morning and Kishen Singh, an autowallah plying on Delhi roads, walks into a nearby kirana store, which also happens to be an SBI Eko Customer Service Point. Greeting the shopkeeper he hands over ` 600, his savings from the last week, and asks the shopkeeper to deposit the money in his SBI Mini Savings Bank Account. The shopkeeper does the transaction using his own mobile phone and in a matter of seconds, Kishen gets
22
informationweek january 2012
an SMS on his ultra-low cost mobile phone informing him about the money being credited. Next, Kishen passes on his mother’s mobile number who lives in Bihar, his home town, and asks the shopkeeper to transfer ` 200 to her SBI Mini Savings Account. The shopkeeper does the transaction and Kishen receives another SMS instantly that informs him of the debit. Thanking the shopkeeper, Kishen gets back to his job. At the same time, somewhere in Mumbai, Sneha Shah, a senior
Mobile app development gains traction in the Indian enterprise
29
Essar turns BYOD into an advantage
34
Cisco Cius: The little tablet that could
36
HP uses mobility to fight fraud
38
Why Standard Chartered Bank embraced the iPhone 40
www.informationweek.in
management employee working with one of the largest IT services company in India, is waiting at the airport lounge of Chattrapati Shivaji Airport to catch a flight to Delhi, for an important business meeting. Shah was wondering how she should use the good half hour that she had on hand. Just then she receives a message on her BlackBerry phone, which turns out to be an important training video for knowledge upgradation of senior management employees that was being proactively pushed through the organization’s Blackberry Enterprise Servers. The seemingly non-productive half an hour has now become an exciting, valueadding session for Shah. Both these examples reflect how mobile technology is transforming the lives of people from all walks of life, ranging from a low-wage earner to a C-level employee, in ways that were unimaginable just a few years back. With 881.40 million mobile subscriber base, as of September 2011 (as per a report by TRAI), India is ranked as the second largest mobile market in the world after China by International Telecommunication Union. While the urban areas boast of little more than 580 million mobile subscribers, the rural areas are not far behind with around 301 million mobile subscribers. Out of this, as of March 2011, about 26.3 million were active mobile Internet users, as per IMRB International’s estimates. The initial penetration of mobile phones in both the urban and the rural areas was primarily due to the consumers’ need to have access to basic voice and data services. Over a period of time, the flux of variety of affordable smartphones and the drastic reduction of call rates further fuelled the penetration of mobile
“With Nano Ganesh system, farmers can save water and electricity and the time required for the frequent trips to the fields ”
Santosh Ostwal
Director, Ossian Agro Automation t telephony in India. From this time onwards, the market was thrown open to innovations centred around mobile technology for not only consumers but also businesses. Tapping the potential at the right time, a slew of technology startups are emerging in India, which are providing transformational solutions to consumers, as well as business users in different sectors such as banking, agriculture and education.
Financial inclusioN Through m-banking An interesting example is that of Eko India Financial Services, which brought the benefits of m-banking to the un/underbanked low-income groups, which were traditionally financially excluded by the financial service providers, as they discouraged small value transactions due to nonprofitability. Eko, established in the year 2007, by Abhishek Sinha and Abhinav Sinha, developed a technology platform called SimpliBank, which is a hosted and managed, abridged Core Banking System. Eko used Wipro’s Infrastructure as a Service (IaaS) cloud to provide hardware infrastructure. The deployment of SimpliBank on a cloud infrastructure brought down the cost per transaction dramatically, thus enabling profitable inclusion of customers otherwise excluded from traditional banking services.
“By 2015, private app stores will be deployed by 60 percent of IT organizations and apps themselves will be re-designed”
Peter Sondergaard
Senior VP and Global Head - Research, Gartnert
In this model, consumers are just required to have a basic mobile phone. There is no need to download an application, have a special SIM or a specific handset or a connection from a specific mobile network operator or additional services such as GPRS or 3G. It also requires minimal user education and reduces usage friction significantly. Next, the person has to step in at an Eko Customer Service Point (CSP), which are kirana or grocery stores / pharmacy outlets / stationery shops / gift shops, with whom Eko has partnered. Once at the CSP, the person can get a no-frills bank account (this refers to a bank account with low or zero minimum balances) that can be opened in a few minutes and allows one to deposit and withdraw cash without having to go to a bank branch or an ATM. In fact, the CSP agents act as Human ATMs. The customers can then deposit and withdraw cash and remit funds at any of these local CSPs — in a matter of seconds. Eko is currently working as a Business Correspondent and Service Provider to the State Bank of India, as well as ICICI Bank. This is as per the Business Correspondent guidelines devised by the Reserve Bank of India. Eko has served over 14 lakh users, till date and supports banking operations in Delhi-NCR, Bihar-Jharkhand, and is expanding into UP, Maharashtra, and Gujarat.
‘Mobile’ Farmers
One of the biggest problems being faced by the farmer community of India, using motors to irrigate their fields, is manually switching on and off water pumps at the right time. The problem is not as simple as it sounds, as operating water pumps manually means, farmers or irrigation operators
january 2012 i n f o r m at i o n w e e k 23
Cover Story need to monitor fluctuations in the power supply. This requires farmers to make trips to the fields in the night or in the heat of the mid-day sun, and even navigate through the hazardous locations of the pumps along rivers or water storage beds. Santosh Ostwal, an engineer, observed these problems as his grandfather Sukhlalji Ostwal, was facing these problems as a farmer in the local region. A question that echoed in Ostwal’s mind was, “What if a farmer could switch the motor on or off from the comfort of his home or even from a distant location?” This led to Santosh Ostwal’s entrepreneurial journey and the creation of Nano Ganesh, a remote control system for agricultural water pumps located in rural areas. In the Nano Ganesh application, a mobile phone has been used as a low-cost wireless connectivity near the water pump area and has been innovatively installed near the hazardous starter panels with all necessary arrangements for charging the device. An irrigation operator can control his water pump just by calling the mobile phone located at the remote end and punching on or off code numbers. He can also check power availability, and the pump status. The product is available in the affordable range of ` 560 to ` 2,500,
94%
of CIOs believe that enterprise mobility will be an important part of their organization’s IT strategy within the next one year
24
informationweek january 2012
“Companies want to give users the tools they prefer so that they can be most productive”
Bob Tinker
CEO, MobileIron t with different models being offered, based on their utilities. Ostwal says, “Farmers can recover the cost of the product in just 11 days by saving on water and electricity, as well as save on the time required for the frequent trips to the fields.” Though during the initial period of 10 years, it was very difficult to convince the farmers to use a mobile phone in the starter panel; in 2010-11 the acceptance of the product by farmers became evident, with about 2,000 Nano Ganesh systems being sold.
Setting new paradigm in training and education
Classle Knowledge, a startup based in Chennai, has developed a cloudbased education system for rural India, enabling students to access learning material free of cost, through their basic, low-cost mobile devices. More than 55 academic institutions have partnered with Classle; almost all of them being engineering colleges predominantly
in rural areas. Some of them are GLA University, Mathura; Madanapalle Institute of Technology, Madanapalle and Excel College of Engineering, Thiruchengodu. Classle, chose Amazon Web Services and built its social learning network platform using open source technologies, wherein students and learners interact with their peers, teachers, professors and professionals. Vaidya Nathan, Founder and CEO, Classle Knowledge says, “We are able to form the social learning network to bring the best content and expertise from the world and offer it free of cost to students so that they can learn better and succeed. The students of these colleges are benefiting by downloading audio and video materials corresponding to their college courses and content related to communication skills, career guidance, etc. and taking it on their mobile phones. We were also sending them questions through SMSes
47%
of respondents support employee-owned mobile devices at work (BYOD), and in a limited manner. A significant 27% do not support these devices while some clearly discourage and prohibit such devices at work
www.informationweek.in
Fast Fact According to Zinnov Management Consulting, of the 750 digital startups in India, around 23.6 percent are in the mobility space. Many tech companies such as RIM, Qualcomm, etc. are looking to provide seed funding and venture capital to startups working in the mobility space in India. This indicates the robust trajectory that the technology startups in India, with offerings centered around mobility are set to witness.
to keep them engaged. But the current change in the Government rules around SMSes has pushed the cost up by 400 percent and we have stopped it right now until we figure out a low-cost way.” He adds, “This low-cost innovative way of delivering learning through mobiles has also attracted Skills for Progress (SKIP), an all India Association of Private Technical / Vocation Training Institutions to sign an MoU with us to extend our platform to their entire network of vocational training institutes.” Another startup, Deltecs Infotech tapped a business opportunity that they observed in the enterprise space.
Jinen Dedhia, Divyesh Kharade and Akash Shah, founders of this company, observed that sales-field force and senior management or executive leaders are usually time pressed and do not have access to their laptops or machines all the time. But they do have access to their handhelds regularly. In case of senior management employees, they need to be trained at their convenience, as they are timepressed. Also, giving them training is of utmost importance, as apparently they are driving the business. Understanding this, Deltecs enabled organizations with m-Learning products — Drona M-Learning for training sales force and Drona V-Cast for training senior leaders on BlackBerry Phones. The organizations can create campaigns containing videos, newsletters, events, surveys, polls or presentations, which can be scheduled or instantly pushed to the users’ smartphones. Real-time tracking and analysis can be done to measure the effectiveness and make changes accordingly. Busy executives love the push-technology, which allows an organization to push courses straight on to their BlackBerry device. The executives need not search, download or buffer anything. At the same time, administrators enjoy real-time track and complete analytics feature. Some of the clients utilizing Drona are Essar, SBI,
Navneet, and Wipro.
Consumer Impact on Enterprise Mobility
The employees of any enterprise are also ‘consumers’ and are increasingly making their own choices of mobile devices from the slew of smartphones, tablets and notebooks available in the market, based on ‘their’ individual requirements and interests. Not only this, there is an emerging set of ‘mobile workers’ who are not tethered to their desktops and are required to move around by virtue of their job roles. These workers also have to take critical decisions on the move by accessing certain business applications through their mobile devices. Both these trends — consumerization of IT and the need to enable critical business applications on mobile platforms of decision makers is setting in motion the entire concept of enterprise mobility in a big way. Consumerization of IT is bringing in the concept of ‘Bring Your Own Device’ into the enterprises. Leif-Olof Wallin, Research Vice President, Gartner says, “Employees are behaving more like consumers, demanding a wider choice of devices, exploiting consumer devices and applications from app stores, and adopting new strategies such as “bring your own” IT. As a result,
BlackBerry leads as the popular platform with
80%
75%
of the respondents indicating that their companies currently use it
73%
of companies perceive gains in employee productivity as the biggest benefit of using enterprise mobility solutions
Security and compliance issues are the biggest challenges in enterprise mobility adoption Source: CIO Association of India
january 2012 i n f o r m at i o n w e e k 25
Cover Story the distinctions between a person’s role as an employee and as a consumer are more blurred than ever.” Most of the companies perceive gains in employee productivity as the biggest benefit of choosing BYOD model. “Once upon a time, you joined a company and you were handed a laptop and a BlackBerry. Now, the thinking is: I have hired the best and the brightest and I want to give users the tools they prefer so they can be most productive. Users expect the same level of accessibility in their workplace that they have in their consumer world — and it’s incumbent upon the CIO to deliver,” explains Bob Tinker, CEO, MobileIron.
Challenges related to BYOD model
According to the CIO survey on Enterprise Mobility by the CIO Association of India (CAI), only half of the respondent organizations provided just limited support for some employeeowned devices in the Bring Your Own (BYO) model. This is an indicator of the challenges that enterprises are facing with respect to BYOD. For instance, the challenge thrown at IT deparment is to develop a strong framework for Enterprise Mobility Management in order to facilitate central management of mobile devices with various operating systems. Other challenges that IT departments are facing currently include implementing and enforcing policies and more importantly — securing the enterprise data. Sunil Lalvani, Director, Enterprise Sales India, Research in Motion (RIM), speaking at a media roundtable in Mumbai said, “We see that the penetration for Bring Your Own Device in the enterprise is highest in India at 75 percent (as against
“Employee-owned devices used for work add to the IT complexities because it’s not always clear who owns what data on the device”
Kevin LeBlanc
Sr Director - Product Marketing, McAfee t the global average of 56 percent). This poses security risks. Also, organizations are cutting costs and allowing employees to use their own devices for work. This is a challenge for CIOs today.” Voicing similar views, Kevin LeBlanc, Senior Director - Product Marketing, McAfee says, “Consumerization of IT provides many opportunities, but it also creates some security challenges. Much of these challenges are rooted in the fact that the mobility of these devices introduces security management issues around access control, data protection and compliance. Also, employeeowned devices used for work introduce added IT complexity because it’s not always clear who owns the device, and furthermore, who owns what data on the device. Visibility is required to know what connects to your network, are these devices compliant and how do we ensure that they are safe as is the rest of the corporate infrastructure.” With the smartphone entry prices dropping to ` 5,000, the entire workforce in corporate India can have access to smartphones and smart devices, this will further add to the challenges faced by the IT team. Kartik Padmanabhan, Country Manager, Lotus, IBM Software Group India/South Asia elaborates, “There will be different kinds of tablets used. At the high end, you will have iOS-based tablets used by corporate executives. You’ll also have Android tablets priced between ` 4,000
“The distinction between a person’s role as an employee and as a consumer is more blurred than ever”
Leif-Olof Wallin
Research Vice President, Gartner t 26
informationweek january 2012
– ` 6,000 used by the sales force or an executive on the field. So eventually, you will have a range of tablets for different people in the organization. This will put immense pressure on the CIOs / CTOs to come out with a strategy where they will be able to support multiple devices based on Andriod, iOS, Windows, Linux and other platforms, and at the same time ensuring that the IT infrastructure is secure.” Though companies like Wipro and Essar have already stepped in the arena of addressing BYOD challenges and are rolling out BYOD policies, most of the Indian enterprises are still holding back and watching the technologies and trends which are shaping up. To give such enterprises an insight into this space, we have elaborated on how Essar has made BYOD a reality, elsewhere in this issue.
Vendor offerings
A number of technology vendors are now coming out with offerings in the area of Enterprise Mobility Management, which is bound to become a necessity with the concept of BYOD gaining popularity among the enterprises. For instance, MobileIron, positioned in the Leaders quadrant of Gartner’s Magic Quadrant for Mobile Device Management Software 2011, provides solutions for supporting multiple operating systems (Android, BlackBerry, iOS, Symbian, WebOS, Windows Phone 7 and Windows Mobile). It offers solutions to ensure security of enterprise data on both — corporate and employee-owned devices. MobileIron is available either as a cloud-based delivery model or as an on-premise solution. Also, IBM has launched its Mobile Enterprise Services (MES) initiative to provide an integrated
www.informationweek.in
suite of capabilities for managing the proliferation of mobile devices, including BlackBerry and its PlayBook tablet; Apple iPhone and iPad; Symbian and Google Android devices in enterprises, and to address the growing demand for secure access to corporate data. Anticipating the BYOD challenge that CIOs are facing, RIM recently launched an application called BlackBerry Mobile Fusion, which is essentially an end-point or device management solution for BlackBerry, iOS and Android platforms. This solution will be available in India “in a few months” — RIM officials did not specify when. The solution offers a single console to manage Android, iOS and BlackBerry handsets. This solution eliminates the need to have separate consoles and training for multiple platforms, thus helping CIOs and IT administrators counter the BYOD challenge. Sybase, an SAP company, has an offering called Afaria, which provides IT with the ability to centrally manage and maintain a variety of mobile devices. This provides IT with the control and visibility they need, at the same time empowers mobile workers to be successful with the information and applications needed to do their work. Afaria supports a variety of client types that can be managed from a single web-based console including, Symbian/ Android platform, iPhone, iPad or RIM BlackBerry devices.
business-Specific apps To Gain Momentum
The CAI survey on enterprise mobility states that enterprises already using mobility solutions find e-mail, calendar and contacts as the most useful applications. Though many enterprises
“In the coming years, we will see mobilizing of business critical apps, which can impact top-line revenues”
Katyayan Gupta
Analyst & Connectivity Lead, Telecom & Networking Services, APAC & Emerging Markets, Forrester t view better Customer Relationship Management (CRM) as one of the key gains from enterprise mobility, they currently use CRM-related applications in a limited manner (19.40 percent). This indicates a trend that Indian enterprises have not aggressively started moving beyond mobilizing basic apps like e-mails and calendar. Emphasizing this, Katyayan Gupta, Analyst and Connectivity Lead, Telecom and Networking Services, APAC & Emerging Markets, Forrester says, “Email messaging, calendar and corporate address book are getting mobilized in enterprises. But the point is enterprise mobility extends much beyond e-mails and to business critical apps such as ERP, CRM, or HRMS, and all of this is being made available to users while they are on the go. And this will really take time. What we would be seeing in the coming few years is mobilizing of only certain business critical applications, such as Sales Force automation, ERP, CRM, which will have a direct relationship with the business’ top-line revenues.” And these specific business apps, which enterprises would decide to mobile-enable, would be the ones, which would facilitate “faster decision making” and would “decrease the response time” of employees. Emphasising this, Anil Bajpai, SVP and Head of Technology Research and Innovation (R&I), iGATE Patni says, “The key problem that all
“Penetration for BYOD in the enterprise is highest in India at 75 percent, as against the global average of 56 percent ”
Sunil Lalvani
Director, Enterprise Sales India, RIM t
enterprises are trying to solve through mobility solutions is the need to make information available at the point of decision-making — in the anytime, anywhere enterprise. Typical areas of focus for most customers include field force automation and sales force automation, in addition to helping senior executives track various business metrics through dashboards on their devices.” This is exactly the trend we are witnessing today, with different enterprises mobile-enabling certain apps, which according to them brings them maximum business benefits. A look at the table, ‘How enterprises are using mobility solutions to boost businesses,’ ( Page 28) shows us this trend.
Enterprise App Store: A Future Trend
Another interesting trend to look out for is the concept of Enterprise App Store / Portal, which are intended to be “private” app stores within an enterprise. These can be accessed only by the employees/ associates of an enterprise to provision their own smartphones/tablet devices. Typically, employees are allowed to access only those applications, which they need for executing their jobs. Such portals are an extension to an enterprise’s Mobile Device Management strategy, which will enable an enterprise to enforce some of its security and usage policies. Peter Sondergaard, Senior Vice President and Global Head of Research at Gartner, speaking at the Keynote at Gartner Symposium IT Xpo 2011 reiterated this and said, “By 2014, the installed base of devices that are based on new lightweight operating systems, such as Apple’s IOS, Google’s Android, and Windows 8, will exceed that of the
january 2012 i n f o r m at i o n w e e k 27
Cover Story total installed base of PCs. That requires an IT organization to re-imagine the way it provides applications. By 2015, private app stores will be deployed by 60 percent of IT organizations and the applications themselves will be re-designed.” A case in point is iGate Patni, which operates in this space of developing, delivering and managing Enterprise Portal for enterprises and has already
implemented such an App Store for one of the largest Fortune 10 companies in the U.S. MobileIron is another company that offers private Enterprise App Storefront and lets businesses privately deliver in-house apps — this can be for iPhone, iPad, and Android — to their employees without posting them to public app stores. The company also offers granular policy controls because
How enterprises are using mobility solutions to boost businesses Mahindra Shubhlabh Services Ltd (MMSL) The agribusiness company of Mahindra group started using a mobile app for food safety risk assessment, which led to 40 percent improvement in productivity of field staff and reduced the time for field estimation from 15 days to just 3 days. Perfetti Van Melle The FMCG giant provided its sales force with BlackBerry devices, which reduced the turnaround time for the market report from one month to one day and has enabled top management to access reports on a web-based portal for analysis. Reliance Commercial Finance The financial solution provider deployed a Mobile Lead Management System, which integrated on a real-time basis all the leads originating from marketing channels like SMSes, web, mailers, hoardings, or at the call centers, directly to the mobile phone of the sales person. Due to MLMS, the sales person need not come to the office for referring to the CRM. This led to cost savings of around ` 50 lakh, due to increased productivity. Also, the response time to an enquiry reduced from 7 days to few hours. Mudra Communications The company developed SnapIT, a mobile retail audit app for auditors that ensures a data gathering process, which was completely automatic and online. With the app, results are available for the clients online, as opposed to a month’s turnaround time that was taken previously. SnapIT was developed for one of Mudra’s clients who wanted to ensure effective management of their window display space, which necessitated a real-time audit across the retail outlets. TVS Motor Company The company developed an Enterprise Mobility Application for dealers that enabled them to get their dealership performance reports on their mobile phones. This has helped in saving huge amount of man-hours. Lowe Lintas An agency dedicated to creating, planning and handling advertising and marketing activities for its clients, enabled the TimeSheet application on BlackBerry, which meant that the employees could fill in the TimeSheet from anywhere. The reporting dashboard also helped the senior management keep a tab on the employee activity.
distribution can be complex and will only increase in complexity as more and more apps are built. In addition, it provides ways to ensure that enterprise services are protected from devices running rogue apps.
CONCLUSION
The concept of enterprise mobility is certainly gaining momentum in India — solutions centred around enterprise mobility are arousing interest, and are also being slowly implemented across businesses. While some businesses, gauging the potential of enterprise mobility, have been early-adopters, others are still fence-sitters, analyzing the potential of enterprise mobility, and looking at what to implement and how. Sooner or later every enterprise is set to mobilize at least some of its business apps, which would ensure immense business benefits. We are also seeing how the consumerization of IT is increasingly putting pressure on IT and how a traditional ‘command and control’ framework will no more work with tech-savvy employees. The time is actually ripe for the enterprises to contemplate and take a stand on BYOD and frame a mobile device management strategy that not only gives employees the freedom to work on the platforms that they are most comfortable with, but also empowers the IT to have complete control and visibility of mobile devices being utilized by employees for office work. If need be, enterprises should also be exploring technology vendors well suited to provide them technical expertise to create a successful enterprise mobility management framework. Looking at the growth of technology startups, as well as technology giants in the space of mobility, mobile technology is definitely going to take off in a big way. And with 3G slowly taking deeper roots in India, the potential of mobile technology is only set to multiply manifold. u Amrita Premrajan
amrita.premrajan@ubm.com
Brian Pereira brian.pereira@ubm.com
28
informationweek january 2012
www.informationweek.in
Cover Story
Mobile app development gains traction in the Indian enterprise Mobile solutions offer businesses the speed of delivery and faster decision making, which directly impacts a company’s bottomline By Ayushman Baruah & Brian Pereira
I
f you thought mobile apps are the monopolistic domain of the consumer, think again. For, enterprises too have realised they can’t do without it. Whether it’s a bank trying to acquire a potential high-value customer or a retail store trying to enhance the in-store experience, mobile apps help each of them do business better and faster. Today, businesses are increasingly using the mobile platform to reach out to their end customers,
and the market for enterprise mobile application development is growing at a phenomenal pace. India’s rapidly evolving enterprise mobility market is set to touch USD 1 billion by mid2015 from the current USD 244 million, according to research firm Zinnov. As adoption of mobile devices increase, technology companies are constantly building apps focused on solving the business problems of the enterprise. For instance, BlackBerry maker Research in Motion (RIM) has
developed apps around sales force, employee self service, workflow management, telemedicine, and location-based services, that are being used by several large enterprises. BlackBerry App World currently has around 40,000 applications and 26,000 registered developers from India. The company has a 70:30 revenue sharing model, where the app developer gets the major chunk. Creative agencies like Lowe Lintas use BlackBerry apps for various
january 2012 i n f o r m at i o n w e e k 29
Cover Story purposes. Currently, 25 percent of the employees at Lowe Lintas have access to BlackBerry smartphones. “We have different lines of business, so there are different implications of mobility in our organization. We have sectors that focus on rural market, PR, and healthcare in addition to different services. So it is important to have strong partnerships with vendors. And that is where RIM has been helpful. They have been with us in taking the concept from the PowerPoint concept stage right through the implementation,” says Pravin Savant, CTO of Lowe Lintas. Lowe Lintas uses RIM’s TimeSheet application that keeps a track of what their employees do. “Earlier, it used to take some time to enter data in the timesheet from a laptop. But now because it is available on a smartphone, one can update the timesheet during non-productive times like waiting for an elevator or in a traffic jam,” says Savant. The other mobile application Lowe Lintas uses is for leave & attendance. Interestingly, the agency also has an employee engagement programme called ‘BlackBerry champion of the month’ to motivate employees to use these apps. “These programmes do two things. First, it breaks the myth that these applications are for only a few select people. Second, it gives the confidence that such apps are actually helpful,” says Savant. Mobility apps have dramatically changed the way companies function. A good example is Mastek’s proof of concept (PoC) app, called the Bus Tracking System, for its fleet of buses to shuttle its employees between its offices and drop points across the city. This app is a human-assisted locationbased tracking system (not GPS). “An employee on the bus can use this app and enter the time and the point of boarding (location). The app then calculates the estimated time of arrival (ETA) at the next stop and relays this information to other employees who use this app on their phones. This saves the employees’ time and they do not have to wait for long at bus stops,” says Chandrakant Deshmukh, Head – Technology Engineering and Consulting, Mastek. The company has
30
informationweek january 2012
“As RIM’s TimeSheet application is now available on a smartphone, one can update it during non-productive times like waiting for an elevator”
Pravin Savant
CTO, Lowe Lintas t another similar app called Taxi Meter, which is an iPhone app (for internal use) that calculates the taxi fare based on the distance travelled. For the insurance sector, one of the key verticals for Mastek, the company has developed an app called the Mobile Agent. It runs on a tablet and helps agents on the field to educate prospective and current customers about insurance product offerings. “It gives customers the confidence that their financial needs during different stages of their life will be suitably addressed. In other words, the Financial Need Analysis can be done in a jiffy or practically in one sitting with the customer. The app improves the selling experience through an informed approach. With this app the customer can run through different scenarios and
do a quick analysis of the product,” says Deshmukh. Bangalore-based Aditi Technologies provides custom and white-labeled mobile application development services to companies that sell/market/ package them for India markets. The company’s mobile services accounts for over USD 10 million in revenue and it spans a mix of consumer-facing apps (80 percent) and apps for enterprise mobility (20 percent). Aditi focuses on building apps on Windows Phone 7.5 (Mango), Android and iPhone. The company is seeing increasing demand for Windows Phone and Android applications and a diminishing demand for BlackBerry apps. This is in contrast to CIO Association of India’s (CAI) Mobility report, which says that BlackBerry leads as the popular platform with 80 percent
CUSTOMER CONCERNS L Sunderrajan, Founder Director, Rewire, highlights some of the typical concerns customers have on integration of mobile apps with their back-end: l
l
l
l
l
Since we deal with large enterprises (` 3,000 crore plus turnover), the biggest concern they raise is around security. They also ask about logs, updates, and security of data at rest and data in motion (over wireless networks). Concerns about maintaining the integrity of the data after the updates occur. We also get questions about the encryption of the data on handsets and wiping out data on handsets when an employee leaves the organization. Concerns about user authentication methods. We need to have checks and balances, especially for people who have left the organization. Issues of synching data with the back-end in cases where the connectivity is poor or inconsistent. The device should sense the health of the connection and automatically synchronize the data with the back-end and handset. To address the connectivity issue, we also use SMS as the delivery mechanism. We use Java to develop SMS-base forms. It also gets round the 150 character limitation. Concerns on platform compatibility. To counter these challenges, we try to make our app work on almost all platforms.
www.informationweek.in
of the respondents indicating that their companies currently use it. The report adds that many companies also support more than one platform, including the iPhone, Android, Symbian, and Windows Mobile. Aditi has helped customers develop three types of apps for the enterprise market. The first one is around enabling enterprise social on mobile through workflow integration, collaborative process automation, CRM etc. The second is around operational performance management such as BI reports on mobile and third is around the concept of gamification. “Gamification is driving a lot of mobile application development. Our enterprise customers, especially in the lifestyle and media segments, are increasingly using game-based, socially-integrated, cloud-enabled applications to engage their customers better and drive higher transactions,” says Sunny Neogi, Director-Marketing, Aditi Technologies. Similarly, Mobientech focuses on providing mobility solutions to enterprises including key customers like Bajaj, Dalmia Cement, ITC, etc. Their mobile application framework, called iNotify, enables enterprises to deploy enterprise CRM and ERP solutions to the mobile platform. iGATE Patni, which has been in the news recently, delivers mobile apps to customers across different verticals including BFSI, manufacturing, logistics, media, communication, energy & utilities, etc. These mobile apps have been delivered using the following technologies: (a) Native apps (b) Mobile browser-based apps (using HTML5/ CSS3 and platforms like Sencha Touch) (c) Hybrid apps (d) Cross-platform native apps (using platforms like Rhomobile). Mumbai-based startup Rewire has done almost 25 PoCs for various mobile
“Today, users can use enterprise grade tools for video chats or meetings, using mobile devices or tablets”
Kartik Padmanabhan,
Country Manager, Lotus, IBM Software Group India/South Asia t applications. One of these is in the agricultural space — where the mobile application advises farmers about the weather, seeds for sowing etc. The weather forecast arrives at the website as an RSS feed, and it is then relayed to a farmers’ mobile handset. “We have done PoCs for enterprise use such as leave approval, purchase requisition process and cash voucher payment. Then we have apps for disseminating information such as various policies or internal memos to all employees. The application can run on any mobile platform and is designed to accept queries from employees and forward these to the back-end. The queries are then sorted, collated and categorized at the back-end and a common answer is sent back for similar queries,” says L Sunderrajan, Founder Director, Rewire. Networking major Cisco recently introduced AppHQ, an application ecosystem built specifically for Cisco Cius that provides new ways to create, manage and rapidly deploy tablet applications in the enterprise. Cisco Cius, an Android-based tablet created for the enterprise, combines voice, video, collaboration, and virtualization capabilities. As security is of consequential concern, the administrator, through policies, can lock access to Android apps or prevent downloading of specific categories of apps. Cisco claims there are more than 2,000 enterprise applications, and each
“The biggest challenge right now is that although there is immense demand, most companies are not entirely geared up for this level of mobile facilitation”
Anil Bajpai
SVP and Head of Technology R&I, iGATE Patnit
of these is said to have been tested and validated by an internal team at Cisco. AppHQ looks similar to other Android app stores on the web. But there is a distinguishing feature called AppHQ Manager, which allows companies to establish customized, branded storefronts, featuring a subset of its own AppHQ apps, for employees.
EARLY ADOPTERS
According to a CIO survey on Enterprise Mobility by CAI, more than 50 percent of the CIOs from the financial services industry have already deployed enterprise mobility solutions. Hospitality and Media & Entertainment are the other industry verticals leading the list. IT surprisingly, takes the middle rung, while the government/public sector enterprises are the laggards in the race. “The reason why BFSI is among the early adopters of collaboration on the mobile platform is because of its large mobile workforce and long customer lifetime,” says Neogi of Aditi Technologies. Sunil Lalvani, Director of Enterprise Sales, RIM India, agrees that BFSI is a key adopter of mobile apps. He cites the example of a bank employee who needs to go out on field to advice highnet-worth individuals on investments. The bank employee needs to do a quick calculation of the ROI taking into account different interest rates. “For some of the customers, this is done through an app on the BlackBerry. The customer profiles are already stored on the device before the visit, so only the key elements are entered on the handset during the discussion with the client. Different scenarios can be instantly created for the individual and the proposal or quotation can even be printed from the BlackBerry using a special printing app. In this way, the bank has a quicker closure time.
january 2012 i n f o r m at i o n w e e k 31
Cover Story Previously, the bank employee had to carry a laptop and there would be several visits or calls before the sale got closed,” he says.
MOBILE BLOCKS
The CIO survey by CAI suggests that there are three key challenges that deter companies from deploying enterprise mobility solutions. Security and compliance issues lead the list (75 percent), which is followed by the lack of solution awareness. Cost and unclear ROI issues come third, with 42 percent of the respondents indicating their concern. Enterprises look for solutions that are secure, and offer ease of deployment and use. The cost of the solution, while important, is not the deciding factor. “We see a huge demand for
companies to internally deploy CRM and ERP applications that can be accessed through mobile devices. However, the biggest challenge right now is that although there is immense demand, most companies are not entirely geared up for this level of mobile facilitation. Though Internet access through a smartphone is easy, most applications have been created for a personal computer and require a high bandwidth and low latency to operate to their best capability. The user experience and effectiveness is currently lacking on a mobile interface,” says Anil Bajpai, SVP and Head of Technology Research and Innovation (R&I), iGATE Patni. With businesses getting more and more dependent on mobile devices, the enterprise application development
market is booming. A lot of PoCs have been developed in this area especially in customer-centric verticals such as BFSI. The most important benefit mobile apps offer enterprises is the savings in business hours. It shortens the entire sales cycle right from getting the customer leads to closing of the sale, thereby directly impacting a company’s bottomline. Going forward, mobility will be the endpoint device of computing and a must-have productivity tool in the enterprise. In India, due to concerns around security and accountability, it might take a while before it reaches a critical mass. The trend, however, is fast catching up already. u Ayushman Baruah
ayushman.baruah@ubm.com Brian Pereira brian.pereira@ubm.com
Saving lives with another kind of ‘tablet’ When you are in the business of saving lives, every hospital’s Central Monitoring System (CMS). The minute counts. Immediate transmission of patient CMS receives data from local patient monitors and information to doctors, surgeons, specialists, can display a patient’s vital information in real time paramedics, ambulance services and others in the to care providers. It archives the data for compliance healthcare ecosystem, can save precious minutes, and analysis, and monitors the incoming data for and hence lives. AMDL Health, a leading provider anomalies, and displays alarm messages. The of medical equipment and devices, is addressing solution is also used by ambulance services, where a this need through an application called eTraq for patient’s condition can be analyzed by the physician BlackBerry PlayBook tablets. ahead of arrival at the emergency facility. Annie Mathew, Head “Providing real-time critical patient information Annie Mathew, Head of Alliances and Developer Alliances and Developer to enable quick diagnostics is the goal of the eTraq Relations in India for RIM informs, “The application Relations, India, RIM Application for the BlackBerry PlayBook,” says Arindam offers in-built alerts as it monitors a patient’s health. Sen, CEO, Advanced Micronic Devices. So it warns the doctor if a patient’s health suddenly deteriorates. If Advanced Micronic Devices healthcare division or AMDL the doctor is not on the location, he can come on a video call and Health, is a leading provider of medical equipment and devices, and chat with the team that is attending to the patient. Alternatively, a group company of Opto Circuits (India). Developed by i2iTelesothey could use the BlackBerry Messenger. So the underlying aspect lutions, the eTraq Application allows medical practitioners to use a is how the various partners have taken up a unified platform of BlackBerry PlayBook to remotely access multiple patients’ physiBlackBerry and integrated video and text chat with the main ICU ological parameters collected through eTraq Transport Monitors — monitoring application (eTraq). This is facilitated by the fact that portable, light weight units that provide 5-parameter monitoring. RIM has opened APIs for BBM and enabled push API features. Through the BlackBerry PlayBook and eTraq application, And developers have been quick to incorporate these in their doctors can access local patient monitors connected to the applications.”
32
informationweek january 2012
www.informationweek.in
Case Study
Essar turns
BYOD
into an advantage Faced with the growing trend of many of its employees bringing their own devices to work, Essar addressed this challenge by implementing a comprehensive solution from Juniper By Srikanth RP
W
ell acquainted with consumer devices such as the iPad, a younger workforce is challenging existing security practices as they want to use their own devices to access corporate networks. Faced by the growing trend of consumerization of IT, most enterprises have resorted to an easier route — simply restrict the usage of personal devices for connecting to enterprise networks. The rationale seems justified if one looks at the risks posed due to the usage of smartphones in accessing enterprise networks. For example, in addition to securing personal smartphones or devices, organizations face a huge challenge in detecting when such devices are added or removed from the company’s network. This poses a greater security risk as enterprises have to struggle to keep pace in updating their infrastructure, in order to effectively manage and gain visibility of such devices. Conglomerate Essar, with a presence in multiple sectors, such as steel, oil & gas, power, BPO & telecom services, shipping and ports, was
34
informationweek january 2012
www.informationweek.in
facing a similar challenge. Its CTO, Jayanta Prabhu, was keenly watching the growing trend of employees bringing their own devices to work, and wanting to access enterprise networks using such devices. In Essar’s case, this represented a major security risk and challenge, as it has operations in more than 25 countries and employs more than 75,000 people. Unlike many of his counterparts, Prabhu did not want to take the traditional way of preventing employees from using personal devices, as he well understood the pervasive benefits of enabling mobility. “Many of our executives need to travel across the globe for business purposes. While on the move, they exchange files through e-mail and access corporate applications from laptops, mobile devices or tablets. There is a need to provide a solution that provides seamless connectivity to corporate network without the need for any special software installation while maintaining security,” explains Prabhu, stressing on the importance of enabling mobility for its workforce. Prabhu also wanted to provide enterprise applications’ access to a growing number of partners and vendors who need to access the company’s applications and resources. After evaluating a host of options, Essar finally chose ‘Junos Pulse Mobile Security Suite’ from Juniper to enable a secure, multi-platform remote network access solution. The Mobile Security Suite solution protects smartphones, tablets and other mobile devices running most major mobile operating systems from viruses, malware, loss or theft and other threats. It also deployed an SSL solution from Juniper. The SSL solution helps Essar in ensuring secure, mobile remote access and connectivity. This solution offered Essar an advantage over the existing IPSeC technology used for remote access that had many limitations. Deployment of these solutions will allow Essar to provide remote and mobile employees, customers and partners with secure SSL VPN access to corporate network resources and
applications from a wide range of mobile devices.
Supporting BYOD
In the first phase, Essar will implement the Junos solution across smartphones of approximately 6,000 staff. The Junos Pulse solution integrates mobile security, secure connectivity and mobile device management. “Besides security issues, the chances of mobile phones getting lost are high. Hence, they should have features that allow enterprises to remotely wipe off information or restore information on another device, if need be. The Junos Pulse solution will enable this capability for Essar,” explains Ashish Dhawan, Country Lead, Enterprise Business, Juniper Networks India. Using the Junos solution, Essar can locate any mobile device with a GSM tracker, and connect it with its enterprise network. It can also take backups, wipe information remotely, and control and monitor usage to prevent the leakage of corporate information. Additionally, Essar can now allow access to enterprise applications for employees from any mobile phone, which has helped in increasing employee productivity. “Besides
Highlights l
l
l
Junos solution will be rolled out across smartphones of approximately 6,000 staff members Employees can access enterprise applications from any mobile phone Essar can locate any mobile device with a GSM tracker, take backups, wipe information remotely, and control and monitor usage to prevent leakage of corporate information
providing access to the Intranet and other business applications, we have been able to customize the experience and access for diverse user groups across a range of devices such as smartphones, laptops or kiosks,” explains Prabhu. The Essar group is using a network of more than 1,000 mobile device retail outlets to support the rollout of the solution to smartphones owned by employees and other target users. In this era of user-driven IT, where the thin line between work and home is rapidly vanishing, Essar’s example shows how an organization can securely embrace the growing trend of consumerization of IT, and turn it into an advantage.
u Srikanth RP srikanth.rp@ubm.com
january 2012 i n f o r m at i o n w e e k 35
Feature
Cisco Cius:
The little tablet that could What chance does another tablet have in a crowded market — one that’s dominated by Apple and Samsung? During the demo it became clear that Cisco has cleverly linked its Cius tablet to its ecosystem of telepresence, Unified Communications, telephony, and collaboration tools. It even has its own App store with business apps. So we think this 7-inch tablet comes with a lot of potential, and is likely to succeed, in a Cisco ecosystem By Brian Pereira
W
hen IT majors like HP are struggling to sell tablets, can Cisco succeed? The answer was obvious in the first five minutes of the exclusive Cius tablet demo at the Cisco Telepresence room in Mumbai. Firstly, the Cius, pronounced “See Us” does not compete with the likes of iPad and Galaxy, although it is an Android-based (Froyo) tablet. Cisco calls it an “Enterprise-class tablet” and it’s designed for video or visual communications (See us – get it?) Cisco wants you to believe that this
36
informationweek january 2012
is not an end-point solution — rather it is a “converged device.” Secondly, the tablet is designed for enterprise/ business use, and largely depends on Wi-fi connectivity and a desktop dock/handset (sold separately) for extended connectivity. It also has enterprise-grade security features akin to what you get on a Blackberry device. Thirdly, Cius can act as thin client for desktop virtualization/VDI. Fourthly, Cius is a part of a “system” of collaboration tools; though it can be used as a standalone Android tablet, the real utility of the tablet is
realized when it is hooked up to the Cisco system of Telepresence, Unified Communications, IP Telephony, various collaboration applications and the Cisco Unified Communications Manager (CallManager) in the data center. This means you need to have a back-end and all this IT infrastructure in place to fully appreciate the benefits of the Cius. So Cisco is really doing what Apple does best — selling not just a product but a complete system of intricately linked components that collectively offer a lot of possibilities. A Cisco spokesperson sums it up
www.informationweek.in
saying, “Cius does collaboration, communication and compute.”
CONNECTIVITY & DOCK
The Cius depends largely on Wi-Fi for connectivity and it supports IEEE 802.11 a/b/g/n standards. Cisco says it will add 3G and 4G data service options in the near future. So if you want to take your Cius tablet on the road, you’ll need to find a Wi-Fi hotspot. But remote connectivity should become easier next year — we have learnt that Cisco is working with service providers to make its visual communication services and IP Telephony available over their networks. So perhaps in a year’s time you can be on the road and still participate in a telepresence session or answer an IP call using a Cius tablet. Let’s talk about connectivity options. The tablet itself has a Micro
security is a consequential concern. Through policies the administrator can lock access to Android apps or prevent downloading of specific categories of apps. Cisco claims there are more than 2,000 enterprise applications, and each of these has been tested and validated by an internal team at Cisco. AppHQ looks similar to other Android app stores on the web. But there is a distinguishing feature called AppHQ Manager, which allows companies to establish customized, branded storefronts, featuring a subset of its own AppHQ apps for employees. That’s great for customizing and standardizing collaboration apps and enterprise apps.
also be beamed across to the tablet (during a WebEx session). So you can move into a meeting room and continue your WebEx or telepresence session. Further, collaboration tools such as e-mail (Cisco Inbox), Social Media (Cisco Quad), instant messaging and presence (Cisco Jabber) are also available in the Cius, as witnessed during the demo. Mounted in its desktop dock, the tablet can also be used for multi-way audio conferencing (without video).
COMPUTE / VIRTUAL DESKTOP
The Cius has compute capability and offers desktop virtualization too. One could use the QuickOffice suite and save documents on the server. The Cisco spokesperson said it could be used as a desktop replacement, though I can’t image myself doing
VISUAL COMMUNICATIONS & COLLABORATION
SD slot, Micro USB, and Micro HDMI. For extended connectivity, place it in the HD Media Station — its desktop dock cum handset. The dock has ports for USB (3), Ethernet (up to 1,000 Gbps), and HDMI. It also charges the tablet through its 29-pin connector. In addition, the dock has hi-grade audio speakers and also a 3.5 mm headset connector.
APP STORE
No discussion on tablet is complete without deliberating on the number of apps and the type of apps available for it. In this case we were obviously looking for enterprise-grade apps. Being an Andriod device, you have access to over 100,000 apps in the Andriod Market. But Cisco also offers its own store for enterprise applications, called Cisco AppHQ. Since this is an enterprise device,
They say 85 percent of communication is visual. But for truly immersive visual communications you need high definition. That’s why Cisco fitted two high-definition 720p cameras (front and rear facing) into the Cius; it has native telepresence capability. We “immersed” ourselves in a telepresence session on giant LCD screens with the Cisco media team in Bangalore. That session was instantly relayed to the Cius tablet. What’s more, we could walk around the room and watch colleagues on the tablet in high-definition video. PowerPoint and whiteboarding (done remotely) can
serious work on Spreadsheets on the tablet’s 7-inch screen; I’ll probably end up attaching a larger monitor to it. The compute power comes from an Intel Atom Z615 Processor (512-KB cache, 1.6 GHz). The device has 1GB RAM and no hard disk; it relies on its expandable 32-GB eMMC flash memory for storage. The device also has enterprisegrade security features such as secure credential for storage, secure boot, image authentication and encryption, certificate management, network and wireless security, media and data security, an AnyConnect Secure Mobility Client, remote wipe, policy management features, and a hardware security foundation layer.
u Brian Pereira brian.pereira@ubm.com
january 2012 i n f o r m at i o n w e e k 37
Feature
With existing technologies failing to make an impact in controlling fraud, HP is betting on an innovative low-cost cloud-based mobile solution that just needs a simple SMS to work
W
hile India is a leading manufacturer and exporter of high-quality generic drugs, it is also marking its name in a category in which it does not want to be named. According to a report released by the Organization for Economic Cooperation and Development (OECD), 75 percent of fake drugs supplied across the world have origins in India. In 2008, industry body, ASSOCHAM, raised an alarm when it pointed out that the sale of fake drugs was growing exponentially at a rate of 20 to 25 percent. While the numbers vary from survey to survey, even a small percentage of fake drugs can lead to adverse consequences for both patients and the original drug manufacturers. Till date, efforts to detect counterfeit drugs have failed to yield required results. Firstly, there are too many vulnerable points in the pharmaceutical supply chain from
38
informationweek january 2012
HP
By Srikanth RP
uses mobility to fight fraud
printing, packaging, transportation to the final point of exchange with the end consumer. This fragmented nature of the distribution system makes it extremely difficult for any company to track the source from where fake drugs enter the system. Secondly, existing technologies such as holograms have failed to act as an effective deterrent. “Experts can crack a hologram in just 15 minutes time. Secondly, it is extremely difficult for an average customer to know if a hologram is fake or genuine,” points out A Appadurai, Country Manager, Indigo and Inkjet Solutions, HP India. Other technologies have proved to be expensive and difficult to rollout and monitor.
Cloud-based track and trace solution
To address this challenge, HP has launched a solution called the Global Authentication service — a low-cost
cloud-based track-and-trace solution based on technology that has been used to fight the global problem of counterfeit and stolen drugs. The service allows pharmaceutical companies to monitor the movement of products through their global supply chains with a much higher degree of accuracy. Working in conjunction with HP’s global printing partners, the service helps recognize a fake medicine by printing a unique 12-digit code (generated by HP and approved by the pharmaceutical company) under a scratch-off sticker on the drug carton, which can be SMSed to a designated number to approve its authenticity. The cloud-based infrastructure allows the solution to not only scale, but also equips with it the ability to quickly do authentications. Whenever someone sends an SMS, it is checked against a global database of authentic codes. An African non-profit social
www.informationweek.in
“In the auto sector, 40 percent of spare parts are counterfeited. This solution can help auto companies control fraud”
A Appadurai
Country Manager, Indigo and Inkjet Solutions, HP India
enterprise, mPedigree, has adopted and deployed the solution in Nigeria and Ghana. The biggest advantage of this solution is that the service is designed to be accessed from a basic mobile phone, which is now prevalent even in regions with limited technology resources. The service’s underlying technology engine was originally developed by HP Labs — the company’s central research arm — and the HP Software Platform Services Cloud Services Innovation team to monitor goods (toners, printer accessories) in HP’s supply chain. After its success, it was later adapted for use in product recalls in the pharmaceutical industry.
Curing fraud
The launch of this service assumes significance when you look at the size of the Indian pharmaceutical industry. As of 2009, India’s pharmaceuticals industry was estimated at USD 21.04 billion. As this industry grows, so does the associated risk of a counterfeit
market. Industry players too realize the importance of curbing fraud, and are talking to HP for implementing this solution. “Drug counterfeiting is one of the biggest challenges faced by the pharmaceutical industry and it poses a grave concern to human life. We were looking for effective anticounterfeiting measures and HP’s Global Authentication Solution is promising and can help in combating drug counterfeit in the long run,” says Vikas Tyagi, Senior Manager - International Marketing, Themis Medicare. In India, HP has signed up six customers who are already using this solution. Besides Thermis Medicare, HP has also signed Kama Group as its customer. As the service can also be deployed in other industry sectors, HP is now looking at sectors that too face heavy losses due to fraud. This includes sectors such as the publishing industry and automobile industry. “In the automobile sector, it is estimated that approximately 40 percent of spare parts are counterfeited. By controlling fraud using this solution, automobile companies can boost their bottomline,” explains Appadurai. The potential of this technology is huge as it requires just the ubiquitous mobile phone in the hands of a consumer. By giving consumers the power to authenticate products through a single SMS, HP has simplified and improved the effectiveness of weeding out counterfeits by a significant percentage. u Srikanth RP srikanth.rp@ubm.com
january 2012 i n f o r m at i o n w e e k 39
Feature
Why Standard Chartered Bank embraced the iPhone The bank has provided 12,000 iPhones to employees across 70 countries and has developed a range of custom-built apps to streamline internal processes By Vinita Gupta
A
s employees continue to become more mobile in their personal lives, and as work and home spheres continue to intersect and even overlap, it’s only natural that employees try to fit their office into their pockets, briefcases or handbags — as they already do with their social and personal lives. This has created a real need for mobile devices to extend beyond providing just telephony and e-mail capabilities and become an extension of the desktop. The scenario is no different at Standard Chartered Bank, where the adoption of enterprise mobility is increasingly on the rise due to many of its employees working from outside the office. “Our increasing usage of, and dependence on smartphones allows our employees to utilize a wide array of applications anywhere and at anytime,” informs Matthew Norris, CIO, Standard Chartered Bank - India. In 2010, the Standard Chartered Bank chose to move to the iOS platform. Policymakers at the bank believe the iPhone and iPad provide the perfect platform to expand the bank’s mobile services, both internally and also to its tech-savvy customers. The bank has already provided 12,000 iPhones to
employees across 70 countries, replacing some 8,000 Blackberry devices. The bank’s decision to move to iPhone was partly driven by the large number of iPhone apps aimed at business users on the Apple App Store, such as apps for tracking and planning plane journeys etc. “We chose to go with iPhone not because the iPhone is trendy right now. Our decision was based on an honest assessment of the functionality and security we required, coupled with the ability and commitment to make bespoke apps to help financial consultants work better,” asserts Todd Schofield, Global Head of Enterprise Mobility at Standard Chartered Bank.
Custom-built apps
The internal app store, aptly named the Standard Chartered App Centre, offers a range of custom-built apps to the staff. These apps allow employees to streamline internal processes, securely transmit financial data, improve communication between customers and banking staff, and tap into back-end systems such as PeopleSoft and SharePoint, for the management of approvals, as well as collaboration.
The bank now has 12 proprietary apps on the internal Standard Chartered App Centre, and has plans to grow the apps portfolio. Standard Chartered Bank claims to be one of only two organizations in the world to have been given an App Store licence by Apple. Some of the internal apps used by the bank include TradePort app, which enables trade finance relationship managers to securely perform or monitor trades on-the-go; Funds Selector app, which enables private banking relationship managers to access quantitative and qualitative reviews to understand financial products; and Branch Cam app, which tracks customers’ waiting time, service levels and consistency throughout the day. The bank has also piloted iNeeds app, a custom iPad app, in Hong Kong. Using this app, relationship managers in the bank’s branches can create client profiles and explain the benefits of products such as savings accounts or mortgages via direct, one-onone interactions. “We are starting to introduce our custom-designed iNeeds for iPad portal to enable our branch staff to better service our customers — with Hong Kong being our first business to go live. We are also empowering our staff with more tools through a dedicated Standard Chartered App Centre,” says Norris. The shift to enterprise mobility is an important part of Standard Chartered Bank’s strategy as it improves productivity and enables better worklife balance for the staff. u Vinita Gupta vinita.gupta@ubm.com
40
informationweek january 2012
www.informationweek.in
Feature
S
With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device By Robert Lemos
42
informationweek january 2012
martphones, tablets, and other mobile devices are forcing enterprise IT managers to re-evaluate how they secure technology. With workers more likely to use a personal device for work, companies are less likely to be able to specifically configure the mobile devices that have access to the corporate network. Add to that the fact the software ecosystem surrounding mobile devices is, to a large degree and depending on platform, closed. Less access means attackers have a harder time hacking the devices, but that also means third-party firms are harder pressed to provide solutions to the problems mobile devices do have. For those reasons, the recommendations are that rather than focus on securing each device, IT groups should look to educate users, set good security policies, secure access, and help manage the devices, says John Engels, Principal Product Management for Symantec’s Enterprise Mobility Group. “We are trying to surround the devices with security and protect and control what goes into the device and what comes out of it,” Engels says. A key component to the approach is mobile device management (MDM), which initially took off as a way to keep track of all the costs associated with a company’s gaggle of cell phones, but increasingly has a security role as well. The four major threats to mobile devices are device theft (or forgetful employees), wireless network sniffing of communications, malicious software, and the infrequent direct attack. Of those four major threats, however, MDM mainly solves only one: lost and stolen devices, says Dan Hoffman, Chief Mobile Security Analyst, Juniper Networks. “When you look at mobile device management, it does nothing for malware, nothing for a direct attack, and nothing for data communication interception,” Hoffman says. For that reason, companies have to look beyond just adopting MDM solutions, he says. Here are four
www.informationweek.in
recommendations:
Know the threats
As any carny knows, the easiest mark is one who is not paying attention. Employees who do not understand the possible mobile attacks make far easier victims than workers educated about the threat. For that reason, education and good security policies are of paramount importance in dealing with consumerowned mobile devices. “Make your employees aware of the security risks: A smart user is more secure than a dumb user,” says Brian Reed, Vice President of Products at mobile-device management firm BoxTone. The education of users around selecting passwords, paired with a good remote wipe policy is a good example. Because the principal threat to smartphones are lost and stolen devices, a key feature of all device management platforms is the ability to remotely wipe a device. With a policy of wiping a device after, say, 10 wrong passwords, a company does not have to attempt to enforce a complex password requirement on users. A mere five- or six-digit password will likely suit the needs of security.
Only use approved app stores
Because of the closed software ecosystems of many mobile devices — notably Apple, Microsoft, and RIM’s BlackBerry — a significant amount of security relies on making sure that workers do not download apps from non-official sources. Take a look at malware incidents to date: Almost every piece of malicious software that has infected a real phone has been a Trojan horse. DroidDream, the most successful malicious app, infected a quartermillion Android phones in March by posing as real applications. While Apple, Google, and Microsoft have their official application marketplaces, other companies, such as Amazon, are
providing alternatives. In addition, companies such as Apperian have software to allow enterprises to set up their own app stores.
Check the bills
In his 1989 book, The Cuckoo’s Egg, Cliff Stoll launched an investigation into his network’s security because of a 75-cent accounting error. While corporate spies intent on stealing data will never run up a large phone bill, cybercriminals are focused on profit. One current way to leech cash from a phone: billing the victim using premium numbers or premium SMSes. Criminals who keep such charges small could escape notice if the company is footing the bill for the devices. If an employee downloaded any of the applications, such as a tic-tactoe game, then carrying the rogue GGTracker app, a USD 10 charge, would show up on the bill. “These apps try to hide the charges, but it will always show up on the bill,” says Kevin Mahaffey, Chief Technology Officer of mobile security firm Lookout.
Antivirus, still a question mark
What might not be necessary? Antivirus. Because of mobile devices’ own limitations on applications, security vendors cannot take over low-level control of a smartphone in the same way they can with personal computers. For that reason, security companies have focused on finding ways to manage security from the outside and create mobile applications that manage the configuration of the device for the user. “A lot of security for devices will boil down to managing the settings on the device and linking into security of the environment,” says Symantec’s Engels.
Rather than focus on securing each device, IT groups should look to educate users, set good security policies, secure access, and help manage the devices
Source: Dark Reading
u Robert Lemos is Contributing Editor, Dark Reading
january 2012 i n f o r m at i o n w e e k 43
Feature
5
smartphone location tracking myths, busted
Apple, Google, and Microsoft are taking renewed heat over smartphone location tracking, but the topic is fraught with misunderstanding By Robert Strohmeyer
44
informationweek january 2012
www.informationweek.in
i
Phone users in South Korea have filed a lawsuit against Apple over the company’s locationtracking practices. This is the latest of several lawsuits filed against smartphone makers in recent months over the issue of location tracking. Microsoft and Google have also come under fire for their handling of users’ location data. While mobile users are understandably worried about the security of their personal location data, not all fears are equally warranted. Here are five things every user should know about their smartphone’s location tracking.
1
You can turn it off
Many users complain that their smartphones are tracking their location without their knowledge or consent. This is generally a myth, given that both iOS and Android prompt users repeatedly about allowing the device to use their location data. By default, iOS has geolocation enabled, whereas Android typically requires the user to turn it on. But both platforms allow users to turn off location services entirely. Android gives users more granular control over which type of location tracking to enable, which has saved the company from some legal woes on this front. Users who worry about the security of their location data can solve the problem on their own phone by turning off location services, provided they’re
willing to give up the benefits of location-aware apps.
2
Nobody’s eyeing your movements
There’s something infectious about the paranoia that a large company might be watching your movements from day-to-day, but it’s a decidedly implausible idea. In reality, out of the millions of smartphone users whose data makes its way onto Apple and Google servers, spotting you in the data stream and tracking your movements specifically would serve little practical purpose for these companies. In Apple’s case, it turns out the phone is just storing the locations of cell towers and hotspots. That’s not to say that location data can’t be associated with your profiles with either company. Certainly Google has enough information about you to customize search results and advertising, and there’s no reason the company couldn’t use your location history in this way. But Google has strongly denied doing this via Android’s built-in location services, stating that even the unique identifier sent to Google’s servers is not associated with a particular device. Apple, meanwhile, claims to use customer location data only for the purpose of maintaining its database of Wi-Fi hotspots and cell towers.
3
It’s often unencrypted
While Apple and Google state clearly that they’re not digging into your personal location data, both companies have been scolded by international authorities for failing to encrypt location data on the device. The threat here is that anyone who gets their hands on your lost or stolen phone could potentially discover your location history and use it for nefarious ends. However, because the location data
doesn’t pinpoint your actual location with much accuracy, you’d be in more danger from other data you’ve entered into the device manually (such as your address and phone number in the address book) than from the contents of your location history.
4
Not all of the location data is yours
Some bloggers have added to the paranoia about smartphone location tracking by stoking fears about the amount of data stored on iOS devices. While it’s true that the iOS location cache can contain up to a year of past data, Apple has pointed out that not all of the stored data is actually that of the handset’s owner. Instead, the device downloads a subset of Apple’s larger location database to help speed up location tracking. Apple acknowledges that the excessive amount of data stored on the device is the result of a bug, and plans to fix that issue in a future update.
5
“Anonymous” doesn’t always mean anonymous
Google attaches a unique identifier to the location data it sends from an Android phone to its servers, and that number is not directly linked to the user’s identity. So in principle, the company is anonymizing user data. However, if someone really wants to find a needle in that haystack of data, they very likely can. “Deanonymizing” techniques are becoming increasingly sophisticated, and the more personal data you release into the cloud, the easier it is to spot you in the data stream. So if location security is of prime importance to your business, your users, or your sense of personal privacy, opting entirely out may be your best bet.
Source: InformationWeek USA
u Robert Strohmeyer
robert@strohmeyer.orgubm.com
january 2012 i n f o r m at i o n w e e k 45
Feature
Mobile security’s future: 4 expert predictions Security pros weigh in on major trends that will change the way enterprises handle mobile threats, such as separate personal and work spaces on devices and faster patching By Rob Lemos
D
espite gloomy predictions, the amount of malicious software affecting mobile devices today is miniscule, primarily because mobile app stores act as a first line of defense against the pernicious programs. Also, criminals have not seen massive potential for profit on the devices — yet. However, the historical lack of malware looks ready to change, which means that users will not be able to solely rely on app stores to protect them. Here are four predictions for the future of mobile security.
1. More Alluring Means More Threats Charlie Miller, Principal Consultant at Accuvant, says certain characteristics of smartphones have dissuaded criminals from focusing on attacking the devices. They include the fact that smartphones have not historically accounted for a large share of the mobile market, and the data on the phones has never been that valuable. Each of those points is now changing, and that means that workers and consumers can expect their phones to be targeted, he says. “As more people put sensitive data on their phones or use their phones to do sensitive things, like banking or shopping online, then slowly the malware authors and cybercrminal-type guys are going to go after the devices,” says Miller. The code review carried out by Apple eliminates many threats to that company’s iPhones and iPads. Even in the absence of code review, Google’s Android Marketplace, the opensource equivalent to Apple’s closed-source
46
informationweek january 2012
store, can quickly remove any malicious apps and remotely delete them from users’ devices. Yet, mobile-device users should not merely rely on the software ecosystem to keep malware off their phones, Miller adds.
2. Work Separates From Play
William Enck, an Assistant Professor at North Carolina State University, says another major change in the way people interact with their phones will be the introduction of ways to separate work applications and data from a person’s personal data and programs. While some consumers will only want one instance of some programs, such as the address book, other programs have specific business functions. Virtual private networking software, data viewers and visualizers that handle corporate data, and collaboration software could all be run in a separate virtual instance on the device to protect the applications and data from unauthorized use, he says. RIM’s Balance for the BlackBerry separates the personal and work aspects of a phone. VMware has teamed up with LG to sell a smartphone with two virtual instances on it — one for business use and another for personal use.
Tim
3. Patching Becomes Quicker
Vidas, an Android Researcher at Carnegie Mellon University, notes that the chain of software suppliers for most smartphones is a long list. Once a vulnerability is spotted, it has to get fixed by the developer, added to the latest Android operating system by Google,
recompiled into the manufacturer’s version of the firmware, and checked by the carrier. In all, it can take months, if not years, for a security patch to reach the user’s phone. Google has not commented on its plans to speed patching, except that it is working with handset makers and carriers on the issues. Apple is moving to over-the-air updates in iOS 5, which will increase the likelihood that a patch will actually be installed on a user’s phone. Until then, mobile device management companies will have to find ways to protect the phone even if a patch is not available.
4. Location Tracking Does More
While location-based services have become common for mapping applications and some advertising services, they also may start becoming a way to automate security. Some mobiledevice management and wirelesssecurity applications can change which applications can use the Internet based on whether an employee is in the office or at home. Stock brokers on the trading floor, for example, would not be able to use social-networking applications. “We want them to have full functionality when they are in their home or in the parking lot, but when they are in the company, we don’t want any third party that has a footprint on the device to listen in,” says Tom Kellerman, CTO of wireless security firm AirPatrol. “We can triangulate the specific location of a device and push that information to be acted on by various other services and software.” Paired with the increasing ability of mobile devices to segment work and personal data, these applications could prove even more helpful to enterprises. Source: InformationWeek USA
www.informationweek.in
Opinion
Mobile device management: What’s still missing?
A
Craig Mathias
MDM can help extend IT management all the way to the new edge of the enterprise network. But it’s only one part of the solution really needed to maximize enterprise mobility
http://www.on the web Mobile Device Management On The Edge Read article at: http://bit.ly/vSySFa
ny discussion on this clearly vital topic in enterprise IT, Mobile Device Management (MDM), is incomplete without a little more context. MDM most certainly is not dead, but it is ill-defined, amorphous, and incomplete with respect to the totality of a solution required by a successful mobile enterprise today. What’s missing? Well, as I noted, MDM itself is whatever a given vendor in the field is shipping these days. Device wipe? Sure, but in a world of personal liability (a/k/a BYOD), it sure would be nice to avoid deleting those pictures of the kids and someone’s music collection in the process. And while we can argue that security is an obvious goal here, without real end-toend tracking of sensitive data, what’s to prevent someone from simply making a backup copy onto an insecure device? And what about implementation strategy? Is mobile device management something one operates in one’s data center, a service one buys from a carrier or operator, a service provided by a third-party on a device/networkindependent basis, or perhaps an opensystems mix-and-match solution based on standards that — oh, wait, we really don’t have standards here yet. It gets worse — let’s consider the other pieces required for something resembling a complete enterprise mobility solution: Policy: First, you do have a Mobility Policy in place, right? What networks are allowed? What apps can be used (or not, as in blacklist)? Is BYOD allowed? And, of course, all of this must be in concert with an enterprise’s overall Security Policy. And you do have one of those, right? Expense: It doesn’t matter if you supply handsets (corporate liability) or, as is increasingly the case, embrace BYOD, some tracking of how money is being spent on network access is vital. It’s important that this be as close to
real-time as possible in order to spot negative trends before they become a big hit to the bottom line. And policy enforcement via software would also be nice--there’s no point in racking up cellular minutes when, for example, a lower-cost Wi-Fi option is available. Applications: I’m still not convinced that commercial apps of any form have much of a place in enterprise mobility. There’s too much risk for malware, increased support costs, and simple distractions at work here. And I believe that the future of enterprise mobility is in web and cloud services, not apps that are platform-specific and expensive to develop and maintain. But if you’re going to allow apps, some form of management here is also vital. And that’s just for starters. I’ve proposed the term Mobile Operations Management (MOM) as the all-inclusive catch-phrase for describing all of the elements required for a successful enterprise mobility implementation-successful being defined as secure, cost-effective, appropriate, visible, enabling, and manageable. But no matter what we call all of this, enterprises everywhere need to think about strategy, and not just assume that an MDM solution is all that’s required. Management is going to remain one of the key themes in mobility for 2012, and certainly for some time after that. With the edge of the enterprise network now anywhere an authorized mobile user and device might be, the opportunities for trouble are greater than they’ve ever been. But so are the opportunities for reward, and thus, despite the challenges, enterprise mobility management, whatever it might turn out to be, must remain on the front burner at IT shops, both large and small, everywhere. u Craig Mathias is a Principal with
Farpoint Group. He is an expert on wireless communications and mobile computing technologies.
january 2012 i n f o r m at i o n w e e k 47
Opinion
4 T
Michael A Davis
Analyzing how mobility could lead to data loss feels like taking a shot in the dark at a moving target, with a blindfold on. But there are ways to quantify the threat
http://www.on the web IT leaders in India believe mobile devices pose a serious risk to enterprises Read article at: http://bit.ly/oXgXHt
48
informationweek january 2012
steps to assess mobile security risk
he standard way to address risk — whether malicious mobile apps or how wireless stores can steal your data — is to start with an assessment. We’ve discussed getting rational about risk, but this is a new challenge: How do you perform a risk assessment on a technology that changes weekly and that you might not even own? Many companies, including just recently VMware, are going to a BYOD model, which adds a whole new wrinkle. For this column, I’m focusing on data security, not the myriad other risks presented by mobile devices, such as eavesdropping, availability and reliability of coverage, even the use of these devices for corporate disaster recovery — these also are all worth thinking about. The first issue: We don’t have cold, hard data on how to best reduce risk, because mobile security as a discipline hasn’t been around long enough to prove how effective, or ineffective, any given control is. The answer, for now, is to look inward. Focus on the effectiveness of the control in your environment and the likelihood that your users will comply. Be prepared to ask a lot of questions and test your theories before assigning a risk to a specific threat or scenario. I recommend you split up your mobile security risk assessment into four categories: sensitive data access, device risk, management risk, and awareness. For each area, develop interview questions to draw out employee feedback. Mix up the questions. Go beyond simple yes/no, and include open-ended and likelihood formats — for example, “On a scale of 1 to 5, with 1 being never and 5 being very frequently, how often do you let your child download apps?” One technique I use is the “11 questions” exercise. When you’re
meeting with people, have them provide a list of 11 or more questions they would ask if they were in your chair. This gets difficult after the first five or six, but you would be amazed at how often you’ll uncover risks you didn’t suspect existed. Document them, and use that info to guide the rest of your risk assessment interview process.
1
Sensitive Data Access
The top-level concern about mobile devices is that they can access sensitive data and potentially cause a breach or leak of this data to the public. But can they really? For example, a company we performed a risk assessment for, didn’t even know what it considered sensitive data. Once we identified that (it was the financials), we were able to point out that the accounting software the company used ran only on Windows, wasn’t reachable via mobile devices, and just six of 400 employees even had access rights. The real risk was reports containing financial data being generated and e-mailed around. To document which sensitive information a mobile device has access to, start by building data flows based on data classifications, and document who touches what and when. Here’s a 10-step process for classifying data. In larger organizations, check for documented business workflows that you can review. For each spot where sensitive data “changes hands” (either via a human or a system), interview the folks involved to discuss if and how that data could land on mobile devices. Our experience shows that most mobile devices don’t have direct access to sensitive data. Rather, they have peripheral access, and existing security systems, such as data loss prevention, identity management, and access control, can usually address those sources.
www.informationweek.in
2
Device Risk
Device risk is where most of the media spreads FUD: 200 percent increases in mobile malware! Less than 50 percent of mobile device users employ passcodes! While scary stats are fun to talk about and easy to sensationalize, evaluating risk is not nearly that simple. Each mobile device operating system has unique vulnerabilities and offsetting controls. When looking at device risk, I recommend you spend less time worrying about viruses and Trojans and more time worrying about how you’ll encrypt the sensitive data we talked about, guard against theft of the device, educate the help desk, and extend the reach of your mobile security technologies. When we analyze the coverage of most mobile device management suite deployments, for example, clients are surprised to see that there are devices that bypass their MDM software and go directly to ActiveSync, use legacy IMAP or POP3, or have VPN access into the network and users don’t even realize their devices are connected. You can’t foresee the next threat coming down the pike, so focus your efforts on making sure you have as many capabilities as possible to secure as many mobile device types and platforms as possible.
3
Management Risk
Mobile security is difficult because of the thousands of devices being traded in, lost, stolen, and updated with new apps and firmware every day. You’re always going to struggle to keep up with the velocity of change, so make sure you have a process to quickly analyze the risk any given mobile threat presents to your data, and to evaluate new operating systems and devices. Do you have a person or team responsible for monitoring the latest malware notifications or evaluating popular new platforms for vulnerabilities? The recent discussion of the security implications of the Kindle Fire is a great example. The day the Kindle Fire was released, it began accessing corporate e-mail and Wi-Fi networks. How would you handle 20 percent of your company’s workforce
logging on using a new, unknown mobile device with an untested version of Android? Also, as we mentioned before, mobile devices are traded in, damaged, and stolen — a lot. Do you have a policy to make sure they’re wiped first? Analyze the processes you’ll use to deal with malware alerts and end-user problems. How likely is it that you can consistently execute these processes? Be honest — are resources allocated properly? Do you have enforcement mechanisms for mobile security policies?
4
Awareness
The first and last line of defense for mobile devices is the user. Users are running at admin level and have the ability to install and delete apps, re-configure settings, back up data or not. How well are you informing them about risks? A handout as they go through new-hire training isn’t enough. They need to know exactly what to do when they see something suspicious going on with their mobile devices. Comprehensive mobile security awareness training is very effective at reducing risk. I believe it is one of the strongest security controls you can invest in outside of MDM technology, but many companies I work with aren’t prepared to talk with employees about these risks in an ongoing way. Mobile security risk assessments provide great insights into where the organization is likely not to succeed when implementing mobile security and addressing the risks head-on while working with your mobile security council to determine what controls will most effectively reduce risk. Once you have some idea of how you want to go about reducing your risks, don’t be afraid to perform some trial and error. Getting the right mix of risk reduction and good mobile experience is vital to the success of a mobile security program.
The day the Kindle Fire was released, it began accessing corporate e-mail and Wi-Fi networks. How would you handle 20 percent of your company’s workforce logging on using a new, unknown mobile device with an untested version of Android?
u Michael A. Davis is the CEO of
Savid Technologies, a technology and security consulting firm based in Chicago
january 2012 i n f o r m at i o n w e e k 49
Opinion
7 P
Michael Finneran
When employees use their own devices at work, problems can result. Here are seven ways to cope
http://www.on the web BYOD Strategy Should Start With Data-Centric Security Read article at: http://bit.ly/sTTZ2D
50
informationweek january 2012
ways to survive the BYOD revolution
icture this: Your company’s new CMO just called. She wants to use her iPhone to get her corporate e-mail — could you send someone up to help configure it? And by the way, her assistant has an Android phone, and he needs e-mail access, too. The two smartphone platforms have different malware profiles, both make use of open Wi-Fi hotspots, and both will store sensitive product data. But a flat-out “no” won’t go over well, and just granting access with no controls could lead to disaster. Brace yourself as smartphones continue their march from high-end perk to wildly successful consumer product, and tablets take a similar path. InformationWeek 2011 End User Device Management Survey found companies warming to consumercentric technologies, including employee-owned devices. But before you incorporate mobility into your line-of-business apps, you need a policy that covers the bring-your-own-device (BYOD) option. Here are seven questions you must answer: 1. Who gets what? Probably not everyone gets a company-provided device. This decision should be based on roles and spelled out clearly. The policy should specify what device and service plan are authorized for each job title and who has the authority to overrule the policy. 2. Who pays? Specify if BYOD is allowed, and if so, what the reimbursement policy is. If it’s a corporate-paid phone, are personal voice and data use allowed, and how much? If employees are reimbursed, setting the rate too low can cause disgruntlement. 3. Which ecosystem? Not all mobile operating systems are created equal, and their capabilities improve on an erratic schedule. For example, BlackBerry is still the standard for mobile security, while the Android 2.x releases and Windows Phone 7
don’t support on-board encryption, creating a security threat if a device is lost or stolen. Evolving environments mean IT should specify both the operating systems and version levels allowed, and define a procedure for testing and certifying new devices, platforms, and releases. 4. How will you provide support? This is where mobile device management systems such as those from AirWatch, MobileIron, and Zenprise come in. MDM capabilities vary, but you’ll generally find policy enforcement and remote wipe and lock standard. Many systems also feature internal app stores and troubleshooting tools. Most require a client be installed on the mobile device, so you need to define procedures to install the client and activate the user. You’ll also need to determine how to get the client off the device when the user leaves the company. 5. Who controls phone numbers? Consider whether you need to retain the mobile phone numbers of employees in customer-facing roles when they leave. The easiest approach is to issue corporate-provided phones. Another option is to use a PBX client so business calls go through the PBX. 6. How about non-compliance? Users are the weak link in any security plan, so identify how they’ll be trained in mobile device use, how IT will let them know what isn’t acceptable, their role in securing company data and minimizing liability, and the consequences for not complying. Employees should sign a document acknowledging they know the rules; that should be repeated with each policy update. 7. When will you revisit policies? Spell out how often you intend to re-evaluate your mobility policy — we recommend one year as the maximum. u Michael Finneran is a Principal with
Farpoint Group, a wireless and mobile advisory firm based in Ashland, MA.
www.informationweek.in
Interview
‘Provisioning apps on devices without manual intervention is a challenge’ What is the trend that you have observed in India with respect to enterprise mobility? With the increasing accessibility and affordability of mobile devices such as smartphones, laptops, tablets, etc; bringing technology to the workplace is an upcoming trend in the near future. This is in line with the global trends of Consumerization of IT and Bring Your Own Device (BYOD). Sectors such as BFSI, manufacturing, retail, hospitality and healthcare have been early adopters of enterprise mobility solutions, which look at the technology as an enabler to add scale and improve customer experience. That said, most of the other sectors are increasingly looking at mobility solutions to increase employee productivity, improve customer reach, and reduce communication and operational costs. Riding on this trend, we see a huge demand for companies to internally deploy CRM and ERP applications that can be accessed through mobile devices. However, the biggest challenge right now is that although there is a huge demand, most companies are not entirely geared up for this level of mobile facilitation. Though Internet access through a smartphone is easy, most applications have been created for a personal computer and require high bandwidth and low latency to operate to their best capability. The user experience and effectiveness is currently lacking on a mobile interface. With mobile devices like smartphones, notebooks and tablets flooding the workspace, according to you, what would be the fresh challenges that an
52
informationweek january 2012
enterprise’s IT team would have to face? With the increased growth and popularity of mobile devices, come challenges like increased risk of security and managing the life cycle of mobile applications and devices, right from procurement to decommissioning stages. The majority of the data handled by employees is confidential and always faces the risk of falling into the wrong hands. The small size of devices and the portability factor increases the risk of data leakage. An IT team’s fundamental strategy to counteract any threat is through a risk and policy driven approach. There are a number of processes and technology interlocks by which data theft or leakage by an employee can be curtailed. Taking a written undertaking, conducting special induction programs on social engineering and formulating strong processes and policies are some of the steps that bind employees to not leak any confidential data. Mobile phones that are procured by employees themselves are often configured to access company e-mails, even without the knowledge of the IT department. Further, most mobile devices can be connected to the company’s Wi-Fi network, which can become a Wi-Fi hotspot and can be used to bypass the company’s firewall/ Internet access policies. Enforcing data encryption, backup, storage policies on individual devices is an ever-increasing issue that needs to be addressed. Identifying the right business processes to be mobile-enabled, assigning the right priorities for various demands made by the employees and being able to build these applications in an agile manner requires a completely different
The popularity of enterprise mobility is on the rise and companies across verticals are looking at mobility solutions to optimize customer reach and reduce costs. Anil Bajpai, SVP and Head, Research and Innovation, iGATE Patni discusses trends in India and the challenges it is going to throw to the IT department www.informationweek.in
mindset from the IT department. Due to the experience of consumer application stores like the Apple App Store or the Android Market Place, employees expect that apps will be made available for various business processes in fairly quick time, which can be quite unrealistic. Another challenge is that the IT department has to provision applications on employees’ devices without any manual intervention from the IT department. Subsequently, when application updates need to be pushed to employees’ devices or if there is a requirement for providing ongoing support, additional staff needs to be brought on board to sustain these activities. Further, from a security standpoint, if these devices are lost, there is a need to be able to “kill” the applications. With respect to BYOD, it would be unrealistic to expect the IT department to create applications catering to each of the different types of devices that are brought to the workplace by employees.
Have Indian enterprises started framing their mobility management policies? What are the key considerations that need to be taken into account while defining the need for mobile enablement and prioritizing business processes to mobile enable them? Most Indian enterprises are waking up to the reality that enterprise mobility management policies need to be formulated and put in place. At a strategic level, the enterprises need to define the business drivers and need for mobile-enabled applications; formulate governance and management policies; select the right technology ecosystem of devices, operating systems, applications, application development platforms, etc; and quantify ROI from mobileenabled applications. To ensure a sustainable mobile strategy for long-term, enterprises should evaluate how many employees would benefit from such information and the state of readiness of the IT
a mobile enablement project. How would the IT team of an enterprise, tackle the challenge of centrally managing different kinds of mobile devices? Enterprises need to deploy different technologies for mobile device management. For instance, smartphone mobile devices should be allowed to connect to corporate networks only after authorization and authentication. These devices will be controlled centrally by the telecom administration team. Adequate steps need to be undertaken to ensure that the devices are password protected and any misuse will erase the data. Companies should also have welldefined mobile data/ information/ application lifecycle management, stringent physical security controls for high-risk zones such as data centers, and background verification process for all the employees performing external penetration tests once a year. These should be combined with strong vulnerability management process,
With respect to BYOD, it would be unrealistic to expect the IT department to create apps for different types of devices Hence, a good cross-platform native application development framework has to be identified as a mechanism of delivering applications by building them once and deploying them on multiple devices with disparate OS. However, with the availability of HTML5 as a de facto standard on most smartphone mobile browsers, it would be best to let employees access most of the business applications via a browser. The only downside is that the devices will need to have connectivity to the Internet to access the apps. With bandwidth being cheaper and accessibility increasing from across locations throughout the country, this should be seen as the way forward to reduce the challenge of maintaining a large number of small applications created using a variety of technologies.
infrastructure (hardware/software) to make information accessible to mobile applications. Enterprises also need to consider whether there is a need for enterprise data of a business process to be made available at a remote location. They should evaluate whether the mobile devices typically carried by the workforce are capable of making the data available in a form that is actionable by the field force personnel. Another question that needs to be answered is whether the mobile application should be built natively for a specific operating system, like Android/ BlackBerry or should it be available natively across all mobile device operating systems. Finally, the enterprises need to consider questions like selecting the right kind of technology ecosystem and calculating the possible ROI before embarking on
back up procedures, good security awareness programs for users, and strong policies on handling mobile devices and information stored on these devices through a risk assessment process. Also, technologies such as intrusion prevention systems, intrusion detection systems, logcorrelation, antivirus, encryption, spam control gateways, web URL gateways, Internet access through proxy and DDOS prevention from ISPs should be implemented through the model of defense-in-depth. Enterprises need to implement indepth training sessions on application security, information security and secure coding practices to ensure robust security management. u Amrita Premrajan
amrita.premrajan@ubm.com
january 2012 i n f o r m at i o n w e e k 53
Case Study
SevenHills Health City signals new era in patient care with paperless hospital By eliminating the need for paper records, the hospital has given its doctors the ability to access information related to scans or X-rays from anywhere By Srikanth RP
A
paperless hospital is an ideal goal for all hospitals as it reduces operational costs while improving patient care. A dream for most hospitals, SevenHills Health city has signaled a new era in patient care by becoming possibly the first hospital in India to go totally paperless. This has been made possible due to an indigenously developed healthcare solution called SevenHills e-Healthcare Suite. The software solution handles functions related to operations, clinical, inventory, collection management and workforce management. By making its operations paperless, Seven Hills Hospital has reduced human errors to a large extent, besides making patient data accessible to required doctors and nursing staff anywhere and anytime, for better and immediate patient care. Today, when patients visit the hospital, they are directed to a medical officer who collects all the relevant information of the patient, and provides him or her with a Unique Health Identification Number (UHID). This UHID provides the complete details of the patient’s medical history at any point of time and also during their subsequent visits. Speaking about the benefits of an integrated healthcare solution, Suresh Kumar, CIO, SevenHills e-Health, says, “The software solution allows better patient care because the hospital and the doctors can analyze data better, which in turn leads to quick and accurate analysis.” The software solution provides doctors with an integrated and comprehensive view of a patient’s medical history in a realtime environment. With immediate access to patient history and evidence-
54
informationweek january 2012
Suresh Kumar, CIO, SevenHills e-Health
based clinical practice guidelines, the doctors are better equipped to make decisions. Additionally, alerts and reminders generated by the software solution for medications have helped in improving the quality of services provided to patients.
As a result of the UHID, the hospital has been able to streamline the entire workflow from the time a patient arrives in the hospital to the time he leaves. Doctors can access patient’s data from their smartphones or laptops. They can even change the medication and
www.informationweek.in
monitor if the drugs prescribed have been given at relevant time periods.
Improving workflow
When patients visit SevenHills Hospital, they are directed to a medical officer who collects all the necessary information of the patient, like past medical history, treatment etc. He is then provided with a unique health identification number (UHID), a number for lifetime, using which all the records of the patient can be retrieved. When a doctor wants to prescribe, the system shows him a list of drugs that are suggested for a particular disease. If a particular drug or medication is out of stock, it suggests alternative solutions. Once the doctor prescribes a medicine, an alert is sent to the pharmacy department. The department then sends the medicine to the designated ward through a pneumatic tube system, by punching in the floor number, ward and the UHID number. The medicine is billed in the patient’s name once a nurse accepts the medicine. As the healthcare solution supports voice recognition technologies, it has enabled doctors to quickly document their observations. “Most of our doctors are not comfortable using keyboards for documentation. By giving them the capability to just speak their observations, we have increased physician satisfaction,” says Kumar. The software converts speech into text, giving doctors the capability to document their observations in a faster way. This has helped in saving costs related to transcription costs. In the in-patient department, patient histories, physicals, consultations, procedure
notes and discharge summaries are often dictated and transcribed. Today, with the use of the software solution, doctors can directly do their documentation in real-time.
Paperless way powers efficiency
The software solution has improved efficiencies across departments. For example, the cost to purchase, store and distribute printed forms is expensive. As the solution has automated several functions, there is no need for paper. “Overall savings on the medical record staff, stationery and space needed for paper storage is around ` 3 lakh per month. By enabling electronic documentation, many paper forms are eliminated, and we have been able to show immediate cost savings,” states Kumar. The hospital has also seen an increase in efficiencies in the billing processes and among the staff members who can now review, analyze and code charts instead of relying on the previous way of analyzing charts manually. Today, the nursing staff has more time for direct patient care as the staff is no longer required to create and fill documents manually. “It is seen that usually a minimum stay of an in-patient in a hospital is for six days. However the process improvements enabled by the software solution has impacted the average length of stay (ALOS), a key indicator of efficiency and a major driver of savings, resulting in an average time of 4.5 days for a patient’s stay at the hospital,” explains Kumar. The software solution has also improved safeguards by reducing the
l
l
l
Encouraging hospitals to go the paperless way
Overall savings on the medical record staff, stationery and space needed for paper storage is around ` 3 lakh per month
In the US, President Barack Obama is pushing for electronic health records, and is hoping to convince all hospitals to go the paperless way by the year 2014. Obama is pushing for electronic health records, as he believes that more efficient systems can not only save billions of dollars, but also reduce preventable medical errors. India too needs a similar resolve. In India, Kumar says there are only five or six hospitals that are going the paperless route — most of this is due to lack of awareness. If SevenHills eHealth does succeed in its goal of implementing the solution in other hospitals in India, it can act as a catalyst to spur other hospital chains into action.
Savings of approximately ` 50,000 to ` 60,000 per month due to the system’s ability to capture automated charges relating to clinical diagnoses
u Srikanth RP srikanth.rp@ubm.com
Paperless impact l
number of medical errors due to poor or inaccurate documentation. Specific errors, including handoff and continuity issues or altered, illegible or missing documentation in diagnosis and treatment are being prevented by using the software solution. Additionally, the software solution has helped in reducing inventory management costs with efficient control. With seamless and complete clinical data capture, the hospital is able to improve missing billable charges including procedures, drugs and consultation charges. The system is producing more granular information for all inpatient cases. The automated charge capture module enables earlier identification of cases that are potentially billable. “Based on internal research, we are able to save approximately ` 50,000 to ` 60,000 per month due to the system’s ability to capture automated charges relating to clinical diagnoses,” explains Kumar. After successfully realizing the benefits of a paperless solution, SevenHills eHealth is now aiming at providing this solution to other hospitals. Depending on the need, Kumar says that the solution can be offered as an onsite or a SaaS-solution.
Doctors can access a patient’s data from their smartphones or laptops Process improvements enabled by the software solution has helped the hospital to cut down the average length of stay for a patient from 6 days to 4.5 days
january 2012 i n f o r m at i o n w e e k 55
Opinion
A resilience perspective on data centers
A
Uma Ramani
Data center being the core of any information technology setup is always in a very dynamic state. Here’s a 12-pointer approach to make the data center last longer without much change in its basic architecture
s a technologist responsible for data center and information security, one can very easily get entangled in a mesh of core technology and never ending operational projects. But a peep from the stratosphere will lead to endless possibilities in the real world scenario. Data center being the core or the heart of any information technology setup, is always in a very dynamic state given the changing nature of technology and the ever growing needs of business. This truly needs a weather coat treatment, which can make it last longer without much change in its basic architecture. How does one do this exercise? Here’s a 12-pointer approach:
Think redundancy
In data centers, the key mantra is redundancy. Build as much and at all levels, one will never live to regret it. But if there is a downtime due to say ATS, you will surely remember that for the reputational damage it can cause. The robustness of the infrastructure should be such that no single component failure should lead to a downtime. Redundancy must be viewed using a bottom-up approach and at component levels. It would be prudent to imagine all possible failure scenarios while doing this.
Plan for a size
http://www.on the web Data centers, DR, and private clouds now ‘ondemand’ Read article at: http://bit.ly/sGvsC6
56
informationweek january 2012
Data centers are quite cost intensive therefore it is better to think of a five to seven year perspective while deciding on one. Some of the basic design requirement considerations should include location of the DC, which floor the DC should be located on, the floor to ceiling height, etc. Before deciding on the state/city, one must look at geographic risks also in terms of seismic zone. In case it is not possible, it is best to have an off-site disaster recovery site, which is in a
different zone than the primary.
Build sufficient electrical redundancy
Electricity or power for running a data center is the most crucial element often overlooked by the CXO. If we do not look at the electrical setup closely, an unforeseen condition may arise, leading to DC downtime. Concurrent maintainability is another key concept that one must build in the electrical setup. This is most important here due to the sheer nature of power, which can lead to even human loss, in case necessary due diligence is not undertaken.
Plan generators and subsystems appropriately
Diesel generators with appropriate capacity and redundancy are a must, given the power condition across the country and the fact that we are not in control of utility power. Normally when one looks at the DG set, one looks at it as a source of redundant supply to the primary source of the electrical transformer. This may not be a correct approach as extended non-availability of the electricity supply can lead to the use of DG set so frequently that it can in itself become a single point of failure. To avoid this, one must build redundancy at the DG set level itself. Besides building redundancy in the DG set, it is also important to give sufficient thought to the fuel subsystem. This is often forgotten and can lead to unexpected downtime due to a single valve or pipeline failure or maintenance issue.
Redundancy at UPS level
UPS ideally should be connected in parallel and 100 percent redundancy must be thought of here also. Some of the thoughts that come up at this stage are that if we are building a DC catering for a five- to seven-
www.informationweek.in
year period, then are we looking at redundant supplies of such capacity that may be only 15-20 percent used today, making the DC quite inefficient both in terms of investments and usage. Modular technology can come to rescue in such cases. Some of the equipment also come with in-built mechanism for lower consumptions. The other strategy is to invest today, especially for more cost intensive items, in lower capacity and to have a backto-back agreement with the vendor to provide higher capacity in exchange of this over a three- to five-year period.
Cooling needs redundancy too
Another critical aspect of data centers is cooling. The heat generated inside the data center is normally quite high and this needs appropriate control to ensure health and upkeep of the data center equipment. Normal mode of cooling for any data center is by use of a PAC. The equipment should have built-in redundancy and one should also look at redundant equipment being in place. To ensure proper usage, both the equipment must be used in rotation. Cooling requirement must also be incorporated in the generator plan.
Cool all areas that need it
Cooling for all critical areas is a must to ensure the health of the equipment and to prevent wear and tear. These areas include the UPS room, BMS room and the network room. The cooling to such areas must also be in redundant mode to ensure that one system failure does not lead to a bigger failure of the critical subsystems.
Networks and devices
Most of the DC devices including servers have redundant power supply, ensuring that the parallel electrical connections are fed into two PDUs in each rack and this in turn gives two feeds to each device. However, if there are some devices that do not have dual power source, it can become a single point of failure of a service for end users. To prevent this, ensure that changeover switches are provided that make sure each device receives dual source.
Energy efficiencies in the data center
Talking about redundancy and then talking about efficiency is quite contradictory; but they coexist in data centers. Efficiency gain is a continual improvement process. What is needed is to ensure that energy consumption is recorded and monitored to see where the efficiency gains can be made. Data center cooling must be critically viewed to see how it can be bettered. Can the temperature be increased without causing harm to the equipment? This is a sure question to be asked to the manufacturer. Normally data centers are kept freezing cold but believe me it is not required.
data center Security
Normal security in DC include twofactor access control, dual doors, VESDA, fire alarms, fire extinguishers, FM 200 or equivalent, rodent control water leak detection systems and motion detection camera surveillance. These are integrated into a BMS and continuously monitored. Redundant power and cooling supplies must be considered for these systems also to ensure that appropriate security is maintained for this critical infrastructure.
Monitoring Is Vital
Any system can be put in place but not monitoring the same is as good as not having it at all. All data center setups require monitoring at pre-defined intervals to ensure early detection of any signals of malfunction.
Do certifications help?
They do, full stop. They provide us with a fantastic platform to get started and keep a track of our way forward. Even if one is not up to the mark, the thought of knowing where we stand is quite comforting sometimes. There are some well recognized certifications in the market for various aspects of data centers and they must be considered to multiply the gains.
In data centers, the key mantra is redundancy. Build as much and at all levels, one will never live to regret it. But if there is a downtime due to say ATS, you will surely remember that for the reputational damage it can cause
u Uma Ramani is Vice President – IT, IDFC
january 2012 i n f o r m at i o n w e e k 57
Interview
‘RCOM has been actively involved in Big Data solutions’ With the subscriber base of 146 million and still adding, mention the rate at which the data is growing at Reliance Communications (RCOM)? RCOM has been growing consistently and our data is growing enormously due to subscriber growth and consumption of our services. Our data management practices are in place, benchmarked against the international standards. We are applying innovative methods and system and process changes to analyze, manage and make the best of resulting data. This data has shown a growth of 50 to 55 percent. How is the company managing this huge amount of data? RCOM uses a data management system, which monitors the data
compression features of RDBMS, storage, applications to control the data growth. Are the company’s traditional storage systems able to handle this Big Data? Yes, at present, thanks to our storage classification and requirements we are able to make the ends meet. We use Tiered Storage, which is a combination of fibre channels, SAS and SATA of varied speed for different disk capacities. We also account the storage fabric management cache and frontend adopters dedicated to different kind of databases. Process improvement is a way of life at RCOM, we have undergone database level structured revision and have removed obsolete columns,
Alpna J Doshi, CIO, Reliance Communications talks to Vinita Gupta about the enormous growth of data and the solutions Reliance Communications is using to handle it growth, as desired. The data is segregated under three buckets — customer centric (required for customer services), business data (required for analytics, trend analysis and business forecasts) and legal data (managed for regulatory requirements). We have configured our data storage system based upon these criterias. This helps us analyze and manage the data performance requirements, TCO. Our transition data goes into highspeed enterprise class storage, which has a very fast response time. The analytical kind of data is segregated into low-cost enterprise storage capable of high analytical performance. Multiple parallel processing capable storage/applications, with compression are used for legal data. We use
58
informationweek january 2012
which were a part of initial design. This has helped a lot in storage optimization and reduction in future requirements. As a part of our process improvement plan, we have re-organised data layer to remove fragmentationand unwanted data. Is RCOM using any Big Data solution? If not, do you have any plans to adopt it? Due to sheer size of our databases, RCOM has been actively involved in Big Data solutions. We have adopted Greenplum (EMC) to store CDRS and unstructured data and perform analytics on it. We continue to test and evaluate other products like Vertica, IBRIX, Hadoop etc. We have also implemented storage virtualization and unified storage (SAN, NAS) in a
single box. At present, what analytic solutions are being used by the company. Does that suffice the need? RCOM uses SAS Analytics, which is software-based solution. We are also using TIBCO ODS and SAP BI that help in analytic planning. For reporting purposes, we rely on Business Objects. We also use Greenplum for its excellent analytic capabilities. We are looking to re-architect the data management system by classifying online and offline data. This will give us maximum benefit in data management and the way data is looked at. u Vinita Gupta vinita.gupta@ubm.com
www.informationweek.in
Event
Asian nations pledge to use ICT to collaborate and share knowledge Delegates and speakers explored ways to leverage ICT for inclusive growth at SEARCC 2011 conference in Mumbai
M
embers of 12 SEARCC nations stood sideby-side with glowing candles as they met for a conference with a theme “Collaboration for Inclusive Growth.” South East Asia Regional Computer Confederation conference (SEARCC) 2011, held in Mumbai on 12th & 13th December, was organized and hosted by the Computer Society of India (CSI). The conference was attended by delegates from SEARCC member nations such as Sri Lanka, Vietnam, Myanmar, Taiwan, Australia, Nepal, China and others. CSI President MD Agrawal said that the conference provides a great opportunity for collaboration and
Members representatives from 12 SEARCC nations light candles at inauguration of the conference
knowledge sharing. He acknowledged that the Indian ICT industry is vibrant and is on a fast track growth. He said there is a good ecosystem provided
by entrepreneurs and R&D. Agrawal will soon take over as the President of SEARCC. “This is CSI’s third conference
Government of India shares plans to increase broadband penetration
A
t the inauguration ceremony of SEARCC 2011 conference, two ministers shared plans to increase broadband penetration and Internet usage in India. Lower CPE pricing, affordable software and hardware products, and cheap, consistent broadband connectivity to interconnect villages are the means to achieve this. But is all that a distant dream? The conference had the theme “Collaborating for inclusive growth” — using ICT. More specifically, the Government of India wants to connect the farthest reaches of its population, and that includes citizens living in the remote hamlets in India. Sachin Pilot, Hon. Minister of State in the Ministry of Communications and Information Technology (P) acknowledged the work of CSI and SEARCC. He informed that the Government is now in the process of finalizing major policy initiatives such as a new Telecom policy, IT policy and Manufacturing policy. “The communication aspect is no longer just about voice — it’s about data and how to transmit that data. Giving connectivity to all parts of India is
60
informationweek january 2012
a major challenge. We need to have an infrastructure where everyone has equal, undisturbed, cheap and reliable access to information. As a nation…there is a need to handhold some other countries in the region (in South Asia),” said Pilot. He also acknowledged the progress that the nation has made in terms of growth in mobile subscribers and Internet penetration. But said we have many more miles to go. “While India makes these giant strides, we have a responsibility as an important partner in the region. People in the region have tremendous expectations from the Indian industry and leadership. As we move forward in the next two years, India will be a strong partner in sharing that information to ensure that all our people, not just within India but even in the smaller countries and states in the neighborhood, will be able to attain and achieve some access to what we have done in India,” said Pilot. The Government now has centers of excellence where people from other countries are trained; it sponsors “thousands of young people” from across the South Asian region “to come to Indian cities and get on-the-job training.”
www.informationweek.in
with the theme of Inclusive Growth. And we want to work on this theme increasingly. We want to partner with the government and become a catalyst in the movement of ICT for inclusive growth,” said Agrawal. Anthony Wong, President, SEARCC emphasized the importance of education and certification for ICT professionals. “While ICT is advancing at an incredible pace, the threat to the smooth functioning of the systems is also growing and there are many challenges. However, we must continue to collaborate to generate trust in the ICT profession and the systems we build. The demand for ICT professionals continues to increase as the digital economy grows and the technology underpins more and more of our business and lifestyle outcomes. Increasingly, the skills, experience and professionalism of these practitioners will need to be verified, in order to provide assurance to business and employees. It is critical that we provide the right level of ICT education and certification to ensure that professional
standards are met. Asia is taking on a leading role in ICT and the ICT profession. There is a growing need for businesses for ICT certification and professionalism.” Wong said countries like Malaysia have already realized the importance
of this. The Malaysian Government recently introduced a Computing Professional’s Bill to create a body for computing professionals in Malaysia. The Government of Malaysia has made it mandatory for all practicing professionals to be registered (with this body). The Conference program was
“We need to address issues of cyber security, local content development, having accessibility to cities and even the smallest hamlets in India. We need to make the most inaccessible parts of our geography as equal partners and move ahead in our journey for growth with ICT as an enabler to leverage the potential we have to the realities of life,” said Pilot. The other minister who graced the occasion with his presence was Milind Deora, Hon. Minister of State in the Ministry of Communications and Information Technology (D). “There are two fundamental objectives to keep in mind as we deliberate on what needs to be done in the India and South East Asian context. ICT is really about building the skill sets for making our youth employable and to get jobs in the global
Milind Deora, Hon. Minister of State , Ministry of Communications and IT (D)
designed to present and deliberate latest trends in ICT and the ICT role in providing solutions for societal and business growth. Key sessions were in the areas of research, strategy, ICT solutions, global case studies of ICT solutions for inclusive growth; the role of collaborative and knowledge management technologies; opportunities for business to leverage ICT for better customer reach; and extending market to Bottom-of-thePyramid. Several CIOs, CEOs and state level secretaries explored opportunities for learning and collaboration along with senior Government officials and SEARCC member countries’ Presidents. Plenary sessions covered collaboration for driving innovation for inclusive growth and how ICT fosters business and transformation. The conference featured special sessions such as the high power CIO/ CXO summit and the business summit on public-private partnership and partnership between CIOs and IT Secretaries (Ministerial Conclave).
arena. Secondly, (we need) to improve the quality and efficacy of governance and to bring down the cost of governance. It is about utilitarian services that the government already provides (through various citizen services). These can be delivered in a cost-efficient, time-bound manner — removing all the leakages,” said Deora. The minister also spoke about three critical parts of the ecosystem and alluded to some data points — 100 million Internet users in India, as against 900 million mobile subscribers. Only 60 percent of these Internet users have broadband access. “To offset that the government is embarking on initiatives like the National Optical Fiber network to connect villages, cities, and unconnected areas. Secondly, the government is bringing down the cost of Customer Premise Equipment (CPE). We have a liberal import regime, yet we encourage domestic manufacturing as it will bring down costs of CPE further. For instance, the recently launched Akash tablet costs just ` 3,000. Thirdly, is the creation of software in the mobile or VAS space. And enabling the collaboration of companies in the private sector to create this software at a low cost. This is a critical component in the ecosystem. (We need to look at) how we create open-ended, accessible and indigenous software, and allow entrepreneurs to focus on building that software ecosystem in the utilitarian area,” said Deora. u Brian Pereira brian.pereira@ubm.com
january 2012 i n f o r m at i o n w e e k 61
Feature
10 social networking tips for CIOs Adding a robust enterprise social network to your priority agenda is a must. Here’s how to get going By Eric Lundquist
I
f you’re thinking of bolting your company’s social network activities onto your existing IT infrastructure, you’re headed for problems. Your company will have a much better chance of success rebuilding your infrastructure around the social network environment. Now, Salesforce CEO Marc Benioff and company are among the most extreme advocates of re-building organizations around the “social enterprise” idea. So what is the social enterprise? In Benioff’s model, it entails a three-step process: creating a social customer profile that extends beyond simple customer contact information; creating an internal social network; and creating a customer social network and product social network. If you can imagine an organization whose technology improves customer interaction, where business intelligence systems measure customer sentiment, and where internal discussions are as vibrant as those among Facebookproficient employees, you’ll start to get the idea. Here are 10 tips for CIOs
to create the foundation for a social networked enterprise. 1. You don’t have to create everything from scratch. While Salesforce may be the most vocal vendor in this sector, many companies offer enterprise-level social network systems. What makes them enterprise-level? The ability to meet security, privacy, and compliance needs, for starters. 2. Find the expertise within your company. It’s not just the 20-somethings who are adept at using social networks. 3. You don’t have to invent a reason for a social network. Case histories, difficult to find a few years ago, are now widely available. At the recent Salesforce event, Daniel Flax, CIO of TheStreet, showed how the financial media company is using social networks to engage with customers. Dig into those kinds of case histories and ask your peers how their social media projects were funded and how they’re producing. 4. Social networks require topdown buy-in. Often, an internal social network such as Chatter or Yammer can languish until the boss starts creating
and responding to discussions. 5. Think beyond the marketing department. The idea of “earned media,” using external social networks to build and monitor brands, has been the province of the marketing folks. But customer service, product development, and supplier interaction are prime candidates for an extended social network infrastructure. 6. Understand the new development platforms. Facebook isn’t just a social network, but also a development platform, as is LinkedIn, Twitter, and Google+. These platforms use their own distinct application methodologies and APIs. 7. Think beyond the PC. Social networks and mobility go hand in hand. Tablets and smartphones are where much of the social networking action will take place both within and outside your company. 8. Think beyond text. YouTube, Facebook, and Google+ are multimediafriendly. 9. Don’t try to do it all at once. A fullblown enterprise social network is a big undertaking. The good news is that you can start with fairly simple internal and external collaboration applications and move sequentially into broad-based social applications and social measuring and monitoring. 10. No one has all the answers. As Michael Krigsman, President of technology consultancy Asuret and longtime chronicler of enterprise IT successes and failures, described it: “The social enterprise is not a product, but a concept.” The more you can share your experiences with other CIOs, the more advice you’ll get back. After all, isn’t that what enterprise social networks are all about? Source: InformationWeek USA
u Eric Lundquist is VP and Editorial
62
informationweek january 2012
Analyst, InformationWeek elundquist@techweb.com
www.informationweek.in
Analyst Angle
How social computing can streamline the ERP life cycle Sunil Padmanabh
Social computing will play a crucial role in engaging all types of end users throughout the ERP life cycle
http://www.on the web Social Computing and ERP: Context Matters Read article at: http://bit.ly/totQK4
I
nterest in ERP and social computing is high — and shows no sign of abating. There is no doubt about the fact that social computing will play a crucial role in engaging all types of end users throughout the ERP life cycle. Organizations implementing ERP require their stakeholders, users and cross-functional groups to interact extensively throughout the implementation life cycle. Typically, the interactions involve frequent meetings, brainstorming sessions, seeking and providing clarifications, formal and informal reviews, feedback, and approvals. While there are formal communication channels to streamline and structure information flow in every phase of the ERP life cycle, users also engage in some form of subtle informal communication. Social computing serves as a subtle informal layer alongside the established formal channels to facilitate frequent and open user interactions. This informal layer encourages users to be more open in their communication, and enhances the collaboration between the core implementation team and different categories of users. This can possibly result in higher levels of participation and contributions from users, leading to quicker approvals, sign-offs and better user adoption. Social computing and social networking tools are steadily gaining the attention of organizations that have deployed some form of ERP. Currently, the number of organizations that have adopted social computing for ERP implementation are limited. However,
this article identifies potential areas in the ERP life cycle that can effectively leverage social computing and add value to the ERP implementation. Many organizations today have a subtle form of social computing internally, such as discussion forums, blogs, and various intranet sites on a range of topics relating to their own products and the competitions’ products. Gartner discussions with CIOs have revealed that by leveraging social computing, the expectations of users can be monitored through the ERP life cycle. This can help in setting the right user expectations, thereby improving usability, which is a critical factor for successful ERP implementation. Gartner has identified some of the easier-to-implement scenarios using commercialized social tools and technologies available today. While these tools and technologies are not formally integrated into most ERP implementation deployment tools or methodologies, they exist as third-party commercial tools, such as SharePoint, that can be included in an ERP leader’s toolkit for his or her project. In the future, we expect vendors to offer social computing tools as native parts of ERP implementation tools.
Social Computing for Business Discovery
During the business discovery phase, end users extensively collaborate within their functional teams and also with other functions. The discovery phase typically involves extensive cross-functional interactions among end users when they are fine-tuning the business requirements. Social
january 2012 i n f o r m at i o n w e e k 63
Analyst Angle computing serves as an effective communication tool that facilitates frequent interactions among all types of users, and helps them to gain a better understanding of certain business functions, processes and business rules. Engaging different categories of end users through social computing channels can also help build consensus around the priority of business requirements for the ERP system. For example, a business analyst can interface with user groups and expedite the finalization of fit-gap analysis through consensus building on work-around solutions, saving significant time on rework and multiple iterations of requirements definitions and fit-gap analyses.
Social Computing to Enhance Peer Training
Social computing can enhance the effectiveness of key user/end-user training, where users can share tips about effective application navigation and aligning their dayto-day transactions with the ERP system. Users can also share their understanding of business rules and constraints, discuss pain points and communicate work-around solutions. For example, increased collaboration can help end users in a remote location to quickly get up to speed through seeking instant clarification on application navigation or adopting new ways of doing dayto-day transactions from their peers. Change management also becomes more effective when end users have a good understanding of their ERP system in a holistic manner.
Collaboration Around ERP Data Elements
Social computing can play a key role during the data migration phase, in which end users can share information on the availability and sourcing of data in legacy systems, and also interpreting data to and from the ERP application. Additionally, during data mapping, users can collaborate on mapping data attributes common to multiple business functions. For
64
informationweek january 2012
example, the core implementation team can collaborate with process/ data owners of legacy data relating to legacy applications for sourcing and mapping master data attributes.
Collaboration Around Deployment
Social computing can support faster deployments and rollouts. User groups in organizations where rollouts are being carried out can post questions to other users, and seek answers relating to implementation issues. For example, user groups in a subsidiary can connect with other user groups in the parent organization to leverage learning, work-around solutions, discuss issues and resolutions, and impart training.
Finding the Social Opportunity
These scenarios should only be seen as an initial view of the total impact that social technologies can have on an ERP initiative. As an ERP leader, you should be conscious to examine each step in your ERP initiative to determine if there is a potential to enhance the user centricity of your ERP project using social tools. ERP leaders should look for ERP processes with the following characteristics that will likely be amenable to enhancement through social technologies: l Processes that require extensive cross-functional end-user interactions to gain a holistic understanding of the ERP system. l Consensus building through informal channels for freezing business requirements, defect resolution and user acceptance testing. l Consensus on creating configuration elements for multi-country, multi-organization rollouts. l Monitoring end-user expectations.
Social computing serves as a subtle informal layer alongside the established formal channels that encourages users to be more open in their communication, and enhances the collaboration between the core implementation team and different categories of users
u Sunil Padmanabh is Research Director at Gartner
www.informationweek.in
Secret CIO
Software licensing: There’s gotta be a better way
C
John McGreavy
I’ve been in this industry for many years and understand that pricing models must evolve with the times, but the current situation is utter nonsense
http://www.on the web How to conquer software’s rising costs Read article at: http://bit.ly/o6m28b
an software licensing get any more ridiculous? My company recently concluded a USD 900,000 software purchase, after reviewing the products of three major vendors. Let’s call them Tweedle Dee, Tweedle Doh, and Tweedle Dum. Tweedle Dee worked hard for our business, though none of the vendors took the time to really understand our needs. As for Tweedle Dum, it was our apparent honor to have this vendor grace us with a proposal. At one point in the review process, Tweedle Dum’s technical expert made his presentation to us via cell phone, in the wind, while walking to another client presentation scheduled for the same time. Tweedle Doh was somewhere in the middle. Its reps cared about the opportunity. They asked a few questions. We went so far as to hold a separate presentation with each vendor, to tell each one what we needed — to answer the questions the vendors should have been asking us. After getting through the review process, we turned to pricing. I’ve been in this industry for many years, and with the changes in platforms, virtualization, hosted solutions, and remote usage options, I understand that pricing models must evolve. But the current situation is utter nonsense. For each vendor, we were looking at an 80 percent to 90 percent discount from the list price. In what other market is an 80 percent discount the norm? “This new Lexus lists for USD 70,000, but we can get you into it for USD14,000!” Let me guess: We now have to hunt through the contract for future fees that are based on the list price, right? More time spent negotiating maintenance and other aspects of the contract to avoid dependence on the five-timeshigher list price. But wait, we’re licensing a number of different software modules from the same vendor, so one licensing model
should apply to all, right? Not so fast. Some parts of the suite are licensed by a named user — straightforward enough. But we’re running a browser interface, and one user will access the system from many different browser-enabled devices. Does such usage require more than one named user license? Meantime, some software modules require a different level of named user license. And we need multiple levels of named user licenses, depending on the function of the user. Other modules within the same platform are licensed by company size — number of employees. Another module is licensed by CPU sizing. And yet another’s licensing differs if you already own certain of the vendor’s products, or if this is a new installation throughout the enterprise. This was one of the few times when I sympathized with the vendor reps closing this deal. It was difficult for them to communicate the licensing options and keep a straight face. Tweedle Dee indicated that while it had floated some pricing, it would work through the details only once we showed it we were serious. A published RFQ, four presentations, and an evaluation team of eight weren’t sufficient evidence that we were serious? Nonetheless, we ended up selecting Tweedle Dee. Software pricing can and should be far simpler. Instead, the software industry is chasing the cellular carriers for the MLPMOTP award: Most Ludicrous Pricing Model On The Planet. I understand that our software vendors must earn returns that support continued investment and innovation. But how much time and effort would be saved by both parties with simpler, more transparent licensing methods? It’s time for a change. u The author, the real-life CIO of a
billion-dollar-plus company, shares his experiences under the pseudonym John McGreavy
january 2012 i n f o r m at i o n w e e k 65
Technology & Risks
ATM security: Should we be concerned?
B
Avinash Kadam
Along with bringing convenience in our lives, ATMs have given birth to several new security threats and risks
http://www.on the web How to plug the loopholes in two-factor authentication Read article at: http://bit.ly/d0Pku1
y allowing convenient and anytime access to cash, ATMs have definitely become an essential part of our daily lives. However, along with bringing convenience in our lives, ATMs have given birth to several new security threats and risks. We’ve all heard stories about rising number of ATM thefts. This indeed is very alarming, like a famous robber had once said about banks “because that’s where the money is.” Let us look at some of the attacks and the counter measures used by the vendors: Ram raid attacks / Theft of ATM: Apparently, breaking the ATM loose from the foundation and getting away with it using forklifts or SUVs is not an uncommon event. ATMs weigh between 180 to 1,400 kg, not an impossibly heavy load for equipment used in the construction industry. To prevent this, banks are taking precautions like anchoring the ATM securely to the foundation. Safe cutting / breaking: Breaking of ATM with saw, axe and hammer is another common method. To avoid such incidences, manufacturers need to use tougher material and more thickness for the ATM walls to withstand such attempts. Essentially, this involves building the ATMs as per the specifications of a very secure safe. Blowing up the ATM with explosives: This could be deterred, if not prevented by use of “Intelligent Banknote Neutralization System” (IBNS). IBNS involves use of chemical dye to color banknotes when someone blows or breaks the ATM. Disfigured banknotes can then be easily detected. Robbing the staff handling cash: Locking of cash cartridges and using IBNS method is a way to prevent such attacks. Apart from brute force and violent attacks, sophisticated attacks also pose ATM security risks. One such attack is card trapping/cash trapping, which involves the use of a glue-like material.
The card, when inserted in ATM machine, gets stuck, and is not returned to the customer. After the customer walks away, the card is removed and used by the criminal. ATM users need to be vigilant about anything unusual in the card path or the cash dispenser. Key jamming is another similar kind of attack, which keeps the transaction live. The key could be jammed by as simple a means as inserting a match stick. Next in the list are various ATM skimming attacks. These use some attachments at the card insertion slot to record the data on the magnetic stripe and a camera to note down the PIN being entered. Fake keypad is another method to record the PIN. Magnetic stripe recording can be prevented by replacing them with smart cards. Security of these devices needs to be enhanced to detect the presence of foreign objects near ATMs. Biometrics like fingerprints and palm vein structure can also be used to identify the customer. Installing a fake ATM is another method of attack. In this case, the fake ATM captures customer details as soon as the details are entered and then displays an out-of-cash message. ATM hardware is usually a normal PC. However, better security is provided by using secure crypto-processors in secure enclosure. Similarly, the operating system is mostly Windows, requiring all the standard precautions to be taken to harden the OS against any attacks. Still, many cases of employees infecting the ATM software with virus, which enabled them to withdraw money at will, have come to light. ATM networks are much safer as they use private networks or VPNs. But even these safe networks may have connections to the Internet. Otherwise the Slammer worm could not have shut down thousands of Bank of America ATMs. u Avinash Kadam is at MIEL e-Security Pvt. Ltd. He can be contacted via e-mail awkadam@mielesecurity.com
january 2012 i n f o r m at i o n w e e k 67
Global CIO
Tablets readied for a real day’s work
O
Chris Murphy
In factories and on battlefields, organizations are testing iPads and their imitators— and liking what they find
LOGS Chris Murphy blogs at InformationWeek. Check out his blogs at: http://www.informationweek. com/authors/1115
68
informationweek january 2012
n a recent visit to Waste Management, the trash hauling and recycling giant that’s No. 3 on the InformationWeek 500 list this year, I met a young IT pro whose assignment was to put Android tablets through their paces. On his desk were about a dozen Android-based tablets, some of them wrapped in basic rubber cases. Could these off-the-shelf USD 500 devices replace the costly, custom touch screens Waste Management drivers use in their trucks, for things like directions and pickup requirements? It’s experimenting to find out. When Sean Valcamp, Director of Architecture, Avnet, spoke about the consumerization of IT at the InformationWeek 500 Conference recently, he described how Avnet’s warehouse workers are testing iPads to know which products to pull from the shelves. A manufacturing CIO I spoke with recently is piloting iPads in the company’s factories. The tablet’s instanton capability and long battery life are a big draw. Employees have been able to access a range of back-end systems with it, from mainframes to AS/400s. Workers wear gloves in the factory but haven’t had trouble using a stylus with the iPad. The U.S. Army is deep into testing tablets and is sharing what it has learned. A 10-inch tablet’s too big for foot soldiers, so the Army is focusing its tests on smaller Android tablets. The Army’s biggest challenge is information security; it’s working to harden a mobile OS for classified information. But what’s interesting is that the Army doesn’t think tablets need a big retrofit to cut it in combat: USD 10 silicon skins give them “more than adequate protection,” says Michael McCarthy, Operations Director of the Army Brigade Modernization Command’s Mission Command Complex. Motorola Solutions is coming
out this quarter with its first tablet designed for enterprise use, with an Android-based, 7-inch tablet that’ll sell for about USD 1,000. The company sees its best prospects initially in retail. Says Sheldon Safir, Director of Global Marketing for mobile computing; it’s giving salespeople a new tool for providing information. It also sees prospects in hotels and restaurants, as well as in factories, though more likely in managers’ hands than line workers.’ Although it’s not known how widespread these kind of outside-theoffice tablet experiments are, they show that IT is waking up to the tablet’s potential in specialized uses. One year ago, we surveyed business tech pros about the tablet’s likely impact, and we heard a collective yawn. When we asked in a survey if “for select users in certain roles” a tablet would ever be their “main computer,” only 7 percent strongly agreed and 40 percent strongly disagreed. Thirty-nine percent said tablets would be a “nonevent” at their company. IT pros are right to guard against tablet madness. “What you don’t want to do is say, ‘Here’s my tablet, the stand for my tablet, and a keyboard, and here’s my pen,’” Valcamp said. “You’ve basically just replicated your laptop.” But IT teams can squelch the nonsense and still seize the opportunity. Durable mobility has long come at a steep premium, via ruggedized and often customized devices. Smartphones haven’t cut it for many specialized roles, since their interfaces are too small. Tablets might. They still must past the test of time, of course. Is a USD 500 off-the-shelf tablet with a USD10 case good for just a few months or two years alongside a welder or a soldier? IT teams are letting tablets punch in and find out. u Chris Murphy is Editor of
InformationWeek. Write to Chris at cjmurphy@techweb.com
www.informationweek.in
Practical Analysis
BYOD strategy should start with data-centric security
I
Art Wittmann
Is “your device is now our device” the approach that your IT team takes? It’s time to get back to data security first principles
LOGS Art Wittmann blogs at InformationWeek. Check out his blogs at: http://www.informationweek. com/authors/6044
t’s human nature that when confronted with something new, we try to deal with it as though it’s something we already understand. And the longer we’ve done something a certain way, the harder it is to adjust. My current car has keyless entry and ignition — you just push buttons. I’ve had it for a while now, but if my mind is the least bit preoccupied as I walk up to the vehicle, my reflex is to pull keys out of my pocket. Likewise, understanding new mediums takes time. It’s not surprising then that as consumerization becomes the norm and more employees bring their own smartphones and tablets into the workplace, IT’s first reaction is to treat these devices just like the ones they’re used to dealing with — the ones the company purchased. Understandable or not, if “your device is now our device” is the approach your team is taking, you need to re-think things. It’s tempting to paint all devices with the same brush. However, when it comes to gear that IT doesn’t own, it’s a risky strategy. How will you deal with the irate user who had unique personal data on that device, until your team accidently remotely wiped it or sent a software update that blew away non-company content? Telling the user he should have had a backup won’t get you far. It certainly won’t win you the admiration and respect of your coworkers, and inevitably, somewhere, sometime, lost personal data will lose someone a lawsuit. When a device is owned by the company and workers clearly understand what data they should and shouldn’t keep on it (because you have well written policy and it’s been well communicated), any loss of personal data on the part of the employee can fairly be assigned as the employee’s own risk. When an employee owns the device, the implicit contract is different — unless the employee explicitly
bought the device for use at work. That’s going to be less and less the case. What most employees want is one device (or potentially one set of devices) to carry around. They can understand the need for work-only laptops. But they don’t want two phones. And, what they won’t understand, and shouldn’t accept, is the company’s insistence on managing personal devices as though they are company devices. And yet that’s what many IT teams are doing, mostly because they’ve conflated “device management” with “data security.” The thing is, device management and data security have never been the same thing, and in this era of BYOD, they really need to be treated as completely separate issues. Device management is something IT does for its own benefit to ensure delivery of apps to its constituents. When it’s not the company’s phone or tablet or laptop, that’s no longer IT’s problem. But appropriately securing sensitive data always is. The good news is that, a better solution is easily achievable and won’t cost you anything other than some training. First, data should be protected at its native-use level. Got a spreadsheet of employees and proposed raises? Put a password on it. Keeping lots of personally identifiable information for business purposes? Encrypt it, make it very hard for that data to walk out the door. But the biggest and most important thing that IT must do is to stop viewing its customers as the problem. Educate your users. Make them aware of the ways they can access and use data safely, and how they should protect sensitive information. Well-meaning but uneducated users are your biggest risk. So teach them, and make them your biggest asset. u Art Wittmann is Director of
InformationWeek Analytics, a portfolio of decision-support tools and analyst reports. You can write to him at awittmann@techweb.com.
january 2012 i n f o r m at i o n w e e k 69
Down to Business
Avnet CIO Talks Cloud, BYOD
S
Rob Preston
Cost savings is a big consideration, says Avnet CIO Steve Phillips, but the global electronics distributor sees other advantages to giving employees choices
LOGS Rob Preston blogs at InformationWeek. Check out his blogs at: http://www.informationweek. com/authors/showAuthor. jhtml?authorID=1026
70
informationweek january 2012
teve Phillips isn’t a bleeding edge kind of CIO, but he’s quick to recognize important business technology movements and set a thoughtful strategy for each of them. That’s how he’s tackling two of the major CIO issues of the day: cloud computing and IT consumerization. Phillips is the first to acknowledge that his employer, Avnet, the $26.5 billion global electronics distributor, isn’t a cloud pioneer. But when it comes to software as a service, it’s now placing its first big bet. Having adopted SaaS for a few niche applications, including SuccessFactors performance management, Paymetric credit card processing, and Concur expense management, it’s now two months into deploying a core app as a multi-tenant service: Workday HR, including benefits and other standard features. Avnet is rolling out the Workday service to 7,000 employees in the Americas, Phillips says, and will consider a global rollout. Avnet’s SaaS strategy is straightforward: When evaluating new or replacement apps, it will consider at least one SaaS product. Its assessment emphasizes security, scalability, uptime, vendor viability, and how the app would integrate with Avnet’s business processes, technology architecture, and data model. Phillips says cost wasn’t a factor in Avnet’s decision to go with Workday. “Its pricing was close enough that we could have argued one way or the other,” he says. Avnet was impressed with the HR app’s out-of-the-box user interface, which Phillips calls “world class,” and Workday’s seasoned leadership team, especially founders Dave Duffield and Aneel Bhusri of PeopleSoft lineage. Avnet considered Salesforce.com to replace its aging, proprietary CRM platform but found it to be “relatively expensive,” Phillips says. Instead, it went with the on-premises Microsoft Dynamics, liking its UI as well. “If you can use Outlook, you can use Dynamics,” he says. An Exchange shop, Avnet also evaluated Microsoft 365 but wasn’t
convinced by the economics of that SaaS package, he says. Phillips sees the Workday implementation as a chance for his team to learn more about SaaS in general. But he isn’t sold on infrastructure and platform as a service. “We haven’t seen the ROI yet,” Phillips says, noting Avnet’s big investments in its two data centers. “But we’re talking about it more than we used to. The economics should be there one day, but we need to see more maturity.” Avnet’s also taking a measured approach to allowing personal technology at work. Instead of issuing a standard smartphone, for instance, it gives each employee who qualifies for its BYOD program an allowance— paid out at three levels, related to job function — to buy a phone, e-mail service, and data and voice plan. Avnet’s IT organization will support and secure the e-mail. It manages each device and sandboxes (and can wipe) the company data that resides on them using Good Technology software. Avnet’s also piloting iPads and it’s considering extending its BYOD policy to PCs and laptops via desktop virtualization, having set up a pilot program with about 10 employees. Phillips’ team hasn’t worked out the numbers yet, but he doesn’t see the company providing the same level of hardware support for bring your own computer as it does for company-issued desktops. So what’s the end goal here? Cost savings is a consideration, Phillips says, as the smartphone program cut Avnet’s wireless expenses 15 percent to 20 percent, and “it will be interesting to see if that plays out with more complex laptops.” But more important, he says, “our people expect choice, and it’s a fair demand, so I want to satisfy that. There aren’t too many cost-cutting opportunities that get a lot of employee buy-in.” u Rob Preston is VP and Editor in Chief of InformationWeek. You can write to Rob at rpreston@techweb.com.
www.informationweek.in