Building the Next Gen CIOs by ctof magazine

cTo forum

Technology for Growth and Governance

June | 07 | 2011 | 50 Volume 06 | Issue 20

The Cloud Has Crashed But.. | Identifying Information That Really Matters | Security and Due Diligence

best of

breed

Building a

Better

Building the

Gen

CIO

Volume 06 | Issue 20

Bridging the talent gap and putting a smooth succession plan are imperative for a corporate to sustain optimal performance. The onus of ensuring this lies on the CIO.

A 9.9 Media Publication

Mousetrap Page 23 No Holds

Barred

SRM Can Help Build Revenue

Models Page 48

Horizons

See the

Tech

Tsunami Before the Impact Page 43

editorial Rahul Neel Mani | rahul.mani@9dot9.in

War for Talent: Is it

easy to hire, groom and retain?

ong back in August 1998, McKinsey released a comprehensive study (America-centric) on Talent Management. The study “War for Talent” became very famous. The crux of the study was: “Companies are engaged in a war for senior executive talent that will remain a defining characteristic of their competitive landscape for decades to come. Yet most are ill prepared, and even the best are vulnerable.” The study also said that companies can win the war for talent,

but first they need to elevate talent management to a burning priority. That done, the attention must turn towards how to recruit great talent, and finally develop, develop, develop. Almost 12 years later in 2010 the phrase “War for Talent” was ditto used by Eric Schmidt while speaking at the Web 2.0 Summit. The context was a rumour that said: Google is severely hit by brain drain to Facebook and to stop that the former is taking extraordinary

editor’s pick A game 54 Virtualisation: changing technology

Companies that go in for a highly virtualised environment are poised to better align IT investment with business value, paving the way to 'IT-as-a-Service.'

measures to retain its top talent. McKinsey study stays on course. There is indeed a war for talent everywhere. Why would someone really good want to join a job offered by your company? How will you keep your top talent for more than a few years? Is money the only factor to attract talent or there are other ways to retain great human assets? Answers to the questions above are vital - specially when keeping talent becomes your biggest nightmare. In my many conversations with CIO friends, talent retention has emerged one major area of concern. Though money is the single biggest factor for employees to switch jobs, but to me creating and continuously demonstrating a great ‘employee value proposition’ is the best way to retain your top

talent. Right from the process of hiring to grooming and developing to showing them appropriate growth is what keeps an employee stuck to a company. This issue’s main feature takes the debate to its next level. We spoke to various CIOs about their IT organisation’s hiring and grooming processes. Further, we asked them about the element of ‘succession planning’ and developing the gen-next for the coveted role. I will let the feature do rest of talking. As ever, I will appreciate your feedback.

The Chief Technology Officer Forum

cto forum 07 June 2011

june 11 Cov e r D e s i g n by a n i l t

Conte nts

thectoforum.com

32 Cover Story

32 | Building the Next Gen CIOs For sustaining optimal

Columns

04 | I believe: m-Governance is Not About Smartphones The last mile remains one of the biggest challenges to deliver services in rural India. By Neel Ratan

performance, an enterprise's CIO has to bridge the talent gap and put a smooth succession plan in place.

56 | View point: The Next Storage War Will Be Economic Led But most likely technology enabled. By steve Duplessie

Please Recycle This Magazine And Remove Inserts Before Recycling

Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Silverpoint Press Pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706

cto forum 07 june 2011

The Chief Technology Officer Forum

Features

50 | Tech for Governance Security And Due Diligence What diligence is due when you have security flaws? By Chris Blask

www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Editor-in-chief: Rahul Neel Mani Executive Editor: Yashvendra Singh Senior Editor: Harichandan Arakali Assistant Editor: Varun Aggarwal DEsign Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Sr. Visualiser: PC Anoop Sr. Designers: Prasanth TR, Anil T, Joffy Jose Anoop Verma, NV Baiju, Vinod Shinde & Chander Dange Designers: Sristi Maurya, Suneesh K, Shigil N & Charu Dwivedi Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi

14 A question of answers

14 | Investing in Technology for Business Growth Pramodh Menon, Senior Vice

President, Cisco India & SAARC talks about the company’s efforts to empower the SMEs and grow their business. 42

RegulArs

01 | Editorial 08 | Enterprise Round-up

advertisers’ index

42 | next horizons: The Cloud has Crashed But… CIOs need to evaluate risks and balance them against opportunities in cloud. By Ian Gotts

48 | NO holds barred: Russ Hubbard, VP, Worldwide SRM Sales, SafeNet, talks about the company’s growth plans and focus on cloud related products.

JUNIPER IFC SCHNEIDER 05,07 SAS 11 cisco 13 EMC 17,19 MICROSOFT Advertorial 31 IBM IBC EMC BC

advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, CIO, Pidilite Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, CIO, Cairns Energy Sales & Marketing National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger (9818860797) GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Silver Point Press Pvt Ltd., A-403, TTC Ind. Area, Near Anthony Motors, Mahape, Navi Mumbai-400701, District Thane. Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

The Chief Technology Officer Forum

cto forum 07 june 2011

The AUTHOR has over 21 years of experience in the design and implementation of e-governance and IT projects.

photo by Subhojit Paul

I Believe

By Neel Ratan, Executive Director with PricewaterhouseCoopers,

m-Governance is Not About Smartphones

The last mile remains one of the biggest challenges to deliver services in rural India. The last two years have seen an increase in the penetration of mobile phone services in India. Some government-to-citizen services already exist on different electronic platforms such as the Internet, computers and kiosks. Government should look at a plan of moving

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

current challenge providing egovernance and government-tocitizen services to rural india

these to the â&#x20AC;&#x153;mâ&#x20AC;? platform. This would really bring to life the effort put into switching these from manual to 'e' services which perhaps has made the switch to 'm' that much easier, by eliminating some of the problems originally faced. That said, if we tried to deliver e-governance and government-tocitizen services on smartphones, it would have no relevance to the hundreds of millions of Indians living in villages. The challenge is not with their "IQ level," which is quite fine but with such impediments as lack of applications in local languages, and reading and writing. Any solution then, would have to be speech and visual-based. Any services that one wants to provide via a direct interface between the government and rural India, or for that matter between businesses and rural India, can't be in Hindi alone or in English. To fully exploit the potential of the mobile phone penetration in the country, m-governance solutions have to work on the cheapest of handsets, must be very amenable to quick rollouts that build on existing infrastructure, and must catalyse an increased level of public-private engagement. That catalysis will happen with the government establishing clear norms on which value-added-services providers can develop and offer applications on the m-governance platform that is both beneficial to the citizen users and fair to the vendors. By Collaborating with, Mobile Service Providers, Mobile Handset Manufacturers, Technology Companies and Telecom / VAS operators, for starters, services that are already available as 'e' services can also be made available as 'm' services that predominantly use either the interactive voice response system or the sms (short messaging system).

LETTERS COVE R S TO RY

LEADERSHIP

The

Next CEO Self Scripts

CTOForum LinkedIn Group S P I N E

CTO

The CIO has become the CEO. And he is ready to usher in changes in his organisation and in the role of his CIO. FOR UM

Techno logy for Growth and

21 MAY 2011

OF DEV, QA AND OPS?

CTO FORUM

Gover nance

32 | In The CEO's PAGE 04 Shoes 34 | Self Scripting NO HOL DS BAR 36 | Throw Your Ego Out RED of the Window 39 | The CEO's Wish List TIRED

I BELIE VE

IT Ne ‘Valueeds a Paradi gm’ Brocad a Fi e e Isn’t Ju st Ch Combr pany annel

INDEX

THE CHIEF TECHNOLOGY OFFICER FORUM

May | 21 | 2011 Volum | 50 e 06 | Issue 19

ILLUSTRATION BY BINESH SREEDHARAN

tories on how, when, and if a CIO can become the CEO have been done to death. It is time we explored new possibilities. Imagine a scenario wherein the tables have turned, a situation wherein the CIO is the CEO. From sitting on this side of the table, the CIO has now shifted to the other side. He has finally got the high chair he had always aspired for. But occupying the hot seat is one thing, running a profitable business is another. From the new CEO’s perspective there could be certain changes he would like to bring in his organisation. As he has been a CIO in the past, and now wields the power, he would also love to alter the existing profile of his CIO. We touched base with some of the “CIOs-turned-CEOs” to know what changes they would bring in their organisation and in the profile of their CIOs to run a successful business.

PAGE 46

www.linkedin.com/ groups?mostPopular=&gid=2580450

| BA AND PRE DICTIVE IT | SSD s

THE C E O SNEE X T LF SC

AND THE IMPO RTAN CE OF ENCRYP

Some of the hot discussions on the group are:

RI PTS

TION

e 06 | Issue 19

Volum

A 9.9

Media

Publicatio

Join close to 700 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:

SE CR ET S OF IT M AN AGVE ND OR EM EN T BEST OF

BREED

The Cloud is all air and no substance Do you think cloud is going to die a quick death of SOA or is it going to make big headway into the enterprise? Is it old wine in a new bottle? What does it lack in making a convincing case?

PAGE 14

what are the attributes of a good CTO? What are the prerequisites for a CTO role ?

I see the CTO's role as that of a technology leader bridging the gap between the commercial requirements of the enterprise and the technology support of those requirements. An effective CTO should be able to guide the efficient implementation of IT strategy of the business.

Its real and all about today and tomorrow. However, you have to bring it back to a realistic service that gives tangible benefits. There are a great deal of 'cowboy' stories and not many who really understand it.

—Ronald Kunneman, Director at Digitra

Opinion

IT Needs a ‘Value Paradigm’ The new face of IT is experienced in our personal exposure. “With IT acquiring an increasingly central and strategic role, the CIO finds himself tasked with integrating IT governance into enterprise governance.” To read the full story go to:

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

cto forum 07 june 2011

The Chief Technology Officer Forum

If you dream to become a successful CEO, you have to embrace the changes required for that position, says Sanjay Sharma, Advisor - IT, IDBI Ltd & Managing Director & CEO, IDBI Intech Ltd. in an interview with Rahul Neel Mani & Yashvendra Singh.

http://www.thectoforum.com/content/throw-yourego-out-window

RIChard WArd, Head of Technical, WIN Plc

Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com

CTOF Connect

Baiju Gujarathi Vice President, Repro India Ltd.

http://www.thectoforum.com/content/it-needsa-%E2%80%98value-paradigm%E2%80%99

FEATURE Inside

Enterprise

McAfee and Brocade Announce Results of Data Centre Security Study Pg 10

Illustration by shigil n

Round-up

EMC And Cisco Launch Cloud Experience Centres Initiative to help

customers accelerate transition to private clouds. EMC has extended its collaboration with Cisco by jointly launching their Cloud Experience Centres in Bangalore. The twin facilities are located at the EMC Centre of Excellence and at the Cisco Globalisation Centre East, creating a lab that provides Indian customers with an opportunity to experience the benefits and reliability of cloud-based IT infrastructure. According to IDC, while14% of Indian organisations are already using cloud computing, another 76% are looking to consider cloud computing at least after six months. The twin Cloud Experience Centres aim to accelerate customers’ transition to an agile cloud-

cto forum 07 june 2011

The Chief Technology Officer Forum

based infrastructure by enabling proof-of-concepts and helping them experience innovative solutions to some of their critical business challenges. In addition, EMC and Cisco will work together to engineer solutions for the Indian market. These would include reference architectures which can be tested for reliability, security and scale, as well as cross training for engineers and partners on their respective technologies and solutions. The opening of the Cloud Experience Centres is expected to enhance and reinforce EMC and Cisco’s position as providers for cloud infrastructure in India.

Data Briefing

64% Software piracy rate in India in 2010 — Business Software Alliance

E nte rpri se Round -up

They sanjay jha Said it

Illustration by anil t

Announcing new Android based handsets, Motorola Mobility CEO Sanjay Jha recently talked about how consumers dominate the enterprise mobile handset buyind decision, highlighting the importance of consumerisation of IT.

LTE is the Future for Indian Broadband 4G using LTE is the ultimate future for broadband.

“Sixty percent of what ends up in the enterprise is bought by a consumer. So it's really the consumer that takes these phones into work with them.” —Sanjay Jha, CEO, Motorola Mobility

Amru Chavez, Group Chief Technology Officer at Etisalat said, “LTE is faster, newer and more efficient than other technologies and has a clear roadmap to enable almost unlimited capacity. Consumer demand for broadband services and capacity continues to accelerate and only technologies which are scalable will be able to support the future demand for online content such as video, social media, gaming and business services.” Etisalat’s Group Chief Technology Officer continued to explain some of the advantages that LTE provides over 3G and fiber technologies and in particular, how at higher capacity rates LTE is a much more efficient technology than 3G and HSPDA. “LTE is an optimum solution to provide high speed broadband connectivity in high density areas, such as cities and commercial hubs. It is a proven technology that is capable of providing highly reliable and secure connectivity which delivers a superior experience for the consumer and business alike. It is also faster to deploy than fiber and future proofed to ensure long term return for investors,” Chavez continued. He then provided case study examples from Etisalat’s experiences in deploying LTE in Saudi Arabia and the UAE. These are both countries which are globally recognised as leaders in broadband services for both fixed and wireless technologies.

Illustration by shigil n

Quick Byte on Financial

A Dutch researcher has discovered that he could convert most of the data within Google Profiles into a single SQL statement and expose, among other data, the usernames and Gmail addresses of some 35,000,000 people. The Chief Technology Officer Forum

cto forum 07 june 2011

Illustration by anil t

E nte rpri se Round -up

McAfee and Brocade Announce Results of Data Centre Security Study Challenges for application and network security highlighted.

mcafee has announced the results of a commissioned study conducted by Network World on behalf of McAfee and Brocade. The study, which surveyed 100 IT professionals and security decision makers in North American companies with 500 or more employees, found that IT departments are now turning to virtualisation, with half of the respondents having either implemented or are planning to deploy private clouds. Yet, as organisations continue to progress down the path of implementing virtualisation and cloud computing, they are facing inher-

ent challenges that arise when applications are decoupled from the physical resources they rely on, introducing new obstacles such as traffic bottlenecks, inconsistent network policies and security loopholes. The survey shows that 62 percent of respondents are planning or engaged in data centre upgrades, many due to increased use of virtualisation. Additionally, 29 percent of the respondents report that scaling server virtualisation is a concern and 32 percent report that bandwidth and traffic engineering are pressing issues. The

20 million mobile users in UK, France, Spain, Germany and Italy

accessed their bank account via a mobile phone in March 2011. 10

cto forum 07 june 2011

The Chief Technology Officer Forum

million users

Source: comScore

Global Tracker

results show that virtualisation comes at a cost and that traditional networking architectures are not always best-suited to handle the demands of a virtualised environment. Application security can fail when subjected to data centre-wide server virtualisation and application mobility. “Companies investing in full scale virtualisation are now running into network and security challenges,” said Rees Johnson, senior vice president and general manager for network security, McAfee. “Existing data centres have to be upgraded for the stringent demands of virtualisation. Brocade and McAfee have partnered to address the key roadblocks for data centre virtualisation, providing new ways to ensure agility and efficiency in the network while providing comprehensive security services.” Respondents view targeted attacks and security breaches as the biggest threats to the next-generation data centre. When asked to rate security challenges, 77 percent rate threat protection (i.e., intrusion prevention) as “critical” or “important”. Twenty-six percent view targeted attacks as their biggest concerns and 24 percent think security breaches are their biggest concerns. However, although half are relying on the same security model for virtualisation they used with physical servers, 18 percent have not decided this is the best approach when securing virtual servers. “Virtualisation, especially in the context of private clouds, introduces unique operational and security challenges,” said Johnson. “The ability to move virtual machines is essential to creating flexible virtual data centres, yet this same flexibility introduces operational complexity and makes it much more difficult to maintain traditional trust boundaries.” In the survey, 40 percent of respondents said that moving virtual machines is challenging because it introduces operational complexity and 25 percent indicated a concern with securing trust boundaries. Both private and public cloud computing architectures rely on the virtualised data centre to deliver increased business agility and scale. However, as the survey illustrates, the virtual data centre has created a new set of challenges for application security and networking design.

E nte rpri se Round -up

Persistent Systems to Acquire French Firm Will contribute to the company’s thrust in the life sciences and healthcare markets.

persistent Systems has signed up a definitive agreement to acquire Agilent Technologies’ software marketing and development business based in Grenoble, France. Subject to customary closing conditions, the acquisition is expected to be final by August 1, 2011. Persistent Systems’ acquisition of Agilent’s software marketing and development business in Grenoble will contribute to the Company’s strategic thrust in the life sciences and healthcare mar-

kets. The Agilent business is presently focused on supplying data acquisition and control software for scientific instruments to the life sciences, environmental, energy, applied research and other markets. The efforts of this business will further bolster Persistent’s growing life sciences domain expertise, which includes more than 40 life sciences domain experts and more than 500 software professionals working on services supporting laboratory instrumentation, bioinformatics and chemical informatics projects for leading companies in the Life Sciences and Healthcare markets. With this acquisition, Persistent’s Life Sciences and Healthcare team will be further strengthened with the addition of Agilent’s highly experienced team in Grenoble. “Agilent and Persistent have had a strong business relationship for more than 10 years,” said Bruce von Herrmann, vice president and general manager of Agilent’s Software & Informatics Business within its Life Sciences Group. “As Persistent becomes a global player in Life Sciences, incorporating the Grenoble team will provide Persistent with a presence in Europe, while their growth plans will provide new entrepreneurial opportunities for this talented team.” Upon the completion of this transaction Persistent will establish a Life Sciences Centre of Excellence (CoE) in Grenoble, France for the purpose of expanding into the European market. The new CoE will leverage Persistent’s expertise in the areas of life sciences and software development to bring in new solutions and services to these important markets. The new CoE will also provide Persistent an important platform to better leverage its corporate technology position in areas like Cloud, Analytics, Mobility and Collaboration.

Fact ticker

Worldwide Server Shipments Grew 9 Percent Revenue

Increased 17 Percent in the Q1, 2011.

STRATEGY In the first quarter of 2011, worldwide server shipments grew 8.5 percent year-on-year, while revenue increased 17.3 percent, according to Gartner, Inc. "The first quarter continued a quarterly trend of year-on-year growth in both shipments and vendor revenue," said Jeffrey Hewitt, research vice president at Gartner.

cto forum 07 june 2011

"All regions showed growth in both shipments and vendor revenue, with the exception of Japan.” "x86 servers forged ahead and grew 8.6 percent in units for the year and 17.5 percent in revenue. Following earlier trends, the x86-based server market provided an increase in average selling prices that pushed revenue higher than shipments, and

The Chief Technology Officer Forum

this was the case in the first quarter for all regions," Hewitt said. "RISC/ Itanium Unix servers finally exited their slump and grew 5.2 percent in shipments and 20.7 percent in vendor revenue, compared with the same quarter last year. The "other" CPU category, which is primarily mainframes, showed a growth in vendor revenue of 19.6 percent." From the regional standpoint, Eastern Europe grew the most significantly in shipments with a 21.1 percent increase. Eastern Europe also posted the highest vendor revenue growth at 36.0 percent for the period.

Desktop virtualisation

Computing's virtual desktop solutions have been selected to supply a massive computer education programme in Rajasthan. The programme involves deploying computer labs in 2,000 secondary schools throughout 33 districts in the state to give computer learning and information technology access to lakhs of schoolchildren. Each of the schools will have a 10-seat computer lab, made possible by attaching NComputing X550 virtual desktop devices and vSpace desktop virtualization software to a PC. 4.2 lakh NComputing virtual desktops are already deployed in major state education projects in Andhra Pradesh, Bihar, Punjab and Maharashtra; as well as many private education institutions throughout India. Technology providers Compucom and Pearson Education Services are involved in the roll-out of this deployment. Said Shri S K Surana, Managing Director, Compucom, “The combination of NComputing's shared computing solutions with our education services could be easily replicated for public and private educational institutions across the state.” Srikanth Iyer, COO, Pearson Education Services said, "Working with NComputing we have been able to resolve the challenge of affordable access to computing for government schools in Rajasthan, especially in rural and underserved areas.”

“NEXT 100 GOT ME VISIBILITY & RECOGNITION...”

NEXT100 AWARD RECIPIENT 2010

“My selection into the NEXT100 list has helped immensely... It provided

me with visibility and gave me confidence. The

communication that went to my immediate superior ensured recognition.” SANJAY PATANKAR Godrej Infotech Ltd. General Manager

DO YOU WANT TO BE NEXT?

If your answer is “YES!”, then we invite you to participate in NEXT100, an annual awards programme from IT NEXT.

WATCH OUT For the launch of NEXT100, 2011 on 21st June, 2011 at www.itnext.in/next 100

NEXT100 aims to identify India’s top 100 senior IT Managers who have the skills, talent and the spirit to become CIOs. The NEXT100 programme engages with thousands of aspiring CIOs like you, giving them an opportunity to demonstrate their techno-commercial, managerial and leadership skills--and engage with a prestigious committee of CIOs--to support their candidacy. NEXT100 awardees will be profiled in the NEXT100 book which will be sent to India’s top 1000 CIOs. It is now your turn to rise above the rest. Your turn to call the shots. Your turn to BE THE NEXT100. Event By

A Question of answers

Targeting SMBs: Cisco is building the entire range of SMB-focused products and solutions from ground-up.

cto forum 07 JUNE 2011

PERSON' S NAME

The Chief Technology Officer Forum

P ramo d h M enon

A Question of answers

Pramodh Menon | Cisco India & SAArc

Investing in

Technology for Business Growth Small and Midsize companies form a large part of India’s business landscape. These businesses are looking for cutting-edge technologies to leapfrog to the next level. CTO Forum spoke to Pramodh Menon, Senior Vice President, Cisco India & SAARC about the company’s efforts to empower the SMEs and grow their business. Ever since making a $100 million investment in SMBspecific resources in 2008, Cisco has been continuing to expand its portfolio of products, services and financing options for small business. Have you come across some typical challenges in that market segment? Most significant challenge that SMBs face in India is related to financing for technology investments. Given the considerable capital required for integrating technology with business, SMBs agree to invest only when they are thoroughly convinced of its value

add and direct benefits to their business. Often SMBs settle for scaled down versions of enterprise-class products where they end up paying for features they may never use. This not only leads to higher integration costs, but also requires more qualified manpower for maintenance. Another key challenge they face is the lack of quality manpower and resource to help maintain and manage the technology they adopt and integrate into their business. For Cisco, SMB is the fastest growing market, and as a part of our commitment to it we took all these

challenges into consideration while building the entire range of SMB focused products and solutions from the ground-up. We made a conscious decision to not offer scaled-down versions of enterprise-class products and solutions to SMB customers. Today we have an array of products that makes Cisco a one-stop-shop for SMBs and we continue to innovate and provide solutions that will benefit the SMBs. Recently, Cisco announced two new purpose-built unified communications solutions for small and mid-sized businesses.

The Chief Technology Officer Forum

cto forum 07 June 2011

A Question of answers

P ramo d h M enon

These new Cisco Unified Communications offerings provide customers in these distinct market segments with complete, affordable, business-class collaboration systems to help drive productivity and profitability. To help SMBs manage finances for technology investments, Cisco’s financing division, Cisco Capital, offers options for periodic payments that takes away the pain of making a one-time payment. Your competitors have always painted you as ‘out of touch’ with small business and ‘too expensive or too much enterprise-level products’ pushed down to small and midsized businesses. How has this changed? What are the new SMEspecific offerings? Cisco set up the SMB business in 2004 and since then has invested over $3 billion in R&D to develop customised products and solutions for SMBs that are affordable and easy to use. Today, we offer complete end-to-end solution for small businesses. This segment also happens to be the fastest growing for Cisco globally and in India. Looking at the results of the research we conducted a few years back, we realised that the SMBs too have business requirements similar to that of a large enterprise, provided they are manageable, scalable and can be easily installed. This resulted in a range of products and services with plug’n’play capabilities that enable easy installation and minimal post deployment management, making it possible for SMBs to manage their own networks and infrastructure. Our SMB portfolio consists of technologies for Switching, Routing, Security, Data centre, Digital Media Systems, TelePresence, Unified Communication and collaboration tools, IP surveillance, Wireless and Video. Additionally, our recently launched Managed Switch prod-

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

“Cisco set up the SMB business in 2004 and since then has invested over $3 billion in R&D” uct series (300) has been very well received in the Indian market. All of Cisco's major SMB product categories seem to be growing and they're seeing increasing demand for niche specialties such as physical security and video, including WebEx. What makes this possible? What are some of those changes from the demand side? Video has definitely moved beyond our TV sets and has completely changed how we communicate at home and at a business level. Over the past one year we witnessed a phenomenal shift in demand for collaboration tools as more and more consumers and businesses accelerated their adoption of video into their communication mix. In fact about 50% of the entire current Internet traffic is video-based and we foresee this number increasing to 90% by 2013. This shift can

things I Believe in he biggest T challenge for SMBs in India is to get finance for technology investment. MBs lack S quality manpower to manage and maintain technology. he new T products launched by Cisco address the changing needs of SMBs.

be attributed to the fact that by communicating over TelePresence or WebEx, businesses are able to minimize overhead and maintenance costs, in addition to huge savings in travel related expenses. To date, Cisco personally has saved $835 million in travel costs by conducting meetings over TelePresence. Keeping this development in mind, Cisco last year introduced a series of products and service offerings designed to make Cisco TelePresence and video collaboration more affordable, simpler to manage under a common architecture, and more available through cloud services. Video has also provided businesses with a new tool to collaborate effectively, without compromising communication at a personalised level and simultaneously improving productivity. These tools also enable organisations to optimise their resources and gain a competitive edge.

“I NOW STAND OUT AMONG OTHERS…” “Winning the NEXT100 award was a matter of great pride and privilege. It has helped me recognise the potential that I have. The award has made me stand out among the multitudes of working executive managers. Now I am confident

that I will be the harbinger of a positive change...

NEXT100 AWARD RECIPIENT 2010

VINAY VERMA Senior Manager Panasonic AVC Networks India Co. Ltd.

DO YOU WANT TO BE NEXT?

If your answer is “YES!”, then we invite you to participate in NEXT100, an annual awards programme from IT NEXT.

WATCH OUT For the launch of NEXT100, 2011 on 21st June, 2011 at www.itnext.in/next 100

A Question of answers

P ramo d h M enon

SME is a different market. The products, therefore, need to be adaptable and easy to deploy. What has Cisco done to ensure this in both its Networking and SME storage portfolio? At Cisco we understand that small businesses have a lot of business-critical data and we have seen an increase in demand from small businesses for solutions that will help them better manage their storage needs, provide security, encryption, speed, and flexibility at the same time. To help small businesses respond to the dramatic growth of electronic information and meet their evolving storage needs, Cisco last year launched Cisco Small Business NSS 300 Series Smart Storage, a family of affordable, easy-to-use desktop network storage solutions with integrated business applications. The Cisco Smart Storage Family provides end users with an integrated, highly secure method to store and share critical business data. Designed specifically for small businesses with fewer than 100 employees, Cisco Smart Storage further highlights Cisco's focus on delivering the

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

affordable, easy-to-use technology small businesses need to drive productivity and growth. Cisco is also continuously working to improve and innovate for small businesses to help them meet their evolving networking needs. Earlier this year we added new networking, security and storage products to our "Connect" and "Secure" small business portfolios. These new products will enable small businesses to quickly, easily and more securely connect employees and devices with the content they need, wherever they need it and whenever they need it. Under networking, we launched Cisco RV220W, that connects easily to the Internet, other locations and with employees working remotely. With fast access to large files and multimedia applications, this router helps small offices stay productive. The services end of Cisco's smallbusiness focus has similarly evolved. I believe it is structured differently than other services organisations within the company. How does it help the SME users?

Interesting thing to note is that SMBs are adopting services strategy a lot faster than enterprises. Small businesses need to keep their network operating and their company competitive. By choosing from our customised service plans, SMBs can meet their changing needs. Our support services include expedited hardware replacement, software updates, online chat support, access to our Small Business Support Center as well as peer support via contacts with the Small Business Support Community. Additionally, the services arm of our business enable SMB’s achieve greater profitability and differentiation with customised solutions. We also provide Smart Care Services that focus on applying intelligence in the customer’s network and help deliver comprehensive network maintenance and support. For instance keeping in view SMBs limited IT resources, Smart Services proactively monitors the network, shares critical feedback when something goes wrong in addition to insightful information that can be used to enhance network performance.

“TOP CIOs RECOGNISE ME…”

“The NEXT100 book was great...some top CIOs recognized me in seminars, and congratulated me on my achievement...the

recognition has definitely accelerated my chances of becoming a CIO.”

NEXT100 AWARD RECIPIENT 2010

DEEPAK AGARWAL Deputy General Manager Indian Oil Corporation Ltd.

DO YOU WANT TO BE NEXT?

If your answer is “YES!”, then we invite you to participate in NEXT100, an annual awards programme from IT NEXT.

WATCH OUT For the launch of NEXT100, 2011 on 21st June, 2011 at www.itnext.in/next 100

Best of

Building a Better Mousetrap Leaders today require a mixed approach. Pg 23 Identifying Information That Really Matters Pg 25

illustration BY Shigil N

Breed

featureS inside

Prolific SharePoint Sites % Undermine Governance

Data Briefing

2.5

decline in India's Printer, Copier and MFP Market in q1, 2011

cto forum 07 June 2011

CIOs and GCs need to invest together in modernising their information governance practices.

By Jake Frazie

usiness teams find collaborative tools such as Microsoftâ&#x20AC;&#x2122;s SharePoint invaluable for tasks such as sharing documents and ideas, maintaining version control of work product, and creating everything from new products to document workflows. However, as we saw with the exponential growth of email in the early 2000s, in the absence of The Chief Technology Officer Forum

sound policies and controls to enforce those policies new productivity tools can quickly grow out of control. Today, companies are finding themselves swimming in SharePoint sites much as they have with overgrown email servers and PST (and NSF) files. According to KMWorld the number of SharePoint user licenses is more than 130 million, and according to aÂ Global360 survey, 97 percent of organisations

i n f o r m at i o n g o v e r n a n c e

B E S T OF B R E E D

The reality today is that inactive team sites are being backed up everyday and represent tremendous latent risks as one day a future document request could require them to be reviewed by outside council for privilege. will eventually use SharePoint. Clearly, SharePoint is here to stay and must be dealt with. The key to managing SharePoint team sites, as with all electronic information, is the disposition (e.g., deletion) of information once it no longer has business value and is not subject to a litigation hold or regulatory retention requirement. To accomplish the defensible disposal of information, including information in SharePoint sites, companies must put in place and enforce a record retention policy that recognises the three major reasons to keep information: business value, regulatory requirements and legal holds. According to the Compliance Governance and Oversight Council (CGOC) Information Governance Benchmark Report, large organisations seem to be aware of this problem but are not able to overcome the challenges. Specifically, the study states that 85 percent of organisations include electronic information like that housed in SharePoint in their document retention policies; however, 77 percent noted that their policy is not currently “actionable” with regard to electronic information. “Today, virtually all corporate information is managed by IT in its original form and its many duplicates, yet the survey showed that legal holds and retention management practices still function as if information is simply physical records managed by records personnel and general employees,” said Deidre Paknad, CGOC founder and president & CEO of PSS Systems, an IBM company. “The survey also showed that while legal executives are well aware of the risks, they have yet to bring the CIO to the table. As data volume continues to rise, so does cost and risk – it’s imperative that CIOs and GCs

recognise that they share responsibility and invest together in modernising their information governance practices to enable rigorous compliance and defensible disposal.”

Understanding the problem Imagine a team of marketers at a pharmaceutical company preparing for a launch of a new drug. The marketing team generates a glut of marketing materials, including brochures, magazine and television advertisements, magazine inserts, warning labels, etc. But many other departments need to access this material. For example, researchers and subject matter experts as well as regulatory and compliance officials need to review text and messaging, while internal and external media teams must adapt the material to the needs of their specific venues. In most cases, such a launch results in dozens of SharePoint sites, but for the purposes of this example, we can consider it as a single site. Without SharePoint (or another collaborative document management tool), numerous in-person meetings would be necessary, with significant time and money invested in bringing teams together. Also, dozens, hundreds or even thousands of emails would be sent back and forth as copy and graphics are created and reviewed. Days and weeks would be lost to delays, confusion over versions, and unnecessary rework. Instead, a SharePoint site can be set up that provides team members with specific access only to the content they need to see. Each version can be “locked” while the next reviewer is reviewing the document to ensure proper version control, and notifications can be sent to the next reviewer when it is their turn to review a given document.

The benefits go further than these business process advantages. Gigabytes of email traffic can be avoided, as well as the top-tier storage of hundreds of multi-megabyte attachments, such as PowerPoint presentations, that often have only minor changes from version to version. From a security standpoint, all these “loose” copies would not be created, and teams would access the material from a secure site requiring the proper credentials. Because the launch is a critical business objective, the team’s request for SharePoint sites is taken very seriously, and IT fulfills the request quickly. Setting up a site is rather straightforward from a technical standpoint, and the licenses for SharePoint are “free” or at least relatively inexpensive. So far, so good. However, what happens to the SharePoint site after the drug is launched? What about when the product has reached end-of-life? How does IT know when it can “shut down” the site, and what will be done with the documents in the site? What about the wiki’s and blogs and other structured content? What is the total cost to IT of owning all this content? The retention policy may actually answer these questions, but as the CGOC study illustrates, the more important question is how the policy will actually be enforced. The reality today is that inactive team sites are sitting indefinitely on top-tier storage. They are being backed up every day and represent tremendous latent risk as one day a future document request could require them to be reviewed by outside counsel for privilege.

The solution The CGOC’s report outlines a roadmap to better information governance. The report The Chief Technology Officer Forum

cto forum 07 June 2011

B E S T OF B R E E D

i n f o r m at i o n g o v e r n a n c e

notes that 30 percent of respondents are well on their way. How were these organisations able to bridge the gap between what the policy states and how to make it actionable? The first step is executive support. To quote one of the CGOC’s survey respondents, “Executive support is a MUST to move forward with information governance.” One tried-and-true method to gain executive support is to “scare them straight.” Fortunately (or perhaps more accurately, unfortunately), there are myriad examples of companies in almost every industry that have had a very painful and public “root canal” from an e-discovery standpoint. Some research to find if one’s own company, or a close competitor, has had such a procedure forced upon it is well worth the time and effort. It is then easy to prepare a very short presentation outlining the legal and PR risks to the organisation For example, the software that helps faciliwhen proper information governance politate the archiving of important data (which cies are not in place – and followed. allows a SharePoint site to be shut down) In fact, several executives also have skin in also has tremendous benefits for how the the game. For example, the CSO’s office will data is stored while a SharePoint site is alive. benefit from tightened governance controls External Blob Storage (EBS) is one data via reduced data leakage of trade secrets and management capability built into SharePoint other proprietary information. The general that can yield tremendous savings in MSS counsel is obviously a key ally and co-presentlicensing, and Remote Blob Storage (RBS) er, as well. CIOs and CTOs may be the top is a great vehicle for archiving content once beneficiaries, though, for several reasons. a site can be decommissioned. RBS can And, while SharePoint is often considdeliver reduced technology spend and sound ered to be “free” (or almost free), and from information governance as the document a licensing perspective this is reasonably retention policy can “take over” managing accurate. However, Microsoft SharePoint the information once it’s archived. Server (MSS) licenses for housing the data, Another approach is to use the current the top-tier storage they sit on, and the addirecords management repository to sit tion of time to the daily backup window, “underneath” SharePoint to apply govercarry steep costs. nance and retention policies in a transparAs soon as executive sponsorship is ent and seamless way for sites that are, for established, the next critical step is creating example, going to be used indefinitely. a cross-functional taskforce or governance These are just a couple of examples of committee. In the CGOC survey, 57 percent how a document retention poliof respondents noted that they cy can be applied to SharePoint, have such a committee in place. but given the technical nature This step is not overly difficult. of the solutions suggested As representatives from the above, it is clear that legal and CTO’s office, the CIO’s office, respondents records management cannot the GC’s office, the CSO’s

Prepare a short presentation outlining the legal and PR risks when proper information governance policies are not in place.

57%

office, and other departments such as HR and records management all come together and communicate, they can quickly find that their respective interests are aligned.

cto forum 07 June 2011

are planning to create a crossfunctional taskforce.

The Chief Technology Officer Forum

achieve this without very close collaboration with the CIO’s or CTO’s office. A cross-functional task force with executive support is the foundation of information governance.

Don’t reinvent the wheel If you’re ready to ensure that the proliferation of SharePoint sites won’t undermine your organisation’s information governance efforts, here are three resources to help you define a vision and roadmap, develop the necessary processes, skills, and cooperation with IT, and enable change management for instituting rigorous compliance in concert with defensible disposal: CGOC - The CGOC Council is a corporate practitioners’ community with 800 members in legal, records management and IT functions from global companies. CGOC holds meetings throughout the year, publishes benchmark reports, papers, and online reference library, and provides a professional network. The CGOC Benchmark Report on Information Governance is important reading for anyone focused on unifying processes across legal, records and IT functions to lower risk and cost. Information Management Reference Model (IMRM) - This model is promulgated by the Electronic Discovery Reference Model (EDRM) organisation in recognition that the vast majority of e-discovery cost and risk arises from a company’s inability to dispose of data in the routine course of business. www.edrm.net. Information Governance Process Maturity Model – This model helps companies assess their current governance process maturity and determine the levels of risk and costs associated with current practices and process improvement. —Jake Frazier has built his career around helping legal departments and law firms identify, evaluate and implement information governance and e-discovery policies and solutions. In his role with Huron Legal, he advises companies across sectors such as oil & gas, energy, healthcare, and financial services. In addition, he is also a faculty member of CGOC, he participated as a founding member of the Electronic Discovery Reference Model (EDRM), and is a member of the Sedona Conference Working Group. Prior to joining Huron Legal, he was senior director of Information Governance and eDiscovery at EMC Corp. Jake can be reached at jfrazier@huronconsultinggroup.com. —This article appears courtesy www.cioupdate. com. To see more articles regarding IT management best practices, please visit CIOUpdate.com.

m a n ag e m e n t

B E S T OF B R E E D

Building a Better Mousetrap Leaders today require a mix of perspectives, thinking and management framework.

illustration BY Joffy Jose

By Faisal Hoque

nyone who has watched a VietnamÂ war movie has seen the M113 tracked troop carrier. The squat, boxy vehicle that looks like a tank without a gun was the United Statesâ&#x20AC;&#x2122; armored personnel carrier of choice for much of the Cold War era. It was flexible, able to traverse rough terrain, afford a dozen or so troops protection from small arms fire, mines and small projectile weapons, and could even float for water crossings. It was a proven, dependable workhorse still in use today with nations all over the world. As weapon systems advanced and the Soviet threat continued to evolve through the 1960s and 1970s, the U.S. military decided it needed a replacement for the M113 APC. What it desired was a faster, more maneuverable vehicle for the battlefield of the future. That was the conception of the M2 Bradley Fighting Vehicle, named for World War II General Omar Bradley who played an instrumental role in liberating Europe and defeating Nazi Germany. Bradley, who served under General Dwight Eisenhower and commanded General George Patton, was known for being a pragmatic and disciplined leader who deftly managed the battlefield and acted in the best interest of the comThe Chief Technology Officer Forum

cto forum 07 June 2011

B E S T OF B R E E D

m a n ag e m e n t

improvements, the Bradley is mon soldier. The Pentagon’s one of the Pentagon’s greatest choice to memorialise the new blunders of all time. APC after Bradley would ultimately prove ironic given the mismanagement of the entire Lesson learned development program. Dismissing the Bradley as miliThe Army and Marine Corps tary and bureaucratic ineptitude had two simple requirements is easy. In fact, it’s a classic for the Bradley: protecting example of what happens when soldiers and speed to keep you put technology ahead of the up with the new 50-ton M1 objective. Pentagon brass was Abrams tank, which flew over so enamored with what they the terrain at 60 miles per could do with the weapons and hour. Upsetting the plans were machinery that they overlooked innovations made by the Sovithe practical implications of et Union, which in the 1970s their decisions. introduced an armored perWhile Bradley project managsonnel carrier known as BPM ers and Pentagon procurement infantry fighting vehicles. officers believed they were These weapon systems had acting in concert, the reality the armor of a conventional was a lack of communications personnel carrier, plus the motivated by a blinding desire speed of a scout vehicle and a to field a new system. While weapon slightly bigger than a large caliber machine gun. military and government procurements are distinctly unique The Soviet’s BPM deployment greatly distressed the Pentagon. compared to project and operational management in the private Some people would say it gave the Pentagon just the excuse it sector, the lesson of the Bradley is the need for convergence and needed to turn the Bradley over to its corrupt, inefficient and placing the mission objective ahead of the technology. wasteful procurement system. Even the best intentions of the best leaders can leave the organiPlanners submitted a series of change orders to modify the sation befuddled. Perhaps, however, we should cut them some Bradley to counter the Soviet threat and perceived capabilities. On slack. Leaders today are charged with creating organisations that top of its original requirements, the Bradley was given a 20-milare agile and resilient, global in perspective yet sensitive to a limeter gun for firepower and a TOW anti-tank weapon giving single customer whim, constantly adding new ventures while perit the ability to take on the Soviet T-72 and T-80 tanks, which fecting the old, and assessing a glittering array of new technolooutnumbered NATO forces by five to one. Everything seemed pergies while holding the line on spending. fect, except for a few things. The Bradley’s thin aluminum armor Many challenges stand in the way of government, businesses didn’t provide the strength to stand toe-to-toe with a Soviet tank. and corporate leaders, and overcoming these challenges requires The addition of guns made the Bradley taller, negating its use as a new perspectives, thinking and management framework that scout vehicle. Its heavier weight made water-crossing operations come together in a focused plan of action. Some of these manageimpossible without the addition of a complicated floatation sysment framework and tools will be used by the C-suite, others by tem. And the weaponry and ammunition took up so much space project teams, but their efforts will mesh together and unify the that the vehicle could only carry five or six troops, limiting its enterprise top to bottom in its decision-making and execution. utility as a personnel carrier. Worse, the military never field-tested This is business-technology management convergence. the Bradley prior to deployment in 1983. A combination of weak armor, poorly placed fuel tanks and high profile made it highly susceptible to detection and —Faisal Hoque is an internationally known entrepreneur and destruction. It wasn’t until 1985 that the first liveauthor, and the founder and CEO of BTM Corp. BTM innofire tests reveal serious protection deficiencies. And vates business models and enhances financial performance problems with the swimming system led to several by converging business and technology with its products decline in spam soldiers drowning during training exercises. and intellectual property. His previous books include SusTesting and post-deployment experiences forced tained Innovation and Winning The 3-Legged Race. His volumes after the Pentagon to spend billions of dollars in retrofits latest book, The Power of Convergence, is now available. Rustock Botnet to give the Bradley “improved survivability.” With was taken a development cost greater than $10 billion, an —This article appears courtesy www.cioupdate.com. To average unit price of $3 million a piece, and a postsee more articles regarding IT management best practices, down. deployment improvement price tag of $5 billion in please visit CIOUpdate.com.

Leaders today are charged with creating organisations that are agile and resilient, global in perspective yet sensitive to a single customer whim, constantly adding new ventures while perfecting the old.

15%

cto forum 07 June 2011

The Chief Technology Officer Forum

m a n ag e m e n t

B E S T OF B R E E D

Identifying Information That Really Matters

Decision-makers need the right amount of information in the right format at the right time. By Larry Bonfante

PHOTO BY photos.com

ately there has been a great deal of focus on the topic of business intelligence, and with good reason. Being able to separate key information from the mountains of data we all collect in our organisations is critical. Even more critical is being able to provide our key decision-makerswith the right amount of information in the right format at the right time so they can make intelligent strategic decisions. So how, exactly, do you pull this off? Give me three minutes to explain I am a big believer in the “power of three” approach when it comes to delivering critical information to key executives. “Now wait a minute,” you’re probably saying. “I have hundreds of pertinent data elements that reside in multiple databases. How do you expect me to limit this to three?” My experience has been that providing people with too many data points and too much information is just as bad as not providing enough. While there’s no doubt there’s many data that are germane to running a business, you should limit how much of it you provide to your executives. Keep it to three key elements, and communicate with them to determine which three data points make the most sense. Let’s look at a practical example. One of the most strategic initiatives at the USTA these days is our 10 and Under Tennis program. The focus of this effort is on providing children with the right-sized equipment, balls and courts to allow them to have early success -- and fun -- playing tennis. The easier it is for them to learn the game and to feel competent at it, the more fun they will have and the more likely they will be to continue to play. There are countless metrics that could

help gauge whether our youth initiative is succeeding. But, after a great deal of conversation with the executive who is leading the programme, we have settled on these three: How many facilities are providing 10 and Under Tennis programs? How many programs are there in the United States? How many kids are registered to participate in these programs? Our thinking is that, while there are many other interesting metrics we could capture and review all of these other metrics are driven by these three main data points. Before you decide that three is too small a number, ask yourself three questions: 1. Do your executives love to plow through reams of data? 2. Do they have time on their hands to review countless data elements?

3 .Do they have endless patience to find the hidden treasures in the data? Right. I didn’t think so. In the end, perhaps it all comes down to a practical application of Albert Einstein’s “Three Rules of Work: Out of clutter find simplicity; from discord find harmony; in the middle of difficulty lies opportunity.” —Larry Bonfante is CIO at the United States Tennis Association and founder of CIO Bench Coach, LLC, an executive coaching practice for IT executives. He is also author of Lessons in IT Transformation, published by John Wiley & Sons. He can be reached at Larry@CIOBenchCoach.com. —This opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.

The Chief Technology Officer Forum

cto forum 07 June 2011

Case Study | max healthcare

Empowering Life Savers With Diagnosticson-the-Go Challange:

With an application that securely connects an archive of medical scan images, lab reports and patient information with smartphones that clinicians can access wherever they are, Max Healthcare is not only slashing turnaround time and treating more patients, it is saving lives. By Harichandan Arakali

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

his, in a CIO’s own words: “About three months ago, when we were doing a proofof-concept of this application, a person was admitted to the hospital’s trauma care unit in the early hours of the morning. The radiologist, who was not in the hospital at the time, at 2:30 a.m. or so, was able to access the x-ray image on his smartphone and spot a dangerous bleed. That helped doctors at the hospital save the trauma patient’s life.” What happens when highly trained medical doctors, clinicians and surgeons with a lifetime of experience in their respective specialisations, leapfrog from the PC to the smartphone and the tablet? The short answer is, they treat more

c a s e s t u dy

COMPANY DASHBOARD Company: Max Healthcare Established: 2001 Headquarters: New Delhi network: 8 hospitals in Delhi and NCR with 1500 physicians and 3000 support staff

B E S T OF B R E E D

stored on a system called Picture Archival System-PACS. The system then allows you to view the images anywhere using a smartphone,” Pahuja said. Pahuja’s team has deployed an application that is bringing an increasing number of Max Healthcare clinicians images, reports and other patient information wherever they are. “The application allows us to view images on the iPhone, the iPad and the Blackberry.” she said. A clinician can be on the move, and still access the images or even Lab results on his or her smarphone and “we’ve found that the resolution needed to view x-ray quality images is available on the these devices, especially the iPhone, the iPad and the Blackberry Torch.” From the point of view of security, the CIO and her team have put in place some processes that ensure that the data is protected: these include passwords, erasing of data and restriction of access to the data after a limited time period and so on. These processes are also automated, making them more difficult to tamper with. “We’ve got this application working for us today, with our clinicians, and we’re quite excited about it, actually. For me personally, seeing it work was a big high because we managed to save a life. We’ve had a lot of cases where it’s helped people,” Pahuja said.

From Patient Diagnostics to Business Expansion

photo by Subhojit Paul

Neena Pahuja, CIO, Max Healthcare, enabled medical doctors, clinicians and surgeons to leapfrog from the PC to the smartphone and the tablet.

patients and save more lives. In corporate hospitals and hospital chains, they also help the CIO organisation cut costs without compromising on the quality of patient care delivered. In many cases, they actually improve the quality of care delivered. The convergence of mobility and cloud computing and storage is bringing to hospitals the potential to revolutionise the way in which they treat patients and in the range of treatment they can offer as well. Time zones and geographical barriers collapse and a patient can access specialists from New Delhi to New York. “What we’re trying to do here is that, in our hospital, if you get an x-ray scan done, for instance, the images are

Max Healthcare was looking to deploy a solution that would bring together the disparate systems the hospital had for managing images, reports, labs, and even billing. The result was a solution that would tap the convergence of cloud computing and storage, and wireless mobility to achieve consolidation of all diagnostics information, including the most complex: the radiology data, with images easily running into megabytes. The deployment allowed Max Healthcare to compress and beam, or stream on to a web browser, clinically relevant data to the specialists. The proof-of-concept pilot happened with about six clinicians, including the radiologist who viewed the trauma patient’s scans that we started this narrative with. Each of them got real-time access to his or her patient’s data on a smartphone, which via the native application downloaded and installed, established a secure connection with Max’s data centre. Further, when Max Healthcare started this pilot, in early 2010, 3G still not available in India, and Pahuja was looking for a solution that would work on 2G technology. In February this year, after a contract was signed with MphRx, the roll out began in earnest and some 50 clinicians at Max Super Speciality Hospital, in Saket in New Delhi, the flagship hospital of the Max Healthcare chain, are already using the application. What happens in the very near future is a roll out that

The Chief Technology Officer Forum

cto forum 07 June 2011

B E S T OF B R E E D

c a s e s t u dy

will expand in multiple directions: In addition to images, several other types of diagnostics reports, such as those from a host of laboratory tests, will also become available on the smartphones. The deployment will also cover more hospitals on the chain, and eventually provide controlled access to “affiliates” of the hospital chain as well that regularly refer their patients to the hospital chain. The context for this deployment like this: There is small set of objectives that any corporate hospital would want to constantly raise the bar on, each of which will then feed into making the hospital a more profitable business. Together they form a kind of a positive-feedback loop with improved patient care quality and higher profitability feeding each other. One or two levels lower, this would mean improving turnaround times, in emergency cases for instance, boosting the productivity of specialists and senior doctors, making it easier and more efficient for them to advice “hospital residents” who would become the future specialists, and enhancing the level of communication between doctors and patients. Improve the hospital’s performance on any one of these parameters, and it contributes to eventually making the hospital more profitable, helping the chain expand, which in turn extends the hospitals technological best practices to larger patient/customer base.

Cloud, Mobility Convergence

9% expected growth of global pacs market through 2017.

On the face of it, the concept is simple enough. There is a bad shortage of good doctors and clinicians in India and, with the nation being the largest wireless market in the world after China, healthcare delivery over the mobile phone seems to be an obvious answer. In practice, userfriendliness competes with compliance. What makes Max’s implementation a success story is the sophistication of its back-end, the elegance of the frontend, and the reliability of the entire solution. Neena, and her vendor ensured this by putting the solution where it was most acutely needed: in the hands of the best, and the most experienced specialists in the hospital chain. There is a great demand on the time of these specialists, and a simple thing like immediate access to patient records via an iPhone or a Blackberry versus driving through Delhi traffic can indeed make the difference between life and death. Max Healthcare is something of an avant garde technology user. They had already embraced cloud computing through their infrastructure-as-a-service engagement with a wellknown multinational vendor. With the native smartphonededicated application that enables clinicians across the 12-hospitals-and-counting chain to access the same cloud, the convergence of cloud computing and wireless mobility is a powerful step into the future of healthcare.

“I GOT PROMOTED TO DIRECTOR IT...”

“I got a promotion NEXT100 internally to AWARD RECIPIENT the position of 2010 Director IT…” ARUN KUMAR Director IT GlobalLogic India Pvt. Ltd.

DO YOU WANT TO BE NEXT?

If your answer is “YES!”, then we invite you to participate in NEXT100, an annual awards programme from IT NEXT.

WATCH OUT For the launch of NEXT100, 2011 on 21st June, 2011 at www.itnext.in/next 100

COVE R S TO RY

XXXXXXXME

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

succe s si on pl an n i ng

Bridging the talent gap and putting a smooth succession plan are imperative for a corporate to sustain optimal performance. The onus of ensuring this lies on the CIO.

COVE R S TO RY

Building the

Next Gen CIOs By Yashvendra Singh & Varun Aggarwal

ILLUSTRATIONs BY ANIL T

ot having a plan for succession could well spell hara-kiri for a corporate. In the eventuality of a CIO leaving the company, not having a worthy successor could lead to a disruption in the corporateâ&#x20AC;&#x2122;s functioning. The onus of shaping this smooth leadership transition lies on the CIO. Putting in place a plan for succession involves two critical components â&#x20AC;&#x201C; hiring and grooming. 'Catch them young', as they say. Hiring the right talent, which can then be moulded for a specific role, is the first crucial step. The CIO would also have to identify and monitor the right talent (his potential successor) from the company's human resource pool and invest resources to groom him for the future role of a CIO. While the exercise may demand time and resources from a CIO, it is mutually beneficial. Enabling his team members to take up responsibilities and preparing them to get into his shoes will also provide him an opportunity to move to a higher level in the organisation.

The Chief Technology Officer Forum

cto forum 07 June 2011

COVE R S TO RY

XXXXXXXME

Getting

Hired

CIOs are increasingly looking at attributes such as flexibility and an aptitude to learn rather than hard core technology skills when it comes to hiring fresh talent.

iring the right human resource is a challenge for any organisation. Staffing the IT department with people who can deliver and at the same time fit into the overall corporate culture is by no means an easy task. Recruitments happen at two levels – entry level and replacement – and for both, CIOs have to look for specific qualities. After all, it is possible that the fresher or the IT manager being recruited today could well rise to become the company’s CIO. So what are the qualities that a CIO looks for in a potential recruit? How involved are the CIOs in the overall hiring process? How does IT hiring happen? Above all, what are the key things a CIO should keep in mind before hiring? “A key attribute that we look for while hiring a fresher for a technology profile is the right attitude. While the basic technical qualification is a given, I believe knowledge and skills are acquired with time. It is the attitude that counts,” says Daya Prakash, CIO, LG. “It is a dynamic world today where technology changes fast. An organisation would, therefore, want someone who is not an expert

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

“There are enough people in the market who are into programming and who can deploy technology, we therefore don’t focus too much on technology expertise in the candidate.” Hilal Khan,

CIO, Honda Siel Cars

on just one technology but has general awareness, and more importantly, should have the flexibility of learning new things,” he says. Hilal Khan, CIO, Honda Siel Cars, says he does not think if the candidate to be hired will some day get into the shoes of a CIO or not. “At the time of hiring, we don’t have the CIO role in my mind. We just look for that particular position. There are enough people in the market who are into programming and who can deploy technology, we therefore don’t focus too much on technology expertise in the candidate,” he says. “A typical candidate for our IT department should be logical, self starter, dynamic, and should possess good business and general knowledge,” says Khan. When it comes to recruitment at relatively senior posts, a CIO has to look for qualities that he would want in his successor. As UK-based David Henderson, IT Strategy Leader, says, “There are three most important things a CIO has to keep in mind. He should gauge if the individual has what it takes to eventually succeed him. Secondly, he should find out whether or not the individual has the business-savvy track record or the potential to engage confidently and compe-

photo by DR LOHIA

By Yashvendra Singh

succe s si on pl an n i ng

COVE R S TO RY

“CIOs often fall into the trap of seeking the exact match for the requirement. The recruit should be flexible and adaptable to different technologies instead of just focused on a particular technology or platform.” Daya Prakash, CIO, LG

tently at the highest level with the executive peers. Thirdly, the hiring CIO should look at what new capability, insight or mindset will the potential recruit bring that the company does not have and it needs.” While the Human Resources (HR) department plays an important part in the overall recruitment process, most CIOs step in at the final stage of recruitment. In LG, for instance, the HR floats the requirement and passes the

relevant resumes to the IT team. “The first level filtering and the second level interview are done by my team. I step in only to gauge certain traits that my team has failed to gauge,” he says. For Khan, hiring “is a collaborative and cohesive process.” He says, “The HR department has a session with us to understand our requirement. The resumes are then sent to us for short listing. The first two rounds of

We are Hiring

T hiring activity is set to increase in the coming months as corporates revive formerly delayed upgrades, and implement new technologies, according to a leading provider of technology professionals. “Companies are recognising that moving ahead with formerly delayed upgrades and implementing new technologies can give them a competitive advantage," said John Reed, executive director of Robert Half Technology. "Firms are investing in projects designed to create business efficiencies and help improve service levels and often need more IT personnel to support these initiatives, particularly if their teams have been understaffed in recent years.” As per the recently released Robert Half Technology IT

Hiring Index and Skills Report, technology executives have forecast continued IT hiring activity in the second quarter of 2011. In the quarterly survey, 9 percent of CIOs planned to expand their IT departments, and 2 percent expected cutbacks, for a net 7 percent increase in hiring. The IT Hiring Index and Skills Report is based on telephone interviews with more than 1,400 CIOs from companies across the United States with 100 or more employees. The net 7 percent increase in IT hiring activity is up from a net 5 percent forecast this time one year ago, but down one point from the first-quarter 2011 forecast. The functional areas in which executives foresee the greatest challenge in finding skilled IT

professionals are security and networking, each cited by 13 percent of executives interviewed. Applications development and help desk/technical support followed, with 11 percent and 10 percent of the response, respectively. Network administration remains the skill set in greatest demand, cited by 65 percent of CIOs. Windows administration (Server 2000/2003/2008) ranked second, with 60 percent of the response, followed by desktop support at 57 percent and database management at 52 percent. The finance, insurance and real estate sector leads all industries in hiring expectations.

interviews are done by the HR, while we take the final interview to gauge his general knowledge and domain expertise.” CIOs are also deploying automated recruitment technology in their organisations to make hiring easier and effective. Others are leveraging the power of social media to aid their recruitment process. Khan, however, feels harnessing social media for hiring doesn’t make too much sense for a company like Honda Siel Cars. “Social media should make business sense for me and not just be a tool. Its usage would depend from company to company. Social media can work for IT companies where there is a high attrition rate and thousands are hired. We have lesser numbers. Besides, our organisation is mature. Also, our production will not shoot overnight for us to recruit in large numbers. We recruit in small numbers as and when our capacity is ramped up.,” he says. Prakash believes that a CIO should not have the fixation of seeking the exact match for the requirement. “CIOs often fall into the trap of seeking the exact match for the requirement. With technology changing fast, the recruit should be flexible and be able to adapt to different technologies instead of just focused on a particular technology or platform. Otherwise, the candidate and the organisation both will suffer,” he says. On the other hand, Khan says, “A CIO should keep in mind that the potential recruit should not be offered a salary based on his last salary. Instead, he should be offered a salary based on his potential.” While hiring may be a challenging process, by assigning all the resources it deserves, corporates stand to reap rich dividends in the long term.

The Chief Technology Officer Forum

cto forum 07 June 2011

Grooming Next CIO the

Succession planning may sound threatening to some, but if done well, it can help you grow better and take up newer and bigger responsibilities. By Varun Aggarwal

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

s organisations increasingly use information and communication technologies to differentiate themselves in the competitive marketplace, the role of the CIO has only grown in importance. Hence, an effective planning process is needed to identify and create the next pipeline of IT leaders in tune with the organisation’s priorities and requirements. Traditionally, in end-user organisations, the MIS function had end-to-end responsibility of not only managing the IT infrastructure (back office), but also of identifying and designing IT solutions for business needs (front office). With the increasing complexity of IT infrastructure, a large part of MIS resources’ time and effort in these end-user organisations is being spent on managing back office activities thereby leading to a possible dilution of focus on implementing new business value-adding IT initiatives. Organisations are increasingly pushing their top executives including the CIOs to draft a succession plan and prepare the next inline. However, many CIOs see this as a threat to their job as this would possibly

make them redundant in the organisation. But there are some CIOs who see this as an opportunity rather than a threat. Explains SC Mittal, Executive Director and Group CIO, IFFCO, “Few years back I had so much work to do that I didn’t even have time to talk to anyone in the office. That was when I took all the work to myself and didn’t delegate too many responsibilities. However, what I’ve realised is that by enabling my team members to take up responsibilities and prepare them to take up my role, I have the opportunity to move to a higher level in the organisation.” The IT operations today at IFFCO can smoothly run even when Mittal is not there in office or out on leave as his team is well equipped to take decisions. But what did it take him to achieve this? A multi-layer grooming process for the team, he says. “We make sure our team members are well-equipped with the latest technologies, be it cloud computing, virtualisation etc. by sending them regularly for such trainings.” With the technical advancements in the IT sector, it is important for the team members to keep abreast with the latest technologies.

succe s si on pl an n i ng

“What I’ve realised is that by enabling my team members to take up responsibilities, I have the opportunity to move to a higher level in the organisation.” SC Mittal

Executive Director and Group CIO, IFFCO

be unlocking the potential within their existing team,” he says. “In our experience we appreciate that relevant IT education programmes help our business make the most of our resources – both technology and people. In the long term, this may even help replenish the well of talent, as clearer paths – from entry-level positions to senior management – get young people and potential career-switchers thinking about IT,” Manikkam added. During recession Henkel CAC decided to invest in building the skillsets of its employees in order to prepare for any adverse situation. Apart from planning for succession, the investment into employee grooming also meant a boost in productivity and morale in the staff which was much needed.

“We picked out the key competencies that would really make the biggest difference in my succession planning.” Manikkam VS

Head I.T. & Asst. General Manager – Materials, Henkel CAC

Henkel therefore, devised a scientific approach towards succession planning. “A leadership competency model should serve as the foundation for any organisation’s leadership development system. An effective model allows an organisation to clearly define what leadership competencies are required in order for an organisation to be successful, both now and in the future. Leadership development systems (selection, assessment, development, performance management, succession planning) can then be aligned to support the development of these competencies,” explained Manikkam. Manikkam created a strategic leadership development model to show the connection between the business strategy, the competency model, and the alignment of the leadership system. “We picked out the key competencies that would really make the biggest difference in my succession planning. Then I polished up the model by getting some professional help when required.” This model was reviewed with the senior team, along with a communication plan to support the introduction of the model to the rest of the organisation. “In the long term, this may even help replenish the well of talent, as clearer paths – from entry-level positions to senior management – get young people and potential career-switchers thinking about IT,” he said.

The Chief Technology Officer Forum

cto forum 07 June 2011

photo by Shamik

Technical training, however, is not enough for enabling his team members to take up his responsibilities, Mittal feels. Therefore, employees are regularly sent for managerial and soft skills trainings as well. Moreover, an interface is created for the employees with the management so that they can regularly understand the business needs and are comfortable in interfacing with the business. You just need to review this process for a while and then allow the employees to take independent decisions. This initiative has not only helped in building the next in line, but has also greatly improved employee satisfaction as they now feel empowered in the organisation. Mittal on the other hand is now actively working as an advisor to the board on how technology can enable new business opportunities for the company and how it can enable quicker execution of the business plans. “You either take every responsibility on yourself and feel most important in the organisation or work in collaboration with your team and enable them so that you can move up into larger roles,” Mittal says. Similar is the case with Henkel CAC. Manikkam VS, Head I.T. & Asst. General Manager – Materials, Henkel CAC has drafted a well documented succession plan in his organisation. “For innovative IT managers, new technologies such as virtualisation and cloud computing are at the forefront of their plans, but these require skills that existing IT staff may not possess. As the pool of talented new recruits diminishes, business should

COVE R S TO RY

XXXXXXXME

Lateral

Hiring

The CIO needs to recognise that lateral hires can be as effective as technology staff for stepping into his shoes.

ver the weekend, I was returning from a trip along with a score of other CIOs when an interesting debate started as the aircraft was taxied for take-off. In jest, a fellow CIO raised the question, “What would happen to the industry, our companies and the IT world at large, if the plane were to have a mishap? Apart from loss of 20 of the IT industry’s brightest minds, what other

“Hiring from outside normally creates a gap, and learning curves can be counterproductive.” Arun Gupta

Group CIO, Shoppers Stop

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

repercussions would the industry see, or our companies feel?” It set off a chain of thoughts which required serious thinking. Every mature organisation gives a lot of focus to developing layers of management. These organisations encourage its leaders to identify high potential talent, which can be groomed to take on higher responsibilities. Such an exercise is of help when the organisation faces attrition at senior levels or expands, creating new opportunities for existing leadership teams. In such situations, the next levels of leaders are able to take on the mantle with minimal disruption to operations and strategic directions. However, life does not always follow a pattern. Thus, there are disruptions when employees leave suddenly, or the planning process has not been able to groom a pipeline of leaders. Hiring from outside normally creates a gap, and learning curves can be counterproductive. This does not imply that organisations should always promote internal talent, but a move to provide the opportunities internally does definitely offer continuity. Coming back to the IT organisation, CIOs have come to the fore over the last decade. CIOs have taken on business challenges, and proved themselves by engaging the enterprise beyond usual technology solutions. Their contributions have been recognised, and many have permanent positions within management teams. In a few cases, they are also invited to join the Board.

As the CIO’s stature grows, so does the teams’ aspirations. Gaps in business understanding, communication, and team management are narrowing across IT staff. However, grooming a successor requires a different approach very similar to Boards grooming the next CEO. The CIO should consciously work towards creating the next level of leaders who s/he can depend upon in cases of exigency, and also provide additional bandwidth to take on sudden increases in demand or business growth. Nurturing high potential talent to become a CIO does not necessarily have to be from within the IT function. Aspiring and talented individuals from other functions could also be good candidates. This is borne out by the fact that some enterprises have appointed CIOs from business functions in the recent past. The CIO needs to recognise that lateral hires can be as effective as technology staff, while taking a dispassionate view. A common grievance is that the high potential next level CIOs seek opportunities outside more often, so why go through the rigmarole? If opportunities for growth are not aligned to the aspirations of the next level of IT leaders, they will seek to create their career growth outside. This can be managed to some extent by setting the right expectations, communication, and finally the CIO challenging the CEO to explore growth. Unless the CIO takes on new opportunities including lateral movement, the retention challenge will be difficult to address. Are you grooming your next level to challenge your position? Are they ready to take on your role, should you decide to move laterally, or out of the organisation? If not, start now. You owe it to yourself and the company, because your growth depends on this. Fortunately, the flight landed safely. As we collected our luggage, I had some solace that the talent pipeline was strong. —By Arun Gupta, Group CIO, Shoppers Stop

succe s si on pl an n i ng

uch is written about the future of the CIO, especially about where the role is situated in connection with executive management. Some have questioned if the role will survive in the corporate structure or be replaced with operational executives. I have never been concerned, actually. It appears that the CIO role is more important than ever before. In fact, a number of executives have articulated to me concerns that the CIO talent pool appears to be very shallow, that the same people are mentioned when new CIO opportunities become available—and those positions will be available this year, for sure. So it is becoming clear that the profession needs to start thinking about the next generation of talented CIO leaders. That responsibility lies with our existing leaders—leaders who need to prepare for the education and development of their most talented staff.

There is not enough investment in the education and development of our most talented staff. By Arthur Langer The problem is, we are not seeing enough investment. Corporations have continued to cut their education budgets. Case in point: In the Master’s degree program in Technology Management at Columbia University, my colleagues and I are seeing little increase in applications. On top of that, new CIOs cannot learn the job solely by studying those who came before them. Further, the candidate pool lacks diversity, especially withwomen in IT.

Talent-Nurturing otational Programs. R Put your star managers in six-month roles in the business units. This allows them to become much more knowledgeable about the operational aspects of the business. More importantly, it gives them exposure, so they become known across the organization. Education. Continuing education and conferences are fine, but allow your managers to enroll in a part-time degree program where they get exposed to a broader

COVE R S TO RY

education and get to network with other executives. A committed degree program also nurtures a critical and reflective person, one who can think in the abstract— beyond just the concrete needs of the business today. Diversity. This issue is of paramount importance to our future generations. Diversity goes beyond the legal and corporate requirements. The world is flat, as they say, and having a pool of diverse candidates provides a company with

broad knowledge and enhanced decisions. Leaders must promote more women and more ethnicity. Up and Out. Do not worry about losing those in whom you invest. It happens— and should happen. Great companies develop talented workers and lose some of them; there are only so many positions at the top. If you provide the program, those who leave will always remember it—as I have from my days at Coopers & Lybrand— and some will return.

Not enough future stars are investing in their education and may be ill-prepared for the challenges that lay before them. Far more concerning is the lack of interest in becoming a CIO. There are too many negative discussions that occur at the conferences I attend, with the persistent joke that CIO stands for “Career Is Over.” If CIOs themselves are not excited about the role, then who will venture to take it on in the future? Simply put, our CIO leaders need to accelerate the search for their successors. They need to create a pool of potential future stars. That includes experience in the field with the business units and an education program that broadens knowledge beyond what current managers are experiencing in their jobs. Remember, talent development is a responsibility as much as it is an investment. Being known as an organisation that invests in its people only adds to the prestige of your company. While these are just some tips, it is critical that every CIO have a clear succession strategy. If you don't, someone else from the business will. —Arthur Langer is senior director of the Center for Technology, Innovation and Community Engagement at Columbia University, serves on the faculties of the Graduate School of Business, the Graduate School of Education and the School of Continuing Education. He is also Chairman of Workforce Opportunity Services. Send your comments to editors@cioinsight.com —This opinion was first published in CIO Insight. For more such stories please visit www.cioinsight.com.

The Chief Technology Officer Forum

cto forum 07 June 2011

COVE R S TO RY

XXXXXXXME

Steps

to Smooth Succession Succession planning is all about delegating big, hairy, strategic stuff, not just superficial, well contained, safe stuff. By Patty Azzarello

find it interesting is that most companies do one of two extremes when it comes to succession planning: 1. Nothing at all; and/or 2. A very cumbersome process with lots of documents and checkpoints for multiple candidates which never amounts to anything. Let’s find something in the middle …

Get someone ready Think about succession planning in its core form: How do you get someone (specific), ready to take your (specific) job? Every manager should be thinking about this. The benefits are numerous. If you do this as a leader you score many wins: The whole organisation gets more capable You have a real and meaningful way of motivating your top performers Other people see you delegating some power, so they trust you more You get to hand off some hard work that you don't have to do personally! Succession planning is all about delegating. As a leader, you need to make sure you have someone on your team that can step up. The only way to do that is give them a

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

chance to learn and practice by delegating big, hairy, strategic stuff, not just superficial, well contained, safe stuff. They need to learn your job -- the good, the bad and the ugly.

Step 1

Let them practice your work - The first part of someone learning your job, is about the work. You need to give them opportunities to practice working at your level. A lot of times we think the way to motivate our top performers is to have them work on the most fun or interesting projects. That works to a point, but it does not do anything to help get someone ready for your job. Face it, how much fun work do you get to do? You need to give them opportunities to practice the ugly, mind-numbing, heavily matrixed, controversial, boring, unsupported, failing, no-win kind of work you deal with every day when you walk through the door. What is the hardest and most distasteful thing you do? That’s what you give your top

performer. You give them the benefit of seeing what it is really like in your shoes. They get to suffer like you do. But they also get to work on big stuff. They get access to your network and stakeholders. They have the chance to do something creative and heroic. What may be drudgery for you, can be very motivating for someone who gets to step up. Okay, you should probably give them a more pleasant task too, while you are at it … but don’t shy away from giving smart people hard work. And don’t feel guilty about it. I often did, but then I realised this was better for everybody, and that people appreciate it, not resent it, so I got over it.

Step 2 Let them practice your relationships - The next part of getting someone ready for your job is to make sure they are practiced and comfortable with the social requirements at the next level. If they are stepping up, they need to fit in socially, too.

succe s si on pl an n i ng

They need to be someone that your peers want to include personally. They can’t stand out like a sore thumb as the junior person in the room, who has no basis for relating to the big execs. You need to give your top performer a chance to practice at these relationships. Give them opportunities to present for you. Arrange one-one meetings with them and your peers. Send them as your delegate to your boss’s staff meeting when you are out of town. (Make a reason to go out of town if this never happens.) If your succession candidate does not develop personal relationships with your boss and peers they will never be ready to step into your job. And it won’t matter because they will not be given the chance. Unless your candidate is viewed by your boss and peers as someone socially worthy of the role, they won’t get it; your succession planning will fail; and either you will be stuck, or the company will go outside to fill your role when the time comes.

Step 3 Let them practice your decisions - Okay, here is where the rubber meets the road. You need to give someone a chance to practice making the decisions that you make. If you never delegate important decisions you are fooling yourself that you are doing succession planning. How will somebody ever be ready to take over, if you have owned all the decisions along the way? Will you delegate important decisions? Think about the next few months of decisions you need to make. Investments, priorities, partnerships, road maps, marketing strategies ... give your top performer the task of owning the project AND the making decisions. Let them feel the pressure of owning the outcome fully. Let them get the experience explaining, defending, and selling their choices. Let them get the experience fixing it if it goes wrong.

COVE R S TO RY

Is this scary? Yes. Might they choose wrong? Yes. Might they choose better than you? Yes (which can be scary, too). The point is, if you never let them take ownership and make key decisions, you are cutting off the single most important training you can give your successor.

—Patty is an executive, author, speaker, and the CEO of Azzarello Group, a unique services organisation that helps companies execute their strategy and develop their leaders. You can find her on twitter @pattyazzarello. —This article appears courtsey www.cioupdate. com. To see more articles regarding IT management best practices, please visit CIO Update.

HORIZONS

Feature Inside

See the Tech Tsunami Before the Impact Pg 43

Illustration by Shigil N

The Cloud has Crashed But… While planning cloud, CIOs need to evaluate the risks and balance them against the opportunities it offers. By Ian Gotts

cto forum 07 june 2011

The Chief Technology Officer Forum

t some point cloud services will be as reliable as the electricity in our homes and offices. Now, I am not an old man by any stretch, but I remember as a child in the UK, expecting to have power cuts in the winter. We took candles and matches or flashlights to bed. Wood was stockpiled to burn to heat the house. Now, that is unheard of. Until that day arrives for cloud services, it is interesting to reflect on the response to Amazon’s EC2 cloud server crash in April. Just when cloud computing was being touted as the only way that anyone will ever access data and applications, the outage seems to have knocked confidence. Or more correctly, it has helped people to look beyond the hype of the cloud vendors and bloggers. But what does the outage mean to the CIO when devising long term strategy, to the business manager and to the leadership team? First some background on how the cloud has changed the world of the independent software vendor (ISV). The cloud makes it easier to build and provide a global service. Providers like Amazon, Microsoft Azure, Rackspace and others mean that expensive servers do not need to be bought, config-

c lo u d

ured and maintained. The compute power can be purchased on demand for both development and for production. This is brilliant for the cash strapped start-up: pay more and you get more resilience. There is often more than one level of service that can be bought. Naturally no vendor buys the correct level of service that they really should, because they would rather divert funds into sales and marketing rather than resilience, which is in effect insurance. And insurance is all about probability and risk. What does this mean in terms of the Amazon cloud failure? The outage was restricted to the east coast of the U.S. and about 250 companies. There were some non-strategic but high profile apps that went down including FourSquare, Reddit and Hootsuite. If it had been a retailer’s point of sale systems, a credit card fraud detection system, a help desk case management system or a project team collaboration site, then it would have been more critical.

Strategy considerations So one outage shouldn’t have CIOs tearing up their cloud-based IT strategies. In many cases, a mature cloud vendor’s infrastructure is more resilient that many companies own data centers. However, there are many

N E X T H OR I Z O N S

14.1%

an organisation unseen. Many more “components” between the of these Stealth Cloud apps have end user and the cloud app than become a critical part of core compared to the corporate data operational processes. If or when center hard wired to the comthey go down they put the comgrowth in pany LAN. These “components” are probably all provided by difworldwide ECB pany at risk. And this is a risk that has not even been assessed ferent organisations -- many of disk storage or understood by the CIO. whom are never visible; hidden So how many Stealth apps were market in q1, behind the agreement with the running on the Amazon servcloud application provider. 2011 ers that went down? How many This means when CIOs are business units suddenly found cloud planning, they need to evalout that they were unable to work, had no uate the risks and the cost of mitigating those workarounds or disaster recovery strategy? risks when implementing a cloud service and Could the squeals be heard all the way down balance them against the opportunities the the corridor in the IT department? Maybe cloud offers. A knee-jerk reaction against the this is a strategy? Run an amnesty to get busicloud would be as bad as ignoring the risks ness users to tell you which cloud apps that imposed by a business depending on cloud are being used in each department, so a combased applications and data. Granted, it is far plete IT strategy can be devised. If you get no more difficult to evaluate the risks of a cloud response switch off internet access for a day vendor. At a minimum there are more quesor two and listen ... for the squeals. tions that need to be asked and their answers need to be closely questioned and evaluated. — Founder and CEO of Nimbus Partners, Ian But all this strategic planning and risk Gotts is the author of six books including, Comassessment assumes that the CIO knows mon Approach, Uncommon Results and Why which cloud vendors are being used. For Killer Products Don’t Sell. every one that is on the strategic plan there — This article has been reprinted with permisare probably another 100 that business sion from CIO Update. To see more articles users have discovered. This is what I call the regarding IT management best practices, please Stealth Cloud. “Stealth” because it infiltrates visit www.cioupdate.com.

See the Tech Tsunami Before the Impact

A few hard trends can help CIOs enable their company to ride into a profitable future.

s the CIO, you’re responsible for staying abreast of technological changes and making sure your company is using them to increase productivity and efficiency in all areas. But in this second decade of this new century, improving these areas will no longer be enough to provide the competitive advantage your organisation will need to stay ahead. You must also apply new technology to create new products, services, and markets that will allow your

By Daniel Burrus

organisation to clamber up on top and ride the wave into a bright and profitable future. Yes, this is possible … as long as you understand a few key hard trends. Those who don’t will experience massive chaos and dislocation. Those who do will find unprecedented opportunity. So what exactly does this technological tsunami look like, how big is it, and how fast is it approaching? To get a clearer picture of the world ahead, it’s helpful to see indiThe Chief Technology Officer Forum

cto forum 07 june 2011

N E X T H OR I Z O N s

m a n ag e m e n t

photo by photos.com

duce them), and softer in environmental impact. Laptops used to be several inches thick and weigh six or seven pounds; today they use a fraction of the material and accomplish far more than their predecessors -- and cost far less. Whatever your company has, you can make it smaller ... that is, if you want to. On the other hand, we don’t necessarily want to make everything smaller, and dematerialisation doesn’t necessarily mean miniaturisation. For example, we have the capacity to make our cars much, much smaller, but we may not necessarily want that for all models. However, we do want them to be lighter, because then they use less fuel. How do you make something lighter? Dematerialise it. Pathway No. 2: Virtualisation - When it comes to IT, CIOs are well aware of virtual storage and virtual desktops. And for those who are looking ahead at what I call hard trends, you can see that we will soon be virtualising processing power and much more. A good way to consider broader opportunities using virtualisation is to take things we currently do physically and shift the medium so we can now do them purely in a weightless, representational world. An example of virtualisation is simulation. As our technological capacity has increased, our ability to model incredibly complex physical realities in software simulations has grown to amazing proportions. Now we can test airplanes, space ships, and nuclear bombs without actually building them (let alone detonating them!). Virtualisation is transforming our world in ways we’re often not even aware of. Today, for example, the time lag from the moment the engineers at Toyota see a car in their minds to the moment it rolls off the assembly line is a mere 12 months. How can they possibly take a car from concept to completion in such a short time? Advanced simulation and virtualisation. Remember those crash dummies we used to see on television? Today’s newer generation of crash dummies are simulated along with the cars: they are so sophisticated they have a pulse, blood pressure, and other vital signs, which is possible because they exist only virtually. We can even perform a virtual autopsy that lets us see what happened to them internally.

For those who are looking ahead at hard trends, you can see that we will soon be virtualising processing power and much more. vidual streams within the technological wave. The hard trend of technological advancement flows through eight specific pathways: Dematerialisation; Virtualisation; Mobility; Product intelligence; Networking; Interactivity; Globalisation; and Convergence. Since first arriving at this list of technology-driven hard trends in the mid-1980s, I have presented it to thousands of audiences, and it has been fascinating to see how people have responded differently over the years. At first, some of these concepts seemed a little arcane or obscure. Not anymore. Today, they have all become everyday household realities -- yet still we have barely begun to experience their true power and scope.

The 8 pathways of advancement Pathway No. 1: Dematerialisation - As technology improves, we are reducing the amount of material it takes to build the tools we use, subtracting atoms from them even as we improve their capacity and performance. The computer, which soars in speed and memory even as it shrinks in size, is itself a microcosm of modern technology. Computers, among other devices, are getting smaller, lighter, more portable, more economical (in terms of the materials it takes to pro-

cto forum 07 june 2011

The Chief Technology Officer Forum

Pathway No. 3: Mobility - With advances in wireless bandwidth and availability (along with progressive dematerialisation), we are rapidly being de-tethered from everything: telephones, computers, stereos, etc. For example, our primary computing device has shifted from mainframe computers to desktops, then laptops, then palmtops, and now smart phones and tablets. Ten years ago our software and data all resided on our hard drives and in-house servers. Not anymore. We now use cloud computing

m a n ag e m e n t

and Web-based applications like Google Docs and MobileMe to tap into distant servers, as well as store our data on other servers, allowing our computers to act as “clients.” It is becoming increasingly common to hop onto any computer, anywhere, to work on our proposal, check our appointments, and much more. We’re finding ways to unhook ourselves from all the physical anchors and going mobile with our work in new and powerful ways. Now, you might be thinking that mobile workers have been around for years. True, but the degree of mobility has changed, and the degree of practicality and productivity in a mobile context has transformed. As we continue to raise the bar on what this means by adding high-definition streaming video, accurate speech-to-text, and other powerful new features, we will transform the very definition of mobility. Think mobile finance, mobile health, and mobile security to name just a few.

N E X T H OR I Z O N S

Pathway No. 5: Networking - Telephones were the first public communication network, in that they allowed us to start sharing ideas at great distances in real time. We stayed connected by our telephone network for generations. Then came faxes, e-mail, instant messaging, cell phones, and text messaging. Today, the average American teenager is capable of carrying on a dozen texting conversations at once, without losing the thread of any one of them. Napoleon was said to have routinely dictated as many as six different letters to six different secretaries at once. With real-time texting via laptop and cell phone, millions of American teenagers are now operating at twice the emperor’s capacity. As networking increases in its scope, speed, and accessibility, we are also enlarging its meaning and application, working not only in the media of text (e-mail, instant messaging) and voice (phone, VoIP), but also in video and even 3D video. This acceleration is creating fascinating new capacities and unimaginably huge opportunities.

10%

Pathway No. 4: Product Intelligence - In the '80s and '90s, as microchip technology became more practical and affordable, we saw an endless parade of consumer Pathway No. 6: Interactivity - Interactivity everygoods that suddenly had intelligent features: self-cleaning increase in the where is on the rise. This is why websites such as Faceovens, motion-sensing porch lights, and car tires that tell APAC mobile ad book, YouTube, and Twitter are so popular: they allow us us when they are getting flat. But that was only the warmmarket from to interact. The more you interact with something, the up. The degree to which we can now add intelligence to practically any product is about to transform our lives. January to April more engaged you become. From the days of Gutenberg onward, print has consisThe microprocessor offers an almost infinite number 2011. tently been a one-way medium. A “Letters to the Editor” of opportunities to imbue a product with intelligence. It’s section of a newspaper or magazine could blossom into not just your car that will be intelligent: the road you’re a moderately lively debate, but only at sedate intervals driving on is becoming intelligent, too. When I pull into of time. Radio talk shows, with their entertaining call-in feature, a parking lot, the lot tells me there’s one space available on level three, provided a type of interaction. But these were small flourishes that aisle two, four cars up on the right. Soon it will also be able to tell me, merely decorated what has always been an essentially one-way flow “The lot is full, but hang on, some people are unloading a grocery cart of information and opinion. on level five. Drive on up, their space will be free in a moment.” No longer. We already have the capacity to build with smart cement and Today, social-media has rocked the foundation of the news indussmart steel, with sensors built into them. Now we have the technoltry. Interactivity is transforming politics and the nature and spread ogy to make roads smart. Imagine a road telling you that there’s a of democracy. It’s also transforming marketing and advertising. In pothole ahead, or a sinkhole forming. How can we do that? Simple: the past, mass advertising was a passive experience: all you could we use smart asphalt. We already have smart cement that will tell do with TV commercials, magazine ads, and billboards was look the highway department when the bridge needs to be repaired. at them. Now you can see a location activated ad using augmented Any tangible thing can be made smart. All you have to do is put a reality on your smart phone and you can click on it -- and that makes sensor on it and give it the ability to connect. it a whole new ball game.

There are degrees and levels of globalisation. It’s one thing to manufacture and sell products in markets throughout the world; it’s an entirely different thing to customise them for differences in the various markets of the world.

Pathway No. 7: Globalisation - With the explosion of outsourcing and collaboration software that enables us to easily spread even the simplest procedures around the planet, we have quickly grown familiar with the concept of globalisation. But we are only beginning to grasp its true implications. Globalisation doesn’t apply exclusively to information. We’re seeing the globalisation of everything. Additionally, there are degrees and levels of globalisation. It’s one thing to manufacture and sell products in markets throughout the world; it’s an entirely different thing to customize them for differences in the various markets of the world. A Mercedes is a Mercedes, no matter where you buy it but when you buy a Toyota in Asia, it’s different from the Toyota you’d buy in the United States. (For one thing, the steering wheel is on the right and the car itself is smaller.) The Chief Technology Officer Forum

cto forum 07 june 2011

N E X T H OR I Z O N s

m a n ag e m e n t

Likewise, it’s one thing if the members of your company’s board have passports with stamps from all over the world, and quite another when your board is composed of people who actually hail from those different parts of the world. In 2005, Sir Howard Stringer became CEO of Sony, giving the company a top executive who was not Japanese for the first time in its history. As our companies’ board and staff composition globalizes, we’ll reach a point where it won’t matter where the company originated. The focus will be more on new job creation than the country of origin of the hiring company. In fact, companies won’t be “from” anywhere; or to put it another way, they’ll be “from” everywhere. Pathway No. 8: Convergence - All of these pathways tend to overlap and interact, which only increases their acceleration. In fact, convergence has itself become a pathway of technological advancement. For example, entire industries are converging. Filling stations and convenience stores converged in the '80s. In the '90s, so did coffee shops and bookstores. Those were mere 20th Century convergences, though. Today, it’s really heating up. The entire industries of telecommunications, consumer electronics, and IT are all converging and becoming, in essence, one thing. There’s also product convergence. Look at your cell phone: how many products have converged into that little thing sitting on your palm? The modern smartphone is an e-mail device, a camera, and a video camera. You can do three-way calling on it. And because it has contact management and a calendar, it’s also a complete organizer. The even smarter iPhone took convergence to another level, bringing a genuine Web-browsing experience (with Google maps, phone directories, and more) together with all the normal phone function-

alities, so you could hunt for a restaurant, find it on the map, and dial it for a reservation, all on the same device. Along with all that, plus e-mail, camera, and video camera, plus YouTube player, it was a full-feature iPod, complete with WiFi music store. And of course, there are all those apps! Now we’re starting to see the convergence of convergences. The Internet was born of the convergence of the phone and the computer. Google Maps and MapQuest converged the Internet with maps, and now GPS has given us the convergence of MapQuest and our cars. That’s dematerialisation, virtualisation, mobility, product intelligence, interactivity, and networks. Take a close look at where the parts of your car were manufactured, and chances are you’ve got globalisation there, too. This means you have all eight pathways converging in a single technology that you use every day. That is exactly what’s beginning to happen everywhere: all eight pathways are interacting with one another, the transforming whole becoming far bigger than the sum of its parts. In the second part of this report, to be published next Tuesday, Dan will present the three digital accelerators driving these advancements. — Daniel Burrus is considered one of the world’s leading technology forecasters and business strategists, and is the founder and CEO of Burrus Research, a research and consulting firm that monitors global advancements in technology driven trends to help clients better understand how technological, social and business forces are converging to create enormous, untapped opportunities. — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com.

“I GOT PROMOTED…”

“NEXT100 award has really helped me in my professional life and career. After getting the award, my management appreciated the achievement… and

I have been promoted. My thanks to the NEXT100 team”

NEXT100

PARESH BALDHA AWARD RECIPIENT Senior Manager IT 2010 Gujurat Pipavav Port Ltd.

DO YOU WANT TO BE NEXT?

If your answer is “YES!”, then we invite you to participate in NEXT100, an annual awards programme from IT NEXT.

WATCH OUT For the launch of NEXT100, 2011 on 21st June, 2011 at www.itnext.in/next 100

N O H O L D S B A RR E D

Russ Hubbard

SRM Can Help Build Revenue Models Russ Hubbard, VP, Worldwide SRM Sales, SafeNet talks to Varun Aggarwal about the company’s growth plans and focus on cloud-related products. 48

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

You’ve applied for an IPO at Nasdaq. Would you be looking for an IPO in India as well? Our venture capitalists own 100 percent equity in our company and they’ve decided that we’ll stick with just Nasdaq at the moment. It’s not much of a SafeNet decision but the venture capitalist perspective. So, while we do not have any plans so far to launch an IPO in India, the Indian market remains extremely important to us. We have overall 1600 employees in our organisation. Over 200 of these are based in India. We’ll continue to grow our operations in India for both technical support and engineering services. Our business growth is highest in India compared to any other economy in the world. From 2008 to 2010 we’ve grown 25 percent year on year in India. The area where we’re seeing the highest uptake in India is the software rights management space. We believe we can greatly help the Indian software industry

Russ Hubbard

in monetising both within and outside India. For the content providers, we’re seeing how we can help them monetise their offerings and be competitive at the same time. In the enterprise, we’re helping them secure the vast amount of data that they store in their organisation. In our SRM business, 60 percent of our customer base is software publishers and 40 percent are the device manufacturers. The devices could be anything ranging from casino gaming machines to medical devices to packaging devices. We tend to succeed more with customers that sell high value software application: things like financial and accounting software, construction and design application, medical applications etc. We ensure that people are able to manage their assets well. How can SRM help organisations beyond controlling piracy? Most of the people when they talk about SRM, they probably have a myopic version that SRM is just about controlling piracy and controlling the usage of IP. However, this is just one facet of the entire SRM space. The adoption of SRM can be looked at as a three staged process. Whoever gets into the first stage, he focuses on just restricting piracy. However, after graduating to the next stage, he would start looking for building pricing and business models using SRM. The complete benefit of SRM would however be achieved in the third stage where he looks at how to manage all of this, by getting to know who really are his customers. What business decisions can he make based on the data. He can use this data to create recurring revenue stages. At this stage, people start looking at SRM from the perspective of helping manage business in an efficient way rather than just software protection. Some of the more mature companies around the world have realised

that this is where the true value of SRM lies for them. How has the recent breach at RSA impacted your business? What has happened to RSA is something that every enterprise should be worried about. Any enterprise that has high value assets should be really worried. RSA is not unique in this breach. We try to provide a wide range of tools and deployment options that enterprises can select and manage themselves. Our approach is a little bit different from RSA. We focus on enabling the enterprise to be able to manage themselves instead of we managing them. We’ve had dialogues with companies that are exploring alternatives to RSA but currently it is premature to say that we had a mass inflex of RSA customers switching over to us.

“Many sovereign nations build their own encryption standards. But at the same time it puts tremendous pressure on the people who are creating the algorithm. They need to be the best of the best.”

N O H O L D S B A RR E D

Do you think India should go for its own encryption standard for the national UID project? Many sovereign nations build their own encryption standards. It is understandable when you’re dealing in some cases life and death for your citizens. You need to have good knowledge of the encryption algorithm. But at the same time it puts tremendous responsibility on the people who’re creating the algorithm. They need to be the best of the best of the best. If you’re able to make your algorithm unbreakable for at least 20 years, it makes sense in building it. What would be the key priorities for your company going forward? The number one priority across the company is addressing the needs of cloud computing from different directions. Our software rights management focus is really about how do you help software publishers get up and running and manage the cloud distribution mechanism. Cloud distribution is very different from just packaging a software in a CD and sending it out. We have a platform that helps you provision users and get up and running on a cloud distribution within a day. The next stage on the cloud is ensuring data security. We have a series of solutions for that. Our security solutions are integrated with cloud providers like Amazon. That’s the biggest initiative for SafeNet for now. Beyond that we’d be looking for a few acquisitions. We acquired Aladdin Knowledge Systems in 2009 and we are trying to integrate it with our other offerings. We provide not just authentication but secure storage capabilities for enterprises that is unique to us. So, while we help organisations secure and manage their infrastructure, they control all the variables and do not have to depend on us.

The Chief Technology Officer Forum

DOSSIER

Company: SafeNet Established: 1983 headquarters: Belcamp, Maryland, US products: Encryption, Semiconductor IP, DRM, Hardware Security Modules employees: 1600

cto forum 07 June 2011

T E C H FOR G O V E R N A N C E

securit y

POINTS

We all make judgments on the diligence of others every day in myriad ways. review and dismantle until the fatal error is identified. i n security, Comfort levels are more important than actual security.

Illustration BY Joffy Jose

There is no replacement for intent.

Security And

The diligence that is the dues paid to maintain those relationships does not come from bank balances or market share.

Due Diligence Can you be too diligent? How much diligence is too little? What diligence is due when you have security flaws? Read on to get the answers. By Chris Blask

cto forum 07 June 2011

The Chief Technology Officer Forum

securit y

T E C H FOR G O V E R N A N C E

are more important than actual security. Expanding on that I will note that your customers will not be able to achieve their desired comfort level if your product or solution is not actually secure, but that it is also possible to create wonderfully secure products while simultaneously failing to make anyone comfortable enough to actually use them. There are lots of good products and services and solutions created and offered to the market. Quite often the "best" of them are not the ones that become widely adopted, to the endless consternation of gathered and discussed the problem for a experts in the field. few minutes. Apparently having reached a For those who are willing to look beyond consensus, the lead operator - a strapping the technical aspects of their area of expergentleman of Paul Bunyan proportion tise to the broader economic and sociologiapproached the offending assemblage and cal implications of their work, displaying proceeded to beat the living tar out of the the appropriate amount of diligence to rotor with a massive wooden sledge hamallow other people to adopt the fruits of mer that Wiley E. Coyote could have found their labor is at least as important as buildin an oversized Acme crate. ing the better mousetrap. Satisfied, he signaled the crane operaHistory is littered with the carcasses of tors and the rotor nestled successfully in great ideas that have expired on the bench its berth. Vacuum welding due to the tight due to a lack of commitment to the demontolerances was the culprit; a little harmonic stration of diligence to those outside the lab. vibration was enough to break the bond. In the three examples on the table, it My boss - the incomparable Walt Wren seems that Sony is trying hard to make up - and I discussed this afterwards. He for diligence lapses in the past, Cisco only explained that our competitor in Japan begrudgingly decided to display a dab of would have dealt with this entirely differdiligence and Siemens seems to imply that ently. Sending everyone home, convening all this diligence stuff is highly overrated. an executive meeting the next day, and setAll other factors aside, linear logic would ting off a chain of events that would see the indicate that each will experience success in entire design and manufacturing process their endeavors in direct relation to the dilireviewed and dismantled until the fatal gence they are displaying if they each follow error was identified. their current apparent paths. We beat our Japanese competitor for the Where popular consensus continues to first 9000F deal and sold $1B of gear to view the diligence of a vendor as too little, Tokyo Electric Power Company. Today the commercial success may well steal away 9000F is the de facto standard in fuel tursilently like a thief in the night. bines for power stations. So, finally: What diligence is due when your Similarly, Siemens or Sony or Cisco taking product or services are shown apart their entire infrastructures to have security flaws that place at a cost that would put them out your customers at risk? of business would likely be takLook to sociology for your ing diligence to an extreme that answer, not technology. Ask negates its purpose. IT managers your pastor or father or favorHow much diligence is too little? As has been infamously said still believe they ite English teacher. Find the person who makes you the about pxxnography: "I know it can get around most uncomfortable when when I see it."Over the decades data access you try to dazzle them with I have taken no little pleasure brilliance, and ask them what in tweaking my peers by saying controls. diligence means. that, in security, Comfort Levels

In the wake of Siemens', Cisco's and

Sony's recent experience with Incident Management, the question of diligence comes clearly to the fore.

Diligence is the nebulous factor that is key in demonstrating that others should put their trust in you, whether it is a matter of investing in your company or measuring your compliance or just deciding if it is safe to get in your car with you late on a Saturday night. We all make judgments on the diligence of others every day in myriad ways. It could be easily argued that displaying due diligence is the most fundamental foundation of human interaction. The moment we walk into a grocery store our nose will tell us if the owners have been diligent in cleaning under the freezers and behind the shelves. We will or will not return to that establishment based as much on our impression of the care taken by the proprietors as by the quality or price of the commodities offered for sale. So, what diligence is due when a security problem with the products or services you have provided to the world rears its ugly head? How much is too little? Is it possible to display too much? Let's take those in reverse order. Can you be too diligent? Surprisingly perhaps, the answer is "Yes". Many great ideas and wonderful products never serve any purpose in the real world because the people behind them spend too much energy trying to forecast everything that could possibly go wrong and addressing each possible point in advance. In 1990 I was working at GE Power Generation in Greenville, SC. On the day that the first 9000F turbine was undergoing the most critical part of final assembly - lowering the 150-ton rotor into the lower half of the casing - the piece stuck just before making it safely onto its bearings. A small group consisting of the lead architect, engineer, operator and a few others

40%

The Chief Technology Officer Forum

cto forum 07 June 2011

T E C H FOR G O V E R N A N C E

securit y

These people will recognise your diligence when you display it and just as quickly burn through your balderdash just by the looks on their faces. I have real sympathy with each of the companies mentioned. But I have been in their shoes - quite literally in my time running the Cisco PIX team - and my response was: "This is not your problem, it is ours. It isn't even 'ours', it is mine, personally. I will not rest and I will not prevaricate and I will not lie to you or hide from my responsibility until that debt of trust you put in me is honored. The reason you can trust us, despite this real flaw found in our products, is that

when we say we care about what we do we mean it to the very pits of our souls." Behind all the technology and corporations and globe-spanning markets and networks there are individual human beings. The actions and intent of those individuals shines through the layers between them and the rest of us like arc lights through kleenex. There is no replacement for intent. What many who live too far removed from their customers forget is that their brand and their power is based entirely on the ongoing personal relationship they have established with the individuals who choose to adopt their wares.

The diligence that is the dues paid to maintain those relationships does not come from bank balances or market share. It comes from each of the people behind the thin veneer of brick and plastic that face their corporate campuses. Those who choose to seek Due Diligence within themselves will find it.

—This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.

Don’t Hand Over the Keys to Your Kingdom Unauthorised access to information can cause data leaks and reputational damage. By Lindsay Walker

photo by photos.com

mployers beware! You might be giving away the keys to the kingdom - or your corporate security according to a survey released by security firm Cyber-Ark Software. The survey "Trust, Security and Passwords," included responses from over 1,400 IT and C-level professionals in North America and EMEA. The survey indicated that unauthorised access to private information is rampant within companies, as an alarming number of employees in the survey admitted to snooping in private corporate data. Interestingly enough, it was reported that IT professionals are the most likely to poke their noses in places they know they shouldn't. Survey Results 67 percent of the IT professionals surveyed

cto forum 07 June 2011

The Chief Technology Officer Forum

securit y

T E C H FOR G O V E R N A N C E

It's not just IT people, but also HR employees who have access to confidential information in your organisation, says Jason Victor, Director of IT at Customer Expressions. you can restrict records to groups within HR and you can mark admitted to accessing information not relevant to their role and 41% cases that are confidential that only certain people can see. Because admitted to abusing admin passwords to access sensitive or confiit's not internal, even your IT people can't circumvent it." dential information. Unauthorised access to sensitive information can leave a company Moving Forward vulnerable to data leaks, financial and regulatory exposure and repuBusiness leaders need to make sense of the survey results in order tational damage. to take action to prevent security breaches from occurring. On the brighter side, compared to the results of last year's study, "The Common Sense Guide to Prevention and Detection of fewer IT professionals this year believe that they can get around Insider Threats", published by Carnegie Mellon's Software Engiprivileged access controls. neering Institute, recommends 16 practices that organisations It's debatable how good that news is, however, since this year's should use to prevent, or facilitate early detection of, figures reflect that 40% of global IT managers surveyed insider threats, based on hundreds of case studies of still believe they can get around controls that monitor malicious insider activity: privileged access to information. While internal breaches remain a high risk, 57% of 1. Consider threats from insiders and business partthe C-level respondents in the survey felt that next one ners in enterprise-wide risk assessments. to three years will see external threats, such as cyber2.Clearly document and consistently enforce policies IT managers criminals, being a greater security risk than threats from and controls. still believe they with the organisation. 3.Institute periodic security awareness training for all can get around employees. Building Walls 4. Monitor and respond to suspicious or disruptive data access In the press release announcing the study, Adam Bosbehavior, beginning with the hiring process. controls. nian, executive vice president Americas and corporate 5. Anticipate and manage negative workplace issues. development, Cyber-Ark Software, said: 6. Track and secure the physical environment. "Privileged accounts are the key tool that external attackers and 7. Implement strict password and account management policies insiders leverage to access and exfiltrate an organisation's sensiand practices. tive information. 8.Enforce separation of duties and least privilege. While the survey shows a greater awareness around protecting 9. Consider insider threats in the software development life cycle. these targets from attacks from any vector, it's concerning that 10. Use extra caution with system administrators and technical or nearly one in five of C-level respondents believe that their privileged users. corporations' sensitive information may be being used against 11. Implement system change controls. them in the market. 12. Log, monitor, and audit employee online actions. Security teams need to start with improving the protection 13. Use layered defense against remote attacks. of these key internal targets - not simply building bigger walls 14. Deactivate computer access following termination. around the enterprise." 15. Implement secure backup and recovery processes. 16. Develop an insider incident response plan. Remove the Temptation Are you doing all these things in your organisation to reduce the "It's not just IT people, but also HR employees who have access to chances of your employees making off with your privileged informaconfidential information in your organisation," says Jason Victor, tion? If not, get started now. Director of IT at Customer Expressions, developers of i-Sight case management software. "Putting your data offsite has the added bonus of providing an —This article is printed with prior permission from www.infosecisland.com. additional level of segregation from access by organisational IT For more features and opinions on information security and risk managepeople. In i-Sight, you can track who has been in different records, ment, please refer to Infosec Island.

40%

The Chief Technology Officer Forum

cto forum 07 June 2011

ThoughtLeaders Karl Deacon | karl.deacon@capgemini.com

Karl Deacon is CTO, Infrastructure Services, Capgemini

Virtualisation – a foundation of ‘as-a-service’ and Cloud It has emerged as a powerful, game-changing technology. virtualisation technologies have been around since the 1970s, but it is in recent years that we have seen such intense interest from industry, analysts and enterprise groups. Most agree that we have yet to take full advantage of the broader potential benefits that are available from highly efficient, extreme virtualised IT environments. Datacentre technology has evolved considerably but it will not deliver the broader business benefits that the ‘C’-suite demands. There is a transformation underway, where virtualisation and the cloud will be significant enablers, to build elasticity for growth, flexibility for change and speed-up time-to-deploy new products and services for the business, into the modern infrastructure. The demand is coming from business leaders who want to enable dynamic product innovation, aggressive customer acquisition or improve loyalty and geographic expansion; whilst all the time aggressively lower the cost base of the business. CIOs have benefited from the reduction in capital expenditure that virtualisation provides, but today we see a more severe challenge in

cto forum 07 JUNE 2011

The Chief Technology Officer Forum

reducing operational costs whilst increasingly better enabling business relevant growth and agility. The challenge is now less about taking the technology approach and more about how to derive top and bottom line benefit, focusing on the business user. ‘IT-as-a-Service’ enables IT organisations to move beyond a siloed IT infrastructure towards an efficient pool of elastic, self-managed virtual infrastructure, consumed as a service, at the lowest possible cost. Besides, it delivers flexibility and agility without compromising control. Virtualisation's benefits include: 1)Capital Expenditure Reduction: All hardware is utilised closer to full capacity, reducing the outlay on new hardware, and fewer servers reduce the space required in data centers. 2)Operating Expenditure Reduction: Power savings and staffing reductions enabled through increased automation. 3)Increased (business) Flexibility & Responsiveness: New services rapidly provisioned, as hardware, and in some cases, software procurement & setup delays are removed. Many CIOs have found themselves

"Many CIOs have found themselves with a blockage at the point they reach 30 percent of their environment in a virtualised model."

with a blockage at the point they reach 30 percent of their environment in a virtualised model, preventing them from capitalising on the total benefits of virtualisation. The key reason is often not a lack of technology understanding or readiness, but virtualisation may have been seen as a short-term capital expenditure reduction rather than a platform that can provide the basis for agile, dynamic IT enabled business transformation. Many organisations are unsure where to start, or how to further their virtualisation and cloud journey. The IT organisations that will be most successful in transitioning to the cloud will be those that approach it strategically and systematically. A highly virtualised environment simplifies the infrastructure by moving from discrete, siloed infrastructure components to pooled infrastructure that can be managed holistically and flexibly delivered to meet and anticipate the needs of the business. Such companies are poised to better align IT investment with business value, paving the way to ‘ITas-a-Service’.

VIEWPOINT Steve Duplessie | steve.duplessie@sbcglobal.net

Illustration by Manjith.P.B

The Next Storage War Will Be Economic Led

But most likely technology enabled.

Most modern wars are about economics first, principle second. It may not be the way it should be, but it is. Mark Peters and I collaborated on a recent ESG report on this subject after a rather enjoyable debate, over wine, which began in the vein of “which technology will have the most impact in the storage business in the next 5 years”? The report states the case far more eloquently than I will here, but here is the basic premise: breakout markets that create step functions in value tend to solve problems based on economics looking for a technological solution rather than the inverse. For example, as I’ve told you before, goes the story of Data Domain. We all know the end: billions and billions of dollars made by many (not me). The means is where we differ. During the height of the Data Domain buzz, even insiders thought that success was predicated on the DD “technology”–in this case, dedupe. They were wrong. Follow the trail. 1. The problem did not exist until the VOLUME of data that needed to be protected grew beyond the scope of acceptable risk (i.e. 24 hours).

cto forum 07 June 2011

The Chief Technology Officer Forum

2. Once the problem did exist (i.e., companies could no longer back up their data within a 24 hour window), a solution that was different was required. Thus, the “opportunity.” 3. The “solution” to the problem was simple: use disk. Disk solved the problem of time to backup. 4. Disk cost way more than tape. Thus, the second ancillary problem was ECONOMIC. Only people who directly faced the problem AND could assign a high value to the solution (disk) were willing to pay for it. While disk may have been “better” than tape, it would not have ever had a global growth opportunity. 5. Data Domain’s dedupe technology solved the ECONOMIC problem at hand. Prior to this time, Data Domain would argue that people SHOULD use their stuff because it was better–but until it was a legitimate PROBLEM, it would have been impossible to ever garner significant “buzz” or success. You can’t hit a home run in this industry by being the best mercenary. You have to have market forces PULL you to great heights. 6. The natural market force, or

About the author: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com

long term secular trend, was that data growth was not going to abate–therefore, MORE people were going to face this new, previously unforeseen PROBLEM. By eliminating the economic consideration, all Data Domain had to do was let everyone know they were ready for them when the problem showed up at the customers doorstep. 7. By being there first, Data Domain extracted 90 percent of the value generated in that s pace. Party time. So, the storage business is a macrocosm of the backup business that Data Domain flipped on its head by altering the economic realities of a perfectly happy, boring, multi-billion dollar annual business with lots of successful imcumbents that would have LOVED for nothing to ever change. Remind you of anything? The overall primary storage business is ripe for the EXACT same phenomenon. We pay way too much for way too old storage architectures, there are lots of giant incumbents with little interest in disrupting the status quo, so nothing will change (i.e., even if someone has way better technology, it’s a nice to have, not a need to have).