Technology for Growth and Governance
June | 21 | 2011 | 50 Volume 06 | Issue 21
Making it Easy PAGE 26
Pay-By-Wire Turbo Charged
Intelligence on the Go
PAGE 28
PAGE 32
Digging out Inefficiencies
Common IVR Boosts Revenue
PAGE 34
PAGE 04
Five enterprises have leveraged the power of innovative IT to boost revenues, enhance agility, and drive out inefficiency. | PAGE 25
BEST OF BREED
Debunking the Top 5 SLA Myths PAGE 18
A 9.9 Media Publication
I BELIEVE
Do What It Takes to Build Credibility PAGE 04
A QUESTION OF ANSWERS
Explaining Business Benefits of VC PAGE 14
editorial Rahul Neel Mani | rahul.mani@9dot9.in
A habit difficult to give up! A tenure marked by accepting challenges and measuring up to them.
I
t was nearly two years ago (precisely in September 2009) when I got the mandate to lead ‘CTO Forum’. I was cautiously ecstatic. Why cautiously? There were various problems to overcome, numerous hurdles to cross. But as I have a habit of saying ‘yes’ to challenges (almost every), I accepted this as well. My biggest test was to live up to the expectations the universe had of me. And frankly, I was little or not prepared. Initially, like many oth-
editor’s pick 14
ers, I stumbled upon a few of those hurdles. There were times when my performance stooped down to an unacceptable level. I realised it wasn’t easy. But with time, effort and unequivocal support, the journey began. Right from managing a small but volatile team to managing the image of the brand CTO Forum, everything needed proper attention and that too in least time. In fact ‘time’ was the only thing I didn’t have. It was like an airport reno-
Explaining Business Benefits of VC
Polycom intends to change the mindset of corporates in the way they look at videoconferencing. The company is enabling them to look beyond the traditional applications of the technology.
vation project. The operations must go on normally while the new infrastructure comes up simultaneously. A lot of things came in the way but nothing deterred the conviction to do faster and better. Besides the usual sections, we added more to CTO Forum in past two years. The first South Asia CIO Summit was organised in 2010 and second one during this year. Another feather in the cap was CSO Forum – an exclusive effort for the Chief (Information) Security Officers. Personally for me, these were ecstatic moments. Branching out into new areas was a welcome change and it gave me great opportunities to interact with the CIOs (from South Asian region) and a large pool of CSOs from India. The experiments produced good results. Time flies. Now it is time for
me to bid adieu to a rich, strong community platform. When I look back at those two years, I find myself standing amidst a momentous past. All of this became a reality with tremendous support and guidance from both the community and mentors internally. Your faith in me gave me the required impetus to not only overcome those challenges but to find a path to walk. But the habit of accepting challenges was no less important. More than anything else, I seek your pardon for my ignorance, mistakes, errors and blunders. Lastly, I sincerely appeal to you to continue your support for CTO Forum to help us serve you better.
The Chief Technology Officer Forum
cto forum 21 JUNE 2011
1
june 11 Cov e r D e s i g n by a n i l VK
Conte nts
thectoforum.com
25 Cover Story
25 | Five Jewels of IT Deployment Five enterprises have
Columns
04 | I believe: Do What It Takes to Build Credibility Everything else will fall into place once stakeholders find that the CIO and his team know what they are talking about. By Ratnakar Nemani
leveraged the power of innovative IT to boost revenues, enhance agility, and drive out inefficiency.
64 | View point: Five Tips for New Times Leaving the economic crisis behind, companies are focusing back on growth. By Ronald Kunneman
Please Recycle This Magazine And Remove Inserts Before Recycling
2
Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Silverpoint Press Pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706
cto forum 21 june 2011
The Chief Technology Officer Forum
Features
58 | Tech for Governance Security-Stupid Is As Stupid Does With so much being spent on security, why are these companies failing? By J. Oquendo
www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Editor-in-chief: Rahul Neel Mani Executive Editor: Yashvendra Singh Senior Editor: Harichandan Arakali Assistant Editor: Varun Aggarwal DEsign Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Sr. Visualiser: PC Anoop Sr. Designers: Prasanth TR, Anil T, Joffy Jose Anoop Verma, NV Baiju, Vinod Shinde & Chander Dange Designers: Sristi Maurya, Suneesh K, Shigil N & Charu Dwivedi Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi
14 A question of answers
14 | Explaining Business Benefits of VC Randy Maestre, Global Head and Senior Director, Industry Solutions at Polycom talks about how he plans to change the mindset of corporates in the way they look at VC. 43
54
RegulArs
01 | Editorial 08 | Enterprise Round-up
advertisers’ index
43 | next horizons: Tech Fueled Transformation A look at technology trends that are transforming business. By Daniel Burrus
54 | NO holds barred: Rahul Agarwal, Exec- Director, Lenovo India provides insights into programmes designed to gain market traction.
IBM IFC SCHNEIDER 05,07 Symantec 11 Google 13 CHECK POINT 17 CISCO 21 MICROSOFT Advertorial 23 JUNIPER Advertorial 52-53 RIVERBED IBC EMC BC
advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, CIO, Pidilite Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, CIO, Cairns Energy Sales & Marketing National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger (9818860797) GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Silver Point Press Pvt Ltd., A-403, TTC Ind. Area, Near Anthony Motors, Mahape, Navi Mumbai-400701, District Thane. Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in This issue of CTO FORUM includes 12 pages of CSO Forum free with the magazine
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
The Chief Technology Officer Forum
cto forum 07 june 2011
3
The author brings close to two decades of experience in finance, marketing, HR and IT to his job as CIO of Himatsingka Seide, a niche, high-end textile company.
photo by Suresh vangapally
I Believe
By Ratnakar Nemani CIO-Himatsingka Seide Ltd, Bangalore.
Do What It Takes to Build Credibility
Everything else will fall into place once stakeholders find that the CIO and his team know what they are talking about. I’m a finance professional by choice of training and an IT professional by chance, with the zeal to excel further through learning from my more technologically learned colleagues. What I bring to the table is my ability to bring business insight to a technology project. There are some
4
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
current challenge Bringing the entire company’s IT systems onto one ERP platform and taking it live on schedule.
mantras that I follow here, as well as in my personal development that I urge my team to consider: Work for a cause and not for applause; Live life to express, not to impress; Strive not to make your presence noticed; and Just make your absence felt. In an organisation, as with people, these tenets help us acquire the single most important attribute needed to achieve anything worthwhile, and that is credibility, for without credibility, no stakeholder will trust us to deliver. For instance, recently, the president, operations at our company was unconvinced that we could replicate everything he was looking for on the ERP applications that we were deploying and that he should therefore jettison the home-grown program for that particular set of processes. It took us three months to win him over, but win him over we did, by continuing to keep his in-house programme running to his satisfaction, while we built the same processes on the ERP platform. In another instance, when a production system stopped working in another town, we got the engineer to drive through the night to bring it to us, so we could fix the machine and send it back. It was up and running the following day itself, well ahead of close of business. Personal credibility is about showing people that we respect their time and value their trust: I’ve almost never been late to office. In the very few instances that I was late even by 10 minutes, I’ve worked for the day and still sent a leave application to my boss. Finally, credibility also requires a certain amount of fearlessness: Most people try to impress their bosses. Instead, speak your mind and your heart. Initially this might create a rift but eventually a good boss will come to value your forthrightness and ideas.
30%* off your industrial plant’s energy bill is just the beginning Imagine what we could do for the rest of your enterprise Managing the complex operating environment of industrial plants is no small task. With mounting energy costs and increased environmental regulations, maintaining throughput, minimizing downtime, and hitting your efficiency targets are more challenging than ever. Schneider Electric™ has the solution: EcoStruxure™ energy management architecture for maximized operating performance and productivity with new levels of energy efficiency. Today the industrial plant floor, tomorrow the entire enterprise.
Energy savings for the plant floor and beyond Today, only EcoStruxure architecture can deliver up to 30% energy savings to your industrial plant, and beyond... to the data centres and buildings of your entire enterprise. Saving up to 30% of an industrial plant’s energy is a great beginning, and thanks to EcoStruxure energy management architecture, the savings don’t have to end there.
Learn about saving energy from the experts! Download this white paper, a `8295 value, for FREE and register to win an iPad! Visit www.SEreply.com Key Code 90701t Call 1800 180 1707 or 1800 103 0011
Active Energy Management Architecture from Power Plant to Plug™ Buildings Intelligent integration of security, power, lighting, electrical distribution, fire safety, HVAC, IT, and telecommunications across the enterprise allows for reduced training, operating, maintenance, and energy costs.
Data centres From the rack to the row to the room to the building, energy use and availability of these interconnected environments are closely monitored and adjusted in real time.
Industrial plants Open standard protocols allow for system-wide management of automated processes with minimized downtime, increased throughput, and maximized energy efficiency.
30% *EcoStruxure architecture reduces energy consumption by up to 30%. ©2011 Schneider Electric. All Rights Reserved. Schneider Electric, EcoStruxure, and Active Energy Management Architecture from Power Plant to Plug are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are the property of their respective owners. Schneider Electric India Pvt Ltd, 9th Floor, DLF Building No. 10, Tower C, DLF Cyber City, Phase 2, Gurgaon – 122002 • 998-2759_IN
™
LETTERS COVE R S TO RY
XXXXXXXME
SUCCE S SI ON PL AN N I NG
Bridging the talent gap and putting a smooth succession plan are imperative for a corporate to sustain optimal performance. The onus of ensuring this lies on the CIO.
CTO FOR UM
By Yashvendra Singh & Varun Aggarwal
N
Gover nance
HAS CRA SHE
ILLUSTRATIONS BY ANIL T
THE CLO UD
ot having a plan for succession could well spell hara-kiri for a corporate. In the eventuality of a CIO leaving the company, not having a worthy successor could lead to a disruption in the corporate’s functioning. The onus of shaping this smooth leadership transition lies on the CIO. Putting in place a plan for succession INSIDE involves two critical components – hiring and grooming. 'Catch them young', as they say. Hiring the right talent, which can then be moulded for a specific role, is 34 | Getting Hired the first crucial step. The CIO would also have to identify and monitor the right June | | Grooming the Next CIO 07 | 36 2011 | talent (his potential successor) from the company's human resource pool and Volum 50Hiring e 06 |38 | Lateral Issue 20 invest resources to groom him for the future role of a CIO. While the exercise may demand time and resources from a CIO, it is mutually beneficial. Enabling his team members to take up responsibilities and preparing them to get into his shoes will also provide him an opportunity to move to a higher level in the organisation.
D BUT. .
CTO FORUM 07 JUNE 2011
CTOForum LinkedIn Group Building the
Next Gen CIOs Techno logy for Growth and
THE CHIEF TECHNOLOGY OFFICER FORUM
THE CHIEF TECHNOLOGY OFFICER FORUM
| IDEN
32
COVE R S TO RY
39 | Prepping Next-gen IT Leaders
Join close to 700 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:
40 | 3 Steps to Smooth Succession
CTO FORUM 07 JUNE 2011
33
TIFYING INFORMA TION
www.linkedin.com/ groups?mostPopular=&gid=2580450
THAT REALLY MATTERS
| SECURIT
BUILD A BETTING ER MOUSET RAP PAGE
NEXT
Y AND DUE DILIG
GEN
ENCE
CIO
e 06 | Issue 20
Volum
A 9.9
BES
T OF BREE D
BUILDING THE
Media
S
Publicatio
n
Bridging the tale a smooth nt gap imperativsuccession and putting plan are e for sustain optimala corporate to The onus perform of ance lies on ensuring this . the CIO.
23
NO
HOLDS BARR ED
SR CA N HELPM RE BUILD MODVENUE
ELS PAGE 48
NE
HORIZ XT ONS
SEE THE
TE
CH TSUNAM I BE THE IMPFORE ACT PAGE 43
What are the attributes of a good CTO? What are the prerequisites for a CTO role ?
I see the CTO's role as that of a technology leader bridging the gap between the commercial requirements of the enterprise and the technology support of those requirements. An effective CTO should be able to guide the efficient implementation of IT strategy of the business.
Some of the hot discussions on the group are: The Cloud is all air and no substance Do you think cloud is going to die a quick death of SOA or is it going to make big headway into the enterprise? Is it old wine in a new bottle? What does it lack in making a convincing case? Its real and all about today and tomorrow. However, you have to bring it back to a realistic service that gives tangible benefits. There are a great deal of 'cowboy' stories and not many who really understand it.
—Ronald Kunneman, Director at Digitra
cto forum 21 june 2011
The Chief Technology Officer Forum
www.thectoforum.com/content/ grc-not-a-tool-abusiness-enabler
IT Needs a ‘Value Paradigm’ The new face of IT is experienced in our personal exposure. “With IT acquiring an increasingly central and strategic role, the CIO finds himself tasked with integrating IT governance into enterprise governance.” To read the full story go to:
WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.
6
Kartik Shahani, Country Manager, RSA, The Security Div of EMC, India & SAARC talks about the state of GRC solutions in India and how organisations need to look at them as a business enabler in a conversation with Varun Aggarwal. http://
Opinion
RIChard WArd, Head of Technical, WIN Plc
Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com
CTOF Connect
Baiju Gujarathi Vice President, Repro India Ltd.
http://www.thectoforum.com/content/it-needsa-%E2%80%98value-paradigm%E2%80%99
Must stay open 24/7! Need redundant data centre power & cooling that fits my budget!
Business & IT is growing! Need more power & cooling on the fly for 10 new servers today!
IT is complex enough! Need _ _ an easy to operate data _ centre solution from concept to deployment!
At last, your data centre can grow with your business! Only InfraStruxure delivers the triple promise of 24/7/365 availability, speed, and efficiency-driven cost savings Introducing Next Generation InfraStruxure
Whether your company just doubled its sales or staff, you need to make sure that its data centre can support such business growth—not hinder it. All too often, though, businesses feel constrained by the capabilities of their information technology (IT) and supporting infrastructure. Is there enough rack space to handle more servers? Can power capacity accommodate larger IT loads? Today, APC by Schneider Electric™ eliminates these hurdles with its proven high-performance, scalable, and complete data centre architecture solution: InfraStruxure™.
InfraStruxure data centres mean business!
We say that InfraStruxure data centres mean business. But what does that mean to you? The answer is simple. A data centre means business when it is always available, 24/7/365, and performs at the highest level at all times, is able to grow at the breakneck speed of business, continues to achieve greater and greater energy efficiency—from planning through operations, and is able to grow with the business itself. What’s more, InfraStruxure is an integrated solution that can be designed to your exact requirements at the start, while still being able to adapt to your company’s changing business needs in the future.
The triple promise of InfraStruxure deployment
InfraStruxure fulfils our triple promise of superior quality, which ensures highest availability; speed, which ensures easy and quick alignment of IT to business needs; and cost savings based on energy efficiency. What better way to ‘mean business’ than to enable quality, speed, and cost savings—simultaneously?
Business growth Data centre scaling Years
InfraStruxure data centres mean business! Availability: 24/7/365 uptime is made possible through best-in-class critical power with ’snap-in’ modular power distribution units, close-coupled cooling, and proactive monitoring software. Speed: Deployment is fast and simple because all system components are designed to work together ‘out of the box’ and the system can grow at breakneck business speed. Efficiency: True energy efficiency and savings are achieved via advanced designs, including three-stage inverters in UPS units and variable speed fans in cooling units. Manageability: InfraStruxure Management Software Portfolio enables you to see and manage capacity and redundancy levels of cooling, power, and rack space for optimal data centre health. Agility: Flexibility comes from enclosures with any-IT vendor compatibility and whole system scalability for both power and cooling.
Data Centre Projects: Growth Model
> Executive summary
Contents 1 2 7 7 9 10
Plan your data centre growth simply and effectively! Download White Paper #143, ‘Data Centre Projects: Growth Model’, today for guidance. Visit www.apc.com/promo Key Code 90573t Call 1800-4254-877/272
©2011 Schneider Electric. All Rights Reserved. Schneider Electric, APC, and InfraStruxure are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. email: esupport@apc.com • 132 Fairgrounds Road, West Kingston, RI 02892 USA • 998-3811_IN
FEATURE Inside
Enterprise
Multi-factor Authentication a Must Pg 10
Illustration BY Binesh Sreedharan
Round-up
RIL Plans Entry into Broadband Space
Starts conceptualising products and services for mobile broadband services. For nearly a year India’s largest corporate entity Reliance Industries Limited has been sitting on a pan-India spectrum for Broadband Wireless Access. Now the company has stated that they have started conceptualising the products and services in mobile broadband that will be offered to users. On the occasion of the 37th AGM, Mukesh Ambani, the Chairman and MD of the company, said, “The services would be in the domain of education, healthcare, entertainment, financial services and government-citizen interfaces. Broadband and broadband-enabled digital services are the next big
8
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
leap forward in the digital transformation of our knowledge economy.” “Our digital services business seeks to embrace our society’s diverse needs and aspirations by building flexibility, intelligence and extensibility into the core of our infrastructure.” said Ambani. RIL aims to usher in the 4G revolution in the country. The company has forged several strategic relations with a host of leading global technology players, service providers, infrastructure providers, application developers, device manufacturers and others.
85.4 Data Briefing
lakh
Mobile subscribers opt for MNP in India —Source: TRAI
E nte rpri se Round -up
They HANS Said it VESTBERG
Illustration BY Binesh Sreedharan
Ericsson reached an agreement with Providence Equity Partners, LLC and Warburg Pincus to acquire 100 percent of the shares of Telcordia, a global leader in the development of mobile, broadband and enterprise communications software and services, for USD 1.15 billion. Speaking on the occasion, Hans Vestberg, President and CEO, Ericsson said:
It's Playbook Vs iPad now! Blackberry's latest launch of Playbook tablet in India is aimed directly at the iPad. BlackBerry PlayBook is set to hit shelves in India later this month. Prior to its official arrival, you can now book the gadget at Tradus.in. The website provides an option of booking three versions of BlackBerry PlayBook with 16GB, 32GB and 64GB of storage capacity. The website has listed the BlackBerry PlayBook 16GB at a price tag of Rs27,990 inclusive of all taxes and promises delivery within 5-7 working days. The 32GB and 64GB PlayBooks are available at price of Rs 32,990 and Rs 37,990 respectively. Explaining more about the PlayBook offer, Rahul Sethi- President of the e-commerce division at Tradus.in explains, “Lately, Gadgets have been ruling the consumer space and we are glad to bridge the gap between our customers & their gizmo needs, by offering this sensation from Blackberry. With over 10 tablets already pre-booked on Tradus.in, we are very confident that the demand of this tablet will only continue to rise”. The pricing of PlayBook puts the gadget in direct competition with Apple's iPad 2 that starts at a price point of Rs 29,500. Talking about the features, PlayBook has a 3MP 1080p HD front facing camera and 5 MP 1080p HD rear-facing camera.
“The importance of operations and business support systems will continue to grow as more and more devices are connected, services become mobile and new business models for mobile broadband are introduced.” —Hans Vestberg, President and CEO, Ericsson
Illustration BY photos.com
Quick Byte on SECURITY
Spanish police have arrested three men, suspected of being members of the notorious Anonymous online protest group. According to Spanish Police, the men operated a cell of Anonymous, directing internet attacks against websites belonging to the governments of Egypt, Chile, Iran, and Libya. The Chief Technology Officer Forum
cto forum 21 JUNE 2011
9
E nte rpri se Round -up
ations. Understanding the requirements and selecting a solution with the right balance of cost, convenience and security is an important first step in building a successful identity management solution. What are your views on the scope for multi-factor authentication? How practical are these for SMBs (Small and Medium Businesses)? In today’s evolving and increasingly sophisticated threat landscape, multi-factor authentication is an important security layer for organisations of any size. With the introduction of RSA Authentication Manager Express, it is now easier and less costly for smaller organizations to procure and manage a multi-factor authentication solution. The IT management and enduser convenience benefits of this seamless multi-factor authentication solution combined with an affordable price point, make it an optimal solution for small and midsize organisations.
“Multi-factor Authentication a Must” An interview with Karen
Kiffney, Senior Manager, Product Marketing, RSA. With the increasing data and identity thefts emerging in the past few months, how can RSA AMX enable organisations to build better security? RSA Authentication Manager Express provides proven, multi-factor authentication optimized for small to mid-size organizations. The use of multi-factor authentication is a critical component of an overall security strategy to protect against today’s increasingly sophisticated threat landscape.
In your experience, where do you think organisations go wrong when it comes to identity management? What steps do you suggest for improvement? Organisations should consider three factors when considering an identity management solution: cost, convenience and security. It is critical that organisations select a solution that meets the unique requirements of the sensitivity of information to protect, the profile of users and financial consider-
Global Tracker
Semiconductor Equipment spending
Worldwide semiconductor capital equipment spending
SOURCE: Gartner
is on track to reach $44.8 billion in 2011, a 10.2
percent increase from 2010 spending of $40.6 billion. 10
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
$44.8 billion
What are your views on the use of a security appliance vs. a security software? Many organisations choose to implement security solutions in an appliance formfactor because of the ease of procurement, set-up and deployment. Specifically, purchasing a security solution on an appliance, removes the requirement to purchase separate software and manage an Operating System. The deployment of a security solution on an appliance is also simplified with straightforward set-up processes that makes it easier for smaller organizations with limited IT resources to deploy a solution. In addition, security solutions on appliance hardware are usually designed to scale to support larger organizations, providing the same ease of deployment and management benefits. How can multi-factor authentication play a role in building trust in the cloud? Multi-factor authentication plays a key role in authenticating to cloud-based solutions. Using federation, organisations can federate trusted identities to cloud-based applications. Also, multi-factor authentication on a hosted platform plays a key role in cloud trust solutions.
Next-generation reputation-based technology The fastest, most effective endpoint protection anywhere Built for virtual environments
Symantec Endpoint Protection 12
It takes just seconds for today’s polymorphic malware to mutate into millions of threats, but now it has met its match. Introducing Symantec Endpoint Protection 12—simply the fastest, most effective reputation-based protection ever created.* Improve the security of your information, devices, and employees.
* Sources: PassMark Software, “Enterprise Endpoint Protection Performance Benchmarks,” February 2011. AV-Test GmbH, “Remediation Testing Report” and “Real World Testing Report,” February 2011. Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions. Copyright © 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. VeriSign is a registered trademark of VeriSign, Inc.
E nte rpri se Round -up
Illustration BY photos.com
IBM Announces New HPC Cloud Offerings New technology for high-performancecomputing clouds.
IBM has announced new high-performancecomputing cloud offerings to help users tackle advanced scientific and technical computing workloads like analytics, simulations for product development, climate research and life sciences. From its experience in the HPC arena, IBM said many organisations operate with separate pools of high-performance-computing systems. However, IBM’s new HPC cloud offerings will enable users to link computing resources across their organisations into a single, high-performance private
cloud while providing system administrators the flexibility to set priorities based on business or technical needs, the company said. And for cloud computing to be cost-efficient for scientific use, clouds must be optimised for scientific applications, according to a paper written by the Lawrence Berkeley Lab as part of its Magellan Project. According to Big Blue, IBM is currently the only major vendor to offer a private cloud solution tuned for HPC users. By knitting disparate systems together into one centralised resource, clients can gain easier access to more computing that can be used to support their most important business priorities, IBM said. For example, instead of segmenting computing resources by department, life sciences organisations can now pool systems from across the organisation and devote them as needed to their most pressing, intensive projects like drug discovery or analysis of massive amounts of genomic data without the need to seek outside resources, the company said. The new HPC cloud offerings from IBM complement the IBM SmartCloud—an enterpriseclass secure cloud platform specifically created to meet the demands of businesses—by extending IBM's experience and success with cloud-computing projects to technical users. IBM officials said high-performance computing has the potential to spur innovative solutions to the challenges facing the global auto industry and the American manufacturing sector, according to a case study from the Council on Competitiveness. The Council found that HPC and computeraided engineering is helping Ford Motor Company lead innovation in the industry, optimising product development, creating high quality products and improving time-to-market.
Fact ticker
Global Mobile Advertising Revenue to Reach $3.3 Bn in 2011 APAC to remain leading market. Worldwide mobile advertising revenue is forecast to reach $3.3 billion in 2011, more than double the $1.6 billion generated in 2010, according to Gartner, Inc. Worldwide revenue will reach $20.6 billion by 2015, but not all types of mobile advertising will generate the same opportunity. Search and maps will
12
cto forum 21 JUNE 2011
deliver the highest revenue, while video/audio ads will see the fastest growth through 2015. "Mobile advertising is now recognised as an opportunity for brands, advertisers and publishers to engage consumers in a targeted and contextual manner, improving returns," said Stephanie Baghdas-
The Chief Technology Officer Forum
sarian, research director at Gartner. "For that reason, mobile advertising budgets are set to increase tremendously across the various categories and regions, growing from 0.5 percent of the total advertising budget in 2010 to over 4 percent in 2015." "As the adoption of smartphones and media tablets extends to more consumers, the audience for mobile advertising will increase and become easier to segment and target, driving the growth of mobile advertising spend for brands and advertisers," said Andrew Frank, research vice president at Gartner.
M-Payments
P
ayMate has come up with an innovative app for Interbank Mobile Payment Service (IMPS). This app will be powering the mobile-based fund transfers of three nationalised banks - Syndicate bank, Lakshmi Vilas and South Indian bank in India. If the user has not been able to download the app for any reason, he can still transfer funds using the SMS method. The SMS based solution would enable even users with basic handsets to transfer funds. According to a research done by Informate Mobile Intelligence, PayMate is the fifth most popular mobile payment app in India. It was in November 2010 that the IMPS facility was first launched under the National Payment Corporation of India (NPCI). The idea was to provide electronic fund transfer service, which customers could conveniently access by using their mobile phones. According to the guidelines of Reserve Bank of India, the maximum amount that can be paid through mobile phones is Rs 50,000. But that limit should suffice as must users are expected to use mobile system for small remittances or online purchases only. Less than 20 percent of urban subscribers are smartphone users, hence the need has been felt for a system that can enable fund transfer through basic phones also.
A Question of answers
PERSON' S NAME
Looking Beyond Traditional Applications: Polycom is developing new applications for corpoartes to realise its potential.
14
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
A Question of answers
R an dy M aes t re
Randy Maestre | Global Director, Polycom
Explaining
Business Benefits of VC Polycom intends to change the mindset of corporates in the way they look at videoconferencing. In a freewheeling conversation with Rahul Neel Mani, Randy Maestre, Global Head and Senior Director, Industry Solutions at Polycom talks about how he plans to achieve it. How is the global video conferencing (VC) market shaping up? The market is growing tremendously. According to a Wainhouse research, the size of the market will be $5 billion in the next couple of years, and this would be around video conferencing (VC) specifically. Meanwhile, Forester says it could well be a $14.5 billion industry in the next few years. Some industry estimates even suggest VC could be a 35 billion industry. A lot of this
growth, however, is on the back of traditional applications. What value proposition does video conferencing bring to businesses? Different industries face different issues. For instance, the energy sector wants to reduce downtime. Every 1 percent savings in downtime saves 10 million dollars. So, for every minute that I can save, there is an impact on the bottom line. In retail, hospitality and even finance, it is
all about customer satisfaction. In healthcare it is about saving lives. In the government, it is about improving judicial applications, emergency response or citizen-centric services. The important challenge in the manufacturing sector is to reducing the time to market. Through the use of VC, corporates can address all these issues. According to various studies, Polycom is reducing time to market for companies by as much as 24 percent. So, we are not just talking about reducing travel costs. We The Chief Technology Officer Forum
cto forum 21 JUNE 2011
15
A Question of answers
R an dy M aes t re
need to help people understand how technology can be used in day-today operations. Yes they are saving 30 percent on travel. But they are also saving 27 percent on downtime costs; 24 percent on training and sales related costs, and 20 percent on reducing recruitment time. But corporates don’t still view video conferencing as a replacement to travel. Yes, it is true. During the recent volcano eruption in Europe, the use of VC increased 180 percent in some cases. However, as the volcanoic activity subsided, people again got back on the plane and VC usage dropped. People are therefore using this as a second option, not the first option. We want to change this and help people understand the true business reasons of using this technology. For this change to happen, however, we would have to look at alternatives. For instance, we need to make people aware of applications such as mobile video, telemedicine, and customer service related applications (such as kiosk type of applications). We need to look beyond traditional applications and opportunities. So, just looking at reducing travel time through VC is akin to not looking at the bigger picture. We realise VC could be a part of a much larger solution. We are working with vendors such as HP and IBM to promote these applications. There are other routes to market by working with telemedicine and distance learning associations. These are all vehicles we can use for promoting these applications. Developing applications is one thing but you need to have the bandwidth to support them. The cost of bandwidth is still too high in India. The cost of bandwidth has not come down. We realise that and India is looking at a national broadband initiative. But there are solutions that we have developed that can over-
16
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
“We have developed solutions that can provide high definition even with low bandwidth.� come these issues. Through these solutions, high definition can be provided even with low bandwidth. A lot of networks are also on public networks. We have technologies such as last packet recovery that optimises video conferencing in these non optimised public type of networks. How does Polycom expand beyond horizontal applications and look at applications in enterprise? There is a need to look beyond components. So in healthcare, we need to look as to how do we integrate into the pax imaging system? In hospitality, we have to look at integrating into a CRM solution. How do we enhance a traditional manufacturing application with remote inspection and repair? This is where video can be viewed horizontally and also has a vertical element. So, how do you cut down the time to market for a manufacturing customer? Let me give you an example of an automobile manufacturer. The first step towards this exercise is to look at each of the processes an automobile
things I Believe in Presently, the growth in the VC market is happening on the back of traditional applications. here is a need T to make people aware of newer applications of VC. erticals such V as education, healthcare, energy and government offer huge potential for VC adoption.
company takes to bring automobile to the market. We then determine where we have the opportunity to shrink time. There was a lot of potential for collaboration on the design front. Another example coule be of a designer bag manufacturing company. The designers can show their CAD drawings. They walk through and do real time modifications to the design instead of wasting cycles. Another important aspect is the reduction of downtime in manufacturing. In a typical manufacturing environment, there are supervisors seated above overlooking the manufacturing floor. Through the use of mobile VC solutions, they now have eyes and ears on the manufacturing floor to assist with remote repairs, remote inspections and other processes such as training new employees and manufacturing groups. Which verticals could see rapid deployment of VC? The two industries where VC applications are becoming more apparent by the day are healthcare and telemedicine. There is also a huge potential in the education, energy and government verticals.
Best of
Features Inside
How To Achieve a Culture of Innovation in IT Pg 20
Breed
To Disclose or not to Disclose... Pg 24
Illustration by Shigil N
I
Debunking the Top 5 SLA Myths More SLAs are not better, better SLAs are. By Steve Martin David Borowski
18
cto forum 21 June 2011
The Chief Technology Officer Forum
t ranks as one of the most common and impactful outsourcing mistakes of the past decade -- too many service level agreements (SLAs), designed around the wrong business outcomes, and exceedingly focused on financial remuneration rather than operational remedies. Whether due to a rush to get an RFP out the door and quickly ink a major deal or underestimating the effort required to design relevant service levels, companies often fail to appropriately link their SLAs to meaningful business results. Instead, they often blanket the outsourcing contract with too many SLAs, based on what “feels important.” They also rationalise that setting service level targets beyond what is actually needed -- and often at unreasonable levels (e.g., 100 percent) -- will accelerate the realisation of best-in-class performance, despite any inefficiencies and constraints with existing processes and technology. In fact, this inevitably results in higher fees to ensure performance compliance and to cover the provider’s risk as well as a reasonable probability that, even when SLAs are met, the desired business outcomes are not accomplished. This is because the service levels are diluted with carve-outs based on the actual scope within the provider’s control. While conventional wisdom suggests more is better -- e.g., 15 SLAs are better than 10, 20 per-
“Avoid multiple SLAs that measure different aspects of the same symptom.”
s e r v i c e l e v e l ag r e e m e n t s
cent provider fees at risk is better than 15 percent, 99.99 percent processing accuracy is better than 99 percent, etc. -- the problem with the “more is better” approach is that “more” results in higher costs, dilution of provider focus, and a misalignment between the provider’s incentives and the company’s desired business outcomes. What follows are five myths about SLAs and why companies pursuing business process or IT outsourcing arrangements need to realise that more isn’t necessarily better. Better is better.
Myth No. 1: The more SLAs the better overall protection and performance realised - This is true in theory, but not in practice. Ideally, SLAs should be collectively exhaustive but mutually exclusive. Companies should ensure that key business imperatives are addressed by the SLAs so that the provider cannot fail to meet the customer’s expectations without failing to meet at least one of the SLAs. Companies should also avoid multiple SLAs that measure different aspects of the same symptom, e.g., mean time to respond to service failures and mean time to resolve service failures. This helps reduce the number of SLAs, avoids a provider padding its price to protect against “double jeopardy” situations, and prevents misleading performance reporting. Additionally, if providers are responsible for adhering to too many SLAs, the performance credits associated with a particular service failure may become inconsequential and therefore provide no performance incentive to the provider (i.e., experiencing a service failure may actually be more cost effective than providing an effective and appropriately resourced solution). While the “right” number of SLAs generally depends on the scope of services being performed, as a guideline, companies should generally target 6 to 10 credit bearing SLAs for each major outsourced domain.
service levels than putting only 10 percent to 15 percent at risk. This is not the case. Service level credits do not provide equitable compensation for service failures and that shouldn't’t be their intent. Performance credit amounts should be calibrated to cause some impact to provider margins, but targeting excessive credits will almost certainly result in the provider raising its prices to account for the increased resources required to “guarantee” performance targets are met and the increased financial risk of failure. Customary financial consequences for failure to meet SLAs depend on the service, but most outsourcing transactions have 10
B E S T OF B R E E D
cesses may not be mature enough to achieve such levels right out of the gate. Companies should determine whether setting targets in excess of required performance creates any business benefit. If not, don’t require the provider to deliver, and moreover, price, to a gold-plated standard. If there is a meaningful benefit to more stringent performance targets, the contract may need to be constructed with provisions that allow the provider to achieve such performance over time, with locked in, planned performance target increases.
Myth No. 4: Hitting the provider with heavy financial penalties is the only real way
Companies should determine whether setting targets in excess of required performance creates any business benefit.
Myth No. 2: Increasing the provider’s fees at risk creates more incentive for them to perform - It would seem to reason that having a provider put 20 to 25 percent of their fees at risk for failure to meet SLAs would result in a sharper focus on meeting
percent to 15 percent of total fees at risk, with “cap averaging” over all SLAs and for longer periods (i.e., yearly vs. monthly).
Myth No. 3: More stringent SLAs translate into higher provider performance and, thus, better results - Better availability, faster turnaround times, and 100 percent accuracy will only guarantee one result: higher costs. Service levels should target the level of service that the company really needs and no more. While compelling providers to commit to service quality metrics in excess of what is actually required by the business might create the perception of better performance and higher value, it inevitably leads to higher costs, particularly for labor intensive processes and their associated metrics (e.g., requirement to complete all, as opposed to only the most critical/material GL account reconciliations within three days of the end of the month). Many companies look to outsourcing as an opportunity to accelerate the achievement of best-in-class performance, but fail to recognise that the transition from current performance levels to benchmark levels often requires some level of process optimisation. The existing organisation and pro-
to get their attention - Financial credits do provide an incentive for providers to meet performance targets, lest they suffer margin erosion or even the possibility of being financially upside-down on a deal. That said, as described above, providers have become quite sophisticated in their ability to manage the fees at risk vs. price dynamic, and while certainly not eager to provide credits, accept that some level of financial loss for failure to meet SLAs is acceptable or even likely. There are several other methods, however, that are equally, if not more effective, in creating incentive for the providers to perform. One is requiring the provider’s executives to meet in person with the company’s executives when performance failure thresholds are hit -- and contractually commit to meeting each month until the service levels are consistently met. Another approach is to require the provider to engage and pay for a third party to assess the causes of the failures and to develop a plan that the provider must follow to remediate the problems. Other non-credit bearing remedies/incentives include linking contract renewal and extension options to provider performance, requiring replacement of provider The Chief Technology Officer Forum
cto forum 21 June 2011
19
B E S T OF B R E E D
s e r v i c e l e v e l ag r e e m e n t s
95%
lead to the provider building in broader carve-outs; often times neutralising the applicability of the performance level altogether. A good rule of thumb is to e-commerce hold a provider accountable for sites will the timeliness and accuracy of have a tablet the dimensions of the process Myth No. 5: It is critical to that are within its control. For hold providers accountable for or e-reader example, in an accounts payable the entire end to end process presence by 2014. process, an outsource provider Ideally, it would seem desirable can be held accountable for to hold outsource providers the accurate data transcription from an accountable for meeting metrics for a perforinvoice to the ERP system or the percentage mance goal related to an end to end business of invoices entered and either successfully process cycle, e.g., days sales outstanding matched or properly routed to the client for (DSO) within the order-to-cash cycle. Howevresolution within a specified period of time. er, more often than not, the provider does not While it’s perfectly reasonable to set have control over the entire business process. aggressive performance goals and credit In the case of DSO, the outsource provider structures for your outsourcing provider, may only have responsibility for portions of companies should resist the temptation to order-to-cash (e.g., cash applications, credit impose unnecessarily rigid SLAs that drive reviews), and not for example, order generacosts up and result in other unintended contion or invoicing. Excessively broad SLAs also key personnel (at the provider’s cost), and stipulating that the provider perform root cause analysis and produce performance improvement plans to address deficient performance.
sequences without adding commensurate business value. Companies should invest the time and resources necessary to ensure that the SLA framework and individual SLA metrics are designed to hold the provider accountable and motivate them to perform, rather than inspire them to figure out how to offset the credits through other creative means.
—Steve Martin is a partner and David Borowski is a senior associate at Pace Harmon, a third-party outsourcing advisory services firm providing guidance on complex outsourcing and strategic sourcing transactions, process optimisation, and supplier program management. —This article has been reprinted with permission from CIO Update. @ http://www.cioupdate.com. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
How To Achieve a Culture of Innovation in IT For IT to be a part of the business, it’s important the entire IT team knows the business inside out.
By Marilyn Weinstein
E
very CIO knows his or her organisation’s business, inside and out. But what about the rest of your IT team? In order to make a strong case that IT is “part of the business,” it’s important that the entire IT organisation knows the business inside and out. If you’re nodding your head in agreement, but aren’t sure how to establish this model, follow these four guidelines and you'll be well on your way.
1 Teach your team your business. While the importance of ensuring that your team understands your business may seem obvious, it’s not commonly practiced across IT organisations. Instead, this knowledge is generally shared among the business team (product, sales, accounting and finance roles) and relayed to the CIO
20
cto forum 21 June 2011
The Chief Technology Officer Forum
alone. However, it is equally important that the network support team has insight into the company’s supply chain, understands the pricing factors, knows the customers, and is aware of other key factors driving the business.
2 Connect with the business. Make sure your IT organisation not only understands the business, but feels connected to it. There’s no denying that the level of passion and innovation that team members bring to their jobs will increase if they feel connected to the overarching business strategy and objectives. Consider how orders travel across the company. Does the IT team understand how this happens? If not, they should. Business processes should be understood by your entire IT team. Even better, encourage them to read
i n n o vat i o n
Illustration By Manjith p b
B E S T OF B R E E D
time to gaining support from the business side. If your own IT leadership team isn’t fully up to the task, you run the risk of being labeled an absentee CIO who is out of touch with the day-to-day IT operations. Consider this is a worst-case scenario. As long as you stay in touch with your IT team, instilling confidence in your leaders and staying abreast of IT initiatives, you will continue to reap rewards and build more credibility with the rest of the C-Suite. Once you’ve put yourself out there with the rest of the business, and sold and executed on your ideas for innovation, it’s time to really drill down and instill a lasting culture of innovation within your IT organisation. Business innovation will organically generate as the whole team becomes engaged in the business. When your IT employees understand supply chain issues, for example, they’ll automatically begin thinking of other supply chain avenues. And, when they learn about a competitor’s new product, they will instinctively begin thinking of new product innovations for your company. However, the equation does not stop there. While innovation may start with education, nothing will happen unless a continued focus and desire to maintain a culture of innovation exists. Here are three tips to help drive a lasting culture of innovation. 1.Put your commitment where your mouth is. Don’t fall back on your commitment to innovation. Formalise ideation in a meaningful way that works for you and your team, and consider having quarterly full-day white boarding sessions, creating contests, and forming committees to keep the energy going. 2.Exercise bragging rights. Long after any potential monetary awards and recognition ceremonies are over, the innovation itself will carry on as business is improved. Brag on behalf of teammates who initiated the change. Highlight successes to HR, and have them published in your IT or company-wide bulletins. 3.Track your team’s success. Did your SAN team come up with a unique way to store data, which went on to be a leading product for the business? Track numbers, and talk about them often with your business executives. Keep in mind that one of the best ways to kill innovation is to fail to implement the great ideas your team has generated. Once there is executive-level support, start designing programs that foster innovation – and put those ideas into play. And then continue to do so. Innovation breeds success, and vice versa.
Keep in mind that one of the best ways to kill innovation is to fail to implement the great ideas your team has generated. and understand your company’s 10k to truly understand how IT is a business driver. Try holding simple training sessions on business elements and operations, and then quiz your team afterward. Make it part of each team member’s MBO that he can competently explain the business drivers and speak to the company’s financials.
3 Develop trusted relationships within your organisation. Assuming that the concept of ingraining IT into the business represents a cultural shift for your company, keep in mind that charging headfirst without establishing relationships with the business team can do more harm than good. It requires hard work and persistence to gain the trust of business leaders. Make this a priority as you work to ensure that IT is seen as an integral part of the business. Similarly, your CEO and all of his or her underlings must wholeheartedly believe in the value of employee innovation and they must commit to hearing IT’s ideas. When such conversations do happen, avoid "IT speak" and focus, instead, on discussing goals and barriers in general business terms. Be prepared to listen in on business strategy discussions and offer insights and suggestions in business vernacular that address critical corporate needs. 4 Consider the risks. What are the career risks associated with stepping forward and putting yourself “out there” to the larger business team? The biggest risks of this approach are largely internal to the IT team – not to the company at large. To avoid any detrimental effects from seeking IT innovation, it’s imperative that you have a strong IT leadership team in place below you while you dedicate
22
cto forum 21 June 2011
The Chief Technology Officer Forum
—Marilyn Weinstein is CEO and founder of Vivo, a Silicon Valley-based IT staffing and consulting firm that specialises in successfully aligning the business and technical needs of IT with the expectations and cost requirements of the CFO. —This opinion was first published in CIO Insight. For more such stories please visit www.cioinsight.com.
As phrases like ‘personal efficiency’ and ‘consumerization of IT’ enter the enterprise, CTOs are increasingly looking at ways for IT to keep pace with business. In an exclusive interview with CTO Forum, we asked Mr. Sanjay Manchanda, Director – Microsoft Business Division hard-hitting questions to get clarity on real-time business productivity.
The productivity IT space today is filled with claims for ‘faster’, ‘toppriority’, ‘instant’ etc. But how real are the requirements for business today? Productivity is essentially about people, how fast they can access information and connect with each other. Consider how our workplace is changing – collaborating with international partners, coordinating across branches, managing remote workers, etc. Consumers have cellphones, social communities, chat etc, providing instant access to information. Yet, at the workplace, employees wait for meetings, getting approvals and even finding the right people. Increasingly, companies want to bridge this gap and bring capabilities that employees use in their homes and on the move, into the office. This sounds ambitious. How can Microsoft Office 365, your new service, bring these benefits? With Office 365, Microsoft’s leading communications and collaboration solutions are integrated with the familiar Microsoft Office applications (Word, Excel, PowerPoint, Outlook, OneNote) are now available as a service. Now, businesses of all sizes can provide their employees with enterprise-class email, chat, web-conferencing, document management and collaboration to improve business productivity. With Exchange Online, users access their email, calendars and contacts from any device. Lync Online allows real-time communication with IM, video calls,
How Real is Real-Time? online meetings. Early adopters are already seeing significant benefits like reduced travel expenses and operational costs. GlaxoSmithKline expects a 30% reduction in operational costs. Is Office 365 a new version of Office 2010, which released last year? No – Office 365 is a set of cloud-based productivity services. It offers customers Microsoft Office 2010, the world’s leading productivity software, as a subscription-based service rather than software that is purchased. Eliminating software and maintenance. Users just login, communicate and share from PC, browser and phones. What is the learning curve for endusers in working using the cloud? Can you give us some examples? Office 365 is easy for users to adapt to because accessing these services is similar to the way their on-premise versions work. A familiar experience will enable them to quickly migrate and benefit from these services. For instance, Office Web Apps helps users view, edit and modify Word documents and PowerPoint slide, using the same Ribbon interface and look-and-feel of the applications installed on your desktop. Ingersoll Rand, was initially cautious about how many people would embrace a new tool, until they found that 80% of their users wanted to be on a ‘Microsoft-type platform’ and were already using one at home. Most enterprises already have applications for email and communication. What does this mean for these existing investments? Microsoft’s approach to the cloud is unique. By allowing businesses to move
to the cloud on their terms and use their existing on-premise Microsoft solutions, seamless interoperatability with the equivalent cloud services is possible. If a business has a Microsoft Exchange implementation on-premise, they can continue to use it, while adding capacity for new users in the cloud, using Office 365. The same is true for enduser applications or devices – whether it’s Microsoft Office on desktops or smartphones. Take Godrej Industries where senior managers use Windows Mobile smartphones; other users can access email on their phones like Nokia, Blackberry etc. and sales personnel check for updates with Outlook Web Access from cyber cafes. The result: Their organizational efficiency improved by 30 percent. Lastly, is it cost-effective to deploy this enterprise-grade service for all employees? Absolutely. Today, everybody from a factory worker to a CEO stands to gain with access to the right information. To ensure cost efficiencies, we have a range of Office 365 plans to address different usage scenarios. For instance, we noticed that in some businesses not every employee can have a dedicated PC, and may therefore not have access to email or the intranet – it’s not costeffective. Workers on a plant or working on an assembly line are a good example. With the Office 365 “Kiosk” plan, you can now enable a basic email service for as low as INR 100 per user. The pay-for-use subscription model gives businesses the ability to bring business productivity services to more employees, and also gives them elastic capacity to scale up or down as the business requirements evolve.
THE MOST COMPREHENSIVE SOLUTIONS FOR THE CLOUD. ON EARTH. www.cloudpower.in
CloudPower
B E S T OF B R E E D
Securit y
To Disclose or not to Disclose...
To Disclose or NOT to Disclose… That is the question.
E
very time a software vendor experiences a vulnerability or releases patches for a serious security issue, the debate about Full Disclosure or Responsible Disclosure gains a little more steam. Just how much information should a vendor disclose about the nature of the vulnerability that it has identified, and how that vulnerability can be exploited? Many vendors take the position that to disclose details about the information puts their customers at risk, as the bad guys can make better use of the details to exploit the vulnerability. On the other hand, many security professionals point out that the bad guys are going to reverse engineer the patch anyway and are still in a better place to figure out how to use it in the absence of any other information. Meanwhile, the vendor’s customers typically lack the time and the skill to analyse the provided patch to the same degree, and without any useful disclosure statements, they are left with no way to properly evaluate the threat that the vulnerability poses to their infrastructure, and thus no real options to mitigate the risks to their business. Back in March of this year, RSA suffered a breach in which they lost significant data related to the implementation of their SecurID two-factor authentication tokens. Their disclosure statements from that time until now have been notable for how weak, flimsy and generally useless they have been in discussing what actually happened and what exposure this created for users of their SecurID solution. The recent attacks on Lockheed Martin and Northrop Grumman – both directly
24
cto forum 21 June 2011
The Chief Technology Officer Forum
facilitated by information obtained via the RSA breach – makes it widely apparent that RSA did not do its customers justice with its original disclosures. Even if we are willing to assume that RSA had additional conversations with sensitive customers like those in the defense industry, it is hard to argue that the information provided was all that useful, given that, at the time of this writing, attacks were successfully made against at least three (3) contractors in that space. To me, this begs the following question: Does RSA fully understand what they have lost, and how it could be used? Yes, the issue of disclosure is a sensitive one, and it is important not to feed more bad guys with more information that will allow them to have greater success against the rest of us, but it is abundantly clear that two months of saying essentially nothing is at least just as bad as saying too much, if not worse. It is still very amazing to me that so many organisations have poor or useless security practices – even those organisations whose business models are very dependent upon good security. Appropriate disclosure should include not only what is said, but when it is said, by what means it is communicated, and who it is communicated to. There should be an increasing level of information disclosed as enough time has been given for organisations to implement
Illustration By photos.com
By Andrew Baker
the initial patches or workarounds, so that the full risk of the threat can be evaluated on a per organisation basis. Disclosure is very much a necessary part of a good security program, and it is clearly lacking by even the most recognised security firms. What you don’t know can hurt you very much, if someone else already knows it… —This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
CO V E R S TOR Y
I T D e p loy m e n t
Making it Easy Page 26
Pay-By-Wire Turbo Charged Page 28
Intelligence on the Go Page 32
Digging out Inefficiencies
Common ivr Boosts Revenue
Page 34
Page 36
Five enterprises have leveraged the power of innovative IT to boost revenues,enhance agility, and drive out inefficiency. There are IT deployments and then there are those IT deployments that are innovative, weed out inefficiencies within the organisation making it more agile, and add to an enterprise’s bottom line. The CTO Forum magazine has been, over the years, featuring case studies of such IT deployments. For this issue, however, we decided to select the best from the rest. After sifting through case studies that appeared during the last one year in the magazine, we short-listed five of them to be featured in this issue. Among those featured include a bank that has leveraged IT to come up with speedier and more accurate domestic payments; a coal mining company that has cut down inefficiencies plaguing it, thereby enhancing its decisionÂ-making process and turning agile; and a telco that has implemented the first of its kind single IVR architecture to boost revenues and optimise its core network resources. Happy reading. The Chief Technology Officer Forum
cto forum 21 JUNE 2011
25
CO V E R S TOR Y
I T D e p loy m e n T
Making IT Easy CASE STuDY | RLICL
RLICL needed a rapid, efficient and cost effective Customer Relationship Management (CRM) solution to sustain customer satisfaction levels and improve service quality. By Ashwani Mishra
R
eliance Life Insurance Company Limited (RLICL), a unit of Anil Dhirubhai Ambani Group, was looking for a rapid, efficient and cost effective Customer Relationship Management (CRM) solution to sustain customer satisfaction levels and improve service quality. The existing CRM solution was not up to the mark and had many limitations. Firstly, the CRM application was managed by a service provider, and was not directly integrated with other applications within the company. Due to this segregation, service request resolutions often used to take more than a day to be addressed. Secondly, any addition and/or modification of service categories in the CRM application took a couple of weeks and were carried out by the service provider with an additional cost of Rs 30,000 per category. Finally, the service request resolution and the updates that were required to be filled back in the CRM application by the functional team took a couple of days which resulted in a longer resolution time. “This resulted in customer grievances and affected customer satisfaction levels,� says C Mohan, Chief Technology Officer, RLICL. Mohan wanted a solution that could handle surge in volumes, provide flexibility and scalability without degrading service quality benchmarks set by the organisation.
26
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
Making it easy The IT team decided to replace the outsourced CRM systems with an enhanced in-house CRM system which had the capability to draw agility from Service Oriented Architecture (SOA) framework and Business Process Management (BPM) solution to integrate all the core insurance applications through an Enterprise Service Bus. The team implemented a flexible, scalable, automated and secured CRM solution which was integrated with the core applications, leveraging SOA service. The new system was called Easy CRM. With the deployment of this solution the company gradually improved its capability of managing customer complaints, request
COMPANY DASHBOARD Company Reliance Life Insurance Company Limited | Established 2001 | Associate of Reliance Capital Ltd. | Services Life Insurance Plans, Retirement Plans, Protection Plans etc.
I T D e p loy X Xm X Xe X nXt
CO V E R S TOR Y
and enquiry and lead management capability for out-bound calling. The CRM solution was also integrated with the automated IVR system for complaint/query logging and resolutions. By in-sourcing the CRM solution and its integration with the core business applications through SOA, RLICL moved from a centralised to a decentralised complaint/ enquiry process. “With the solution in place, service requests could be raised not only at the contact centre, but also at the branches as the processes were transparent and available to the right users within the organisation,” says Mohan.
photo by Jiten Gandhi
Reaping benefits The integration of various functions in the organisation using BPM, provided a seamless workflow and service request automation in the service category. This built agility in the process with wider service delivery capabilities and eliminated multistage processing of requests and complaints by transforming it into a single step process. This also helped the company to address complaint resolution at the first instance and build multiple customer touch-points like the portal, the IVR, email and SMS along with the regular voice calls and branch walk-ins. “All our processes were engineered as per customer demands and not what we desired,” says Mohan. The company not only managed to increase customer satisfaction levels but also lowered its operating costs. It reduced the number of BPO staff to 200 from 300 plus and retained all of its customer service executives in the 1250 plus branches. In the back office department, the number of staff came down to 20 from 100 and they still managed to handle call volumes of 75,000 per month with complete call resolution. In terms of overall business, with solutions like SOA, BPM and IVR, RLICL was able to handle 100 percent growth in call volumes (transactions) and 45 percent increase in customer base with reduced manpower and reduced operating costs. The cost per call per month was brought down to Rs. 37 after implementation of Easy CRM from Rs. 94 before implementation. This translated into a yearly productivity increase by 150 percent and the savings for last financial year totalled to about Rs. 4.86 crore. According to company estimates, taking a 20 percent year-on-year increase in call volumes, the overall saving over next three years would be around Rs. 8.39 crore. With availability of multiple touch points like call centre, portal,
“With the solution in place, service requests could be raised at the branches also.” — C Mohan Cto, Reliance Life Insurance Company Limited
IVR, SMS and email the company was able to convert 1,27,090 leads generated through these channels to customers. Total value of this lead to cash conversion amounted to Rs.22 crore for financial year 2009-2010. Encouraged by this lead to cash conversion potential the company has now set a target of Rs. 100 crore for this financial year. The Chief Technology Officer Forum
cto forum 21 JUNE 2011
27
CO V E R S TOR Y
I T D e p loy m e n T
CASE STuDY | ING Vysya Bank
Pay-By-Wire
Turbo Charged I
Through innovation and some serious coding, ING Vysya Bank has made domestic payments via the RTGS-NEFT route speedier and more accurate. In a tighter regulatory regime, such IT-led business innovations are boosting the bank's ability to make money from information. By Harichandan Arakali
n the not-so-distant future, no one will use cheques. Reserve Bank of India's efforts, to make the RTGS and NEFT processes as common as cheques are today, are paying off, and increasingly, banks are offering their customers innovative payment services that are faster, cheaper and safer for all concerned. There are still many processes that require manual intervention that can be eliminated to make payments even more faster, cheaper and safer, as a project at ING Vysya Bank demonstrates. Everyday, as customers initiate payments via the Real-Time Gross Settlement and/or the National Electronic Fund Transfer routes, an army of bank employees is needed across the nation to manually match all the requisite information against their banks' databases to ensure that the money changes the right hands. At ING Vysya, an important step in this process is now automated.
Ramakrishnan, Head - Core Banking at ING Vysya. "As India rapidly modernises and cheque-based transactions yield to NEFT and RTGS, our transformational initiative will position us well," he said. What became an IT-led business transformation actually started off in a small way as an infrastructure capacity augmentation exercise at the planning stage, Ramakrishnan said. "We took it to the next level of business transformation and operational excellence."
COMPANY DASHBOARD Company ING Vysya Bank | Headquarter Bangalore | MD and CEO Shailendra Bhandari | Operations ING Vysya Bank Ltd., is an entity formed with the coming together of erstwhile, Vysya Bank Ltd, a premier bank in the Indian
An Opportunity
Private Sector and a global financial powerhouse,
"Our research leads us to believe that we are now the fastest domestic electronics payments processor in the country," said Dharmaraj
ING of Dutch origin, during Oct 2002.
28
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
I T D e p loy m e n t
CO V E R S TOR Y
photo by s Radhakrishna
By developing innovative payment services at ING Vysya Bank, Aniruddha Paul and Dharmaraj Ramakrishnan, are offering their customers a satisfying banking experience.
The Chief Technology Officer Forum
cto forum 21 JUNE 2011
29
CO V E R S TOR Y
I T D e p loy m e n T
In 2008 the bank took stock of its payment platforms even as it saw that the RBI’s persistent efforts to move from cheque-based payments to RTGS/NEFT would soon start getting traction in the market. While this would benefit individuals with small and large transactions alike, the true impact of what Ramakrishnan and his colleagues eventually developed would be seen in the corporate sector, making the bank 'Easy To Deal With' as ING's motto goes. On the one hand, the bank felt the need to re-architect its domestic electronics payment infrastructure and on the other "we also sensed an opportunity to put together a world-class solution that would offer the best of services to our customers," Ramakrishnan said. What the IT team also did was to de-link volume growth from payment-operations-related FTE growth. The objective was to build the fastest domestic wire transfer facility in the Indian banking industry. As banking products and services get commoditised, speed and excellence of service channels become key differentiators, Ramakrishnan said in a background note on the project. India is rapidly modernising and banking payment services are switching from physical cheques to wire transfer. "By building the fastest domestic wire transfer facility in India, ING Vysya now has the ability to differentiate itself to both retail and corporate customers and be their preferred payment processor," he said.
The Benefits Speed: Customer gets instant credit for the wire transfer as and when it is received by ING. This will enable the customer to have ready access to the funds. Safety: Customers accounts are credited only after payee names are validated and anti-money laundering (AML) checks done on-the-fly in a Straight-Through Processing (STP) mode. Superior customer service: No more anxious waiting hours and queries to the Bank on the status of the funds transferred. Cost benefits: There has been a 40 per cent reduction in actual FTE (full-time employee) cost and a 75 per cent reduction from projected FTE costs if this initiative hadn’t been planned and executed. Revenue impact: ING Vysya is positioning itself as a significant player in the payments processing space. This initiative goes a long way in underpinning our credentials. Metrics: Handles 2,00,000 transactions/month and an 84-100 per cent year-on-year growth rate Outward remittance processing time cut down by 50 per cent (10 minutes to 5 minutes)
30
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
Money From Information The big picture is part of the evolving landscape in the payment scenario, and what is it that various banks and financial institutions can do to innovate with the rapid changes happening in the indusry today. "This is characterised by the decline of float-based income," said Aniruddha Paul, Head, IT Change Delivery, Ramakrishnan's boss and an enthusiastic champion of various 'change-the-bank' initiatives that would put ING Vysya on par with larger competitors for lucrative corporate customers. "The chances of making money out of money are declining and the only way you can make money is by leveraging information," Paul likes to say. The decline of cheques and other such instruments and the inexorable shift towards electronic payments both in retail banking and with corporate customers is setting the agenda. "Against this background what we find is a sharply increasing numbers electronic transactions in the domestic market with tightening regimes from RBI on the kind of fees that we can charge to the customer," Paul said. For instance three years back there was a much looser regime on the fees that a bank could charge a customer. Now the RBI has clearly laid down the maximum that a bank can charge and there's not much flexibility there, he said. What ING Vysya is doing then is "building a whole range of payment products and surrounding information systems which can extract, glean, tweak, massage information related to the customer and provide value add to our corporate customers primarily, who are the beneficiaries of these kind of insights and also to various customers," he said.
Inward remittance processing time cut down by 80 100 per cent (from 1 hour to nearly instantaneous for 70 per cent cases that go through STP) At 100 per cent growth rates in business volumes, the operations staff would have increased from 9 FTE to 20; it has now been resized to just 5 FTE Straight-Through Processing ensures customers get instant credit of the wire transfer as and when it is received by ING Vysya. Error-free processing due to STP and implementation of maker-checker concept for high value transactions. Improved availability of systems across the branch network and online channels. Particular attention was paid to: System re-architecture and automation. This was a mammoth analysis, programming and testing effort. Payment processors are the most sensitive areas of operations and ING Vysya had to design fail-safe systems that would work flawlessly from day one. In particular, the fuzzy logic algorithms had to be suitable for Indian conditions and Indian names. Since payee-name validation was at the heart of STP, they had to get this absolutely right.
Payments Programme The automation of the payee-name validation must be seen in this context. “This was a part of a bigger programme that aimed improving operational efficiencies,” said Dheepak Rajoo, a project manager with the bank’s Programme Management division who helped manage the two phases of the clutch of projects that eventually led to the successful implementation of the automation. “We had a payments flavour to it, with the NEFT RTGS, it had an ECS component, an offline clearing process related to cheque processing, a cheque truncation process -- all of this, we pulled together as a payments programme.” The NEFT RTGS had two phases -- first replicating the NEFT RTGS payment platform within the core banking operation. This was “primary because there were pain points
I T D e p loy m e n t
CO V E R S TOR Y
“The chances of making money out of money are declining and the only way you can make money is by leveraging information.” —Aniruddha Paul
Head, IT Change Delivery, ING Vysya Bank.
around processing a finite number of transactions alone, which meant that the business capability itself could be hampered to some extent.” Then they thought “why don't we scrap the payment infrastructure, which wasn't scalable and migrate it into our core banking.” This meant creating the functionalities of an external processing engine withing the core banking, which “enhanced our capabilities to process transactions and to scale up,” Rajoo said. That was the first phase of the project. This also meant that the capabilities had to be extended to about 480 odd branches pan India. The core banking front end was an extension of the same platform, called Profile for Windows. “The challenge was to be able to migrate the functionality by building it from scratch into the platform.”
Automated Validation “Phase 2 was the more innovative” part of the project, Ramakrishnan said, building the ability for payee-name validation. On inward processes, it was about building processes that would match the name, check the accounts, look for restrictions, match off amounts and execute real-time credit. The result could be that validated customers would get near ‘instant liquidity.’ Typically these projects are what the bank’s IT folks call 'Ops and IT Transformation’ projects. This also meant the project was done across geographies, with people working from Portugal and Poland, and therefore people speaking different languages. This meant that for instance, “we had to use a lot of visual and pictorial aids to get our ideas across with a brilliant programmer from Poland” who had some difficulty with English, Rajoo said. One of the things they did, was to migrate a payment processing engine that was natively built, called P-Connect. “We mirrored the same functionalities into our core banking system.” To be able to build all the native capability of a legacy software back into the core banking was the objective. “Now we've retired that platform,” he said. “The external engine had performance issues around scalability, and transaction processing times were extremely high,” Rajoo said.
“At one point we had daily monitoring at the CIO level, what was the time for break-fix, what was the downtime, how much time was lost because of the performance issues and so on.” At the time we were thinking about the concept of a payments programme that had multiple projects -- we had a programme level project governance. That helped to always have a dip-stick every month, with the CIO, the COO and everyone else and validated the idea that 'the replacement was the right way to go' and the decision to move this in to the core banking made sense. NEFT meant the transaction has to be real-time. That meant that the bank has to keep ramping up its backend as the transaction volume increased, to be able to settle customer transactions the same day. For instance, even if a transfer is initiated at 4 p.m. when the cut off is 5 p.m. the transfer still has to be made the same day. The more the volume the more the number of people required at the backend. “We automated it,” Ramakrishnan said. “We built an algorithm, which matches off the spelling as well as the way the name sounds.” The algorithm matches off the spelling and gives it a percentage value and also matches off the sound and gives it a value. The operations team can configure the rules that determine the degree of matching for which a straight-through process can be allowed, he said.
Bedrock of Future Innovation “This particular innovation that we have done, which is building from a domestic electronic payments system would be the bedrock of further innovation that we have to do,” Paul said. “With our systems, not only do you make the core payment faster but the surrounding systems kick in to get the information about the payment and automatically post it to the corporate ERP systems in an straight-through process,” Paul said. Such innovations, along with others such as offering greater security for a payment, are helping ING Vysya Bank go after lucrative large corporate customers who were hitherto more the domain of large multinational banks, he said. The Chief Technology Officer Forum
cto forum 21 JUNE 2011
31
CO V E R S TOR Y
I T D e p loy m e n T
Intelligence CASE STuDY | Life Technologies
On The Go
Life Technologies deployed Mobile Business Intelligence to empower its sales force with valuable data on the go. By Rahul Neel Mani
W
ith revenues at $3.6 billion, Life Technologies, a global biotech tools company providing cutting edge systems, consumables, and services for scientific researchers across the world, had a clear roadmap of empowering its field sales force with timely and intelligent customer insights to sell more and better. For this, the company required a business intelligence solution that supports a variety of smartphone devices including the Blackberry and the iPhone - enabling its sales personnel to take timely decisions shortening the decision making cycle. As a result, the company thought of deploying IBM-Cognos for Blackberry devices and ‘Roambi’ a data visualisation application from MeLLmo Inc. for the iPhones.
The Challenge For Life Technologies, it was quite a challenge to support the field sales force with adequate data that could help them reduce the decision support cycle and increase productivity at the same time. “To make this a reality, it was essential to have an automated and responsive system which can help the sales representative in accessing critical customer information on the go,” says Manoj Prasad, Vice President Enterprise Architecture, Global Applications and Testing, Life Technologies. Both the executive management team and the field sales force required daily sales reports that could give the status of sales, planning and forecasting. There was also a need felt to provide inventory reports so that the sales force can make realistic promises to their customers. But this wasn’t so easy. There were a bunch of barriers to be overcome before moving further. One, there wasn’t a single technology platform/ application that could push data to all types of smart phones and mobile devices. And in Life Technologies, there were nearly 2,500 Blackberry users and 800 iPhone users. The second biggest challenge was to integrate the two with the data warehouse. “We did not have the luxury of time to wait for such an application to develop,” Prasad says. “Mobile BI was the strategic priority for our department in 2010.” Life Technologies' goal was to roll out mobile applications that would allow its field sales
32
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
force to deep dive into the data on the cutting-edge tools it was developing, to take to the researchers who needed those tools.
The Solution Anticipating the frustrations that would spew from the non-availability of an app, Prasad's technology and application development teams didn’t wait for one. “We knew enterprises like us had already started going mobile,” he said, spurred on by improvements in the ability of smartphones to display graphical information and the emergence of intuitive graphical interfaces that can better handle BI visualisations. In their quest to overcome the bottlenecks of the technologies available and the inherent inability of those technologies to work on the popular smartphones, Prasad and his architecture team looked for different options to get data from SAP Business Objects and IBM Cognos BI systems onto employees' Blackberries and iPhones – the two most popular devices used in Life Technologies. “At this point, we were really at the crossroads. On the one hand, we were committed to deploying a Mobile BI solution in the stipulated timeframe and on the other, there was no one single vendor/ technology that could work seamlessly on the different devices used by the employees,” says Prasad.
COMPANY DASHBOARD Company Life Technologies | Headquarter California, US | chairman and CEO Gregory T. Lucier | Operations A global biotech tools company dedicated to improving the human condition. Its systems, consumables and services enable researchers to accelerate scientific exploration, driving to discoveries and developments that make life even better.
I T D e p loy m e n t
After much evaluation, the team came up with a unique proposition. They selected MeLLmo Inc. Roambi, a data-visualisation application that takes BI data from various available sources and makes it iPhone friendly. Unfortunately, Roambi doesn’t support the Blackberry. IBM Cognos V8.4 was used to push data to Blackberry users. Prasad then asked his team to use Roambi to develop two reports - sales quotas and daily sales reports - that are important to company’s sales force. As a pilot, a test version of daily sales reports taken from Life Technologies' Cognos data warehouse was rolled out to nearly 50 sales professionals who used iPhones. “This worked well. But there was another problem now. A majority of our users have Blackberry and Roambi doesn't work on it. So we planned to use the mobile version of Cognos to deliver similar reports to the Blackberry users,” says Prasad. "After having tested the applications multiple times in various environments, I showed it to the CIO and a few customers. They all got very excited."
The Outcome Before this deployment, the sales force didn’t have the right data on time to service their customers. The customers weren’t very satisfied with the quality of service delivered to them. “How can you expect the sales force to sell more when the customers are not happy with the services provided to them today,” questions Prasad. The deployment wasn’t easy but after going through the rigour, the company has certainly experienced a sea change in the productivity and efficiency of its sales force. “We have an edge over our
CO V E R S TOR Y
“The Mobile BI provided between 30-60 minutes of saving per sales representative per day. The Mobile BI provided between 30-60 minutes of saving per sales representative per day ” —Manoj Prasad
Vice President Enterprise Architecture, Life Technologies.
competitors. Now our sales force reaches out to the customers well informed and in time,” says Prasad. Today, even the service engineers have all the required data to service the equipment efficiently.The Mobile BI provided between 30-60 minutes of saving per sales representative per day. “There are nearly 1000 sales representatives in Life Technologies. This adds to 1,000 hours of saving. These 1,000 hours can be used for selling more products,” says Prasad. Prasad’s team is already working on applications for other parts of the company, such as a global warehouse report, and has set up a mobile development architecture team to devise an entire mobile strategy for Life Technologies, with a particular emphasis on BI. (This case study was done through a telephonic conversation.)
The Chief Technology Officer Forum
cto forum 21 JUNE 2011
33
CO V E R S TOR Y
I T D e p loy m e n T
Digging Out CASE STuDY | SCCL
Inefficiencies
For Singareni Collieries, the challenge was to streamline operations at multiple locations for enhanced decision making and business consolidation. By Varun Aggarwal
By Deploying ERP, M. Sathyanarayana has enabled Singareni to have better control over its processes.
34
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
CO V E R S TOR Y
I T D e p loy m e n t
F
or a coal company in India which has an order book much bigger than its production capacity, timely delivery is the key to success. Singareni Collieries Company Limited (SCCL) currently operates 13 opencast and 42 underground mines in four districts. The $1.4 billion company is one of the largest coal mining companies in India. While the company has IT set-up in all its branches, the challenge for SCCL was to integrate and streamline operations at multiple locations for enhanced decision making and business consolidation. With either manual or disintegrated systems, there was no central management of information leading to frequent delays in delivery causing financial losses in terms of loss of opportunity.
Integrating Diverse Systems While thinking of deploying an ERP to solve the problem might sound easy, the bigger hurdle that lay ahead of the company was its own 70,000 employees who feared delays in payments with the new system. The change management process had to be kicked in before any formal rollout could take place. However, this wasn’t the only challenge that had to be dealt with. “Our distributed IT architecture had made this difficult,” says M. Sathyanarayana, ERP project manager at SCCL. Manual integration of processes for purchasing, sales and distribution, finance, stores, and payroll resulted in duplicated data entry and paper-based processing that wasted time and caused errors. To handle these challenges, SCCL chose financial, controlling, materials management, quality management, payroll, and sales and distribution software in the SAP ERP application. Key to this choice were strong SAP references from comparable enterprises in India. One of the first public sector companies in India to undertake a large-scale, enterprise resource planning (ERP) implementation, SCCL rented the hardware it needed early in the implementation rather than trying to purchase it. This minimized procurement delays that are typical in public sector installations. IT employees were thoroughly trained on SAP technologies and now maintain the software with little external support. Development of certain applications prior to implementing SAP ERP facilitated data migration.
The Benefits With SAP ERP in place, information is more visible throughout the enterprise and available in real time. This, plus an alert framework within the application, has significantly improved decision making. Integrated materials management has given SCCL better control over stock and inventory. “Timely provisioning of spare parts and other items for maintenance, repair, and operations has increased the avail-
COMPANY DASHBOARD Company Singareni Collieries Company Ltd | industry Mining | revenue $1.423 billion | employees 70,000 | headquarters Hyderabad, India
Project Highlights Key Objectives of the Project Provide integrated view of operations at various locations Support real-time data capture and processing for supply-chain functions Improve inventory visibility Reduce paperwork and manual processing Streamline payroll process for transferred employees Reduce IT maintenance and other costs Key Performance Indicator Impact Time to process sales orders – reduced by 50% Days to close annual accounts – reduced by 50% Time to settle advance payments – reduced by 40% Duration of purchase requisition cycle – reduced by 98% Time to generate coal bills – reduced by 95% Unmanaged spend – reduced by 55%
ability of essential equipment and made it easier to meet production targets,” Sathyanarayana opined. “We have reduced the overall cycle time for sales order processing from months to days, cut the time for settling advance payments made against sales orders, and increased customer satisfaction,” adds N. V. Rajasekher, superintendent engineer for marketing and movement at SCCL. There has also been a significant decrease in the time needed to close annual accounts. Singareni is the first coal company in India to use an SAP solution–supported balance sheet in the first year the new software was implemented. The company can now manage and control spending at the enterprise level. The new software, which supports 300 to 400 items related to material requirements planning, has significantly reduced the purchase requisition cycle. Increased integration has also facilitated better procurement policies, encouraged collaboration with suppliers, and significantly reduced stock-outs at plant locations. In addition, paper consumption related to the accounting process has dropped significantly. “The four SAP modules we’ve added are like the first floor of a building that will help us build many floors in the future,” says M. Sathyanarayana, ERP project manager at SCCL. “Today, SCCL is a truly integrated enterprise. We hope to leverage other functionalities and develop a robust business intelligence platform that will further enhance decision making.” J. V. Dattatreyulu, Director of Operations, Singareni Collieries Company Limited
Next Step After reaping the fruits of a successful ERP implementation, SCCL is planning to implement SAP’s Man maintenance module which is very useful for the coal mining industry. “We are also planning for certain HRM and CRM modules within the next six months or so,” Sathyanarayana. The Chief Technology Officer Forum
cto forum 21 JUNE 2011
35
CO V E R S TOR Y
I T D e p loy m e n T
CASE STuDY | Videocon
Common ivr
Boosts Revenue With a simple idea of using a common platform for both Customer Care and Voice Value Added Services (VAS), Videocon Telecommunications Ltd.’s Ajay Satyarthi implemented the first of its kind, stateof-the-art single IVR architecture to minimise cost and to optimise Core Network resources. By Harichandan Arakali
N
cto forum 21 JUNE 2011
Single IVR Platform “Nowhere in the country is a wireless services provider using a common IVR with both the customer care calls and the value added services calls running on the same platform,” Satyarthi says. This is something unique, he says. The advantage is “on one side, we are actually catering for the call centre, which is a cost centre for us, while on the other, a revenue generating application is running on the same platform.”
COMPANY DASHBOARD
ot every idea that a CIO comes up with has to be a technology-intensive and complex in implementation, to be called an innovation and perhaps more importantly also help boost revenues. Ajay Satyarthi, Senior General Manager - IT at Videocon Telecommunications Ltd. (VTL), part of telecommunication division of $4 billion Videocon group, showed this, when he tweaked some existing, proven architectures to achieve superior results. VTL is licensed to offer pan-India GSM mobile services across the nation, covering 22 circles (regions as geographically designated by the nation's telecommunications regulator).
36
In the hyper-competitive mobile phone services market in India, new entrants, such as Videocon have to find innovative ways to attract and retain customers. Technology will play a major role across the operations from making it very easy for customers to get the information that they need, to monitoring and tracking trends to react quickly to opportunities. As a more recent entrant into the market, VTL chose to outsource many of its requirements to get its show off the ground quickly. In the mobile phone business, the customer contact centre is central to ensuring both customer care and value added service are delivered well.
The Chief Technology Officer Forum
Company Videocon Telecommunications Limited | Business GSM mobile services in 22 circles | Lineage Part of $4 billion Videocon Group with interests in Household Consumer Goods, Oil & Gas, Retail, Telecom, DTH and the Power sector | Brand Equity Rated among India’s Top 15 Business Houses, listed among the 100 Emerging Giants of the World in a Boston Consulting Group study and rated in the Top 15 'buzziest brands’ in India by agencyfaqs in 2010.
I T D e p loy m e n t
CO V E R S TOR Y
“Nowhere in the country is a wireless services provider using a common IVR with both the customer care calls and the value added services calls running on the same platform.” — Ajay Satyarthi Senior General Manager - IT, Videocon Telecommunications
dropped, customer satisfaction is high as well. On the VAS IVR too, all the services are run on the same single IVR platform. In the traditional set up, each VAS, be it music on demand, caller back ring tone or a voice portal or a fulltrack song, each service would have its own IVR – that's the standard process. “What we've done is to build a common IVR to capture caller’s choice no matter which VAS a customer is interested in,” Satyarthi said. This is simply done by prompting the customer to select a choice by pressing a number, which would then route the caller to that particular service
Eliminating Problems “Other operators have either the one or the other, but not the both sets of calls running on the same technology and on the same platform” he says.
Dynamic Allocation “What happens is that we build a common IVR platform and instead of terming it a contact centre IVR or VAS IVR, we call it a unified IVR platform,” Satyarthi explained. At the heart of this model is the dynamic allocation of ports to both the applications: What this means is that if for instance the contact centre is receiving a lot of calls at a particular time and the VAS is relatively free, the ports of the VAS IVR will get dynamically allocated to the contact centre application and vice versa. Similarly, the VAS IVR will pick up ports from the customer contact centre side and therefore generate more revenue. This not only ensures that congestions are eased on both applications, ensuring customers' calls aren't dropped, but also improves the contact centre's revenue-generating capability by dynamically boosting the call-handling capacity at the VAS IVR end. With few or no calls
As of today this hasn't been done elsewhere. Operators are struggling to do a consolidation migration to these kinds of platforms, Satyarthi says. When Satyarthi was building the architecture for the VAS and the contact centre, having joined VTL from an incumbent competitor, he decided to pick up all the existing problems faced by various operators and ensured that his architecture eliminated all of them. For instance, there was a problem of publishing multiple numbers for multiple VAS. At the operator's end, reconciliation and management of the IVRs, their port capacities and other operational issues – he decided to identify all the problems and resolve them first. At one point, it was difficult to convince the VAS providers that they can work on standards based platforms “Today, neither my music-on-demand nor my CRBT VAS provider has its own IVR,” Satyarthi said. “They use our platform and we've exposed VXML 2.0 and 2.1 APIs to these partners, so they just bring in their application. They connect to the centralized IVR platform, the responsibility of The Chief Technology Officer Forum
cto forum 21 JUNE 2011
37
CO V E R S TOR Y
I T D e p loy m e n T
rating, charging, reconciliation lies with VTL instead of them as was the case in a traditional setup..
Better Deals Obviously this means that we've got better revenue sharing model from the VAS partners. In the conventional system, they would have had to invest in the software and the hardware for the IVR to provide VAS, which they have avoided with VTL, Satyarthi said. The unified platform also meant that Satyarthi was able to negotiate more attractive contracts with his system integrator Wipro and the technology provider Avaya, he said. “We have played on the volumes, by consolidating the calls of both the VAS and the contact centre.” In a traditional setup, about 60 percent of the calls are from the customer care end of the platform while the rest are usually from the VAS side. So in the conventional set up, one would have negotiated for the volumes – in terms of minutes handled by the contact centre outsourced service provider – of the customer care calls separately and the VAS volumes separately. What VTL did was to negotiate rates based on the combined volumes, reducing its costs of handling all the calls.
Set to Exceed Targets VTL set itself an initial set of targets that included getting 25 million customers in the first phase of implementations. The rate at
which the mobile phone services provider is adding customers today, “we will probably far exceed that,” Satyarthi said. He wanted a cost optimized solution and knew what the problems were and what the available solutions were. VTL initially started with a centralized model with the option of decentralization if needed. Today they run out of one data centre in Chennai, with a clear idea of what volumes the existing model can handle and at what point they will have to start decentralization. The initial target was that the IT must support VTL's business and yet have a cost model that was sustainable over the next 10 years. “The way we've done our contracts with our partners, we're managing them on SLAs and KPIs,” Satyarthi said. “There is an agreement with the SIs that says the system has to be available for a certain percent of the time and reliability has to ensure for a certain percent of the time”, he said. With mobile number portability being implemented in India, “Our systems were MNP compliant from the word go,” he said. “We don't work on number series or circle specific numbers. Today it is intra-circle and tomorrow it will be inter-circle. We will be faster in these areas, as our systems were architected in such a way,” he said. While VTL didn’t participate in the 3G spectrum auctions, the company’s IT enterprise is geared up to support multiple options to expand vertically as well as horizontally in the coming months and years, he said.
NEXT
HORIZONS
Features Inside
What You Should Know About Social Media Pg 47 Wireless Security, an Urgent Area of Focus Pg 50
Illustration by Shigil N
F
Tech Fueled Transformation
A Look at technology trends that are transforming business. By Daniel Burrus
or many people, change is difficult and transformation even more so. According to the New Oxford American Dictionary, "change" means “to make something different,” while "transform" means “to make a thorough or dramatic change.” It is a difference of degree, I admit, but that degree is so extreme that it becomes a qualitative difference. Changing means continuing to do essentially the same thing, only introducing some variation in degree. Build it a little bigger, smaller, faster, higher, longer. Increase the marketing budget. Add a few staff to the department. Come up with a new slogan. But today’s business problems cannot be fixed by changing, nor can organisations or industries survive simply by changing. Embracing change is no longer enough: We need to transform. Transformation means doing something utterly and radically different. It means nanofusion; it means using algae as a fuel source; and reimagining GM on the Dell model. In the early 1990s, Barnes & Noble superstores changed how we shop for books. By the mid1990s, Amazon was transforming how we shopped for books, which then transformed how we shop for everything. In the '90s, we were always telling ourselves to “think outside the box.” It’s a neat image, evoking creativity and unconventional The Chief Technology Officer Forum
cto forum 21 JUNE 2011
43
N E X T H OR I Z O N s
T e c h t r a n s f o r m at i o n
thinking as a way to arrive at ingenious new paths and solutions. But it’s a slogan whose time has come and gone. Here’s the problem with "thinking outside the box:" we all know that no matter how creative we get during the weekend seminar, come Monday morning we’re going to have to crawl back into the box again and deal with our current reality. The problem isn’t that we need new ways to simply step outside the box -- we need to completely transform the box itself. In fact, whatever your box is -- your job, company, career, situation -- it is going to transform whether you like it or not. There is no field or profession, no business or organisation, that is not going to transform dramatically and fundamentally over the years ahead. In fact, we’re standing on the foothills of an enormous mountain of change -- only most people can’t see it. From most people’s vantage point, it’s easy to assume that the biggest changes have already happened: the Internet has already turned the world upside-down and changed everything. But that’s hindsight, not foresight. The proliferation of the Internet throughout the last decade is nothing but prologue, not the unfolding story itself. It was not the transformation it was only the foundation that laid the groundwork for the transformations to follow; the overwhelming majority of which are still ahead of us. We are at the dawn of an era of technology-driven transformation that will make the changes we have experienced over the past 25 years seem tame, mild, and slow. We have crossed the threshold into a time of transformation. And that is the context of this flash foresight trigger: expect radical transformation. In the past, it was important to change. Now it’s no longer enough to change. In fact, as I tell my clients, to change is to fail. We need to transform.
Our intelligent future Product intelligence is perhaps the most vivid example of seeing how dramatically technology is going to transform everything in the years to come. The cost of intelligence is falling fast; even faster than the cost of energy is
44
cto forum 21 JUNE 2011
In the future, we’ll bring intelligence to everything that uses any kind of energy. Smart houses that know your habits and schedules as well as the changing cost of electricity in real time.
rising. What’s more, it will continue falling for years to come. Can we really say this with certainty? Yes, because it’s a hard trend. It is a direct result of the increase in processing power, storage, and bandwidth, three digital accelerators that are now pushing us forward faster. At the same time, while the cost of intelligence continues to fall, the intelligence of intelligence (that is, the increasing sophistication and capabilities of embedded product intelligence) continues to rise in a classic hockey-stick arc that is approaching vertical. What we think of today as “smart concrete” will be at the dumb end of the scale ten years from now and the smart end of the scale will be staggering compared to what’s possible today. In the future, we’ll bring intelligence to everything that uses any kind of energy. Smart houses that know your habits and schedules as well as the changing cost of electricity in real time, minute by minute. Your house will know exactly how to adjust your climate, lighting, and other power-consuming features in the most economical and optimal-performance ways. Smart cars that know when to use which fuel, according to the terrain, locale, and type of driving you’re doing. Intelligence will drive our multi-fuel future, so that our tools know when to use different fuels and how to use them for optimum efficiency and productivity. These are just brief examples of how product intelligence of CIOs are will transform our world. From energy to agriculture to healthexpecting an care, our world will be transincreased formed as the curve of digital budget to work technology’s advancement goes vertical. We could choose any with this year. one of a thousand other areas,
53%
The Chief Technology Officer Forum
since this metamorphic wave will leave nothing untouched. But no discussion of the coming transformation would be complete without a tour of the environment in which we have come to spend more and more of our time: The Internet.
Welcome to Web 3.0 To date, the world wide web has gone through two basic iterations: The first generation, lasting through the end of the nineties, presented the Web as a flat, onedimensional way of displaying information that could be accessed by keyword searches. Basically, it was humans interacting with computers. This would soon change. The Web’s second iteration, Web 2.0, has been characterised by the user-to-user dimension of content sharing. Peer-to-peer (P2P) networking was the application used by Napster to offer music file sharing to the masses. Since then we have seen enthusiastic amateurs from around the world work together to classify and post massive amounts of new content on the collective encyclopedia project Wikipedia. Idea-sharing tools (blogs and Twitter), personality-sharing sites (MySpace and FaceBook), photo-sharing sites (Flickr), and video-sharing sites (YouTube) are all examples of the content-sharing nature of Web 2.0, which has given rise to the concept of social networking. Thanks to the underlying technology of XML, which allows machines to talk to other machines over the Web, applications as well as individuals can also share data with each other. For example, the connecting of corporate or personal location-based data to Google Maps. Web 2.0 created an entirely new experience from Web 1.0 but that’s all behind us now. Web 2.0 is already old news.
T e c h t r a n s f o r m at i o n
The hallmark of Web 3.0 is that it is an immersive environment. In this new Internet construct, you won’t use the Web, you will enter the Web. form, needing only graphic artists to get the colors right, let the vendors add their virtual products, and "Presto!" you have your fully immersive trade show. Now, when we go home, everything is still there: It’s never over! You can click on any and every booth and connect to a real salesperson via video conferencing anytime you like. And by the way, the vendors are still paying a fee, albeit a fraction of the in-person cost. Now, instead of having a three-day conference, you have a twelve-month conference. Because of runaway multiplication of the three digital accelerators -- processing power, bandwidth, and storage -- over the next several years we will see this kind of dimensional experience come to the Web for the general user.
Web 4.0: Ultraintelligent electronic agents If Web 3.0 is the future, then what’s beyond that? Web 4.0, of course; a further iteration of the online experience that will transform how we do everything. The essence of Web 4.0 is this: instead of our having to go searching for what we want, it will come to us. Advances in artificial intelligence have
created a type of intelligent search that tailors itself to the individual user, learning our parameters and preferences to make our searches automatically more relevant and useful to each of us individually. Soon we will be using a powerful new tool to do a good deal of our Web-based work for us, thanks to an emerging technology called ultraintelligent electronic agents. Because they reside on the Internet, you can access your e-agents from anywhere, regardless of where you are or what device you are using. Only you will have access to your personal e-agent. You will use two forms of biometric identification, like your voice and face, or your voice and fingerprint, to identify yourself. You will be able to select various types of plug-in agent functionality. For example, your financial planner may offer an agent plug-in module to help you manage your money. Your travel agent, if you still have one, might offer a plug-in giving you highly customized and unique travel advice. Your trainer from the gym might offer a virtual trainer plug-in to be with you on the road. The list of possible plug-ins is endless. You will most likely have one main The Chief Technology Officer Forum
cto forum 21 JUNE 2011
45
Illustration by photos.com
The hallmark of Web 3.0 is that it is an immersive environment. In this new Internet construct, you won’t use the Web, you will enter the Web. Where the essence of the early Internet experience was information search and retrieval, and Web 2.0 was all about interaction and communication, the prime thrust of Web 3.0 will be immersion and multidimensional experience. Today, we talk about going onto the Web to look for information. In the future that language will change. Instead, we will speak about going into the Web to learn and interact. Since 2000, I have been giving small demonstrations of an early prototype 3D Web browser in my keynote talks, showing audiences what it would be like to step into an inner-spatial, immersive environment to shop and get customer service. As you click on this site, you have the sensation of stepping into a room where you are surrounded by content of different types on all sides. Turn to the right, and there on the wall is your live newsroom -- CNN, USA Today, The New York Times, The Wall Street Journal, NPR, BBC, whatever your favorite news sites and sources are, there they are, all open simultaneously. Now look to your left, and there are the most current projects you’re working on. Look behind you: itineraries for your next trip, your banking and investment information, whatever information you like to have nearby. The applications of such an experience will be transformational, not only in and of themselves, but also as combined with their real-world counterparts. Right now, let’s say you and I attend a big trade show on the latest technologies for your industry, whatever it may be. All the biggest suppliers from around the world are there, showing off their latest, greatest new stuff. Even though we’re there for several days, dawn to dusk, there’s no way we can get to all those booths and see all those displays. I’ve been to trade shows that feature entire city blocks’ worth of the latest technologies. How do you take it all in? It’s impossible. So let’s make it possible. When the conference is over, everyone packs up and goes home. What if instead, we just cloned the entire event to 3D virtual? The CAD (computer-aided design) drawings of the building already on file can instantly recreate the entire conference center in 3D
N E X T H OR I Z O N S
N E X T H OR I Z O N s
T e c h t r a n s f o r m at i o n
e-agent you interface with most often, but you will have others that help you both at home and at work. Organisational e-agents will execute tasks on behalf of a business process. Personal e-agents will carry out tasks on behalf of one user. In time, businesses and individuals will delegate basic responsibilities to a customised collection of highly intelligent e-agents. Your e-agent will use neural network technology to learn more about you every time you use it. This is the function, for example, that allows Amazon to build a profile of your preferences by keeping track of your searches and purchases, and how it is able to make personally relevant recommendations. The more time you spend on Amazon, the better it gets to know you and the better its recommendations become. Your ultraintelligent e-agents will take this functionality to a whole new level. Imagine sitting down in front of your television, turning it on and, since it is connected to the Web, your e-agent pops up and asks what you are in the mood to watch. Let’s say you want an adventure movie that you have never seen before. The e-agent will suggest a particular movie (set in the future because your past adventure movie selections were also set in the future). If possible, it will suggest a movie that has your favorite actors and director, and a plot that has twists and turns the way you like it best. Or, if you want something fresh and different, a complete change from your usual choices, then your e-agent can fill that bill just as easily. For many, the e-agent will become a friend, listening to and helping to solve minor problems, responding sympathetically, and suggesting helpful resources. They will be great “listeners” and will respond only when a response is needed and with the kind of response you have found most helpful over time. Think of your e-agent as a personal concierge desk. Wherever you might benefit from a human agent, mentor, or coach, you will begin to find electronic versions that will serve as virtual assistants of those human advisors, helping you stay on track. And since the Web will go with you wirelessly wherever you go, your e-agent will always be there when you want or need help. As we transform into a vastly more hightech society, we will see our world become
46
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
more human, not less. There is a simple reason for this, and it goes to a crucial flash foresight principle that governs how all this digital transformation will actually play out in the real world: the both/and principle.
Think both/and Executives, managers, and the business and popular press all tend to make the same false assumption about the future of technological change. Every time a new product category is introduced, they assume that the older category will soon vanish. But that’s not the way it works. The hottest new breakthrough technologies do not necessarily replace older ones. Instead they often coexist with them, side by side. Why? Because the old technology has its own unique profile of functional strengths, which the new technology never fully replaces. In the case of paper, it’s inexpensive, portable,
The hottest new breakthrough technologies do not necessarily replace older ones. Instead they often coexist with them, side by side. foldable, you can erase on it. Best of all, it doesn’t disappear if the computer goes down. Digital obviously has its powerful strengths, as well. Both are here to stay. We tend to greet innovation with an either/ or assumption, but this is not an either/or world but a both/and world; a world of paper and paperless, online and in-person, digital and analog, old media and new media. Either/or thinking assumes a zero-sum game, in which the pie is of fixed size and emerging technologies, and/or emerging markets, must necessarily threaten the exis-
tence of the old. But that’s not the reality. This is not to say that volume and market share for the older technology will always remain unchanged. Obviously there will be additional slices taken out of the pie, some smaller, some larger. But the both/and integration of new-tech and old-tech combinations has an amazing way of enlarging the pie itself. Grasping the secret of both/and integration can unleash dramatic new levels of resources, capacities, wealth, and capabilities. Returning to our discussion of Web 4.0 and the world of ultra-intelligent e-agents, the both/and principle tells us that no matter how sophisticated and useful e-agents become, they will never replace live interaction with another person. Those businesses that most skillfully integrate electronic agents with real-time live help will be the ones that ultimately thrive and dominate their markets. Actually, you have probably already seen this play out on a simpler platform: the infamous touch-tone “help” menu: “To review your account, press 1; to change or update your account, press 2 …” We have all at some point had the infuriating experience of trying to get something fairly simple done over the phone, only to find ourselves in a seemingly endless loop of menu choices, none of which quite get us where we want to go. The companies who learned to adapt this new technology and integrate it seamlessly with exceptionally good live-operator customer service, and make that choice easily and transparently available at any time during the experience, are the ones who excel, survive, and thrive. The future is not automated help; it is automated help and live help. The future is not digital, fiber optic, automated, selfserve, and youth-focused. It’s digital and analog, fiber optic and copper, automated and manual, self-serve and full-serve, youth and elders. The faster things change, the more we will live in a both/and world, and one flash foresight key to surviving, succeeding, and thriving in that world is to continually seek ways to integrate the freshly old with the emerging new.
The new Golden Rule of business The old Golden Rule in business was to find
T e c h t r a n s f o r m at i o n
10.2%
ness is this: Give your customout what your customers wanted, ers the ability to do what they and give it to them. “Do unto can’t currently do but would others as they want to be done want to if they only knew it was to.” Today, if you ask your cuspossible. tomers what they want and you expected To survive and thrive, look into give it to them, you’re missing a growth in your customers’ visible future, huge opportunity, because their enterprise look at their hard trends, at what answers will never give you more you’re certain about regarding than a fraction of your potential. application their future. See what problems Our capabilities are changing software in 2011. they are going to have and solve far too rapidly for this old rule to them before they happen, so that be useful. Customers today don’t by the time they’re just starting to experience know what they want, because the things the problem, you already have the solution. they most want are things they don’t yet And if you don’t? Then it’s over, because know are possible. Customers did not know this technology-driven transformation will they wanted an iPod, iPhone or iPad until not wait, pause, or stand aside while you Apple gave it to them. think about it. There are two critical truths Therefore, the new Golden Rule in busi-
N E X T H OR I Z O N S
about business in this new era that you cannot afford to ignore; we might call them corollaries to the Golden Rule: If it can be done, it will be done. If you don’t do it, someone else will. No matter what your business or occupation, transformation is coming. And the only way to survive it is to expect it … and transform. —Daniel Burrus is considered one of the world’s leading technology forecasters and business strategists, and is the founder and CEO of Burrus Research. —This article has been reprinted with permission from CIO Update. @ http://www.cioupdate.com. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
What You Should Know About Social Media The intersection of social media and the law looks a lot like a street corner where the traffic signal has just stopped working. By Diana McKenzie & Marty Farrant
R
ight now, the intersection of social media and the law looks a lot like a street corner where the traffic signal has just stopped working: Things are moving much too fast and you know there's bound to be an accident or two. One of the few things we can say with any certainty is that the state of the law of social media will be vastly different 12 months from now. With millions of people continuing to share online gigabytesworth of what was once relatively private information, no business can be completely safe from the unintended and often harmful consequences of all that information being released into the wild. Today's CIO is frequently seen as the first and last line of defense against those consequences. You are assumed to be experts on how to deal with issues that spring from the use of social networking because, well, "it's one of those computer things." So, we've prepared a short list of just a few of the types of legal issues that accompany the proliferation of social networking.
Implementing a social media policy Many CIOs long ago shut the Facebook nation safely outside the gates of their corporate firewalls -- if for no other reason than to increase productivity. However, with the proliferation of mobility, such a lockout is now unlikely to stop any of your workers from accessing the sites via their wireless devices without your knowledge. Your company should implement a social media policy that sets ground rules about what kind of information employees are not permitted to publicly post via social media. In addition, your organisation should obtain an employee's acknowledgment, in writing, of the policy. That leads to the million-dollar question: What kinds of social media activity can be prohibited? This is one of the areas where the state of the law is most in flux. Employers who wrongfully terminate an employee over an Internet post can run afoul of state off-duty conduct laws. There are also federal statutes, such as anti-retaliation or discrimination under Title VII, protected "concerted activity" under the National Labor Relations Act (which applies even in nonThe Chief Technology Officer Forum
cto forum 21 JUNE 2011
47
N E X T H OR I Z O N s
social media
union workplaces), and the whistleblower provisions of the Sarbanes-Oxley Act. Here are two informal ways of determining whether an employee should be fired or disciplined for social media activities: 1. If your company has a social media policy prohibiting certain postings, and the employee's postings nonetheless cast the company, its management or its customers in a negative light. 2. If the company's trade secrets and strategy are being discussed anywhere outside the secure confines of your enterprise.
Some of you may have used social media to find out more about a prospective job candidate. However, it's important to use social media judiciously in making hiring decisions. Be aware that when conducting your due diligence on a potential hire via Internet searches and social media sites, information that wouldn't be fair game in an interview (age, medical conditions, race, religion, sexual orientation, etc.), is often plainly available about the candidate on the Internet. Such information can be the basis for a discrimination claim if that candidate isn't offered a job. An unscrupulous job seeker may even intentionally put this information on the Internet knowing that a company which refuses to hire him or her will have difficulty "proving the negative" -- that it never saw the information and therefore didn't use it as a basis for its hiring decision. E-Discovery presents a minefield of social media issues for the enterprise. First, if your company maintains its own Facebook, Twitter, or other social media account as a marketing tool, it should be considered just as susceptible to discovery requests and litigation holds as your email server. Statements your company makes to the public, as well as the public's feedback to you, are ripe for mining by plaintiffs' attorneys. For example, if the Twitter page for your company's latest product is covered with user comments discussing how that product has a tendency to send folks to the ER, it's likely those posts will fit the broad scope of a discovery request. Even if you don't own or manage the servers on which these "marketing" accounts are hosted, your company should retain records of everything posted in such accounts. Because litigants can directly subpoena social media companies to obtain these records, there's no tactical advantage in not retaining these records -- especially because doing so can allow your organisation to moderate and monitor public feedback, and take proactive steps to correct potential liability issues early. Conversely, the information posted on social media sites can also be a treasure trove for defense counsel because unsophisticated plaintiffs often write statements that are in direct opposition to the alleged facts of their claims. However, businesses should tread carefully in attempting to gather this information, as obtaining access to an employee's or litigant's social media posts using tactics such as spyware or creating a false identity can lead to liability for invasion
Illustration by Shigil N
Social media's impact on hiring decisions
It's important to use social media judiciously in making hiring decisions.
48
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
of privacy or violations of the Stored Communications Act, Wiretap Act, or other state electronic monitoring statutes. Unfortunately, when someone in your organisation concocts one of these cloak-and-dagger schemes to conduct surveillance on an employee, they'll likely turn to your IT department's for help. The better practice is to let your company's attorneys subpoena the social media site and insist that opposing counsel place a litigation hold on the plaintiff's accounts to prevent any further editing of past posts. These are but a few of the potential issues that social media presents to today's CIO. As always, consult with your company's attorneys, or a lawyer knowledgeable in information technology law, well before taking action in any of these areas. —Diana J.P. McKenzie is a partner and chair of the Information Technology and Outsourcing Practice Group at Hunter Maclean. She can be reached at dmckenzie@huntermaclean.com. Marty G. Farrant is an associate in the Information Technology and Outsourcing Practice Group at Hunter Maclean. He can be reached at mfarrant@huntermaclean.com.
—This opinion was first published in CIO Insight. For more such stories please visit www.cioinsight.com.
Þ Inbound Response Management
Priya Sharma, 1800 209 3062 022 - 67083830, Juniper@dnbindia.in
It’s tI
me fo
ra
Virtualization is critical for companies to be able to adapt and grow quickly – but it also opens up new areas for security issues. Our security solutions are the first to work seamlessly – from the cloud to the data center all the way to the mobile device – to give visibility, enforcement and scale in every area. It’s the only way for your business to move forward without losing ground anywhere. IT’S TIME TO BUILD A NEW NETWORK. juniper.net/security ©2011 JUNIPER NETWORKS, INC.
N E X T H OR I Z O N s
Mobile Securit y
Wireless Security, an Urgent Area of Focus
Wireless security is fast emerging an area of focus for CIOs, says Alpna Doshi, CIO of Reliance Communications. By Harichandan Arakali.
50
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
photo by Jiten Gandhi
W
hat in your view are the top wireless mobile security challenges for the service providers? As we are ushering users deep into 3G and 4G, a few things are happening. There is rapid developments of new, heterogeneous and more capable technologies that are coming to the market. The volume of all kinds of on-line traffic is shooting up due to the available bandwidth of the medium – voice, data, plethora of applications – from entertainment, social network to commercial and critical enterprise apps. The computing power & ‘smartness’ of the devices and their applications at the end devices are following Moore’s Law. In this background, the security challenges are threefold. Privacy or confidentiality of data and information: because of the heterogeneous ecosystems of Mobile operators, ISPs, application vendors and smarter mobile devices, it will be a challenge to ensure privacy of the information flowing around us. End-to-end security against increasing capabilities of the cyber criminals to launch devastating attacks of various forms and depths: The variety and abilities to cause damage are enormous – DOS, DDOS, Malwares, Trojans etc., With increased level of on-line connectivity to corporate and social networks, online mobile commerce with the multitasking mobile devices, the personal and official domains are merging and hence this makes the new generation of mobile world
“As we embrace cloud computing and the era of virtualisation, mobile security is definitely one of our topmost priorities.” a juicy target for cyber criminals. The regulatory compliance to curb cyber terrorism and criminal activities: It is a challenge for the service providers to ensure consistent level of compliance since the ecosystem as earlier said comprises heterogeneous and multiple stakeholders.
How are you tackling these challenges in your organisation? We believe that in today’s continuously changing threat landscape, we need to have a ‘layered approach’ in security or what we call ‘defense in depth’. So, we have balanced focus across technology, processes and most
Mobile securit y
importantly, we continuously spread awareness among our customers and users. We are putting in place best practices and the capability to pro-actively diagnose and stop these intrusions or attacks or criminal activities, OR, in case of ‘zero day attacks’, restrict or mitigate the damage to the minimal. There is increasing talk of 'open' devices, 'open' applications and 'open' networks? What is your view on this? How are these devices, applications, networks evolving and affecting your business? The demand for open devices and open application is bound to grow in the near future. Network neutrality, scalability, bandwidth utilisation, uniform customer experience will be important factors for consideration. Ubiquity of devices and remote accesses to network will pose challenges in authentication mechanisms. A plethora of these open devices come from various manufacturers and every platform has its strengths and weaknesses. There are third party mobile device management platforms to manage different devices. So, it will always be a challenge to ensure consistent security environment across these devices, which in turn becomes a challenge for the service providers. With the proliferation of mobile networks to the remotest corners it is not practical to restrict customers’ choice to a specific or closed set of devices. On your list of priorities, where would you rank mobile security? Since we are an ISP and Mobile Operator both, it is extremely important for us to ensure that our customers are safe and secure when they use our services, from entertainment, virtual reality, or mobile banking to enterprise apps or video conferencing. We always endeavour to provide a consistent quality of service (QoS) and security of data or information or experience. As we embrace cloud computing and the era of virtualisation, mobile security is definitely one of our topmost priorities. Would you expect that individual users will increasingly be forced to take measures with their smartphones similar to computers, such as using antivirus software, for instance? Considering the sheer size of the market and diversity of devices and environment,
N E X T H OR I Z O N S
Going Mobile: Threats to Consider Malware. Though mobile malware for iOS is still rare, malware for Android has been making the rounds. Zeus variants targeting BlackBerry, Symbian, and Windows Mobile have also been spotted in the wild. Given that Android is now the top-selling smartphone platform, antimalware for mobile devices will be an essential security function. Spyware and privacy breaches. Today, how a third-party app accesses and handles private mobile data, such as unique phone ID, geolocation info, and phone number, is not always transparent to the user. A recent study by researchers from Duke University and Pennsylvania State University found that two-thirds of the 30 common Android apps they studied expose private mobile data, and half of them sent location data to third-party advertisement servers without requiring implicit or explicit user consent. Data leaks. Mobile devices, when used to store corporate data, are another avenue where data leaks can occur. For instance, data leakage through device theft is a distinct possibility. Employee misuse may also lead to data exposure. Prevention options include device- or file-level encryption, virtual desktops, and the use of data leak prevention (DLP) clients on the device.
— Source: Forrester Research Inc. it is difficult to force users to take measures on a regular basis. Hence, the onus would be on the manufacturers, service providers, ISPs and the application providers to come together and ensure that they do their bit to secure the total experience. Whether it is mobile policy, automated patching of vulnerability, encryption, remote wiping facility or authentication mechanism etc. Also, as we said earlier, all the measures will fail if the end user is oblivious to the threats that his habits of handling these intelligent devices may cause. Hence, it is paramount that the user awareness programmes are conducted regularly at various levels, right from the governmental agencies to each of the ecosystem partners to make the users aware of the threats, symptoms and measures that they should take to avoid such pitfalls and becoming easy victims of frauds. Today the popularity, usage and availability of devices or applications may not be very high and hence we may not notice or report significant cyber crime activities on these devices. But the growth curve is going up very furiously and it is bound to hit us if we do not start awareness programmes from now. How can service providers help ensure that their customers get the most out of
their devices, applications and services without falling prey to malicious attacks? There are several facets in the entire chain namely, Device Security, Content Security, Device Management, Identity & Access, Policies, Processes and user awareness. As explained earlier, everyone in the ecosystem needs to come together and ensure that they follow secure practices and standards so that the products and services are secure. Mechanisms need to be in place at various layers of the OSI framework to make the data and information secure whether they are at rest or in motion. Standards like ISO 27001, FIPS-140-2 Certifications to be enforced to ensure consistency and assurance across. User awareness should be spread out through direct or indirect campaigns, through websites, seminars, banks, enterprises so that the common users know about the various ploys adopted by cyber criminals for malicious activities and frauds, what do they do when device gets lost, where do they go, how to check whether their devices are secure or not. Even the police force need to be educated, adequately equipped cyber-crime cells should be made available in every police station so that issue can be addressed and resolved. Then only, the users will feel confident about mobile security and usage will increase and envelope every aspects of our daily lives.
The Chief Technology Officer Forum
cto forum 21 JUNE 2011
51
including credit card numbers and more. As more and more mobile users migrate to smartphones and open themselves up to security threats in the process, mobile carriers need to find ways to protect them from harmful attacks. There have already been many known cases of viruses found in smartphones. There have been viruses that attack the Safari Web browser of the iPhone that have caused problems for users. Viruses exploiting vulnerabilities in applications such as the Safari Web browser can cause a denial of service (DoS) attack. Mobile users simply browse to a website that contains the malicious virus script and the virus is triggered, eating up memory in your iPhone and causing it to crash. This is just one example of how open devices running on open networks can easily (and unknowingly) download a virus to render a mobile device useless. While these cases are not significant today, they do show that hackers are starting to take notice of the mobile industry and their attacks will only get more complex and damaging over time.
THE NEW WAVE OF APPLICATIONS The new open devices are driving new applications that mobile users can download and subsequently run on a mobile device. This is familiar to the computer world but it is a relatively new phenomenon in the mobile world. As the number of smart devices increases, so too does the number of available applications. One example is the Apple iPhone. The iPhone has dramatically changed the mobile market by making available an unprecedented number of applications that are available to download and install on the iPhone. In just 9 months, iPhone users have downloaded over one billion applications. This is only the beginning of the application market and depicts the exploding demand for mobile users to be able to customize and run applications in a mobile environment. The wave of new applications can cause alarm in a couple different areas. For one thing, while most mobile applications are still offered in a controlled environment, it's only a matter of time before hackers figure out a way to penetrate this market. With billions and billions of downloads occurring and thousands of applications, it's a big market that will eventually attract hackers. Secondly, many
application developers charge a fee for their applications. This is driving a very large number of financial transactions over the network. According to Gartner, Inc., the mobile payment industry will experience steady growth, as the number of mobile payment users worldwide will total 73.4 million in 2009, up 70.4% from 2008 when there were 43.1 million users. In addition, Gartner predicts that the number of mobile payment users will reach more than 190 million in 2012, representing more than 3% of total mobile users worldwide and attaining a level at which it will be considered mainstream. Mobile commerce and mobile payments provide a significant opportunity for security hackers. As the number of mobile users conduct mobile commerce and become comfortable doing so, the number of potential targets will outweigh the wireline side. This will likely entice security hackers to focus attention on the mobile industry and target smart devices for financial gain. Knowing that hackers tend to go where the money is, this is certainly an area about which mobile carriers need to be concerned from a security perspective. If mobile users do not feel it is safe to purchase new applications, this lack of trust will have a dramatic effect on the growth of the mobile carrier's business.
ACT NOW As the mobile network evolves from 3G to high broadband speeds such as Long Term Evolution (LTE), mobile devices and the trend for applications will continue to increase. Broadband speeds will fuel this phenomenon and make security an even bigger challenge. One very interesting statistic that is bound to get the hacker's attention is the sheer size of the mobile market. The number of mobile devices hit 4 billion in 2008. By 2015, mobile numbers will outnumber fixed lines by a 9:1 ratio. A large percentage of these mobile devices are not smart phones and perform basic functionality within walled gardens. However, this will change as smart phones become more affordable and mobile network speeds increase to support even more applications such as streaming video. As this transformation occurs, mobile security will be increasingly critical, and it is something that mobile carriers need to start preparing for now. - Dhananjay Ganjoo
Country Lead, Service Provider Juniper Networks
Thought Paper|Mobile Security
A combination of the proliferation of increasingly powerful and versatile smartphones, and more open networks and applications will soon make the wireless environment an attractive proposition for malicious hackers. For service providers, the time to act is now.
M
obile security is moving up the list of priorities for wireless service providers as they face increasing competitive pressure to open up their networks. Customers, using open devices that run thousands of data applications are clamouring for more, and are increasingly comfortable with mobile commerce..
EVOLVING DEVICES, OPEN NETWORKS With the availability of 3G and WiFi, today’s smartphones – some with processors more powerful than those in netbooks – are a powerful window to the Internet, and therefore, offer fraudsters the same potential to exploit DDoS programs and botnets. Before 3G networks, there wasn't too much trouble a mobile user could get into. The primary activity was simply placing and receiving voice calls. Mobile data was somewhat limited to the mobile operator's walled garden and also the relatively slow data speeds. While the subscriber could browse news stories and even download some content such as ringtones, all of the content was primarily kept under the mobile operator's control, thus limiting the exposure to security threats. However, as the mobile network and devices both become more open, the risk of security attacks will increase As previously stated, traditional mobile devices were closed devices. Users were not able to do much in terms of loading new applications
or customizing their phones, and the user was mainly limited to the applications that were originally installed on their phone. While this is good from a security perspective, users are accustomed to the openness of the computer world and aren't satisfied with the limited nature of closed devices. Many mobile users get frustrated when going from an open computer device to having to use a closed mobile device. Therefore, the trend in the mobile industry is towards opening up the phone. Many of the smart phones are run on open software such as Android, Symbian, or Windows Mobile. These operating systems provide much more user flexibility in terms of loading applications and customizing the phone.
MORE OPEN NETWORKS In addition to opening up mobile devices, mobile carriers are also opening up their networks. Today's smart phones are able to access the open mobile network. Aside from being able to support some plug-ins, smart phones are able to access far greater amount of content and number of applications. This allows mobile users to access websites that they were not able to access in the walled garden model. Along with the added flexibility of open devices and networks comes more potential harm. Installing a virus and other malware is much easier in these open machines and networks, as a mobile user can unknowingly download and install a virus assuming that it is a legitimate application. This can lead to stolen personal information
NO HOLDS BARRE D
PERSON' S NAME
Tapping LEs: By incorporating a 'stock and sell' model, Lenovo is looking at increasing its share in The Chief ctosegment. forum Technology the large enterprise Officer Forum 21 JUNE 2011
54
R a h u l Ag ar wa l
NO HOLDS BARRE D
lenovo aims at 25-30% business from LEs Lenovo is trying to make further inroads into the large enterprise segment. In conversation with Yashvendra Singh, Rahul Agarwal, Executive DirectorCommercial Businesses, Lenovo India, provides insights into programmes he has specifically designed for gaining traction in this segment.
DOSSIER Company: Lenovo Group. Established: 1984 Revenue: $16.6 billion in 2010 Products: Computer Systems, Peripherals and Software. employees: 22205
How has Lenovo’s growth and positioning in the enterprise segment been in the last one year? Lenovo ranked No 1 in the enterprise segment with an outstanding 21.8 percent (IDC India PC Market Tracker Report for Q4 CY2010) market share in Q4 CY2010. To establish this leadership, we have effectively implemented our ‘Protect and Attack Strategy’. We aggressively focused on acquiring new customers in Education, LE (large enterrpise) and Govt and retaining the existing VLE (Very Large Enterprise) customer base. We also aim at strengthening our enterprise space with the compelling range of ‘Think’ products which addresses enterprises in all segments. Our market share rose by 7.8 percent as compared to Q1 CY10. Growth has been tremendous in the last four quarters and Lenovo has emerged as a leader in VLEs with a 33.7 percent market share.
Since inception, ‘Think’ has been a top quality brand for the segment that values durability and TCO. To address the price sensitive market, we also have the ThinkPad L420. And with the ThinkPad X and T series catering to high-end enterprises, we have a notebook for every need and budget. What are the top three trends in Enterprise PC buying from a global and Indian perspective – and how is Lenovo capitalising on these trends? In the October 2010 report, Gartner states that by 2012, all large enterprises will have a dynamic cloud sourcing team. This team would be responsible for cloud sourcing decisions and management. In line with Gartner’s prediction, we feel cloud computing is fast gaining importance. In fact, Lenovo is the first in the industry to provide a secure cloud
ready access to our clients, delivering an enhanced experience to its users. Approximately 428.7 million units of mobile communication devices have been sold in Q1 this year, according to the May 2011 report by Gartner. There’s a 19 percent increase year-on-year. We believe Mobility is soon gaining traction and enterprises prefer a mobile workforce. Lenovo has rolled out a series of ultraportable, high performance notebooks (ThinkPad X201 are ThinkPad X220) which are the best fit for such mobile professionals. Forrester's 2011 Tech Industry Predictions reveal that with the increased use of mobile devices, their security would also be a prime concern. Companies will then need to simplify their approach towards a secure mobile application. Lenovo’s ThinkVantage Technology ensures a secure and safe user interface, enabling our devices to be high security PCs. The Chief Technology Officer Forum
cto forum 21 JUNE 2011
55
NO HOLDS BARRE D
R a h u l Ag ar wa l
How is Lenovo widening the market for the Think brand and its adopters? Lenovo’s aim has always been to design and deliver notebooks which are reliable, robust and easy-to-use. The ‘Think’ brand strengthens this belief and aims at delivering an end-to-end range of ThinkPads to its users. ThinkPad L420, one of the latest from Lenovo’s stable, is a power-packed entrylevel ThinkPad for enterprise customers. The ThinkPad X series comprises ultraportable ThinkPads to address the high-end enterprise use. Lenovo has made tremendous strides with its X series notebooks, the latest of which include ThinkPad X220 and ThinkPad X1. ThinkPad X220 combines durability, performance and portability in its 12 inch frame. It provides powerful performance with its second generation Intel processors and a slim battery case with upto 23 hours of battery life. ThinkPad X1, on the other hand, is the slimmest ThinkPad ever. With a measurably higher performance, ThinkPad X1 synergises innovation with the latest technology. ‘Think’ has also ventured into the SMB segment with its latest ThinkPad Edge series, the Edge 420S which personifies both style and performance. The Edge E420s is a premium notebook with smart performance and splendid features. It is powered by Intel’s 2nd generation processors for greater efficiency and Lenovo Enhanced Experience 2.0 for faster boot up. What are the special programmes for your top 300 customers across Very Large Enterprises, Global market, mid-market, and Education segments? We offer special programmes for our Top 50 and Top 300 customers in the VLE segment. While the Top 50 is managed by a dedicated Program Manager from Lenovo, programmes for Top 300 customers are reviewed weekly. Special benefits include efficiently managing Dead on Arrival (DoA), customer satisfaction issues, monitoring service turnaround time and providing stand-by/Demo units. A special marketing program liaising with the Services and Global Supply Chain (GSC) is developed to ensure effective execution of such programs. For the Top 300 customers,
56
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
“For large enterprises we have ensured the service and turnaround time is reduced by stocking products across 10-15 locations in India.” we aim at increasing the customer’s wallet share, aiding them in increasing mindshare and providing them a share in our inside sales. Global Accounts contribute a good proportion of our revenue. It is driven by dedicated representatives for face-to-face interaction and engagement. We ensure that the delivery is on time and we effectively manage their turnaround time. Most of the Global accounts fall under the Top 50 customers for VLEs so they get similar benefits too. For the LEs, we have redesigned our ISR structure and drive it through face-to-face representatives. We have a ‘Think Large’ model for facilitating better services to the Large Enterprises. It basically ensures that the service and turnaround time is reduced by stocking products across 10-15 locations in India. Education is one of our prime focus areas, especially in Q1 and Q2, when admissions are on rise. We have a “Campus Calling” program and we divide the customers into Top 35 and Rest of the Universe (RoU) for better manageability. The EDMs, presentation and other engagement tools are direct for Top 35. For the RoU, we map business partners and get their feedback to monitor services. Giveaways are one of the common means to make our
Education segment clients feel good about choosing ‘ThinkPads’. Tell me more about how Lenovo is leveraging the fast-growing Large Enterprise segment through the ‘stock and sell’ model for better serviceability and turnaround time? Large Enterprises constitutes of 500-1000 employees. We have approximately 10 percent share in LEs and we surely want to increase it. We have incorporated a ‘Think Large’ Stock and Sell model, whereby we have appointed two distributors: Redington and Iris who are the drivers behind this model. These distributors help us stock our products in 12-15 locations across India. This helps us to reduce the waiting time for the LEs who expect quick delivery. We follow a Good Better Best (GBB) policy, whereby the products are stocked as per their configuration and replenished on need basis. We aim at driving 25-30 percent of our businesses from LEs through the Stock and Sell model and hence we are capitalising strongly on it. We have recently increased the distributors for convenience of our partners in terms of credit and stock availability.
T E C H FOR G O V E R N A N C E
securit y
5
POINTS
At the cost of millions of dollars spent post-compromise, companies rush off to apply band-aids where sutures are needed. ost security m professionals do not care about the real world of risk. ost of the m existing attacks are not "coming through the front door."
Illustration BY Binesh Sreedharan
The cost of implementing extrusion detection and extrusion monitoring come far less than the cost of a compromise. Security will get back to business as usually as opposed to actually defending anything.
Security-Stupid Is As Stupid Does
With so much being spent on security - Firewalls, Intrusion Detection Systems, Intrusion 'Prevention' Systems, Intrusion 'Tolerance' Systems, Data Loss Prevention, and the list goes on, why are these companies failing? By J. Oquendo
58
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
securit y
Companies in the news for
security breaches are now benefiting from their newly found hindsight via way of a lack of security point of view.
These views come at a highly expensive cost, and it should come as no surprise that many companies will continuously and gratuitously benefit from those views. The reason I believe this is, is because companies just don't get it. At the cost of millions of dollars spent postcompromise, companies rush off to apply band-aids where sutures are needed. Anyone with a connection to the Internet who has viewed any form of news site in recent weeks have come to know their names: RSA, Sony, Nintendo, L3, Northrop and the list goes on and on. Where do these companies go wrong? With so much already being spent on security - firewalls, Intrusion Detection Systems, Intrusion 'Prevention' Systems, *Certified Security Professionals*, standards, guidelines, and the list goes on where and why are these companies failing? The answer if you ask me, most companies and or security professionals quite simply do not care about the real world of risk. It is much simpler and economically viable in their minds to pass the buck by simply making sure they "followed the rules." This means, they tend to establish a "baseline" for a security model usually based on guidelines such as NIST and others. We must bear in mind however, "By definition, following a guideline is never mandatory...". In a "tangible" world where a product is purchased, a buyer physically touches a product, whenever that product has an issue, companies responsible usually issue recalls. This was the case with Toyota whose cars were recalled because they were faulty. On the Internet however, there is little recourse for companies who are compromised. Usually a small portion of those disaffected will mumble and groan and continue to use that product. This is definitely the case of companies like Citibank who was compromised recently and Bank of America who continuously gets compromised quite often.
higher insurance premiums for the bank, loss of customer confidence and so on. What they fail to see is that most of the existing attacks are not "coming through the front door." Many are client side attacks where an attacker is leveraging a machine already inside of a network in order to burrow out a trusted network where the attacker can then control that machine. How do you defend against this? It is just as simple as defending from the other side of the "wall." You build mechanisms to inspect what is leaving your network. Disgustingly simple isn't it? Ask any security manager or C-Level why they won't apply this and you are likely to be bombarded with a hodge-podge of voodoo metrics: SLE = EF x AV x CTM or ROI = ALE - (( ALE - (ALE - ALE2)) + T ) in other words, covering one's ass is far more important than actually getting the job done right. Those responsible for this mess are usually those who have never been "in the trenches" so they don't understand "paper security" versus "real world" security. The cost of implementing extrusion detection and extrusion monitoring come far less than the cost of a compromise. That statement is mere common sense and I should not have to create any crafty metric or algorithm to prove this fact. Do you think I could have accomplished extrusion prevention, SIEM and so on at Sony for say $17 million for Sony? Yes, in fact, pricewise I could have likely come in under the $5 million mark, 300 percent lower than the cost of a compromise with greater ROI or ROSI at the end of the day. So when will security managers get a clue and do the right thing? My guess is they will not. It is likelier that they will continue to follow the herd and paint fuzzy pie charts filled with wondrous metrics that yield little at the end of the day. Companies will still get compromised, few will grumble and moan and security will get back to business as usually as opposed to actually defending anything.
Unfortunately there is no immediate cure for security woes; however, there are real world mechanisms to minimise even reduce the risk to numbers not even mentioned in most guidelines and or certification books. The problem with these cures are, too many security managers truly don't care to implement them. It seems to be "wasted dollars" for security managers since they cannot measure ROIs on voodoo metrics. You know those voodoo metrics well, they are usually cleverly scrawled across every security management level certification you could find: ALE = SLE x ARO or ROSI = R - ALE, where ALE = (R-E) + T. Too many security charlatans have flooded the security arena with this nonsense for too long. Can we state that Citi, BofA, L3 and others never used these metrics? If they state that they did not, they would be hurting their reputation. We can infer that the outcome of these metrics are useless. So how do does the security industry change this backwards approach to security while keeping costs low, and security measures high? Simple: Take a different approach to security as a whole. In a recent case, a judge ruled that a bank was not responsible for fraudulent transfers made from an account. In this case, both the bank and the customer lose; the bank loses a customer, the customer loses their money. Case closed. However, imagine if the bank had a validate policy in place where any transaction over N amount of dollars needed to be validated over the phone? expected Extrusion prevention. Custom-
9%
ers would have likely been notified, and no transaction would have been allowed; bank wins, customer wins. The cost for something like this is far less than the cost associated with
T E C H FOR G O V E R N A N C E
—J Oquendo is Senior Security Architect/Engineer at E-Fensive Security
growth in
Strategies —This article is printed with prior per-
Enterprise infrastructure software in 2011.
mission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
The Chief Technology Officer Forum
cto forum 21 JUNE 2011
59
T E C H FOR G O V E R N A N C E
c lo u d
Evaluating the CloudBased Services Option A strategy to consider is to always keep a local copy of your data. By Mike Meikle
photo BY photos.com
P
lying the stormy cloud sea toward reality has been a challenge for business and IT folks alike. Buffeted by gales of white papers, webinars and salesspeak we cling grimly to the wheel of our organisation as we attempt to find a gleaming beacon of true direction in the tempest-tossed marketplace. It doesn’t help that the captain had to be tied to the mast after listening to too many slick marketing campaigns. In an attempt to cut through the hype and educate myself outside the vendor sales pitches, I attended the latest AITP meeting on Cloud Computing. Local Richmond, Virginia companies, with an international presence, were gathered to discuss their usage of the cloud as well as their rationale for choosing that solution. Also, two vendors were on hand to give their perspective on current and future use of cloud computing. The panel consisted of Chris Burroughs,VP IT Infrastructure Services at Mondial Assistance. Ms. Burroughs has worked with the cloud model since the Application Service Provider (ASP) days. Another panelist was Mark A. Eichenberger, Office 356 Specialist from Microsoft Corporation. Mr. Eichenberger provides a variety of cloud solutions (Private, Hybrid, Public) to his customers. The next panelist was Chet Loveland, Chief Information Security Officer for MeadWestvaco. Mr. Loveland’s organisation currently has near 18,000 users using Corporate Gmail. Chuck McBride, Sr. Global Infrastructure Manager of Tredegar Film Products was on hand to discuss his firm’s early cloud adoption strategy. The final panelist was Jason Karnes, Cloud Architect at VMware. Mr. Karnes works within the vCloud Datacenter.
60
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
Mr. Karnes and Eichenberger kicked off the discussion with a high-level overview of what the “Cloud” actually encompasses. Cloud services are on-demand and are self-service oriented. They have broad network access (accessible from nearly everywhere). Resources can be pooled, including staff with certain expertise as well as computing and storage capabilities. The Cloud has “rapid elasticity” meaning the services can be quickly scaled to meet a sudden demand then dialed back down after the peak demand has passed. Finally, it is a measured service (you pay for only what you use). The panelists were queried as to why their respective companies first pursued their cloud strategy. Ms. Burroughs stated that Mondial did not pursue cloud for Return on Investment (ROI) purposes, but to meet growing demand for their services in an environment where the IT staff was overworked or lacked requisite expertise on certain technologies. The Cloud route provided Mondial with the ability to scale to meet high demand and then reduce their footprint after a peak period had passed. Also a cloud strategy allowed Mondial access to IT skills they did not possess in-house. Finally the cloud route gave Mondial the ability to test the feasibility of new service offerings such as Computer Telephone Integration (CTI) without a large upfront capital investment. Mr. McBride stated that ROI was a driving factor in Tredegar’s decision to pursue a cloud strategy. A part of that ROI analysis was the issue of hiring additional IT staff with the requisite experience. That additional cost to was deemed prohibitive to Tredegar leadership, which lead to the embracing of the moving systems to the cloud. Mark Eichenberger then stated that in consulting with clients for
c lo u d
T E C H FOR G O V E R N A N C E
Public, Private and Hybrid Clouds. To provide some Microsoft’s cloud solution, ROI plays an important perspective, a Public Cloud is where organisations/ role. However the flexibility and speed of cloud soluusers share computing power and space with others tions allows an organization to accomplish Merger (multi-tenant). and Acquisition (M&A) activity far quicker (from However the applications or data are only accessible months to weeks). of enterprises to to authorised users/organisations even though the Also, organisations do not have to go through a adopt systematic applications and the data resides on the same storfull capital procurement process for a cloud service, age. A Private Cloud is designed and operated just for which means quicker time to market for new cusworkload a specific organisation or user. There is no sharing of tomer solutions. reprovisioning resources amongst multiple organisations. VMWare’s Jason Karnes validated Mr. McBrides by 2016. Finally, a Hybrid Cloud is a mix of Public and Private point that hardware, software and staff are key areas cloud infrastructure. These clouds are separate but use of cost savings. However for a True Cost of Ownership the same standards and technology, allowing the data to (TCO) organisations should factor in risk mitigation be portable. The primary reason behind the hybrid cloud model is to and cost avoidance savings. reduce the risk of relying on a single cloud (single point of failure). For example, a cloud computing solution solves capacity planChuck McBride stated that a large number of people already have ning concerns since the service can be scaled up and down to meet experience with Public Clouds (Gmail, Office 365, Yahoo). Chris demand. Also, data stored in the Cloud is a way to meet disaster Burroughs stated that Mondial pursues a Public and Private cloud recovery, business continuity and redundancy goals. strategy for multiple services. Currently the organization uses Cloud I’ll break in here and mention that the recent Google Blogger fiasplatforms for data backup, customer service applications and some co adds a caveat to Mr. Karnes assertion about Disaster Recovery and managed security services. Business Continuity. When Blogger died in the Cloud, there was no I’ll stop here and in Part Two of the series I will cover information way for users to access their data for four days. security, best practices, risk and vendor management for Cloud A strategy to consider is to always keep a local copy of your data. If Computing. Please leave your thoughts below in the comments Google Apps one day decides to die because of “data corruption” you and stay tuned! do not want to be stuck without access to important documents. I would say the potential for an incident like this is moderately high since —This article is published with prior permission from www.infosec Island.com. Google has already had a similar situation with Gmail. For more features and opinions on information security and risk management, The next question was concerned with the difference between please refer to Infosec Island.
20%
CIO’s Survival Guide, Part 1: The Merger There are four key M&A strategies every CIO should know that will help him come out on top. By Matt Podowitz
T
he M&A volume is expected to rise by 30 percent or more in 2011, and may increase even more in 2012 as the financial and lending environment returns to something resembling its pre-downturn state. This “merger mania” is fueled in part by a heady combination of available capital and a
target rich environment comprised of companies that remain vulnerable even as the economy recovers. The opportunity to snap up a struggling competitor, jump start a geographic expansion by acquiring a local player, or move upstream or downstream in the value chain may hard to resist for even the most conservatively managed of companies.
At the same time, the recognition that IT is pivotal to many of the financial synergies and other benefits used to justify these transactions is on the rise -- based on a combination of recently published research and horror stories of mergers that went awry when IT wasn’t able to make expected contributions to the effort to realise those benThe Chief Technology Officer Forum
cto forum 21 JUNE 2011
61
M a n ag e m e n t
efits. With this increased recognition comes increased pressure on CIOs to contribute before and after the transaction closes to make the merger successful. Mergers represent a tremendous opportunity for CIOs to shine, regardless of whether or not they expect to remain in place after a merger is completed. However, because the stakes are so high, CIOs can easily find themselves in a no-win situation that can haunt them for the remainder of their careers. Four key strategies, implemented well, can improve a CIO’s odds of coming out on top: Recognise that there is no “merger of equals" - Many merger are portrayed this way to assuage egos and keep key talent from fleeing before the transaction is completed. In reality, it is a myth. Every merger will have a dominant player, the majority of whose culture, personnel, process and infrastructure are likely to survive the transaction. CIOs employed by the dominant player will be held accountable for a portion of the success of the transaction, and stand to gain tremendously (financially and otherwise) for helping make the merger successful. CIOs employed by the company being merged probably are on their way out, but can significantly enhance their exit package and future employability by remaining in place for as much of the integration as possible. CIOs that don’t understand which position they are in, or buy into the “merger of equals” myth, are at much greater risk of losing out. Some CIOs may simply be able to ask, but it often takes some detective work to determine which company is the dominant one as it isn’t always the largest. Find out as much as possible about the other party in the merger and what the companies are claiming as the reasons for the merger. Also look at how both companies have handled mergers in the past. It should become evident pretty quickly which company is being merged into the other. Get involved early, whether officially or not - The earlier CIOs get involved in a merger, the more likely they are to be able to maximise their contribution and so increase the potential of benefitting personally and professionally.
62
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
CIOs that don’t understand which position they are in, or buy into the “merger of equals” myth, are at much greater risk of losing out. The best time for a CIO to get involved is during due diligence, which takes place after the companies agree they both are interested in a merger but before the deal actually is signed. CIOs who don’t get involved until after the deal has been signed, or worse, until after the deal closes will have little ability to influence the terms of the deal and to set expectations for what they and their IT departments can contribute. CIOs who determine that a merger transaction is in the works without their knowledge or involvement may want to make a case to having a seat at the table, whether by presenting case studies or research to support their involvement, or simply leveraging their relationship with executives and other business leaders within the company. Where that isn’t possible, CIOs should do as much detective work as possible to gain an unofficial understanding of the players in the transaction (the other company and any private equity firms or other capital sources involved), the rationale for the merger (why the companies are interested in the transaction) and the specific synergies or benefits expected to result (for example, cost savings or increased sales).
illustration BY photos.com
T E C H FOR G O V E R N A N C E
The CIO’s goal (whichever company they work for) should be to have a hand in the due diligence and post-merger integration planning that (optimally) begins even before the deal is signed whether officially and openly or unofficially as a shadow advisor to some of those who are involved. Relate everything IT to the rationale and expected benefits of the merger - Psychologically and practically, a merger becomes the primary focus of executives from the moment due diligence begins until the transaction is scrapped (which sometimes happens) or the integration is completed. Whichever position a CIO is in, that CIO’s ability to protect their own interests, budgets and teams and ultimately come out of the merger on top is contingent on their ability to demonstrate how they and their departments will contribute to the success of the merger. For each element of the rationale and each benefit that is being used to justify the merger, the CIO should determine which elements of the IT function (people, process and technology) can influence the realisation of that outcome and how. A simple
M a n ag e m e n t
two-column matrix (with rationale or benefit on the left and the applicable IT elements on the right) can become a roadmap for discussions with the business to obtain or protect budgets, with employees to secure their temporary or ongoing commitment and to identify those people or bits of technology that can be let go in the name of short-term cost savings. The more IT (whether people, processor technology) can demonstrate that contribution in terms of the rationale or benefits used to justify the merger, the more likely the more the CIO will be able to influence the merger and its IT outcomes. Be ready to let go of the past and focus on the future - Mergers are to business as tumultuous and life-changing event as a marriage is to individuals. Once two companies have walked down the proverbial aisle, both will be irrevocably changed and equally incapable of maintaining the status quo that existed before the merger. CIOs who work for the acquiring com-
T E C H FOR G O V E R N A N C E
20%
Head in the sand pany and believe they are likeThe one strategy universally to be ly to remain in role should be avoided is “blissful ignorance,” prepared to abandon projects, whether of how mergers really eliminate technologies and give up people that may not higher return on work, or of the potential for their company to be involved in a make sense after the merger, assets received merger. The more CIOs can learn and fight for the resources by strongly about the merger process before they will need to make the they are involved in one the better merger successful both shortgoverned positioned they will be to impleand long-term. organisations. ment these strategies when the Conversely, CIOs whose time comes. companies are being merged Where CIOs once had little opportunity to or who otherwise don’t expect to remain in influence their own fate in mergers, in the role should concentrate on maximising their post-downturn economy CIOs can position importance to the success of the merger and themselves to be heroes. thus their ability to negotiate favorable terms (for example, stay-bonuses) on behalf of —Matt Podowitz is a strategic management consulthemselves and their people. tant. He is a Certified Management Consultant and CIOs who focus instead on “keeping Certified in the Governance of Enterprise Information things the same” are less able to contribute Technology. Matt can be reached via his personal value to the merger and so may find thembusiness blog, ITValueChallenge.com. selves at increased risk of losing their bud— This article has been reprinted with permission gets and people and potentially their own from CIO Update @ http://www.cioupdate.com.To positions faster or less profitably than might see more articles regarding IT management best otherwise be the case. practices, please visit www.cioupdate.com.
The Chief Technology Officer Forum
cto forum 21 JUNE 2011
63
VIEWPOINT Ronald Kunneman | rkunneman@digitra.nl
Five Tips for New Times Leaving
After years of cutbacks; it is now time for innovation. The CIO is the key stakeholder and must be the initiator in the new times. Here are five important tips to better fulfill that role. After two years of continuous budget cuts, we now find that the focus is shifting. More companies are focusing back on growth and innovation. Business innovation, new product launches and new markets development – all would require IT. This gives CIOs a great opportunity to play a greater role in his/her organisation. They can now develop new strategies and determine the direction for the company to take. Not all CIOs think these developments as opportunities. Certainly not as the CEO constantly moving target during the match. However, the question is what to do in order to excel as a CIO? With thanks to Christine Hodgson we have five tips to always keep in mind. Understand your business and your customers: Understand how your business (apart from the competition) is vital to you. This distinction can be anywhere in it: customer service, reli-
64
cto forum 21 JUNE 2011
The Chief Technology Officer Forum
ability, innovative new products. Whatever it is, the CIO must understand these key values. He/she must also understand who the customers are and what channels they use. And what are the implications for IT? If you are sure you understand the business, you can count on more commitment from the major stakeholders within the organisation. Recognise your active role in corporate strategy and mission: CEOs expect more than just a CIO’s role from you. They want you to think business goals and play a proactive role in shaping the future of the organisation. So work with your CEO instead for him. Create proper connections between corporate strategy and mission and your own set for IT. Divide your time between innovations and operations: CIOs often get bogged down with daily operational jobs. But those who wish to have an influence and make a difference must put time and effort in innovation. Companies have to change rapidly to be ahead of industry changes and to be active in the marketplace. And none of it can happen without IT. You can delegate routine activities
Illustration By Manjith p b
the economic crisis behind, companies are focusing back on growth.
About the author: Ronald Kunneman is Founder and Owner of an innovative Internet company, Digitra. It provides Internet access, wireless and multimedia services. Kunneman is also involved in a broad-spectrum of business tasks and responsibilities.
and operations to team members. That will allow you to free up a significant portion of your time and make plans for the future. Also, use this time to ‘see the future’ and reevaluate your strategy and mission in order to transform your business. Carry-out IT issues to the organisation: After two decades of IT centralisation, times are turning. Managers are more concerned with do-it-yourself projects. Since your team have better grip on new developments, use managers to support them and explain the pros and cons. Carry out the developments but use your organisation to ‘spread the word’. Do not underestimate your knowhow: We generally discount the knowledge that exists within our own IT organisation. You and your team are aware of the processes and internal and external information flows within the company. All this ensures that you know better than anyone else. You can use those insights and advice your CEO what can be done for the company to be more efficient. These tips will help you improve the performance of your business as well as the IT organisation.
Run applications up to 50x faster.
What IT performance can be. With WAN optimization solutions from Riverbed®, you can increase application performance up to 50 times faster over the WAN, delivering LAN-like performance just about anywhere — from remote offices to the data center to the cloud. Learn more at riverbed.com/50x
M.Tech contact details: Tel: 080 40977238 Email: inproducts@mtechpro.com www.mtechpro.com
© 2011 Riverbed Technology. All rights reserved.
Riverbed contact details: Email: marketingindia@riverbed.com www.riverbed.com