5 Top Technologies For 2012 by ctof magazine

Technology for Growth and Governance

December | 21 | 2011 | 50 Volume 07 | Issue 09

A QUESTION OF ANSWERS

Managing

Big Data PAGE 16

I BELIEVE

Donâ&#x20AC;&#x2122;t Fight,

Embrace Mobility

Top

PAGE 04

Technologies for

2012

An in-depth look at five key trends that are here to stay, and take enterprises to the next level of agility and profitability Page 34 VIEWPOINT

UC and Video

A 9.9 Media Publication

in the Cloud PAGE 64

TREND MICRO IS #1 IN VIRTUALIZATION SECURITY*

NAVIGATE YOUR BUSINESS TO NEW HEIGHTS WITH CLOUD SECURITY SOLUTIONS FROM TREND MICRO

Trend Micro allows you to fully capitalize on the operational benefits of virtualization and cloud computing with innovative solutions for security and compliance. These include the first and only agentless antivirus, intrusion prevention and integrity monitoring solutions for virtualized datacenters and desktops. Additionally, our encryption and key management solution for public, private and hybrid clouds allows you to better manage and secure your data wherever it resides. The result is a true business advantage.

Learn more at trendmicro.com/cloud-security For more information, visit us at www.trendmicro.co.in Call: 1800 103 6778 Email: sales.in@trendmicro.com Delhi: 91-11-42699000 Mumbai: 91-22-26573023 Bangalore: 91-80-40965068 *Sourced from: Worldwide Endpoint Security 2010-2014 Forecast and 2009 Vendor Shares, IDC

editorial yashvendra singh | yashvendra.singh@9dot9.in

Anticipate and Prepare At the end of 2012,

we would have witnessed greater efficiencies and innovations than we saw in our boom years.

t is customary at the end of the year to take stock of the past 12 months and predict for the next 12. As we at CTO Forum contemplated the recent past and the visible future, one thing was crystal clear -- with the economic uncertainty continuing, we will face an environment of constrained resources. But what is worth debating is the possible outcomes of this for the CIO’s office. Innovation experts have suggested for a long time that an environment of constraints is the

editor’s pick 34

best positioned to thrown up new solutions to problems. In fact, several management gurus promote an artificially constrained environment to spur innovation. I am convinced that at the end of 2012, we would have witnessed greater efficiencies and innovations than we saw in our boom years. As a CIO, you will have the enviable opportunity of demonstrating an ability to do more for less – yet again! More specifically, the New Year could see enterprises reducing

Top 5 Tech Trends of 2012 An in-depth look at five key trends that are here to stay, and take enterprises to the next level of agility and profitability

their overall spends and dispensing with non-essential activities to drive down costs. Wherever IT is viewed simply as a ‘cost centre’, it is likely to see budgets being pruned. In our view, the time is ripe for the CIO’s office to accelerate an already visible trend i.e. to develop into a ‘business unit’ and manage costs in the context of revenues or substituted earnings. Against this overall challenging backdrop, what are some of the ‘top-ofmind’ themes for senior technology decision-makers? We, at the CTO Forum, will do our part to help you stay prepared to meet 2012 head-on. Our cover story examines five key trends that are here to stay and help you take your enterprises to the next level of agility and profitability. Despite their prominence in 2011, cloud computing, social media, big data and business

analytics, in-memory computing, and mobility will continue to gain CIO mind share in 2012 given their compelling impact o enterprises. Some pioneering CIOs are already harnessing these technologies. Those tech leaders from amongst you who are yet to test them ‘tough to avoid’ much longer! Business cycles are a reality. 2012 will fly by and make way for a higher growth environment in the following year. But while it lasts, we have to brace ourselves and demonstrate our willingness and acumen to do ‘more with less’. I wish you confidence and luck for the New Year and look forward to walking the next 12 months in tandem with you.

The Chief Technology Officer Forum

cto forum 21 december 2011

DECemBER11 Cov e r D e s i g n by Pr i n ce A n to ny

Conte nts

thectoforum.com

34 Cover Story

34 | Top Trends of 2012

Columns

An in-depth look at five key trends that are here to stay, and take enterprises to the next level of agility and profitability.

04 | I believe: Donâ&#x20AC;&#x2122;t Fight, Embrace Mobility For CIOs, mobility can be interesting if they embrace it and a nightmare if they fight it. By G N Nagaraj

64 | View point: Unified Communications and Video in the Cloud Bye Bye Telco of Yesterday. By Steve Duplessie

Please Recycle This Magazine And Remove Inserts Before Recycling

Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301

cto forum 21 December 2011

The Chief Technology Officer Forum

Features

24 | Best of breed New Mindset Towards IT Practical ideas by which IT can improve its relationship with business.

www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Assistant Editor: Varun Aggarwal Assistant Editor: Ankush Sohoni DEsign Sr Creative Director: Jayan K Narayanan Art Director: Anil VK Associate Art Director: PC Anoop Visualisers: Prasanth TR, Anil T & Shokeen Saifi Sr Designers: Sristi Maurya, NV Baiju & Chander Dange Designers: Suneesh K, Shigil N, Charu Dwivedi Raj Verma, Prince Antony, Binu MP & Peterson Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi

16 a question of answers

16 |Internal IT Vs External Vendors Chuck Hollis, CTO, EMC Corp, talks about big data, social media, analytics and the service-driven model of IT.

RegulArs

01 | Editorial 06 | letters 08 | Enterprise Round-up advertisers’ index

48 | next horizons: Games Can Transform Business ‘Gameification’ is reaching a tipping point. By Daniel Burrus

56 | no holds barred: managing big data James Markarian, EVP and CTO, Informatica talks about the importance of managing Big Data.

Trend Micro IFC Schneider 5 Ricoh 22,23 Tata Communications 7 Nullcon 13 BlueCoat 11 Fujitsu 18,19 Novell 14,15,37 Riverbed IBC IBM BC Toshibha 8-A Dell 16-A This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, CIO, Pidilite Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, CIO, Cairns Energy Sales & Marketing National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger (9818860797) GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in This issue of CTO FORUM includes 12 pages of CSO Forum free with the magazine

I Believe

By G N Nagaraj, former CIO The author Has close to 20 years of IT experience in various positions. He has worked in corporates such as Reliance Capital, Religare Enterprises and ICICI Bank.

Donâ&#x20AC;&#x2122;t Fight, Embrace Mobility For CIOs, mobility can

be interesting if they embrace it and a nightmare if they fight it Enterprise customer data is now available all across the cloud for all and sundry to access at will. As a liquor store owner, for instance, I would like to look at the data and make calls to people who live in the same neighbourhood with bundled offers perhaps. This example clearly showcases the dire need for enterprise control policies on mobile

cto forum 21 December 2011

The Chief Technology Officer Forum

current challenge leveraging mobility to drive efficiency, collaboration in enterprises

devices. It may even call for enterprises building custom apps and app stores local to their customers (or employees). Soon these application vendors will be talking on deals directly with business function heads by-passing IT, exactly the same way SaaS vendors did some time ago. Donâ&#x20AC;&#x2122;t fight it, embrace it. To achieve this is, a CIO needs to create an app store within the enterprise with relevant apps. He needs to categorise the app store into different sections -- B2C (Apps aimed at enterpriseâ&#x20AC;&#x2122;s customers), B2B (Apps aimed at business partners), B2E (Apps aimed at employees, and Marketplace (Place for crowd sourcing apps from the eco-system). The CIO will have to support the mobile apps with cloud storage capabilities. Distribute cloud storage through the app store to employees and partners to deliver collaboration on documents and data. This gives the CIO control. Mobile apps can be leveraged to drive collaboration in social network space through a controlled window. The app store infrastructure needs to drive governance and ensure manageability. It makes sense for CIOs to group together and approach device manufacturers for creating this eco-system for corporates. This will deliver two positive outcomes: This will drive standardisation which will benefit app manufacturers and give them an environment of repeatability of sales without need for customisations. Devices will now be bundled with an white label app store and app store framework that reduces corporates effort to only branding the app store. Its time CIOs start defining the new normal in the application landscape. Life will get interesting if you embrace and facilitate proliferation on your turf , on your terms; a nightmare to deal with if you fight it!

The strategic bridge between your data centre and your business? You. Only StruxureWare for Data Centres enables a healthy, business-driven data centre Tap into the health of your data centre As an IT or data centre manager, you know that doing your job well means saving your company both time and money. Today, there finally is a way for you to be completely tapped into the overall health of your data centre. StruxureWare™ for Data Centres gives you visibility across your entire data centre infrastructure so you can make informed decisions — not arbitrary ones — about your infrastructure. For example, you can plan proactively for needed capacity and streamline workflow management to improve your business agility and availability. In fact, now more than ever, infrastructure decisions are business decisions.

Now, make informed decisions about your infrastructure:

Plan proactively for needed capacity.

Blueprint data centre expansions and consolidations.

What’s more, StruxureWare for Data Centres communicates in real time with the leading virtualization platforms: VMware vSphere™ and Microsoft® System Centre Virtual Machine Manager. The software’s built-in automated response capabilities ensure that virtual loads always have healthy host environments. With your VMs on healthy hosts, you can focus on running your data centre more efficiently. The software also gives insight into PUE/DCiE trending over time, enabling you to make intelligent energy management decisions. With StruxureWare for Data Centres planning and reporting capabilities, who’s the company hero now? You are!

Streamline workflow management of your IT physical infrastructure to improve your business agility and availability.

Make changes knowing how they will affect your business.

Visualize change/capacity scenarios to improve your bottom line.

APC by Schneider Electric™ is the pioneer of modular data centre infrastructure and innovative cooling technology. Its products and solutions, including InfraStruxure™, are an integral part of the Schneider Electric™ IT portfolio.

View your current and historic PUE/DCiE and energy costs of subsystems to make intelligent energy management decisions.

An always available, efficient data centre

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Costs White Paper 107

> Executive summary

Tap the business value of your data centre! Learn how in our management software white paper. Visit www.SEreply.com Key Code 11500p Toll Free 1800 4254 877/272

©2011 Schneider Electric. All Rights Reserved. Schneider Electric, InfraStruxure, StruxureWare, and APC are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are property of their respective owners. • 998-4108_IN-GB • Schneider Electric India Pvt Ltd, 9th Floor, DLF Building No. 10, Tower C, DLF Cyber City, Phase II, Gurgaon - 122 002, Haryana, India, Phone: +91 124 3940 400, Fax: +91 124 4222 036

LETTERS CTOForum LinkedIn Group Join over 900 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:

S P I N E

CTO FOR UM

Techno logy for Growth and

Gover nance

Decembe BUILDING

r | 07 | 2011 | Volum 50 e 07 | Issue 08

STORAG E THAT LAST S| BUILDING

www.linkedin.com/ groups?mostPopular=&gid=2580450

AN IT BUSINES S OFF ICE

Some of the hot discussions on the group are:

| IT PRO DUCTIVIT Y DES TRO

YERS

IT NIRVAN BELIEVE A FOR

TOP-LIN GROW E TH PAGE 04

Open Source vs Proprietary SOFTWARE Practically how many of you feel OpenSource Free software are best solutions than any proprietor software's?

HORIZ ON TEX EFFE TING MORE

e 07 | Issue 08

Volum

A 9.9

Media

Publicatio

CIOS NEE D TO CHART CLEAR IT OUT A SEC STRATE URITY GY THE COM FOR DECADE ING | PAGE 28

CTIVE IN DISAST A ER PAGE 44

EDUC ATIO IS KEY N MITIG TO ATE RISKS A QUEST ION OF

ANSWE RS

PAGE 16

THE CTOs more interested in satisfying the CFO & Board rather than the consumer?

I see CTO is aligned to the CFO and the Board in that order, the CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the Consumer? If he is not, then even he may be in hot water sooner or later.

I would rather mention that, you call should depends on the criticality of the application to serve the enterprise business requirement, as opensource application can have security breaches and lack of support in worst come senario

—Vishal Anand Gupta, Interim CIO & Joint Project Director HiMS at The Calcutta Medical Research Institute

cto forum 21 DECember 2011

The Chief Technology Officer Forum

http://www.thectoforum.com/content/ building-storagelasts

IT Nirvana for Top-Line Growth

For achieving IT nirvana, CIOs need to manage the two sources of value – growth and leverage oriented It is important for a CIO to successfully managed this paradox. To read the full story go to:

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

Storage has always been the backbone of information. In an interview with Ankush Sohoni, Roberto Basilio, VP, Storage Platforms & Product Management, Hitachi Data Systems talks about Hitachi’s plans for this market.

Opinion

Arun Gupta, Group CIO, Shoppers' Stop

Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com

CTOF Connect

http://www.thectoforum.com/content/it-nirvanatop-line-growth Randy Spratt EVP, CIO and CTO, McKesson Corporation

FEATURE Inside

Enterprise

Time for CIOs to assess Euro crisis impact: Gartner Pg 10

ILLUSTRATION BY Shigil N

Round-up

Facebook to Use Clean Energy in its Data Centres Will also work towards

persuading others to go green in energy usage

Greenpeace and Facebook are collaborating on the promotion of renewable energy, encourage major utilities to develop renewable energy generation, and develop programmes that will enable Facebook users to save energy and engage their communities in clean energy decisions. The joint announcement comes two years after Greenpeace launched its global Unfriend Coal Campaign, enlisting 700,000 online activists to call on Facebook to power its data centres with clean energy instead of coal. Facebook has announced that its goal is to power its operations, including its data centres, using clean and

cto forum 21 december 2011

The Chief Technology Officer Forum

renewable energy. The company's Open Compute Project will encourage other IT companies to power their operations with clean, renewable energy. As part of the agreement, Facebook will continue pursuing on-going research into energy efficiency and the open sharing of that technology through the Open Compute Project which Greenpeace will work to support. Greenpeace and Facebook have also agreed to develop and promote experiences on Facebook that help people and organisations connect with ways to save energy and engage their communities in clean energy issues.

Data Briefing

$300 million Amount invested by Saudi prince in Twitter

E nte rpri se Round -up

They MIKE Said it LAZARIDIS

ILLUSTRATION BY anil t

The last few quarters have been some of the most trying in the recent history of Research in Motion. In a recent earnings conference call, RIM announced 18 percent drop in sales in the current quarter and signalled a weak quarter ahead.

Essar Group to Virtualise 40,000 Desktops Would save 40% in desktop computing costs Essar Group, a multinational with business interests in steel, oil & gas, power, BPO and telecom, shipping, ports, and projects, plans to move over 90 percent of its workforce to the Citrix XenDesktop platform. The group aims to complete the implementation of virtual desktops for 40,000 users in the next one year. The solution utilises a building-block approach which can then scale to thousands of virtual desktops delivering applications to any device in any workplace environment, supporting a rich user experience, and providing additional security and control to IT managers. Virtual computing is rapidly becoming a foundational element of the security strategy for organisations of all kinds. With Citrix’s Desktop Virtualisation, Essar aims to reap the benefits of application virtualisation and streaming features for enabling faster responses to business requirements for applications. The implementation of Citrix XenDesktop is also aimed to strengthen Essar’s Governance and Compliance initiatives by giving the capability to monitor, manage and restrict the applications on the VDI. The group also plans to roll out the Citrix XenDesktop and Citrix NetScaler solutions across the globe.

Quick Byte on security

“This is absolutely not business as usual at RIM. We are going to do what it takes to get the value for shareholders and the company, and we are totally redoubling our efforts on execution here.” —Mike Lazaridis, Co-CEO, RIM

Google replaced Microsoft as the software vendor with the greatest number of reported vulnerabilities for Q3, 2011 — 82. This is due to the increasing number of vulnerabilities found in Chrome, which continues to grow in popularity. —Source: Trend Micro

The Chief Technology Officer Forum

cto forum 21 december 2011

E nte rpri se Round -up

Time for CIOs to assess Euro crisis impact: Gartner

The Euro crisis raises four broad challenges that CIOs must address With extreme uncertainty plaguing all enterprises operating in the eurozone, CIOs must act immediately to protect their enterprises, according to Gartner, Inc. CIOs need to safeguard their enterprises from the risks of government/bank default, euro break-up, counterparty bankruptcy and employee/ customer distress. "Uniquely positioned within their enterprises, CIOs are at the fulcrum of business and technology, and they are the only executives with sufficient visibility and potential capability to address the challenges posed by today's eurozone crisis," said David Furlon-

ger, vice president and Gartner Fellow. "Unlike recent economic difficulties, today's crisis has the potential to totally undermine the eurozone, the whole EU and beyond," said Andrea Di Maio, vice president and distinguished analyst at Gartner. Gartner analysts said there are four broad challenges that the euro crisis raises, and they examined how the CIO is best positioned to provide enterprise leadership on addressing those challenges. These challenges include: Challenge 1: Market Volatility Most enterprises and their IT departments

Global Tracker

Global Spam Attacks

cto forum 21 december 2011

The Chief Technology Officer Forum

Source: cyberoam

A total of 70% spam attacks were launched on â&#x20AC;&#x201D; Yahoo (27%), Facebook (23%) and Gmail (19%)

are burdened with significant numbers of bureaucratic processes and latent decisionmaking mechanisms. Today's market conditions require business and government executives to radically restructure their business practices. Challenge 2: Capital Costs The costs of and access to capital across Europe will likely continue to worsen until there is a significant redress in structural imbalances between countries and organisations. Unwillingness or inability to write off debt and restructure public- and privatesector balance sheets is a substantial barrier to market efficiency. Lines of credit will likely become uncertain or removed, forcing corporations to reduce inventory. Challenge 3: Human Capital Management Millions of people are out of work in Europe. Formal government austerity packages and informal corporate restrictions on salaries, benefits and working conditions, combined with high costs of living, are stressing workforces. This situation is compounded by retirement funding shortfalls, extensions in the working age and loss of benefits. Challenge 4: Risk Management The capital markets (and many corporations) believe that the risk of government and counterparty default is substantial. Receivables management is being stressed, and the likelihood of internal and external fraud rises. From an IT standpoint, operational risk is heightened via issues such as changes in contractual obligations and business continuity. Added to this is the continued increase in regulatory compliance initiatives across industries, which exacerbate the pressure on audit and risk management assessments and workflows. "Prior to the crisis, enterprises were already challenged to identify enterprisewide risks in a holistic fashion to link those risks to the performance of the business and to manage risk in a time-effective manner," Furlonger said. "Now, the CIO â&#x20AC;&#x201D; and corporate treasurer, head trader, CFO and others â&#x20AC;&#x201D; need to ask questions such as, 'Can existing risk models accommodate alternatives to the lack of historical data necessary for regression testing/yield curve analysis of hedges, and for stressing asset and liability portfolios in the event of a redenomination in all or part of their asset and liability portfolio?"

Our community is 75 million users strong. WebPulse,™ only by Blue Coat Every day, malware attacks, evolves and attacks again. It has to—because we keep stopping it. Blue Coat Web Security Solutions are powered by WebPulse,™ a community of over 75 million users strong taking a stand to shut down over 3.3 million threats a day. Proof, there’s safety in numbers. Learn more @ bluecoat.com/WebPulse

E nte rpri se Round -up

ICICI Pru Deploys Workload Automation 10-15% reduction in scheduled workload processing time

ICICI Prudential is automating its IT and business processes with BMC Software’s Control-M workload automation solution. The BMC Control-M solution integrates the management of critical scheduling processes from a single point of control. Additionally, it eradicates errors in a simplified and automated fashion. This in turn results in significant time and cost saving for companies. The implementation of BMC Control-M has reduced the scheduled workload processing time in the range of 10-15

percent for ICICI Prudential Life. BMC Control-M’s compatibility with diverse systems enables significant increases in productivity and cost savings, simultaneously mitigating risks and ensuring seamless service delivery in a heterogeneously distributed environment. The solution provides lower total cost of ownership, with features such as instant notifications for delays and errors. BMC Control-M’s easy-to-use self-service interface enables clients to have a single view of services provided to their business users. “Our business depends on ‘on-time’ batch cycle completion,” said V.V. Balaji, executive vice president, Technology and Service Delivery at ICICI Prudential Life. “BMC Control-M is helping us optimize this process. It is aligned with our organizational objectives of reducing total cost of ownership and improving operational efficiency.” The BMC Control-M solution is tightly integrated with the AS/400 systems for Life-Asia, an online, real-time life administration system for insurance products, which makes it easier for the operations team to manage scheduled jobs-processing, without the need to log on to production systems. The BMC Control-M solution also eliminates incidences of human error by automating reporting on batch job timelines and providing easy access to production systems. It is also making it easy to meet security and audit compliance requirements for global standards, such as SOX and ISO/IEC 27001. Key performance indicators for any operations depend on efficiency, effectiveness, value addition and control of those processes. BMC Control-M has enabled ICICI Prudential Life to achieve those objectives and is in line with their larger plan to automate virtually all processes over a period of time.

Fact ticker

Apple ahead of Intel in mobile chips: Analyst

Moore’s law doesn’t apply to mobile

A report on News.com quotes Gus Richard as saying that in the brave new world of tablets and smartphones, chip competition isn't so much about Moore's Law but rather how the "blocks" of circuits are put together and the nexus with the software that runs on those circuits. Richard is a senior research analyst at securities firm Piper Jaffray.

cto forum 21 december 2011

"More specifically, tablets and smartphones use silicon called system-ona-chip, or SoC, that doesn't always use the latest and greatest chip manufacturing technology but gets the job done," says the News.com article. Of late, the focus in chip-making has changed from plain-vanilla PCs and notebooks to the increasingly popular tablets and smartphones - devices

The Chief Technology Officer Forum

that are still not up there in compute power and office-related applications but getting a lot of traction from consumers and businesses alike. However, Intel continues to be the dominant player in desktops and notebooks - which are either stagnating or growing sluggishly compared to small form-factor devices. "We believe that a general purpose processor cannot compete with a purpose-built SoC with dedicated IP blocks like the A5," the News.com report quotes Richard as saying. Nevertheless, Intel is moving quickly to close this gap.

PCI-DSS

Verizon study found 79 percent of merchants fall out of compliance with PCI standards between audits. These five factors feed the problem. Only 21 percent of businesses that store credit and debit card data maintain compliance with Payment Card Industry (PCI) regulations in between their mandatory annual audits. Those findings are based on more than 100 PCI audits—60 percent of them for U.S. businesses--conducted by Verizon's PCI assessors in 2010. "The majority of our clients did end up achieving full PCI compliance in the end," said Jennifer Mack, director of global PCI services for Verizon, in an interview. But surprisingly, 79 percent of businesses rated as PCI-compliant fell out of compliance over the course of the year. In other words, their information security and risk management practices got worse. PCI isn't exactly a new standard, or complying with it a new requirement. Why aren't more businesses taking it to heart? "Well, it's hard to say, but one common reason is that they have not internalised the fact that PCI DSS is to help them with security. It is not to punish them for failing an audit. PCI is seen by many as an 'externality,' not something they 'adopted for themselves,'" said Gartner analyst Anton Chuvakin in an interview.

N OV E L L I N D I A

PHOTOS BY PHOTOS.COM

CTOF CUSTOM SERIES

OSS for Competitive Advantage Open Source Software (OSS) has characteristics such as agility, flexibility, and cost effectiveness. In a discussion with CTO Forum, Narayana Menon, Head- Strategy & Marketing Novell India/South Asia talks about how OSS is increasingly becoming a viable option for organizations Q: Can open source software actually reduce cost without bringing in too many complexities? A: Open Source (OS) based software is agile, flexible and does not compromise on performance; all this while keeping the costs effective. This makes OS a viable option for organizations today. The numbers emerging from industry analysts certainly indicate that open source based technology procurement is increasingly becoming a key part of the IT

strategy. The relative cost advantages they provide also ensure more-for-less while maintaining performance criterion in a scenario where most companies are mindful of lower IT procurement budgets. I would put that the TCA benefits could be as much as 30-50% lower for open source based technologies vis-à-vis comparable proprietary solutions. Customers used to deploy open source based products for their non-mission critical

applications. Now we are seeing a paradigm shift wherein the core applications like ERP are being deployed on open source based technologies/platforms. Using open source software gives you more freedom and you can effectively address the Vendor Lock-in challenges like lack of portability, expensive license fees and inability to customize software. Companies like SUSE follow a subscription model whereby there would be a nominal charge for patches & support. But this would yet be much more optimal from a TCA and/ or a TCO as well as performance perspective when compared to most proprietary software alternatives which generally follow a license based model. As mentioned earlier, the numbers show a clear indication that customers are not just amenable to the idea of open source infrastructure but are also actively deploying the same in their production environments. This would not essentially mean a ‘rip & replace’ drive but a phased adoption model where both open source & proprietary products would co-exist in the IT environment to provide the optimal solution. I do think that over a period of time, as hosted, SaaS & cloud models of IT infrastructure solutions adoption take over, we should see a shift, where 80% of the inherent components would be open source based. This would form the core of IT solution purchase & usage while shifting from a product centric approach to a service centric model. For organizations with capital constraints facing system refresh decisions, Linux can have a substantial bottom-line impact by supporting both small and large workloads on a range of hardware platforms. Some key aspects that SUSE Linux provides to contribute to lower TCO include reduced Initial capital expenditure costs, ongoing maintenance costs as per customer requirement and not a one size- fits-all model and a subscription based model instead of a licensing model. This serves to decrease the TCO by an average of 15 to 30 percent and accelerate the ROI by 6 months or more. Q: Shortage of skill sets is often a challenge for any organizations? Are there enough skilled engineers available in India to work on open source? A: The shortage of skilled manpower was a

N OV E L L I N D I A

stumbling block to open source in the past, say 5 to 10 years back. However the situation is much different today. With increased rate of adoption of open source based technologies on the rise, engineers find that OS expertise provides for enhanced domain expertise as well as a strong career option within private sector corporations as well as Govt entities/ Enterprises that have large deployments of open source based technologies. Key players in the Linux & open source market like SUSE offer industry-leading certifications and tests that are globally recognized. Q: What are you doing in order to fill up the skill set gap in the industry? A: Novell provides plenty of training options to fill the skill set gaps in the open source based product space. Certification courses like the Novell certified Linux Professional (NCLP) & the Novell certified Linux Administrator (NCLA) & the Novell Certifies Linux engineer (NCLE) courses offer candidates the core skills required to handle the nitty-gritties of a Linux environment. These programs differentiate themselves from the others available in the market through indepth modules like shell scripting etc which enables the certified to not just be restricted to peripheral admin roles but also opens up opportunities to work on R&D, product enhancements etc.. We also have Novell certified desktop Administrator & also instructor programs for prospective teachers. Achieving a Novell certification is simple and provides that extra edge to IT industry aspirants as well as opens up more lucrative opportunities to people already in the industry. Q: How does open source compare against proprietary when it comes to security and manageability? A: IT chiefs are increasingly turning to opensource software to help create a competitive advantage for the business, according to new research from Gartner. It is clear that there seems to be ample demand for commercially supported open source software delivery models that present a viable alternative to proprietary applications in a variety of business cases. And the advantage usually associated with open source – lower licensing and sup-

CTOF CUSTOM SERIES

The adoption of Linux in India is clocking a steady 20-30% growth year on year with Telco, BFSI & Govt./PSU sectors leading the way. port costs – is not always the only reason for its choice. The benefits of its adoption fit three distinct categories: cost, optimisation and flexibility. So this is very clear that from a manageability point of view open source is way ahead proprietary. Security is mission critical needless to say. Open Source Software provides for options such as subscriptions for patches and support which is also cost effective when compared to proprietary software. Open source in its nascent form could be vulnerable owing to the aces to the source code & that is where companies like SUSE step in. We customize the base kernel to make it enterprise ready adhering to the security, compliance & manageability aspects that are critical for enterprise deployments. With the provision for maintenance, support & patch updates this becomes a robust platform for enterprises to deploy in their IT environments. The adoption of Linux in India is clocking a steady 20-30% growth year on year with Telco, BFSI & Govt./ PSU sectors leading the way. Just this fact emphasizes that platforms like SUSE Linux is a secure & easily manageable option for critical IT operations as if it wasn’t, we would not see growth & especially in deployment of mission critical applications on these platforms. Open Source Software today provides a strong mix of inter-operable and hardware agnostic options that when included as part of the IT architecture, it complements proprietary software as well. SUSE Linux Enterprise Server is built on the 3 key pillars of ubiquity, interoperability and mission-critical computing. It provides the ability to deploy a low-cost, high performing operating platform across the full range of hardware and computing models – from desktop to data center – and physical to virtual to cloud environments. It can also be easily deployed into existing IT environment to leverage previous investments. Q: What would be the key trends in open source over the next two years? A: Looking at the coming year for Linux, the

key areas to watch out for would be cloud computing, Platform as a Service (PaaS), the automobile industry. Linux continues to grow both in its reach and credibility among enterprise IT users and customers, bringing competition, price and time-to-market pressure and options to such as cloud computing and mobile software. According to a Gartner study, open source software would be embedded in 80 percent of all commercial software by 2012. The report said that, “By 2012, 80 percent of all commercial software will include elements of open source technology. Many open source technologies are mature, stable and well supported. They provide significant opportunities for vendors and users to lower their total cost of ownership (TCO) and increase returns on investment”. Another study, 'Economic Impact of Free and Open Source software – A Study in India', undertaken by a team at IIM-Bangalore (during 2010), highlights several interesting insights, that show how by replacing just 50 percent of proprietary software with open source in desktops and servers, India can save close to Rs 10,000 crore. Open source software will continue to dominate cloud computing (whether Infrastructure as a Service (IaaS), PaaS, public cloud or private cloud). According to another prediction, after mobile Linux, there are number of efforts underway to use Linux for cars. A number of automobile manufacturers and parts makers, including BMW, Nissan and Toyota, are among the key players this time, supporting automotive Linux. I believe that open source based solution adoption would continue to grow as experts have predicted, not just because of the flexibility & TCO benefits that it offers, but also as the trend towards moving to the cloud increases, aspects such as adaptability, portability & being hardware agnostic would take top priority, whereby pushing back the complex nuances that a proprietary platform involves.

A Question of answers

PERSON' S NAME

Enabling the Enterprise: Hollis talks about how IT can play a role in creating a platform for collaboration in a social model

cto forum 21 december 2011

The Chief Technology Officer Forum

C h u c k Ho l l i s

A Question of answers

Chuck Hollis | EMC Corp

Internal IT vs External Vendors Chuck Hollis, VP & Global Marketing CTO, EMC Corp, is constantly looking for those IT leaders who can move the needle for business. Hollis spoke to Sanjay Gupta about big data, social media, analytics and the service-driven model of IT, which is paving way for new capabilities How is the emergence of big data and social media changing the role of IT leaders? First, IT leaders need to understand that this is not your father’s data warehouse – you are taking data from multiple sources, social feeds, etc, and you are mashing it up for insights. Today every industry – be it retail, telecom, or whatever – is powered by business analytics. The change should be seen as a partnership between the IT people who generate data and the business users who are actually going to

consume data. There is also a movement to socially enable the enterprise: the theory here is that there is a new way of working, so IT can play a role in creating a platform for collaboration in a social model. I know 30-40 IT managers who make there living from socially enabling their enterprises. Have you seen any examples of this social enablement in Indian companies? Not so much in India. I think it is a cultural thing – sharing information.

Somehow, I do not see it that much in Asia. Let me give you our own example. At EMC if you look at the history of our social media usage, there was strategy, there was platform and the skill sets. In addition, for every business process in the company – be it how products are created, how people serve customers and how problems are solved – social media appears. This is changing the way our company works, as it is about mobile enabling the workforce, socialising proficiency, building collaboration... We are not just talking about putting

The Chief Technology Officer Forum

cto forum 21 december 2011

A Question of answers

C h u c k Ho l l i s

Windows on the screen; we are talking about really mobilising our workforce. Another important thing is customer engagement – new platforms, new media, new ways of pulling in customers or talking to them and keeping them engaged. It could be a cool website or a downloadable app, but we are seeing more and more IT managers getting interested in providing these interfaces between businesses and customers. In addition, none of this would have been possible without building a responsive IT organisation. Therefore, my view is that it all depends on the competitiveness of the industry and the culture of the company. How do you differentiate between IT leaders in small as compared to large organisations? Usually I find that the IT leaders in smaller organisations take quick decisions, while in large organisations decision-making is a long process. So it is a challenge for a company like ours as to how do we get them (large firm IT heads) to move faster. So one way we do this is by calling them agents of change and constantly asking them how they are building new things on top of their legacy, how they are bringing in new processes and new efficiencies, and how they are doing things “the new way” as processes start to mature. Typically, in a large IT organisation you find the classic perfect storm: new business strategy, change of leadership and new technology itself. So the question is, how do you get them to move very fast to adapt to those changes? However, smart companies can move very fast. Some of the most innovative stuff comes out of midsize companies. Have you seen any backmigrations in outsourcing – wherein companies that initially outsourced certain IT tasks want to bring them back in-house? Oh, it happens all the time. More-

cto forum 21 december 2011

“I know 30-40 IT managers who make there living from socially enabling their enterprises”

over, usually it happens in a bad way. Like the classic movie: big company, big project, IT people cannot move quickly enough. Therefore, business decides to take the project outside for some time. When that period is over, the IT organisation has to really scramble it to bring it back. However, I would say, these are not ideal situations, as they represent the lack of competitiveness of the IT organisation in the first place. The difference between the new, smart IT guys and the old guys is that the new guys know they must keep IT users as happy customers. With regard to the new, IT guys, since they now must demonstrate their value to business and be proactive about it, do you think the business users feel irked or threatened by their growing interference? I have seen both kinds of situations. Four years ago, we had the ‘old IT’.

The Chief Technology Officer Forum

things I Believe in oday every T industry – be it retail, telecom, or whatever – is powered by business analytics IT can play a role in creating a platform for collaboration in a social model he old T paradigm of static projects and fixed way of doing things is no longer to be found in industries

Everything was a project, meetings, the works...and it used to take a whole lot of time. Then one day when business took some work outside, some of them complained: “You can’t do this!” And the response they got was: “Watch me!” (Here, Hollis takes out his credit card and flashes it triumphantly for a while.) Therefore, over time, the IT organisation realised that the business mindset had changed and they were competing for IT projects. Business said, “I can give it to you or I can give it to somebody else – though I’d like to give it to you!” Obviously, the internal IT guys have an advantage because they know the company’s business and they are trusted. However, for every external offer, the internal IT had to make it competitive and more valuable. How has the user experience of corporate employees changed in the new model of IT? In the old model, an IT user in an

C h u c k Ho l l i s

organisation had to track down the IT person for a particular service and it was up to them to get the needed service from that person. In the new model, the IT services are available to the users as some sort of catalogue from which they can choose what they want. What’s more, there could even be a pricing mechanism for those services. Another thing that is happening is that the IT users are getting very literate, very sophisticated in how they consume IT. Therefore, the need for the IT department to be competitive today is more than ever. A major discussion topic these days when it comes to information processing is big data. But how does big data impact an IT leader that works for a relatively smaller company, say, a 500-employee firm rather

than a 50,000-strong enterprise? There is a question before the answer: What can analytics do for your company? If you knew more about the customers, if you knew more about the economy, and if you knew how better knowledge about customers could change your business, would it benefit you? The answer, one hundred per cent, would be “Yes”. The key about big data is analytics. It allows you to take data from multiple sources, apply a wide range of tools to analyse that data and say, “Whoa, we didn’t think about this!” Or, “We could think of it that way.” Therefore, the key decision IT leaders need to make is whether they are going to build all that capability or are they going to take that as a service. For instance, Procter & Gamble buys 80 per cent of its data analytics as a service.

A Question of answers

There’s a 3V information model that Gartner uses – Volume, Velocity and Variety. For companies that still want to do much of their IT in-house, how do you think they can cope with the three Vs? There is a change in mindset. IT is used to fixed projects. Suppose they build a ‘toy box’, I can’t say what its RoI is going to be. I can’t tell where it will be useful. I can’t ask for a three-year forecast, right? Therefore, IT must keep going back and forth: you build something, you find what value it will give, you go back and change something, then you build further on it and so on and so forth. Therefore, the old paradigm of static projects and fixed way of doing things is no longer to be found in industries that are largely driven by analytics such as banks, retail, oil & gas, etc.

Best of

Breed

Feature Inside

The Expanding ITIL Universe Pg 28

Illustration by Shigil N

New Mindset Towards IT Practical ideas by which IT can improve its relationship with business 24

cto forum 21 December 2011

The Chief Technology Officer Forum

he IT function exists to support the business in achieving competitive advantage. However, many business users often see IT merely as a barrier to their initiatives; a function that over-spends and under-delivers. In order to foster a better relationship with the business, IT must strive to change the corporate mindset and demonstrate that it can be a reliable technology partner for the business. In this article, we argue that a common engagement model can be valuable and we explore practical ideas by which IT can improve its relationship with the business exploring different strategies that apply to different stages of a service lifecycle from strategy to implementation and delivery. The IT function exists to support the business. Business and IT leaders recognise this and thus continue to make investments in the IT organisation and infrastructure. However, this view of IT as a strategic asset changes as you move down the organisation chart. To most business users, IT is often a barrier rather than an enabler. IT is perceived as the organisation that says â&#x20AC;&#x153;noâ&#x20AC;? to innovative ideas -- the organisation that over-promises and under-delivers. Much of this criticism is unfair and arises from a lack of appreciation of the complexity of technology implementation and day-to-day management. However, there is also some truth to this criticism. In every organisation there are plenty of examples of delayed projects, unrealised benefits and technology that simply doesnâ&#x20AC;&#x2122;t address user needs.

To most business users, IT is often a barrier rather than an enabler

m a n ag e m e n t

There needs to be a consistent and intuitive engagement model between IT and the business with clearly defined roles and responsibilities, clearly agreed strategy and scope, and strict adherence to priorities and timelines If IT is to have an improved relationship with the business and it has to be perceived as a trusted technology partner to the business, IT leaders must work hard to address these concerns by fostering a consistent and intuitive engagement model between IT and the business with clearly defined roles and responsibilities, clearly agreed strategy and scope, and strict adherence to priorities and timelines. In the rest of this article, we apply some of these strategies to a standard service lifecycle.

Strategy - Understand the business strategy and ensure IT is aligned to support it. In our experience, the high level details of a business strategy are well known in most organisations. However, IT often lacks a detailed understanding and appreciation of the business’ expectation from IT to support the execution of the strategy. This happens because IT is seldom engaged by the business during the development of the strategy. Instead, the business groups develop a strategy and then hands it off for “implementation” to IT. As IT begins to implement solutions, the rationale behind the strategy is not well understood and thus incorrect assumptions are made. This undermines the very strategy that IT was asked to support. Learning point: Engagement at the strategy level must include all relevant business and IT stakeholders

Design - Involve the business during design decisions. This is much easier said than done since most business users assume that design is a technical activity where they have little to contribute. However, in our experience, the single biggest cause of failure of any IT initiative is flawed design decisions. One way to involve the business in design is by removing technical jargon from dis-

cussions and talking about design decisions from the business point of view. Not only does this ensure that business stakeholders can contribute to the discussion, it also helps IT get a better understanding of the business they support. Getting the IT organisation and the business to talk a common language can help bridge the historical divide between business and IT and go a long way in changing the corporate mindset towards IT. Business users often have very clear ideas of the solutions and services they want, but do not appreciate the technical complexity involved or the costs of delivering their requirements. This causes numerous instances of “sticker-shock” as well as the common refrain “Our IT organisation is so expensive, we could get external contractors to come in for half the cost”, or “The solution vendor said this would only cost half of what IT is saying." In both cases, the most common reason is a lack of understanding of the solution’s total cost of ownership (TCO). By closely involving the business in design decisions, IT can help them better understand the complexity of a technology and TCO associated with any solution or service. Implementing a gated approach to projects can help ensure the right information is prepared and reviewed at the right time. This can avoid the common “throw it over the fence” approach whereby the operations team are left picking up the pieces in order to provide a sustainable service. While IT needs to refrain from using complicated jargon when describing the solution and they also need to describe value in business terms and metrics, e.g., the output of a payroll service is number of payees/ pay checks issued rather than 99.99% server availability. In contrast, the business needs to understand that IT should be considering the availability, capacity, continuity and

B E S T OF B R E E D

security requirements of the solution as well as the utility or functionality required and these requirements can drive up TCO. Learning Point: Time and effort spent engaging at the design phase will pay dividends by reducing costly errors that may only be identified after solution build and test.

Transition - IT has to educate the people who will be most affected before new solutions go "live." During the transition of any solution to live status, one of the biggest complaints from the business is that IT makes flawed assumptions and plans that result in the transition not being very smooth. For most end users in the business, the testing part of transition is their first contact with IT for a new implementation (whether of a product, platform or a service) and any problems in transition simply feed a negative impression that lingers for a long time afterwards. IT can address potential issues in transition by engaging in detailed transition planning involving business stakeholders. IT must ensure the plans are realistic and take into account business concerns with the aim of standardising on the approach, from small modifications through to large deployments, to ensure the correct level of due diligence is performed. Throughout the whole transition period IT and the business need to work collaboratively by providing initial pilot support through to end user training. A diligent approach to risk management is also very useful in this context, so that when risks turn into issues, there is a plan to mitigate that can be set into motion quickly. Learning Point: Engagement to plan, prioritise and test changes requires significant effort and involvement from the business and IT Operations - Once solutions and services are live, a common problem faced by the business is inconsistent levels of service. IT can mitigate this by adopting a common engagement model that is based on service level agreements (SLA). IT needs to work closely with business leaders to understand the relative priority of services and define service level agreements to reflect the business priorities. The Chief Technology Officer Forum

cto forum 21 DECember 2011

PRINCIPAL PARTNERS

TECHNOLOGY AWARD PARTNERS

EVENT BY

SUPPORTING PARTNERS

2011 AWARD WINNERS

Zoeb Adenwala, CIO (Global), Essel Propack | Srinivas Kishan Anapu, CEO, Cloud Ready Solutions | S.P. Arya, Sr VP (Corporate IT), Amtek | Vandana Avantsa, CIO, Motherson Sumi Systems | Niranjan Bhalivade, CIO, CEAT | David Briskman, VP & CIO, Ranbaxy Laboratories | Manish Choksi, Chief - Corporate Strategy & CIO, Asian Paints | Satish Das, CSO & AVP - ERM, Cognizant Technologies | Vikram Dhanda, Sr VP, AEGIS | T.G. Dhandapani, CIO, TVS Motor Company | Ajay K. Dhir, Executive Director & Group CIO, Lanco Infratech | Nandkishor Dhomne, CIO, Manipal Health Systems | U. C. Dubey, Executive Director (IT), Iffco-Tokio General Insurance Co | Vikas Gadre, VP - New Business Initiatives, Tata Chemicals | Rajesh Garg, VP & Head (ISS) & (NPP), Nucleaus Software Exports | Vishnu Gupta, GM Operations, Aditya Birla Health Services | Kinshuk Hora, Head of IT- India Subcontinent, GlaxoSmithKline Consumer Healthcare | Sachin Jain, Head - IT, Evalueserve | Shailesh Joshi, Head - IT, Godrej Industries | Asmita Junnarkar, CIO, Voltas | Sudhansu Karmokar, GM - IT, Meru Cab Company | Sumant Kelkar, Advisor, Essar Information Technology | Sanjeev Kumar, Group CIO & Group President - Business Excellence, Adhunik Group of Industries | Vinay Mehta, CIO, Escorts Construction Equipment | Suhas Mhaskar, Sr GM and Head - Business Consulting & Special Projects, Mahindra & Mahindra | S.C. Mittal, Group CTO, IFFCO | C. Mohan, Head of IT Shared Services, Reliance Capital Group | Rajesh Munjal, Head - IT & AVP - Operations, Carzonrent India | B. Muthukumaran, Head - Operations & IT Security (India), SecureIQ | John Nadar, Head - IT, Tata Chemicals | C.R. Narayanan, CIO, Tulip Telecom | Venkatesh Natarajan, Special Director IT, Ashok Leyland | Ratnakar Nemani, CIO, Himatsingka Seide | Neena Pahuja, CIO, MaxHealthCare Institute | Prakash K. Paranjape, CIO, Idea Cellular | V.S. Parthasarathy, Group CIO, EVP - Finance & M&A, Member of G E B Mahindra & Mahindra | Daya Prakash, Head - IT, LG Electronics India | Girish Rao, Head - IT, Marico | Subhasish Saha, CTO, Apeejay Surrendra Group | Dhiren Savla, CIO, Kuoni Travel Group | Rajeev Seoni, CIO, Ernst & Young | Vijay Sethi, VP & CIO, Hero MotoCorp | Shiva Shankar, VP & Head - IT Infrastructure, Security - Ops & Engineering, Reliance Tech Services | Jagat Pal Singh, CTO, Cybage Software | Shantanu Singh, Director - New Intiatives, ValueFirst Messaging | Dheeraj Sinha, Head - Corporate Management Services, Apollo Tyres | Swaranjit S. Soni, Former Executive Director (IS), Indian Oil Corporation | Shivaram Tadepalli, Advisor - IT, GMR Group

JURY

B E S T OF B R E E D

m a n ag e m e n t

40%

Once service levels are defined making at all relevant layers and agreed with the business, within the organisation is absoclosely track adherence to these lutely critical to success. service levels and develop a In our experience, governance of devices highly visible plan to address models can become ineffective if any short-comings. Maintenance either side lets them deteriorate used to access activities are usually undervalinto “food-fights” over budget business apps ued by the business, yet this and resources. In such cases, are personally typically represents a high prorepresentatives from the busiportion of the workload for IT ness merely use the IT goverowned operations team. It is important nance forum to push for more for IT to clearly show the value resources and budget to support these activities provide in contributing to their priority initiatives and IT loses control of sustained service levels. how its scarce resources are allocated. Learning Point: A formal engagement There may be circumstances where IT has model will identify these service level to push out a project -- to close a security requirements at the Design phase, so that hole, for example -- and they must be able they are well understood before the solution to use the governance forum to discuss this is delivering value , and operations can focus priority. In order to avoid such a fate, IT on managing the service. Of course, the must engage the leadership of the organisaengagement model will also have regular sertion within a formal governance structure vice reviews between IT and the business and define clear rules for engagement as well as mechanisms for the prioritisation of requests and allocation of budget. This Governance - Having an effective helps to ensure that the business represengovernance framework that covers decision

tatives take a holistic view of the business, rather than a parochial view of their own constituency. IT must also use its knowledge of the business strategy and technological innovations in the market to help define the agenda for technology within the organisation. This does not mean pursuing technology for its own sake, nor does this imply wasting budget on a never-ending pursuit of the next, new thing. Instead, IT leaders can take a practical view on ways to meet the strategic needs by leveraging the most effective technology and present these options to the senior leadership. Learning point: By defining clear rules for engagement and helping the business in setting a technology agenda that helps meet strategic needs. IT can help establish an effective governance mechanism to govern technology decisions in an organisation. —This article has been reprinted with prior permission from CIO Update. For see more articles regarding IT management best practices, please visit www.cioupdate.com.

The Expanding ITIL Universe

The ITIL framework promises to unleash “rightsourcing” innovation by enabling ITSM for increasingly distributed IT environments

ndustry standards transformed the hardware and software markets and unleashed tremendous innovation. Today, the evolution and increasing acceptance of ITIL best practices promises to transform IT service management (ITSM) and facilitate the controlled expansion of IT environments to include business services operation centers, and public and private clouds. Every CIO must contend with the same basic challenge of coping with a heterogeneous distributed IT environment -- run scores of applications in an environment with multiple OSes and an increas-

cto forum 21 December 2011

The Chief Technology Officer Forum

ingly distributed infrastructure, and you have to be able to monitor and manage how your IT services are getting along or risk a demonstration of how quickly everything can go suddenly very wrong. Fortunately, CIOs don’t all have to invent the same solution. The Information Technology Infrastructure Library (ITIL) is a collection of best practices that CIOs can adapt to implement their own ITSM strategy in their environments. While most CIOs already know about ITIL but what many of them don’t seem to know, however, is how to begin applying all those good ideas in their own IT environments.

m a n ag e m e n t

B E S T OF B R E E D

At the same time, CIOs know that if they expand their current IT infrastructure to include private, public and hybrid clouds, managed services, and software as a service (SaaS) (all the options their CFOs have been pushing to save money) the chance of triggering IT mayhem escalates exponentially. The lack of an effective ITSM strategy, as a result, has caught many IT departments at the point where push comes to shove. They can’t afford to stay where they are, but they can’t go forward without what looks like losing control. ITSM based on ITIL best practices makes it possible for IT departments to move forward and adopt right-sourcing options without taking a leap of faith. For one thing, it doesn’t all have to be done at once. The first step to implementing ITIL best practices is developing a service catalog which defines the IT services in enough detail to outline the technology and processes that are required to provide them. This is admittedly not a small task. In some organisations the service catalog can include upwards of 100 distinct IT services. But describing all the services IT provides an organisation in a service catalog not only creates an important reference for the IT department, it also has the distinct advantage of helping IT show executive management all the valuable services IT provides the rest of the organisation. It’s the right answer to the "What have you done for me lately?" question. Once the service catalog is developed, the next step is to begin to implement the processes that are outlined by ITIL. The number of processes required will be determined by the complexity of your service offerings. These three processes provide a good foundation to start with: Incident Management, including help desk best practices to categorise issues and automate the workflow to resolve them. Problem Management, including processes for pattern analysis that will help you minimise the impact of problems. Change Management, to ensure that you have and can manage standards and procedures for making changes and supporting your end users. Once these processes are defined it is possible to develop a configuration management database (CMDB) which allows you to map every service to the technology you need to manage and track. You’ll be able to determine what each service is costing you and identify the services like service desk, select managed services, and cloud computing, that could be more efficiently handled by a qualified third party. Implementing an effective ITSM strategy, is both a requirement and an enabler of out-tasking and cloud computing. All the information a service provider needs to set up automation and orchestration parameters for a cloud solution, for example, is available in your service catalog.

Not implementing ITIL best practices creates a situation that makes periodic outbursts of mayhem inevitable Behind data center walls As a provider of managed services over the course of more than a dozen years, we have had a chance to see what really goes on behind data center walls in hundreds of large and small organisations across a broad range of vertical markets. It goes without saying that everyone is doing the best they can but, with the exception of the very large organisations that can afford sophisticated ITSM tool sets and processes, most IT departments are spending so much of their time trying to keep the lights on that they are flying blind when it comes to the quality of their services. Implementing ITIL best practices and developing an ITSM strategy sounds like a great concept, but reacting to the latest crisis always seems to take precedence. Unfortunately, not implementing ITIL best practices creates a situation that makes periodic outbursts of mayhem inevitable. It’s a vicious circle that’s all too familiar: 1 Your costs get out of control. 2 You aren’t able provide adequate services to your business. 3 You don’t have the facts and figures to communicate effectively to your executive management what you need to do to stop going around in a circle.

Where push comes to shove Pressure is mounting on the status quo in IT. The need to cut costs and shift expenses from the capital expense budget to the operational expense budget is driving IT departments to consider extending their infrastructure to third party service providers beyond their own data centers.

The Chief Technology Officer Forum

cto forum 21 DECember 2011

B E S T OF B R E E D

m a n ag e m e n t

IT’s turn to automate

90%

control. ITIL best practices are, in fact redefining what control is in a truly distributed IT infrastructure. It’s Automation is the key word here. By systematising and impossible to anticipate all the innovations that will standardising your service offerings, you can begin to emerge as more organisations step up to the opportuniautomate their management and delivery. We in IT ties that ITIL-based ITSM is making possible. have only to look at how automation has transformed organisations We are on the threshold of the day when the IT the manufacturing industry in the last 30 years to get predict a infrastructure can respond dynamically to change a glimpse into our own future. The IT industry has stronger according processes and parameters that we set in gotten away without widespread automation until now advance. Our job in IT will be as overseers of those because it involved so many disparate components that 2012 for their parameters. This transformation is going to require at were difficult to automate. Advances in automation business least as much cultural change within IT departments technology and orchestration suites, however, are as technical change in the IT infrastructure. setting in motion the same kinds of changes in IT that In the past, IT has been seen as a necessary cost of doing busitransformed manufacturing. ness. Increasingly, IT has become the way businesses do business. Instead of focusing on infrastructure, IT professionals are In the near future, the measure of accomplishment for the IT increasingly going to need to focus on services, applications and department in an organisation that makes widgets isn’t going to process. IT technicians, as a result, are going to need different skill be how many servers are in the data center or how many nodes on sets. I used to hire network engineers. Now I hire engineers who the network. The measure of accomplishment for IT in the widget can manage an orchestration suite. Being a great Unix admin or industry is going to be how many widgets get sold and distributed knowing how to patch Windows is not going to provide much job around the world. security going forward. Business and technology really are one.

Re-defining control

By following ITIL best practices and implementing effective ITSM it becomes possible to leverage all the advantages of hybrid clouds (public and private), managed services, and SaaS without losing

—This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com

BEST OF BREED

c a s e s t u dy

Case Study | geometric

VDI Improves Productivity Challenge:

Geometric built a secure desktop environment that delivered 76 percent performance benefits for the company by deploying VDI

By Varun Aggarwal

or a company handling customer IP, securing the IP becomes a top priority. But then how do you ensure that the IP is secure when it resides on multiple desktops, which not only resides within the organisation but also outside it. Then the challenge comes of allowing employees remote access to improve productivity. Another problem that arises is when you allow access using multiple mobile devices. How do you standardise, how do you manage and how do you secure them? These were some of the challenges that Geometric, a global engineering services and digital technology solution provider for Product Lifecycle Management (PLM) was grappling with. Geometric was faced with issues pertaining to conventional desktop deployment. Individual personalisation done on PCs prevented standardisation, increased support requirements and software related errors. This affected security, and manual scrutiny was needed to ensure data protection. Timely software and antivirus patching demanded lot of time and effort from the IT support team causing significant downtime for end users. To overcome these issues, Geometric decided to implement desktop virtualisation and was looking for a hardware platform to further those plans. However, the company's technical team had serious reservations regarding security, performance, cost and feasibility of implementing the technology. Given the apprehensions, Geometric had to build a robust virtualised infrastructure and ensure cost reduction - IT support, electrical and cooling costs; improve end user response/ resolution times, and reduce end-user downtime/lead-times for provisioning new computing resources. The solution had to be scalable, easily man-

cto forum 21 December 2011

The Chief Technology Officer Forum

ageable, ensure business continuity, provision for secure remote working and support consumer IT devices. The entire project had to be completed within three months. While looking for a solution, Geometric had to bear in mind that acquisition costs for virtualisation technology was significantly higher than that of individual PCs, the solution would be unsuitable or expensive for graphics intensive requirements and server or network failure in the data center could jeopardise work. While all of these could be mitigated, the bigger concern was that users who would no longer have physical PCs could initially be very disconcerting leading to a pushback.

Network Solution In their previous experience of a limited server virtualisation deployment, Geometric faced several issues related to VLANs and network separation besides server and network management challenges. The challenges would be far greater with desktop virtualisation. As a user of network technologies, Geometric was clear that the implementation needed to bind closely with the networking layer to be successful and manageable. Based on their need and previous experience, Geometric chose a Cisco solution. The solution was based on Cisco's Virtualisation Experience Infrastructure (VXI) architecture. VXI delivers collaboration and rich media user experience in a fully integrated, open and validated desktop virtualisation solution. It enables all categories of workers to access any application on any device in any workplace environment, liberated to be more connected, more collaborative and more productive. The solution design was created by Cisco, Citrix, Netapp and partner teams along with engineers from Geomet-

Prashanta Ghoshal, Director ITES at Geometric deployed desktop virtualisation solution to reduce the deployment time for new projects and IT support efforts

ric. The implementation included hardware from Cisco, Netapp and Wyse along with Citrix software. Cisco provided the entire UCS platform and network components which were installed at the Geometric data center at Pune for a PoC. The entire Cisco platform was evaluated for almost three weeks in the Geometric data center prior to the final decision. After the PoC installation, where the internal application teams tested their applications, the satisfaction levels were very high. Follow-up meetings helped to finalise the optimal architecture and reduce unnecessary components and costs. The 10GBE/FCOE based solution reduced the overall cost of deployment by nearly INR 27 lacs as opposed to a pure FC based solution. Since virtual machines can be standardised and cloned effectively in a short time, Geometric has been able to reduce deployment time for new requirements and IT support efforts. The company also observed a significant reduction in IT, power and cooling costs. Implementation of the Cisco solution has helped Geometric to reduce the number of networking components and their complexity—signified by a reduction in the number of cables to be managed.

COMPANY DASHBOARD Company: Geometric Established: 1994 headquarters: Mumbai Services: Global Engineering services and Digital Technology solutions for Product Lifecycle Management (PLM)

“This solution allows our employees to use the internet and be productive from anywhere, at any time, using any device of their choice, without affecting security or performance,” said Prashanta Ghoshal, Director ITES at Geometric. “It also cuts the time that business is waiting on IT for com puting resources by 76 percent,” he indicated. After completing the initial deployment of 250 desktops, Geometric obtained significant benefits in TCO which will improve with scale. Cost reduction - Around INR 12 lac in power costs anticipated in a years' time for 600 desktops. Customer satisfaction - Reduction in end user downtime and overall IT resolution times (nearly 76 percent), More opportunities for secure remote working, telecommuting and use of consumer computing devices. Improved staff productivity - Reduction in IT effort (62 percent) required for tasks like installations restoration (OS and application). Reduction in provisioning time for new computing resources and improvement in data security. About 350 additional virtual desktops are in the process of being deployed. The present deployment is over LAN, but has been successfully tested over WAN from other locations. The next phase includes 50 seats to be deployed at other locations over WAN. The Chief Technology Officer Forum

cto forum 21 DECember 2011

cto forum

21 DECEMBER 2011

The Chief Technology Officer Forum

t e c h n o lo g y

W ILLUSTRATIONS BY Prince Antony

By Ankush Sohoni

CO V E R S TOR Y

An in-depth look at five key trends that are here to stay, and take enterprises to the next level of agility and profitability

ith tumultuous times comes the need for innovation. As part of our year end issue, we will look at identifying five key trends that are here to stay and take enterprises to the next level of agility and profitability. We explored these trends in detail and spoke to those who have already taken the first step and benefited from these technologies. The industrial revolution saw the rise of machinery and production benefited. Today, the information revolution has brought with it intelligence, which allows enterprises to dissect facts and produce better products, and services to benefit consumers. Today enterprises look at using social media to understand what consumers think of their brands; they apply analytics to complex sets of data to understand what consumers like or donâ&#x20AC;&#x2122;t. This issue explores these trends and the implications they can have on your enterprise.

The Chief Technology Officer Forum

Inside CLOUD COMPUTING Page 36

Handling Mobility Page 38

Social Media Page 40

In-memory computing Page 42

BIG DATA Page 44

Trends to watch out for Page 46

cto forum 21 DECEMBER 2011

t e c h n o lo g y

he last two years have seen a lot of hype around cloud computing. Although this trend has been around, it is only now that we are seeing it permeating into the enterprise. Many CIOs have had their apprehensions about this technology, and for due reason. Issues ranging from security to ownership of data and SLAs, have in the past thwarted implementations of this technology within enterprises. Today, however, more and more CIOs are looking to the cloud and are either piloting or implementing it within their enterprises. The year 2011 has seen more mission critical applications being put on the cloud as compared to any previous year. “Although cloud computing as a concept started long back it is now understood well by all. The early adopters have gone through some experience and all appear to be satisfied. As a first step typically organisations put non critical applications on the cloud. Portal applications, PMS etc were the targets. The cloud is now beyond the initial hype as well as fears. The mission critical applications however will stay away

Through 2012 and beyond, the usage of public cloud will certainly increase. Models such as IaaS, and SaaS will become more prevalent

from the cloud till a few more years,” says Milind Joshi, Sr. VP - IT Services, Essar Information Technology. “Through 2012 and beyond, usage of public cloud will certainly increase. We will see the models - Infrastructure as a service, software as a service become more prevalent. We already see infrastructure providers dipping their toes into services like disaster recovery on demand. There are third party cloud based Indian service providers who provide payroll with all its complexities peculiar to the Indian environment and other HR related functions. CRM as a service has been a staple for a while. ERP as a service is already available,” says K Mukesh, CIO, Tata Sky. Tata Sky has itself been an avid user of the cloud for the last few years and has left the organisation as a believer in the capabilities of the cloud. According to Mukesh, the setup cost of cloud based services tends to be very attractive. When it comes to flexible capacity management with a very robust infrastructure, it would be hard to beat cloud providers. “Over a period of time - from a cost standpoint it is not entirely obvious that cloud trumps in-house data centers. Security concerns are unlikely to disappear any time soon. The single biggest reason for move to public or hybrid cloud is the pathetic state of available infrastructure - be it reli—Milind Joshi, VP, Essar - IT services able power supply - or simply a road wide enough to allow a fire engine to

“As a first step organisations put non critical applications on the cloud.....The cloud is now beyond the initial hype as well as fears.”

cto forum 21 DECEMBER 2011

The Chief Technology Officer Forum

PHOTOs BY Jiten Gandhi

CO V E R S TOR Y

“Through 2012 and beyond, usage of public cloud will increase. We will see models like IaaS and SaaS become more prevalent.”

Challenges in Adoption Although cloud adoption has taken a healthy turn, there are still obstacles that cannot be ignored, which can come in the way of cloud adoption. According to Joshi, “There are still some obstacles that can occur when talking about cloud adoption. To begin with, the business case for moving applications to cloud environment can be quite unclear and requires solid business backing. Another issue is that of standards. Standards are not defined in terms of service levels and expectations are not set. Also, adding to this, processes in terms of taking data to cloud and more importantly taking the data out of cloud are undefined. The legal frameworks for security of data and ownership of the data are just getting formed and thus leave for a large scope for improvement. The funny thing here is that while the application and data are hosted in the cloud, CIOs are in a very unique situation of not having a direct control, while being fully responsible for performance, security and uptime.” “CIOs should at a minimum dip their toes so that you do have the expertise to migrate on a larger scale should there be a compelling need. Further, given that most CIOs do have a challenge with upfront Capex, this would help in reducing lumpy cash outflows - always a good idea to be friends with the CFO,” adds Mukesh.

—K Mukesh CIO, Tata Sky

Going Forward Although a lot of enterprises are implementing the cloud, there is still quite a long way to go in terms of making this a standard within most organisations. While Public Clouds will serve SMEs and the non-critical business applications for larger enterprises, Hybrid clouds will still be the dominant force in most large enterprises. Milind Joshi, leaves us with some recommendations to make sure smooth delivery when it comes to the cloud. "Make sure that cloud services providers are chosen based on their maturity of processes and security of data. Go through the fine print of the agreements very carefully especially for consequences for breach, termination procedures and most importantly the ownership of the data on the cloud," he says. "Be aware of the fact that Providers can attract with lower prices now but when you get in to their clutches, they can increase the pricing or make pricing model changes which are very costly in the long run. Cap the pricing for long term now in the agreements to avoid problems later. Make sure that the data storage locations are safe and proper DR is planned," he adds.

PHOTOs BY s radhakrishna

approach the facility in case of fire. Second reason - cost and availability of real estate to build a robust data center is not easy. So there would be trade-offs involved,” says Mukesh. For large enterprise that have significant sunk cost in infrastructure and human resources that are comfortable managing infrastructure in-house - the adoption would be slow. They would more likely opt for private or hybrid cloud. As large enterprises run out of processing capacity or get to a point where they need to replace some of their systems - cloud will be an option that would be considered by many. The overall direction however would be increased adoption of the public and hybrid cloud.

Handling Mobility Mobility will continue to make inroads into enterprises in 2012. CIO will continue to figure out how to exercise control over device proliferation

obility is definitely one of the biggest trends to hit Indian enterprises since the advent of the mobile phone in the country. More and more CIOs today are exploring mobile technologies like tablets, smartphones and the likes. Smartphones today are capable of a certain amount of processing and commoditisation is bound to take place, which means this space will keep evolving exponentially. In India itself, there is more mobile penetration as opposed to computer penetration. Some of the factors that contribute to this would be size of the device, cost and capability. The app ecosystem is also undergoing major growth considering today the developer ecosystem has matured, and so has the mobile operating system. Ranging from iOS and Android to Java OS, and other linux derivatives, the app ecosystem is set to explode. Enterprises need to be careful about how they utilize applications within their IT frameworks. This is the tricky part. Many organisations and CIOs are in the process of figuring out how to exercise control over device proliferation, and access control mechanism are being devised

cto forum 21 DECEMBER 2011

The Chief Technology Officer Forum

within enterprises, will dictate how apps send and receive data on enterprise networks. “The best thing that even happened to the Indian civilisation is the mobile phone. The mobile revolution has taken in its fold multiple cross sections of the society, both in economic and the cultural bracket. What we have seen unfold in the 5 to 8 years is both revolutionary and unprecedented. The CEO-to-cab driver-to- panwalla-tomigrant labourer who carries bricks on his head-to-village farmer with one goat. If there is any entity that you could count with the cumulative being more than the total number of cell phones in India, it’s India’s population,” says G N Nagaraj, Tecnology Strategist and Consultant. “With GPS enabled mobile devices, apps that can be deployed where some amount of data entry can be done, visual evidence using a camera phone or simply video call based quality control would go a long way in ensuring decent service. The platform would allow auditing mechanism to ensure service is delivered on time at the right place and if not, there is an escalation mechanism,” explains K Mukesh, CIO, Tata Sky. “The speed of cell phone proliferation has beaten the speed with which technology evolution around mobile apps, mobile app eco-system has happened and the speed of enterprise embracement of mobile as an effective business tool. This has led to employees bringing in, their own cell phones with data cards on them into the enter-

CO V E R S TOR Y

t e c h n o lo g y

prise. BYOT is not a choice that enterprises can exercise these days especially when it comes to cell phones, it’s the default you cannot avoid. These cell phones are mini power houses of processing power and storage capacity. Employees have started making productive use of these capabilities and have been getting around the governance strictures of controls and data security imposed by enterprise IT teams,” explains Nagaraj.

Challenges

out to do proof of concept as a part of the internal selling exercise. Overcoming inertia would take effort. This is no different from any IT driven initiative – always a bit more challenging than a user driven initiative. At Tata Sky, we do have a small team that is dedicated to identifying and doing a POC on emerging platforms. The team has succeeded in moving ahead by demonstrating return on investment and usability of apps deployed on mobile. We are looking at apps for managing remote workforce, quality assurance,” explains Mukesh. Adding to this, Nagaraj mentions, “There are a few recommendations I would like to make. Before doing so, I want to set the context on the background against which these recommendations make sense.” As against an inertia fuelled structured organisation chart characteristic and people-process-system caged world of large business enterprises; the mobile device, mobile app ecosystem and the associated players (developers, innovators and manufacturers) is a highly energetic,

As more and more devices keep hitting the market and that too at lower price points, the enterprise is going to have its hands full when it comes to defining control policies and enterprise governance. “The challenge gets bigger with more and more devices hitting the market and at low price points. Today, anyone right from the peon to the CEO can equip themselves with processing power, an app eco system and storage capacity. With the launch of devices like Akash, challenges to enterprise governance and control structure have achieved a completely new dimension. Everyone will soon acquire one. They will connect to free apps, storage on the cloud and social networking sites. Knowing the Indian affiliation for aggression and anger, the moment the PoS at the corner store malfunctions, the shopkeeper will tweet or post on Facebook,” explains Nagaraj. Mukesh adds on to mention, “The principle bottlenecks – the foot on street type personnel, tend to be lower down in the organisational hierarchy – so by default a corporate IT would have fewer —G N Nagaraj resources dedicated for this segTechnology Strategist and Consultant ment. Second – it is relatively easier to find IT resources who can work standard apps than mobile (complexity because of a wide variety of hardware is an added bottleneck in app developvibrant, and effervescent creed. This vibrant ecosystem ment and deployment). Third – IT operations – be it secuwill continually feed the end consumer with some fanrity or be it backups for example – there is a transition and tastic simple to use applications. Some of these consumlearning curve required when you do large scale automaers would be employees of large corporates. They will tion based on the mobile platform.” now be armed with alternatives that can get the work According to Mukesh, like all technology, eventually, the done by beating the system that forms the essence of economics will trump and people, processes and systems enterprise governance and controls frameworks. Corwill evolve. We can already see the trend in enterprises porate engines cannot match the speed and the depth whose primary business is logistics and transportation. of innovation that can happens outside the corporate Spill over to the other sectors is a matter of time. arena. Employees will all the more now compare these innovations with the CIO teams capabilities. “Why can't you guys think of something like this” is a phrase many Key Takeaways IT folks have heard inside the enterprise corridors as “As always, to be ahead of the curve – the CIO would have business teams continue to marvel at small effective cool to identify opportunities and sell it within the organisaapps on their smart phones and tablets. tion. She / He would need to have some resources carved

“This vibrant mobile ecosystem will continually feed the end consumer with some fantastic and simple to use applications.”

The Chief Technology Officer Forum

cto forum 21 DECEMBER 2011

CO V E R S TOR Y

t e c h n o lo g y

Social

Media

In 2012, enterprises will increasingly leverage social media to improve communication, collaboration, innovation and productivity

ocial Media is emerging as a big trend today. More than anything else, this technology is breeding ground for ideas that enterprises can use to improve communication, collaboration, innovation and productivity. Social media and tools can often be used by enterprises in many innovative ways. Since there is still no assured of measuring success, social media has seen a lot of apprehensions but in our view, the best is still to be seen in this space. CIOs are just beginning to play around and understand this space. “Most CIOs we’ve met and spoken to about social media seem somewhat lost. A commonly heard statement – We have deployed all the necessary technologies and built the framework, but don’t know what to do now – among CIOs is a sign that they are currently missing out on certain aspects of social media and what it can do,” says Mark McDonald, GVP & Gartner Fellow, Gartner. Now what exactly are these aspects? This is something we will cover a little depper in the feature. At the same time, G N Nagaraj, Tecnology Strategist and Consultant tell us a little about the key difference between organisational behavious and social behaviour. In his view, there is that although Social Media is very important for organisations, it is the lack of structure that causes issues when trying to understand the business value behind it.

cto forum 21 DECEMBER 2011

The Chief Technology Officer Forum

“There is no second opinion about the fact that most corporations have taken a very serious note of the existence of social networking sites and are keen to explore what it means to them and for their respective businesses. Everyone agrees that it is a new ball game and no one really is an authority. Everyone is learning,” says Nagaraj. According to him, while organised business is built on a hierarchy, where the various components of the organisation are inclined to work towards the goals of the organisation as a whole. Focus in this case is on core business, where everything is measured, KPIs are set, and short term and long term goals are established. ”When you compare the above with the Social Media universe, you have the other end of the spectrum, where information is unstructured, unorganised, and completely contextual to a certain opinion, topic or conversation. Here, there is no end goal, or KPI so to speak. People are free to post on topics that excite them personally,” he added. Nagaraj further adds that the habitats of the corporate world and the social enterprise, even though most people play in both worlds, exhibit behavior at extreme end of every spectrum in each of these worlds. In such a scenario, does the enterprise culture and way of life come in the way of an enterprise participating in the social networks? It should be noted that most corporate employees are voluntary participants in a social network too and behave in a completely different manner on these networks.

Challenges There are many challenges facing the CIO primarily in understanding how to utilise social media and strategise

CO V E R S TOR Y

t e c h n o lo g y

in the right way. “There needs to be a way in which enterprises can utilise social media, by adding structure to it and build a funnel of information. Social media can be utilised to boost commerce and create immense brand value. From the commerce perspective, social media is a way where enterprises can interface with their consumers through social networks so as to have access to highly focused sets of information, guidelines perhaps of how to go about building their products for their customers; knowing their likes and dislikes,” mentions Nagaraj. There are primarily two ideologies that are currently floating about when it comes to social media. One as described above looks at social media and networks as an opportunity to reach a focused set of people. The other looks at social media as a tool to achieve mass collaboration. According to Mark McDonald, Group VP & Research Fellow, Gartner social media is a tool that can lead to mass collaboration. In this kind of ideology, the important thing is to use social media to drive a certain train of thought or derive useful information from aa a group of connected people. “The common mistake that is made, and therefore a challenge is that fact that most Indian CIOs we have met and spoken to have mentioned to us that although they have all the social media technologies present, they don’t know what to do to get results,” explains Mark. This is the common mistake. According to Mark, any kind of mass collaboration effort using social media needs to have purpose. One has to have a clearly defined goal which defines what the organisation wants to achieve with Social Media. If this goal, or this basic structure is not added, the whole effort can flop. “I always read so many articles that express that a lot of people don’t understand the business value of social media. But one of the things we learnt about social organisations is that you cant calculate the business value in this kind of effort. You cannot take this mass collaboration that is based on social media technology and actually drive it to business results,” explains Mark. Sometimes it becomes difficult to convince the top management about social media and a lot of it has to do with the lack of definition of the word ‘Structured’. Leaders and managers will need to be shown a basic structure in terms of a purpose. Once this purpose is in place, everything that one does naturally conforms to

this structure, and revolves around this purpose. When it comes to leaders of organisation the idea is to ensure the activity is managed so when progress is being monitored one has an idea of where it is going and what kind of results are shaping up.

Mass Collaboration According to Mark, the thing that CIOs need to be chasing is the purpose. To give an example, Mark talks about how a company called Cemex utilised social media to see some pretty innovative results. Cemex is a global company that makes cement. They decided to use social media to deploy their strategy in 2010, through a campaign called Cemex Shift. The purpose was to make the

“Most Indian CIOs have all the social media technologies present, they don’t know what to do to get results.” —Mark McDonald, GVP, Gartner

company more environmentally responsible. Cement companies are tremendous traders of carbon. In order to reduce its carbon footprint, Cemex decided to burn biofuel in their factories as opposed to oil or natural gas. The entire idea was to increase the use of alternative fuels. This is what Cemex did in five weeks -- They formed a community of 500 people that were from across the company and defined what they meant by alternative fuels. The community came up with a definition. They took this definition and analysed 186 of their plants around the world against that definition. What they then did was define the top two performing plants and held webinars of how these two plants were working and documented these best practices on video while deploying that video across their company. As a result of this exercise, Cemex saw a five percent increase in the usage of alternative fuels in the company. Now traditional processes which say I need to look at this in a top down approach estimated that it would have taken 18 months to do the same amount of work. That’s the power we are seeing people being able to achieve! The Chief Technology Officer Forum

cto forum 21 DECEMBER 2011

CO V E R S TOR Y

t e c h n o lo g y

In-memory Computing In-memory computing is something to watch out for in 2012, considering the kind of impact it can have on the way enterprises process information

n-memory Computing is making headways into Indian Enterprises and is set to be one of the most disruptive high performance computing trends to have entered the market. Gartner sees huge use of flash memory in consumer devices, entertainment equipment and other embedded IT systems. In addition, it offers a new layer of the memory hierarchy in servers that has key advantages — space, heat, performance and ruggedness among them. Besides delivering a new storage tier, the availability of large amounts of memory is driving new application models. In-memory applications platforms include in-memory analytics, event processing platforms, in-memory application servers, in-memory data management and in-memory messaging, Gartner says. According to Gartner, running existing applications in-memory or refactoring these applications to exploit in-memory approaches can result in improved transactional application performance and scalability, lower latency (less than one microsecond) application messaging, dramatically faster batch execution and faster

cto forum 21 DECEMBER 2011

The Chief Technology Officer Forum

response time in analytical applications. As cost and availability of memory intensive hardware platforms reach tipping points in 2012 and 2013, the in-memory approach will enter the mainstream. While in-memory Computing has not entirely hit the mainstream, there are a few early adopters who have gone live with this platform to witness improved transaction speeds and data warehouse response. Although this technology is not for everybody, it is definitely something to watch out for in 2012, considering the kind of impact it can have on the way enterprises process information.

The Premise As one of the first few users of the HANA platform, Essar CTO Jayantha Prabhu spoke to CTO Forum about some of the intricacies of this platform and how it can help business process large data sets of information. “With businesses demanding faster and easy access to information in order to make reliable and smart decisions, in-memory processing is an emerging technology that is gaining attention. It enables users to have immediate access to the right information which results in more informed decisions.” In addition to this Prabhu also explained that with the implementation of In Memory systems, users can now query the data loaded into the system’s memory thereby

avoiding slower database access and performance bottlenecks. With in-memory tools, data available for analysis can be as large as data mart or small data warehouse which is entirely in the memory. This is accessed within seconds by multiple concurrent users at a detailed level and offers the potential for excellent analytics. He further mentions that it also minimises the need for performance tuning by IT staff and provides faster service for end users. “As the data used by organisations grows, traditional data warehouses just cannot deliver a timely, accurate and real time data. The extract, transform, load (ETL) process that periodically updates data warehouses with operational data can take anywhere from a few hours to weeks to complete. So at any given point of time data is at least a day old. In-memory processing makes easy to have instant access to terabytes of data for real time reporting,” explains Prabhu.

“With businesses demanding faster and easy access to information in order to make reliable and smart decisions, in-memory processing is a technology gaining attention” —Jayantha Prabu, CTO, Essar

Challenges “The in Memory database systems in market today complement the existing operational data warehouse and the Enterprise Data Warehouse. As a result of which, the implementation of the In Memory Database systems is an additional investment and cost to the organisation over and above the existing investments. Again, in a diverse conglomerate like us, the impact of in-memory Database systems varies for different line of business and hence there is a lack of ownership from the businesses where the real time analytics makes a lesser impact,” says Prabhu. One more challenge that he outlines is in having the business benefits scenarios models projected to the business end users to address the ROI concerns. In-memory database systems help in providing timely, accurate and real time data for decision making. That in itself does not guarantee benefits. It is the utilisation of the information in the existing business processes of the organisation that creates value.

Practical Concerns “In-memory processing comes at a lower cost and can be easily deployed and maintained when compared to traditional BI tools. According to a Gartner survey deploying traditional BI tools can take as long as 17 months. Many data warehouse vendors are choosing in-memory technology over traditional BI to speed up implementation times,” explains Prabhu. He further explains that several in-memory vendors provide the ability to connect to existing data sources and access to visually rich interactive dashboards. This allows business analysts and end users to create custom reports and queries without much training or expertise. Easy navigation and ability to modify queries on the fly is an appealing factor to many users. Since these dashboards

can be populated with fresh data, it allows users to have access to real time data and create reports within minutes, which is a critical factor in any business intelligence application. This system is a blessing in disguise for operational workers who need instant and accurate data to make fast decisions.

The Future In-memory database systems will expand their sphere of influence from the now restricted area of real time analytics to extend to the Operation Data warehousing. We will also see the impact of the Enterprise Data Warehouse solutions like Autonomy/Vertica from HP, Exadata from Oracle and Sybase IQ from SAP on the Enterprise Data Warehouse implementations for organisations. These solutions will integrate the benefits of the in-memory database systems and the Columnar Database technologies to enhance the Business Intelligence solutions to the next level. The Chief Technology Officer Forum

cto forum 21 DECEMBER 2011

CO V E R S TOR Y

t e c h n o lo g y

Big Data

The need is to map structured and unstructured data and perform analytics on the combination

rganisations today have access to large sets of data a lot of which is unstructured. Unstructured data iss usually aggregated from social systems, and multiple end points that store data. However, because of the lack of structure in this data, utilising it becomes very difficult. Today CIOs have access to very useful information in the form of unstructured data. Unlike structured data that primarily revolves around things like enterprise metrics, data generated in business systems and so on, unstructured data holds a lot of contextual information, that can help make decision making better and faster. “Close to one or two years ago, we used to speak about mining structured data and were using technologies like Data Warehouses, Business Intelligence to derive useful results from them. We had data that ran into 100s of terabytes and felt that we were playing with big sets of data. How wrong we were!,” says Vijay Sethi, CIO, Hero Motorcorp. According to Sethi, there is a lot of digital and contextual data that aggregates over enterprise systems. So it could be

data about products that is received from social networks or RFID tags and other such end points. Most of this data is unstructured. “Today what has happened is that people were either discovering unstructured data or doing analytics on structured data and using inferences from the unstructured data to arrive at logical conclusions on results,” explains Sethi. Today the amount of unstructured data is so high that if you look at how society had transformed over the last one or two years, consumers today rely a lot on social networks to make purchasing decisions. “As a result, the internet is full of usage patterns of these consumers, which is actually a very rich hub of information. If companies ignore this data and formulate strategies based purely on structured data, in today’s day and age, they will not see the desired results. This is the trend that is taking shape when it comes down to data,” further adds Sethi. The consumer is not really behaving the way they were behaving two-three years ago. Companies cannot ignore these trends. According to Sethi, "Organisations need to do a few things. They need to have your own structured data and bring in the unstructured element. One needs to map these two and perform analytics on a combination of structured and unstructured data. Today, this is actually possible.

60%

Estimated increase in operational margin of a retailer using Big Data to the maximum

cto forum 21 DECEMBER 2011

The Chief Technology Officer Forum

CO V E R S TOR Y

t e c h n o lo g y

Challenges Today, data volumes are rising exponentially, and this is definitely taking a toll on enterprise systems. If not already, CIOs will need to find a way to scale up effectively. “We need to get tools that can analyse Big Data. Currently we possess tools that allow us to derive great information from structured data, but we are not too familiar with tools that can derive successful results from unstructured data. This is of course something that will be tackled very fast, considering the new advancements that are hitting the market when it comes to technologies. We have to get into predictive analysis, contextual analysis and expect a world of results from those analytical tools. We need to evolve,” explains Sethi.

approach to unstructured data. Even when it comes down to the analysis of this data, I need to have a structured reporting format,” explains Sethi. The first recommendation is that in Big Data, complexity and exponentially rising volumes of data are so high that I have to define what it is that I want to derive out of this data. For example, if I want to see trends of buying patterns of population between the age of 25-40, in reference to red motorcycles, I need to first define this as my objective or goal. Once this goal is set, I need to work back through that goal and develop a hypothesis. The real question here is what hypothesis do I want to test? Secondly, any analysis should have an ROI associated with it. If I spend a million dollars

“The internet is full of usage patterns of these consumers, which is actually a very rich hub of information. If companies ignore this data and formulate strategies based purely on structured data, in today’s day and age, they will not see the desired results” —Vijay Sethi

Now, as far as tools go, there is definitely a good amount of momentum that is there in the market. Data Warehouse vendors are tying up with Big Data providers, algorithms are being developed and explored; technologies like In-Memory computing are hitting the mainstream, allowing enterprises to have unprecedented compute power at their fingertips. Data Warehouse vendor Teradata recently acquired company Aster Data just to make provision for Big Data requirements of their customers. Its advancements like these in the market that are eally leading to this trend causing major disruptions within the enterprise. However, today, CIOs are still trying to understand the most optimum way for this ‘Big Data’ to be processed.

Best Practices According to Sethi, there are a few things that CIOs must understand before getting into Big Data & Analytics. He has outlined them below. “In my view CIOs need to have a very structured

analysing a frivolous trend, that becomes a waste of time for me. It is also very important to decide if the company wants to put in the effort to go all the way with Big Data. There willl definitely be providers who operate using the cloudd, who will offer flexibility and immense cost savings if ustilised effectively,” he says. "I would recommend starting with something like this, and eventually evolving to an internal Big analytics platform. Don’t just jump into the infrastructure upfront. None of this infrastructure will be cheap. These are high end and very expensive systems that cannot be used for normal transactional data,” Sethi says. "Thirdly, in my view, this kind of deep, predictive and contextual analysis, will lead to some very rich results. It will help in predicting trends. So in this case, it is very important to note that this kind of tool can provide aa major competitive advantage if organisations figure out how to use it in the right way. Early adopters will definitely see more accurate trends and results that can help differentiate them from their customers,” he adds. The Chief Technology Officer Forum

photo by Subhojit Paul

Hero Honda/ Hero Motorcorp

cto forum 21 DECEMBER 2011

CO V E R S TOR Y

t e c h n o lo g y

Trends

toWatch Out

for

Partha Iyengar, VP and Regional Research Director, Gartner India spoke with Ankush Sohoni to discuss the trends that CIOs should watch out for in 2012

What are some of the top technology trends that Gartner predicts for 2012? Well of all the trends that we are seeing in the market, there are 5 that can have a serious impact on how organisations utilise their information and derive results from it. These trends are Cloud Computing, Mobility, Social Media, Big Data & Analytics, and Pattern based Strategy. Now all of these trends have their own place in the enterprise and are at different maturity levels at this point. How do you see these trends making their way into enterprises today? I think Could Computing, Mobility and Social Media are on their way to becoming mainstream within organisations, even in India. There are a lot of good use cases of these technologies being utilised in enterprises. Itâ&#x20AC;&#x2122;s happening and accelerating. We have seen enterprises use the model of Facebook and replicating it on their intranet. Either that or these companies are using Facebook as the social platform of choice. That evolution is already underway. Big data and pattern based strategy are new age concepts to CIOs, so they are still in the beginning stages of realisation, and evaluating how this will benefit them and how they can leverage it. If you look at big data and leveraging it, the key part is the reality that most enterprises have more unstructred data than structured data. Thatâ&#x20AC;&#x2122;s

cto forum 21 DECEMBER 2011

The Chief Technology Officer Forum

one of the fundamental tenets of big data and that tipping point has happened in enterprises. Pattern based strategy is the recognition of the fact that most enterprises are sitting on massive amounts of data but they are sitting on that data without being able to see usage patterns and customer behavior. This leaves room to use pattern based strategy to gain a competitive edge. In addition to this, we are also seeing an business trend in Information Technology-Operational Technology integration (IT-OT integration). This basically means that if you are a manufacturer then the shop floor system gets integrated with the business system, then taking the data and downstream field level input and tying it to your management decision making input. So there are strong case studies of this around the world, where people are doing this for business benefit. So I would say these last 3 trends are fairly nascent in India. The discovery has started but companies arenâ&#x20AC;&#x2122;t doing anything meaningful with it yet. Could you comment on the changing enterprise landscape and how business is keen to derive the most out of technology?

CO V E R S TOR Y

t e c h n o lo g y

“Could Computing, Mobility and Social Media are on their way to becoming mainstream within organizations, even in India. There are a lot of good use cases of these technologies being utilized in enterprises. It’s happening and accelerating.” —Partha Iyengar

VP, Gartner India

Business is under increasing pressure from a number of different fronts – competitive pressures, customer expectation pressures, regulatory pressures in some industries, and increasing aspirations for global expansion. Any one of these issues is urgent enough to require a much better use of technology. All four combined is creating an unprecedented pressure for change in the internal IT landscape of most companies, and the expectations from the business.

Getting closer to the business, contributing to driving revenue directly, computing the ‘business value of IT’ and in some industries/enterprises, getting AHEAD of the business to anticipate competitive pressures or market opportunities and leverage IT to help the business address these, before THEY see the need for it. Establishing strong credibility with the CEO and business peers is often the first step required as a pre-requisite to being able to achieve these things.

Where does this leave the CIO? In a difficult position in most cases. They are required to suddenly elevate themselves to be strong business leaders, WITHOUT taking their eyes of the ‘run the business’ part of traditional IT responsibilities. They are also increasingly expected to deploy IT solutions outside the enterprise as well, in terms of reaching out to clients directly, interacting with stakeholders (dealers et al), extending the supply chain increasingly into some of the more difficult semi-urban and rural areas. This is coupled with the fact that, for the most part, other than a few companies, there has been a historical underinvestment in IT, which needs to be ‘made up’ to create the platform for the business value delivery that is now a strong expectation from the business. All of these are challenges that will require a fairly aggressive ‘retooling’ by the CIO both for him/herself as well as for the structure and functioning of the IT department.

What are some of the technology intiatives that business is driving within their orgaanisation? Very clearly the four clear disruptors will arise from the forces of cloud computing, social computing, mobile platforms and spotting future trends through ‘Pattern Based recognition’. Coupled with this is the need to leverage analytics to a much greater degree to provide high value business decision making inputs.

In all your talks with CIOs across India and the globe, what are some of the key challenges they are facing with regards to business today?

What, according to you, are some of the key best practices that CIOs can adopt to drive the business agenda further? Could you leave us with key recommendations from Gartners perspective? Make getting business knowledge/visibility and credibility the number one priority. If necessary look for a senior business mentor as well as possibly a dual business unit head role, in addition to the CIO role. Start looking for opportunities to contribute to the customer acquisition, revenue growth initiatives of the business, start talking about IT value in business terms, not arcane technology terms. The Chief Technology Officer Forum

cto forum 21 DECEMBER 2011

HORIZONS

Features Inside

Top Predictions for IT and Users Pg 50 Cyber Security

Illustration name & Details

Games Can Transform Business The trend of ‘gameification’ is reaching a tipping point paving the way for IT’s role in tomorrow’s companies By Daniel Burrus

cto forum 21 December 2011

The Chief Technology Officer Forum

Pg 53

nyone who has children or who has been around them for a while knows that kids, as well as young adults, are attracted to video games like flies are attracted to light. And, while older adults may think the kids are being lazy or using their time idly when they’re connected to their Wii or Xbox using a Kinect, in reality the kids are paving the way for business training and IT’s role in tomorrow’s companies. How? It’s part of a future trend I first identified back in the 1980s that we are now calling gameification. Today, that growing trend is reaching a tipping point. If you think back, you’ll see that many of the greatest technological advances in business have come from the world of kids and games. Actually, here’s the exact flow of events: a concept or technology often begins with kids and the world of gaming. Some will start with the military, but it’s amazing how many start with kids’ games. From there it gains the attention of the adults in the business community as they learn how to adapt it to their needs, and finally it creeps into the education sector. So in many respects, the adults and the business world can learn much from the kids and their video games.

i n n o vat i o n

To see the migration of how a concept goes from kids and games to adults and business, just look at the evolution of social media. At first, young people were the predominant ones on social media sites such as Twitter and Facebook. Adults simply didn’t see the value of social media. After all, who really cared what you had for lunch or what outfit someone wore to the dance. As adults eventually took more and more interest in social media, many companies made formal policies forbidding employees from using Twitter and Facebook at work. But now that the business world has seen the relevancy of social media and how it can be a brand management, marketing, and collaboration tool, they’re embracing it, some even going so far as creating their own internal versions of Twitter and Facebook. Granted, video games and social media are different technologies, but the concept migration pattern is still the same. And with game controllers like the Wii and Xbox Kinect giving people new ways of interacting with technology, the business world is currently on the threshold of being "gameified." All this affects IT in a big way.

A new interface In the past, gaming was all about sitting in front of a computer or television screen and using a game pad, joystick, or keyboard playing against the computer or online opponent while sitting down -- a passive activity. Thanks to the Nintendo Wii’s interactive nature, players stood up, got physically involved, and actually became a part of the game. Then Microsoft introduced the Kinect, which eliminates the need for a hand held controller entirely. Players use their hand motions and body movements to manipulate the game. Thanks to Microsoft releasing a software development kit for the Kinect that allows programmers to create new applications, university students started taking this gaming concept and writing software that allows users to control business software using just hand motions -- no keyboard or mouse. An early example would be if you want to go to the next page, you do a sweep of your hand across the screen without touching anything. You can sweep to the left, sweep to the right, scroll up, scroll down, and many other things. But that’s just an early version of the

software. The future application is much more exciting. Remember the movie Minority Report where the police were able to maneuver data in the air without touching anything? Today, that’s rapidly becoming more fact than fiction. In fact, we’re now seeing major manufacturers using elements of this new interface model in their products. For example, Cadillac is experimenting with a variation of this software model that allows drivers to use hand gestures in front of the console to do common tasks. So if you want to raise or lower the volume of the radio, rather than take your eyes off the road and reach over to find the audio control knob, you would simply put your hand over to the right and lift it up or down. Just as kids are using their hand and body motions to control the

With game controllers like the Wii and Xbox Kinect giving people new ways of interacting with technology, the business world is currently on the threshold of being “gameified” game, drivers can use their hand and body motions to control features of their car. If developers can apply this technology in automobiles, imagine where else it can go?

A convergence of roles There are 78,000,000 baby boomers heading for retirement. In addition, technology is changing at a rapidly increasing pace. The ability to rapidly train new workers, as well as retrain existing employees, is now more than ever providing a major competitive advantage. Gameification will help all levels of your organisation train and learn faster, from general new hire orientations to department specific education. In other

N E X T H OR I Z O N S

words, as this gameification trend continues, which it will, IT’s role in companywide, non-IT specific education and training will expand and converge. Just like industries are converging, IT will converge with other departments. For example, we can now see the world of telecommunications converging with the world of computers and the world of entertainment. Three industries that were once separate are now coming together and working together seamlessly. That’s just one example; there are many more. In that same way, we have functions within the organisation that used to be very separate that are converging more and more because technology is enabling them. So, in the future, IT will be an even bigger part of HR, and education and training will be a key focus, all enabled by gameification.

The core of gameification The heart of the gameification trend for IT is using interactive gaming as a tool to transform training company-wide. Based on 25 years of research, I’ve identified five core gaming elements that when applied together can dramatically accelerate learning. When you implement these five elements into training, people learn more in less time and have better results. So keep these elements in mind as you help develop and deploy training modules and initiatives. Interactivity - For centuries, education and training have been, for the most part, passive experiences. Someone stands in front of a group and talks. The people being educated or trained sit and listen, taking a few notes here and there. If there is a lab, they will have some hands-on application, but application labs are not the norm in everyday education and training. As technology evolved, the trainer or teacher showed a movie or two to keep people involved, but in the end, the people learning just sat and watched. Regardless of someone’s inherent learning style, learning is much more effective when you’re interacting with the material, not passively sitting there. When you learn by gaming, you’re interacting with the information and concepts. You’re moving things around, you’re manipulating items, and you’re actually doing things. It’s no longer passive. Now you are much more engaged and immersed. The Chief Technology Officer Forum

cto forum 21 DECember 2011

N E X T H OR I Z O N s

i n n o vat i o n

Immersion - We’ve seen 3D TVs where you Competition - Humans are naturally competihave to wear special glasses to make the tive beings. We want to sell more, be more images pop out at you, but that’s because productive, innovate faster, and be smarter TVs have a lot of viewers sitting in a room than the next person. When you’re sitting in spread out. When you’re playing a game on class learning, there’s little competitive value. a small screen like a tablet or a smart phone, You’re all there for the entire timeframe the viewing angle is such that you can have whether you’ve learned the materials in one images appear 3D very easily hour or three. No one advances without special glasses. until the class is over. In the recent past and However, when you’re comthrough to the present, video peting, as in a game, there’s an games use interspatial 3D, adrenaline rush that keeps you where you go into worlds. So engaged and focused on the The expected size instead of images popping task at hand. In an effort to win, of Southeast out at you, you go inside to people master concepts faster Asian online them. That’s how games on so they can be first, not last. the Xbox 360 and others have Self-diagnostic - In the world game market by been working for years, by of gaming, as you accomplish 2015 using a regular television set or new feats and as your characflat panel display. This sort of ter gets better, the game gives technology gives an immersed you greater challenges. When effect, which engages people more. you power down, the game remembers To apply this to business, if you’re training where you left off. When you return to the salespeople on a particular manufacturing game, you still have your capabilities and tool they need to sell, why not have them see all the things your character has previously the tool in 3D and actually get to virtually learned. You don’t have to start over from manipulate the tool rather than have them ground zero. read spec sheets about it? The former will In the case of business training, if you give them more insight to the tool, which learn something, there’s no need for a trainwill make selling it easier. er to re-teach it to you. But how many times

$1bn

have you sat through a training session where you already learned a majority of the concepts yet you stayed so you could gain knowledge on a few key items? How much time did you waste? A better idea is for business training to have a self-diagnostic component. The interactive, competitive, and immersed module can know your skill or knowledge level and progress accordingly. It can know where you left off and give you next steps from that point when you log back in. This is the best way to allow for individual training and learning. Focus - When you’re playing a game, you’re forced to focus. You have to do A in order for B to occur. If you don’t do A, then you won’t get far in the game. Focus is the result of interactivity, competition, immersion, and self-diagnosis. When you can focus, you can learn virtually anything fast.

—Daniel Burrus is the founder and CEO of Burrus Research, a research and consulting firm that monitors global advancements in technology driven trends. —This article has been reprinted with prior permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.

Top Predictions for IT and Users Predictions Show IT Budgets Are Moving Out of the Control of IT Departments

artner, Inc. has revealed its top predictions for IT organisations and users for 2012 and beyond. Analysts said that the predictions herald changes in control for IT organisations as budgets, technologies and costs become more fluid and distributed. This year's selection process included evaluating several criteria that define a top prediction. The issues examined included relevance, impact and audience appeal. A list of this year's predicts

cto forum 21 December 2011

The Chief Technology Officer Forum

reports is available on the Gartner Predicts website at www.gartner. com/predicts. Gartner's top predictions for 2012 and beyond showcase the trends and events that will change the nature of business today and in years to come. Selected from across Gartner's research areas as the most compelling and critical predictions, the trends and topics they address underline the reduction of control that IT has over the forces that affect it.

"The continued trends toward consumerisation and cloud computing highlight the movement of certain former IT responsibilities into the hands of others," said Daryl Plummer, managing vice president andÂ GartnerÂ fellow. "As users take more control of the devices they will use, business managers are taking more control of the budgets IT organisations have watched shift over the last few years. As the world of IT moves forward, CIOs are finding that they must coordinate their activities in a much wider scope than they once controlled. While this might be a difficult prospect for IT departments, they must now adapt or be swept aside." GartnerÂ analysts said that going into 2012 there is an increase in the amount of information available to organisations, but it's a challenge for them to understand it. Given the shifts in control of systems that IT organisations are facing, the loss of ability to guarantee consistency and effectiveness of data will leave many struggling to prevent their organisations from missing key opportunities or from using questionable information for strategic decisions. No regulatory help is on the near horizon, leaving each business to decide for itself how to handle the introduction of big data. "Any organisation which wishes to accelerate in 2012 must establish in itself a significant discipline of coordinating distributed activities," Plummer said. "They must establish relationship management as a key skill and train their people accordingly. The reason for this is that the lack of control can only be combated through coordinative activities. The IT organisation of the future must coordinate those who have the money, those who deliver the services, those who secure the data, and those consumers who demand to set their own pace for use of IT." Gartner's top predictions for 2012 include: By 2015, low-cost cloud services will cannibalise up to 15 percent of top outsourcing players' revenue. Industrialised low-cost IT services (ILCS) is an emerging market force that will alter the common perceptions of pricing and value of IT services. In the next three to five years, this new model will reset the value proposition of IT. Low-cost cloud services will cause the cannibalisation of current and potential outsourcing revenue. Similar to what happened with the adoption of offshore delivery, it will be incumbent upon vendors to invest in and adopt a new cloud-based, industrialised services strategy either directly or indirectly, internally or externally. The projected $1 trillion IT services market is at the beginning of a phase of further disruption, similar to the one the low-cost airlines have brought in the transportation industry. In 2013, the investment bubble will burst for consumer social networks, and for enterprise social software companies in 2014.

N E X T H OR I Z O N S

illustration by Prince Antony

trends

Low-cost cloud services will cause the cannibalisation of outsourcing revenue Vendors in the consumer social network space are competing with each other at a rate and pace that are unusually aggressive, even in the technology market. The net result is a large crop of vendors with overlapping features competing for a finite audience. In the enterprise market, many small independent social networking vendors are struggling to reach critical mass at a time when market consolidation is starting, and megavendors, such as Microsoft, IBM, Oracle, Google and VMware, have made substantial efforts to penetrate the enterprise social networking market. While substantial excitement will be raised by private firms going public, valuations of smaller independent vendors will diminish as recognition sets in that the opportunities for market differentiation and fast growth has eroded. By 2016, at least 50 percent of enterprise email users will rely primarily on a browser, tablet or mobile client instead of a desktop client. While the rise in popularity of mobile devices and the growing comfort with browser use for enterprise applications preordains a richer mix of email clients and access mechanisms, the pace of change over the next four years will be breathtaking. Email system vendors are also likely to build mobile clients for a diverse set of devices for the same reason. Market opportunities for mobile device management platform vendors will soar. Increased pressure will be on those suppliers to accommodate an increasing portfolio of collaboration services, including instant messaging, Web conferencing, social networking and shared workspaces. By 2015, mobile application development projects targeting smartphones and tablets will outnumber native PC projects by a ratio of 4-to-1. Smartphones and tablets represent more than 90 percent of the new net growth in device adoption for the coming four years, The Chief Technology Officer Forum

cto forum 21 DECember 2011

N E X T H OR I Z O N s

trends

need technology to be contextualised for them by an IT department. These people are demanding control over the IT expenditure required to evolve the organisation within the confines of their roles and responsibilities. CIOs will see some of their current budget simply reallocated to other areas of the business. In other cases, IT projects will be redefined as business projects with line-of-business managers in control. By 2014, 20 percent of Asia-sourced finished goods and assemblies consumed in the U.S. will shift to the Americas. Political, environmental, economic and supply chain risks are causing many companies serving the U.S. market to shift sources of supply from Asia to the Americas, including Latin America, Canada and the U.S. Except in cases where there is a unique manufacturing process or product intellectual property, most products are candidates to be relocated. Escalating oil prices globally and rising wages in many offshore markets, plus the hidden costs associated with offshore outsourcing, erode the cost savings that didn't account for critical supply chain factors, such as inventory carrying costs, lead times, demand variability and product quality. and increasing application platform capability across all classes of Through 2016, the financial impact of cybercrime will grow 10 permobile phones is spurring a new frontier of innovation, particularly cent per year, due to the continuing discovery of new vulnerabilities. where mobile capabilities can be integrated with location, presence As IT delivery methods meet the demand for the use of cloud and social information to enhance the usefulness. Innovation is services and employee-owned devices, new software vulnerabilities moving to the edge for mobile devices; whereas, in 2011, Gartner will be introduced, and innovative attack paths will be developed estimates that app development projects targeting PCs to be on par by financially motivated attackers. The combination of new vulnerwith mobile development. Future adoption will triple from 4Q10 to abilities and more targeted attacks will lead to continued growth in 1Q14, and will result in the vast majority of client-side applications bottom-line financial impact because of successful cyber attacks. being mobile only or mobile first for these devices. By 2015, the prices for 80 percent of cloud services will include a By 2016, 40 percent of enterprises will make proof of independent global energy surcharge. security testing a precondition for using any type of cloud service. While cloud operators can make strategic decisions about locaWhile enterprises are evaluating the potential cloud benefits in tions, tax subsidies are no long-term answer to managing costs, and terms of management simplicity, economies of scale and workinvestments in renewable-energy sources remain costforce optimisation, it is equally critical that they carely. Some cloud data center operators already include an fully evaluate cloud services for their ability to resist energy surcharge in their pricing package, and Gartsecurity threats and attacks. Inspectors' certifications neranalysts believe this trend will rapidly escalate to will eventually become a viable alternative or compleinclude the majority of operators — driven by competment to third-party testing. This means that instead itive pressures and a "me too" approach. Business and of requesting that a third-party security vendor conof Fortune 500 IT leaders and procurement specialists must expect to duct testing on the enterprise's behalf, the enterprise organisations see energy costs isolated and included as a variable elewill be satisfied by a cloud provider's certificate statwill fail to ment in future cloud service contracts. ing that a reputable third-party security vendor has Through 2015, more than 85 percent of Fortune 500 already tested its applications. effectively organisations will fail to effectively exploit big data for At year-end 2016, more than 50 percent of Global exploit big data competitive advantage. 1000 companies will have stored customer-sensitive Current trends in smart devices and growing Interdata in the public cloud. net connectivity are creating significant increases in With the current global economy facing financial the volume of data available, but the complexity, variety and velocity pressure, organisations are compelled to reduce operational costs with which it is delivered combine to amplify the problem substanand streamline their efficiency. Responding to this imperative, it is tially beyond the simple issues of volume implied by the popular estimated that more than 20 percent of organisations have already term "big data." Collecting and analysing the data is not enough — begun to selectively store their customer-sensitive data in a hybrid it must be presented in a timely fashion so that decisions are made architecture that is a combined deployment of their on-premises as a direct consequence that have a material impact on the producsolution with a private and/or public cloud provider in 2011. tivity, profitability or efficiency of the organisation. Most organisaBy 2015, 35 percent of enterprise IT expenditures for most organitions are ill prepared to address both the technical and management sations will be managed outside the IT department's budget. challenges posed by big data; as a direct result, few will be able to Next generation digital enterprises are being driven by a new wave effectively exploit this trend for competitive advantage. of business managers and individual employees who no longer

Next generation digital enterprises are being driven by a new wave of business managers and individual employees who no longer need technology to be contextualised for them by an IT department

85%

cto forum 21 December 2011

The Chief Technology Officer Forum

securit y

N E X T H OR I Z O N S

Cyber Security

Are stricter regulations the answer?

n October 13, 2011 the Securities and Exchange Commission (SEC) Division of Corporation Finance released a guidance document that outlines disclosure practices for public companies in light of the most recent spike in cyber security attacks and associated data breaches. The guidance document hints that companies have to be paying more attention to assessing the impact of cyber security attacks and its outcome; especially as it relates to weaknesses in the security posture and preventive measures of the organisation. While it will be interesting to see how this new guidance will influence the interaction between CISOs and their business peers as it relates to securing bigger budgets to address the risk associated with advanced persistent threats (APT), the overarching question is if the SEC guidance is a sufficient measure to overcome the chasm between compliance and security. 2011 has seen record numbers of cyber security attacks and associated breaches. These attacks are just the tip of the iceberg. Has the SEC guidance fell short of its objectives and therefore stricter regulations are required to drive a risk-, security-driven approach to IT throughout public and private industry? It’s well known that the majority of organisations puts compliance first, not security. Unfortunately, being compliant does not equate to being secure since compliance lacks the correlation to risk and is conducted periodically, rather than continuously. Thus, only regulations that mandate prioritising security in the overall picture will really move the needle. While the SEC guidance is a good step from

a government agency, regulations should be considered that put security in the spotlight, as organisations have to overcome the tickbox mentality of traditional compliance mandates. As a result, any consideration of stricter regulations to tackle cyber security threats should mandate the implementation of a pro-active information security risk management system (ISRM) and related best practices. The degradation of core security capabilities as described in the PwC survey is illustrated by the fact that organisations’ vulnerability measures are unable to keep up with the evolving exploits, including perimeter intrusion detection, signature-based malware, and antivirus solutions. Often, these security tools operate in a silo-based approach and are not integrated and interconnected to achieve a closed-loop process and continuous monitoring. Another shortcoming lies in the fact that a majority of vulnerability programs lack a risk-based approach, whereby vulnerabilities and associated remediation actions are based on the risk to the business. Fortunately, the public, lawmakers, and regulators in Washington D.C. are becoming increasingly better informed as it relates to threats and vulnerabilities of the nation’s critical infrastructure so that further actions are expected in the near future. Until then, private and public organisations should consider the SEC guidance as a wake-up call and

overhaul their approach to ISRM to counter cyber attacks and prevent data loss, unauthorised disclosure, and data destruction. At the same time, they should pursue close collaboration with the U.S. Department of Homeland Security, which has set up a trial program to share cyber threat data with industry players in order to prevent intrusions. By implementing an ISRM program, an organisation can not only increase its security posture, but inevitably is prepared for stricter regulations related to the cyber security threats that are looming in the future. —This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com.

The Chief Technology Officer Forum

cto forum 21 DECember 2011

Security Leadership Awards 2011 Recognising the best minds in Security Leadership & Innovation

In an attempt to recognise those individuals who have contributed and succeeded in pushing the boundaries when it comes to innovation in information security, CSO Forum, brings to you, the 1st Annual Security Leadership Awards. Judged by our esteemed council, the Security Leadership Awards bring those individuals to the forefront who are constantly innovating and pushing the boundaries of security within the enterprise.

CMY

December 2, 2011 â&#x2C6;&#x17E; Pune, India For details log onto

http://www.thectoforum.com/csosummit2011

About the Security Leadership Awards Security management is now recognised as a key business enabler. Forward-thinking security leaders have made tremendous progress in driving tighter linkages between business excellence goals and security actions. Their contributions need regular industry driven; peer-acknowledged awards to highlight the best successes; recognise the function and provide encouragement for future innovations in Security Management The Security Leadership Awards is a dedicated platform to recognise such security executives; their teams and organisations for outstanding achievement in the areas of risk management, data asset protection, compliance, privacy, physical and network security.

Highlights

• Six Award categories • Eminent jury members • Transparent nomination process • Awards ceremony on 2nd December, during the 4th Annual CSO Summit, 2-3 December, 2011 at Pune

Why participate

• Get recognised as a star by leaders of • • •

the industry Join an exclusive club of achievers Learn from successful peers in an exclusive knowledge forum Share your and your company’s success stories

Award Categories 1. Security Practitioner of the year 2. Security Innovator of the year 3. Security Project of the year 4. Security Organisation of the year 5. Promising star 6. Security Visionary of the year

Who can apply?

• CSO's and CISO's • Heads of Information Security /

Information Risk & Compliance and their team members of companies operating in India.

Nominations open! To nominate yourself or your CISO/CSO logon to http://www.thectoforum.com/csosummit2011 or contact Vinay Vashistha at +91 9910234345 or email at vinay.vashishta@9dot9.in

Managing Big Data

James Markarian, EVP and CTO, Informatica talks about the importance of managing Big Data, in an interaction with Varun Aggarwal

cto forum 21 December 2011

The Chief Technology Officer Forum

With the explosive growth of data, how can CIOs effectively help organisations exploit data and turn it into business results? As we all know, the current explosive growth of data is unprecedented. Traditional transaction data, in business applications continues to expand at a healthy pace. Amazingly, the rapidly increasing volume of interaction data, in social networking sites, dwarfs the growth of traditional transaction data. We now measure data volumes in Petabytes, Exabytes, Zettabytes and soon Yottabytes. We call this deluge of data the â&#x20AC;&#x153;big dataâ&#x20AC;? phenomenon. It is not just about the volume of data, but also the variety and velocity. Organisations are keen on monetising interaction data including that

Ja me s M ark arian

from social networks, machine generated data such as surveillance cameras and sensors, Internet access in emerging countries, datacenters supporting cloud computing and geospatial data from smartphones and tablets. CIOs are reimagining how they continue to deliver more value to business and are keen on turning data into opportunities. This is one of the major technology-enabled business imperatives for organisation of all sizes around the globe. Traditionally, enterprise data was structured in relational databases, as well as in applications such as ERP, CRM and analytics. Today data exists throughout organisations and resides in both structured and unstructured formats. Take, for example, CRM. For many businesses, information on social media is a part of their customer relationship management process. However, this information is not structured in a formal CRM database. Businesses are struggling to have a single, trustworthy view of this information, combining the transaction data from traditional applications with social media or other interaction data like call detail records (CDR), device-generated data and scientific data. Big data processing platforms, including Hadoop, are coming of age at a time when business executives and knowledge workers have so much appetite for data-driven decision making and business operations. Processing and analysing the combination of big transaction and interaction data is paramount. In order to respond to the big data challenge, IT organisations are taking a platform approach where they can start with the right foundation to unleash the full business potential of big data. When I meet with executives to discuss their goals for harnessing big data and tacking their data integration challenges, they are cognizant of the risk-reward equation over the technology roadmap. In many cases, they don’t want to make a final decision on the various data-

related investments at this juncture. Rather, they need an array of options so that they can evolve with the platform along a three to five year horizon. This is why Informatica’s open, neutral platform approach to process virtually all types of data, making it accessible, meaningful, and usable to the people and processes are appealing to them. IT leaders can empower the business to get fast access to big data for business value progressively, starting with high priority, immediate projects and extending them as the business needs evolve.

“We now measure data volumes in Petabytes, Exabytes, Zettabytes and soon Yottabytes. We call this deluge of data the “big data” phenomenon” Managing unstructured data is often a bigger challenge. How can organisations manage data residing in complex formats like XML, binary, machine generated, industry standards and documents like excel, PDF and Word? Unstructured data has been largely under-exploited because businesses have been expecting the traditional business intelligence and analytics to produce results that are based on relational data. That is now changing as platforms, like Hadoop, are making it easier to process log data, event data and textual data. Historically, people relied on custom-coding

N O H O L D S B A RR E D

data parsing tasks of these unstructured data which are error-prone and time-consuming. As organisations move to drive more efficiency and scale in extracting value from the heterogeneous environments from unstructured data, they would want to leverage both traditional data infrastructures and big data processing platforms like Hadoop. Informatica has years of experience and expertise in extracting value from complex, unstructured data with visual integrated development environments (IDE) based on a single engine covering a broad range of data formats, including support for device-generated data. We recently released an offering called HParser that exploits parallelism in Hadoop MapReduce. With HParser, developers can create an abstraction layer between the application logic in MapReduce and data sources. This enables projects to easily scale by allowing application logic to be written once and then applied across multiple data sources. Using the same IDE, the design artifacts can be extended to the rest of the enterprise beyond Hadoop projects. How is cloud computing contributing to information growth? How can information of various cloud and on-premise applications be managed? Cloud computing has changed the economics of computing by enabling even more transaction data to be cost effectively captured by Cloud service providers. Cloud computing has also made data storage cheaper and more scalable by reducing the capital expenditure required for onpremise storage hardware. When cost is no longer a consideration, data is growing as business requirements increase. Furthermore, Cloud computing is made possible by the ability of applications, information, software and platforms to be delivered as a service over a network to devices and individuals, where and when they need it.

The Chief Technology Officer Forum

DOSSIER Company: Informatica Established: 1993 headquarters: Redwood City, California products: Informatica PowerCenter, PowerExchange, Siperian Network: 2500 employees

cto forum 21 DECember 2011

N O H O L D S B A RR E D

James M ark arian

“Economies of scale of cloud computing will fuel sustained growth of transaction data that previously would have been cost-prohibitive” —james markarian EVP and CTO, Informatica

Undoubtedly, the growth of transactions has been fueled by dramatic economies of innovation. Now, cloud computing represents the next wave of economies of scale. More business applications, along with the associated transaction data, are being outsourced to cloud service providers. By delivering the same service to thousands of customers, these cloud service providers further reduce the cost of computing. Economies of scale of cloud computing will fuel sustained growth of transaction data that previously would have been cost-prohibitive. Now your question of managing cloud and on-premise based applications is a very important one. A hybrid-IT organisation is empowered to take advantage of the best of cloud and on-premise worlds – public/private cloud applications, platform and infrastructure services that are tightly integrated with on-premise systems. We are definitely seeing our core IT customers who are revising their plans and reference architectures because they are now tasked with rationalising these cloud and on-premise offerings for better agility and business value. This is why Informatica offers our enterprise data integration technology for on-premise and cloud environments. Tell us more about Informatica’s vision for Hadoop. How is Hadoop helping Informatica’s customers? Informatica’s Hadoop solution is geared toward helping organisations get more from their Hadoop investments and leverage their existing data integration skill sets. With Informatica’s Hadoop offerings, we

cto forum 21 December 2011

The Chief Technology Officer Forum

help achieve ease and reliability of preand post-processing of data into and out of Hadoop and improve productivity for extracting greater value from unstructured data sources – images, text, binaries, industry standards, etc. We are focused on our Hadoop solution because of the growing interest and questions so that Informatica can assist organisations in rationalising Hadoop-related offerings as part of their data infrastructure investments. So our vision is to help organisations unleash the value of Hadoop, allowing them to leverage the existing IT investments including data integration skills and design environment. Just like we did this in RDBMS environment, Hadoop is a relatively new technology that is largely manually scripted at this point in time, which makes it error-prone and time-consuming, with poor auditability and manageability. These are the same problems that we started solving 15 years ago in the world of relational databases and SQL. Leveraging that expertise and experience, Informatica is now focused on solving these challenges in Hadoop. You are the Chief Technology Officer of Informatica, who is at the center of this exciting journey of big data. Where do you want to take your company? As I mentioned earlier, it is an exciting time to be in the data integration space, because Informatica is playing a leading role in shaping the direction of the data integration market. Today our technology is able to

help organisations solve challenges that five years ago we only dreamed of. Right now, I’m spending my time and energy focused on addressing the following questions: What would the continuation toward mobile lifestyle of people mean from the data integration standpoint? How can we make it even easier for people to collaborate and share information? What additional ways can we help organisations harness social data across the enterprise? How can Informatica help organisations gain a better Return on Data? Big data, like our overall industry, is being reshaped by the nexus of three secular technology trends. Cloud computing, social computing and mobile computing are for the first time simultaneously redefining the “where,” “what” and “how” of the computer industry. The “where” is moving from onpremise computing to cloud computing, changing the economics of computing. The “what” is shifting from “transactionprocessing” with business applications like SAP and Oracle to “interaction-processing” with social media services like Facebook, Twitter and LinkedIn, changing the role of computing. And, finally, the “how” of computing is adapting from desktop computers to mobile devices, changing the face of computing. As the Chief Technology Officer of Informatica, I am looking at these three dimensions, the “where,” “what” and “how” of the computing industry and continually seeking ways for organisations to do these things easier helping us all fulfill the promise of the data-centric enterprise.

T E C H FOR G O V E R N A N C E

compliance

POINTS

determine the extent of the organisationâ&#x20AC;&#x2122;s cardholder data environment (CDE) ocument the d cardholder data flow evelop a network d diagram that documents all of the firewalls, routers, switches, access points, servers and other network devices and how they are architected can the entire s network to confirm that cardholder data is not stored anywhere outside of the CDElaunched service January 2000 i f cardholder data is in the clear, then that portion of the network is in-scope

PCI Compliance:

What is In-Scope? The nuances in the implementation of technological solutions do not always allow a black and white answer 60

cto forum 21 December 2011

The Chief Technology Officer Forum

compliance

You would think this question

would be an easy question to answer when talking about the PCI standards because anything that processes, stores or transmits cardholder data is in-scope for PCI compliance. However, the nuances in the implementation of technological solutions do not always allow a black and white answer. Here are some of the most common in-scope issues we seem to come across. Defining The Cardholder Data Environment The first step in any PCI assessment is determining the extent of an organisation’s cardholder data environment (CDE). However, it should come to no surprise to anyone that defining an organisation’s CDE can be difficult even in the smallest of organisations. The first question is who is responsible for defining the CDE? Until the release of the PCI DSS v2.0, this was not clear, but had always been implicitly defined by the PCI SSC and the card brands as the responsibility of the organisation, not the QSA. The QSA’s role is to take the CDE definition provided by the organisation and confirm that the CDE definition is accurate based on the QSA’s assessment work. The next question that inevitably comes up is how does an organisation prove that its CDE is its CDE? There are a variety of things an organisation can do to define their CDE. The first thing to do is to document the cardholder data flow. This effort should define all of the applications involved as well as which applications actually store cardholder data. Once the data flow is defined, then an organisation should develop a network diagram that documents all of the firewalls, routers, switches, access points, servers and other network devices and how they are architected. The final step in proving the extent of the CDE is for the organisation to scan their entire network to confirm that cardholder data is not stored anywhere outside of the CDE. For organisations that have invested in data loss prevention (DLP) technology, it usually means setting their DLP solution to

look at all computers on their network and determine if any unencrypted cardholder data exists anywhere outside of the proposed CDE. However, some DLP solutions have not capability to look at data stored in databases, so just because you have a DLP solution does not mean you have searched everything. For those organisations that do not have a DLP solution, the process is the same but possibly a bit more complicated. For organisations that have a budget, they can license GroundLabs’ Enterprise Recon utility to scan their network and databases. For smaller organisations, GroundLabs also has Card Recon that it licenses on a number of PCs/servers basis. There are also free or open source utilities available such asSpider from Cornell University, SENF from the University of Texas and CCSRCH from Sourceforge. I personally prefer Spider from Cornell as I think it finds the fewest false positives of the three free utilities. However, none of

Networks used to transmit cardholder data in the clear are always in scope. Where things seem to get confusing for people is when encryption is brought into the mix

T E C H FOR G O V E R N A N C E

these utilities can scan a database and find cardholder data stored in a database. And just so we are clear, all of these utilities are no absolute guarantee that an organisation has truly found all cardholder data they may have stored on systems. But, it is better than have done nothing. For organisations that are not using a utility that understands database scanning, there is a manual way to conduct your assessment. Unload any credit card account number (PAN) fields as well as all comment fields into a CSV or similar file format and then use whatever utility you are using to scan those files for cardholder data.

Networks and Managed Service Providers Networks that are used to transmit cardholder data in the clear are always in scope – no exceptions. Where things seem to get confusing for people is when encryption is brought into the mix. However, going back to the original definition, if cardholder data is in the clear, then that portion of the network is in-scope. But, believe it or not, this just creates more confusion and arguments. The bottom line is that any network encryption endpoints are also always inscope. That is a statement that I have almost come to blows over more than once with managed service providers (MSP) that thought their devices and network were totally out of scope because of encryption. In a lot of these instances, the MSP is the one managing the encryption keys and since they managed those endpoints and the related encryption keys, those endpoints are in-scope for PCI compliance and so are the MSP’s policies, standards and procedures for managing those devices (Requirements 1, 2 and 4) and keys (requirements 3.5 and 3.6). “But the cardholder data is encrypted,” is the common refrain from the MSP. Agreed. But a QSA still needs to gauge compliance for the endpoints, not the connectivity between the endpoints. However, MSPs argue that the endpoints are also out of scope because of encryption. That would be right if someone other than the MSP managed the encryption keys. Another battle QSAs run across is about MPLS networks. The bottom line is that a lot of MSPs do not agree with their activities being in-scope The Chief Technology Officer Forum

cto forum 21 DECember 2011

T E C H FOR G O V E R N A N C E

compliance

and they refuse to allow an assessment of their environment where their activities are in-scope. In those instances, we have no choice but to mark the client as not having those requirements in place. I have constantly asked MSPs that fight us to explain why the MSP is not responsible when the client cannot respond to the requirement because the MSP performs that function? More often than I would like to admit, we get the “trust us” response. In a few instances, I have been told that, “The PCI SSC and card brands never meant it to be treated that way.” Really? Because in QSA training the PCI SSC has been very consistent on the explanation of what is in-scope and MSPs are in-scope if they perform functions that are required to comply with the PCI standards. While the majority of MSPs have come to this realisation, there are still holdouts out there that still refuse to cooperate.

Applications Applications that process, store or transmit cardholder data are always in-scope

package can communicate – period. I think everyone with another application packunderstands that statement; age. The biggest problem with however, it is the nuances middleware comes from the within applications that create fact that a lot of application the problems. expected size integration teams are not In today’s integrated appliof India Data really sure as to whether the cation environment, it is no Center Hosting cardholder data is in cleartext wonder that determining what or encrypted. applications are in-scope is difMarket by 2016 The other problem we have ficult, if not impossible. Most encountered with middleware organisations have gotten out of is the lack of security surthe complete application develrounding the administration opment game and are now in consoles of the middleware. Most middlethe application package integration game. ware consoles are browser-based and can be As a result, organisations are relying more accessed by anyone on the network. Worse and more on the application package venyet, a lot of these consoles can have serious dors to understand data flow, particularly security issues that make then susceptible to cardholder data flow. While the PA-DSS procompromise. cess has greatly helped in getting data flow diagrams, there are still a lot of credit card processing applications where the data flow diagram is just not supplied. —This article is printed with prior permission from Then we have “middleware” that further www.infosecisland.com. For more features and obscures things. Middleware reformats opinions on information security and risk manageinformation streams so that one application ment, please refer to Infosec Island.

$1.3bn

ThoughtLeaders Sandeep Gupta

Sandeep Gupta MD - ITEC, Protivit

Internal auditing for improved efficiency CIOs need to transform internal audit into a valued strategic department and find the right balance among risk, cost and value

Internal audit is no longer limited about transactional auditing and process level auditing. IT auditing has gained increasing significance in the scheme of audits. The top five ways in which IT auditing adds value are: Reduce risk: The planning and execution of an IT audit is by and large focused on identifying and assessing risks in an organisation’s IT environment. Once the risks are identified and assessed, the next step is to start reducing or mitigating the risks through controls, risk transfer (e.g. insurance) or risk acceptance (e.g. built into the business). It is critical to understand that IT risk is business risk. Threats and vulnerabilities in IT operations can unswervingly affect an entire organisation. Risk mitigation best practices include ISACA COBIT and Risk IT frameworks and the ISO/IEC 27002 standard ‘Code of practice for information security management’. Build up controls (and improve security): After risks are assessed as mentioned above, controls are identified and assessed. This allows for feebly designed or ineffective controls to be redesigned and/or strengthened.

The COBIT framework of IT controls is above all valuable here. It consists of four high level domains that cover 32 control processes useful in reducing risk. The COBIT framework covers all aspects of information security including control objectives, key performance indicators, key goal indicators and critical success factors. Act in accordance with regulations: Wide ranging regulations at the federal and state levels include explicit requirements for information security. IT auditing serves a critical function in ensuring that specific requirements are met, risks are assessed and controls implemented. Sarbanes Oxley Act (Corporate and Criminal Fraud Accountability Act) includes specific requirements on all public companies. The act requires companies to ensure that internal controls are adequate as defined in the framework of the Committee of Sponsoring Organisations of the Treadway Commission’s (COSO). Auditing provides the assertion that such requirements are met. Health Insurance Portability and Accountability Act (HIPAA) has three areas of IT requirements – administra-

“Internal audit is no longer about transactional auditing and process level auditing. It has gained significance in the scheme of audits”

tive, technical and physical. It is vital for an organisation to have assurance that all these requirements are met. Assist communication between business and technology management: An audit promotes better communication between the business and technology management teams. The audit events of interviewing, observing and testing result in valuable information in written reports and oral presentations. Senior management is thus well-versed of how their organisation is functioning. The technology professionals in an organisation also need to make out what senior management think, what their objectives are and the directions that they are going. Auditors can commune some of this information and through participation in meetings with technology management. Develop IT Governance: . IT auditing and overall IT management are focused on the value, risks and controls around an organisation’s technology environment. Auditing helps review the value, risks and controls in all of the key components of technology – applications, information, infrastructure and people.

The Chief Technology Officer Forum

cto forum 21 DECember 2011

VIEWPOINT Steve Duplessie | steve.duplessie@esg-global.com

Illustration by prince antony

Unified Communications and Video in the Cloud

Bye Bye Telco of Yesterday

For about a thousand years telecommunications companies have relied on analog wires connected through the land to dominate and capitalise on humans’ desire to speak to each other. The fact that few rarely have anything worth hearing is not the point. Since the dawn of the Cloud Era, I’ve been trying to figure out how the monolith organisations such as Telcos were going to play in this transformative era. At first they did what they always do — they put up infrastructure as a service and got stuffed with gear in the exact same way. Now they are trying to find a means – any means – to get someone to use that capacity. Then they started offering some kind of services themselves – backup has been a popular one, though since Telcos don’t speak that language, they tend to languish or focus on consumers. But what is a Telco? A telco is a communications infrastructure provider – who happens to have the most important thing required in this transformation – a direct customer billing relationship. Now that all Telcos – and all enterprises – have adopted IP-based tele-

cto forum 21 December 2011

phony, the stage has been set for the next wave — which will be complete cloud-based unified communications services. Telcos will have to adapt to providing these services in order to retain their value over the next 10 years, or they will be relegated to being bandwidth brokers alone. Enterprises will want to outsource ALL of their complex UC/Video needs the exact same way they outsourced their complex CRM needs. As a matter of fact, this is exactly the kind of value added next generation service SalesForce should be providing – since the whole point of “unified” now means “integrated” and Salesforce is the integration platform of choice for most businesses. IBM has the cloud, but not a play yet. Dell and HP aren’t doing anything that I can see. People like Polycom will be interesting to watch. Cisco made a big bet here long ago – and is doing quite well. The existing arms supplier to the Telcos for IP Telephony version 1.0 is Broadsoft, but Telcos are mumbling that they don’t have the chops to be there for version 2.0. Thus far, while there are a few contenders, the one I’d

The Chief Technology Officer Forum

About the author: Steve Duplessie is the Founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com

bet on is Thinking Phone Networks in Cambridge, MA. Little, but they seem to have all the right parts, people, and are built for the cloud. They have very large, very global players cruising in and out of the peoples’ republic of Cambridge as of late, and I know of at least one multinational global conglomerate OEM deal about to happen. I don’t know enough about the others (yet) to be able to tell who has a legit chance or not. This is a new space for me, but one I do find fascinating. My point isn’t to call the winner, my point is to call the next market in this space. Just like the big banks said “no one will ever buy stock online” or the Telcos said “no one will ever use an internet phone system”, both have evolved WAY beyond from what could be – to what should be. My data of record is in the cloud on salesforce – connected/integrated seamlessly with my communications – and none of it sits on my site. I rent what I need when I need it. It’s the reason I now run Apple everywhere in my life. It just works. And that’s how all this stuff is supposed to be.

Run applications up to 50x faster.

What IT performance can be. With WAN optimization solutions from Riverbed®, you can increase application performance up to 50 times faster over the WAN, delivering LAN-like performance just about anywhere — from remote offices to the data center to the cloud. Learn more at riverbed.com/50x For any queries, please contact marketingindia@riverbed.com