cTo forum
Technology for Growth and Governance
July | 07 | 2012 | 50 Volume 07 | Issue 22
Next Horizons
Manage Technology to Benefit From IT | Is Surface Tablet an Alternative to the iPad? | The Application Security Programme
Making
Cloud Collaborations Page 47
Data Sing New age BI/BA tools are enabling businesses to cut off data noise and make it sound like music to the management Page 28 Best of Breed
Who Knows More About Tech? Page 18
Tech For Governance
Volume 07 | Issue 22
A 9.9 Media Publication
Debunking Information Security Myths Page 40
editorial yashvendra singh | yashvendra.singh@9dot9.in
Back With a Bang Big Data, social
media and mobility have pushed Business Intelligence back on the CIO’s agenda
E
nterprises are today striving to get relevant and actionable information in order to take smart and informed decisions. They are doing it because they don’t have a choice. In the times to come, only those enterprises that are able to get actionable insights from the deluge of data will be able to survive and thrive. To make sense out of this inundation of information, companies need to take endto-end control of their data and
editor’s pick 28
manage its various aspects including origin, collection, and usage. Technology decision makers have realised this, and by the time we entered into calendar year 2012, big data analysis was on the top of many a CIO agenda. Business Intelligence (BI) and Business Analytics (BA), which is the next evolution of BI, is where the real action is. These tools are enabling CIOs to store, classify, maintain and manage data. This in turn helps them
Making Data Sing New age BI/BA tools are enabling businesses to cut off data noise and make it sound like music
in empowering the sales team, understanding customer patterns, and servicing them better by leveraging IT. Gartner has also recognised the importance of BI/BA. It believes BI will be the top technology priority for CIOs in 2012. Despite constrained budgets, Gartner feels, CIOs will continue to spend money on BI. In fact, a recent MIT Sloan Management report -- Analytics: The Widening Divide -- has provided solid evidence in support of BI. The report discovered that enterprises that used analytics were twice more likely to substantially outperform their competitors that did not use analytics. The report gathered insights from over 4500 executives and managers. Business Intelligence had dropped from the numero uno position on Gartner’s priority list
in 2010. The reason being that at that time corporates did not have the business focus and they were unable to harness BI effectively and fully. The high expectations from BI were not met. With mobility, social media, big data and real-time data gaining traction, BI is back with a bang. In this issue, we throw light on the importance and evolution of BI/BA in the Indian IT landscape. We also look at how some of the CIOs are leveraging BI/BA to create value from the enormous amounts of data being generated. We would be eager to know your experience with BI and BA. We look forward to your feedback.
The Chief Technology Officer Forum
cto forum 07 july 2012
1
july12 Conte nts
thectoforum.com
28 Columns
Cover Story
28 | Making Data Sing
4 | I believe: Big Data Drive: Next-Generation Analytics
New age BI/BA tools are enabling businesses to cut off data noise and make it sound like music to the mgmt
By Manuel Sevilla
52 | View point: Follow IT’s Money Financial Transformation of IT By Ken Oestreich
cTo forum
Technology for Growth and Governance
July | 07 | 2012 | 50 Volume 07 | Issue 22
nexT horIzons
cto forum 07 july 2012
The Chief Technology Officer Forum
Making
Cloud Collaborations Page 47
Features
Data Sing New age BI/BA tools are enabling businesses to cut off data noise and make it sound like music to the management Page 28 BesT of Breed
Who Knows More About Tech?
Page 18
Tech for Governance
Volume 07 | Issue 22
2
Manage TeChnology To BenefiT froM iT | is surfaCe TaBleT an alTernaTive To The iPad? | The aPPliCaTion seCuriTy PrograMMe
Please Recycle This Magazine And Remove Inserts Before Recycling
Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Tara Art Printers Pvt Ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301
A 9.9 Media Publication
debunking Information security Myths
Page 40
Cover Design Shigil N
18 | Best of breed: Trolling for Tech Talent in a Tight Market
www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Consulting Editor: Atanu Kumar Das Assistant Editor: Varun Aggarwal Assistant Editor: Ankush Sohoni DEsign Sr Creative Director: Jayan K Narayanan Art Director: Anil VK Associate Art Director: Atul Deshmukh Sr Visualiser: Manav Sachdev Visualisers: Prasanth TR, Anil T & Shokeen Saifi Sr Designers: Sristi Maurya & NV Baiju Designers: Suneesh K, Shigil N, Charu Dwivedi Raj Verma, Peterson, Prameesh Purushothaman C & Midhun Mohan Chief Photographer: Subhojit Paul Sr Photographer: Jiten Gandhi advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay
14 A Question of answers
14 |Virtualisation Traction More on Desktops Sanjay Deshmukh, India
Head, Citrix talks about the adoption of desktop virtualisation and its growth in the Indian market 40
47
RegulArs
01 | Editorial 06 | letters 08 | Enterprise Round-up
advertisers’ index
40 | TeCH FOR GOVERNANCE: debunking infosec myths
38 | next horizons: Cloud Collaboration
An approach that'll help you turn your people into your greatest assets and advocates for infosec
An evolution in the role of the IT will require an even tighter alignment between the CIO and the CFO
IBM CCTRL S HP PSG Datacard PID Pvt Ltd SAS Institue Airtel HP – IPG
IFC 5 7 11 13 17 IBC BC
Sales & Marketing National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) Senior Sales Manager (North): Aveek Bhose (+91 98998 86986) Product Manager - CSO Forum and Strategic Sales: Seema Menon (+91 97403 94000) Brand Manager: Gagandeep S Kaiser (+91 99999 01218) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bungalow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
The Chief Technology Officer Forum
cto forum 07 may 2012
3
I Believe
Manuel Sevilla CTO, Capgemini The author is responsible for Capgemeni's Global Business Information Management (BIM) service line and his goal is to provide the best use of the information to the customers
Big Data Drive: NextGeneration Analytics One needs to realise that Big Data is not just a buzz word, it is a real business opportunity
The rise in Big Data has been driven by advances in technology from analytics and cloud computing to storage, but also due to its increasingly demonstrable impact on business. Recent research from Capgemini and the Economist Intelligent Unit (EIU) reveals that the use of Big Data,
4
cto forum 07 july 2012
The Chief Technology Officer Forum
current challenge maximising business opportunities offered by big data
where applied, has increased organisational performance by an average of 26 percent in the past three years and this is expected to accelerate rapidly by 2015. Capgemini’s research shows that over 90 percent of executives now view data as the fourth most important factor for business behind land, labor and capital. Big Data can be characterised by: • Higher volumes of data than an organisation is accustomed to processing • Data from multiple sources – from internal and document management systems, to external sources such as the internet or third party suppliers beyond a company’s firewall • A range of data types from structured database tables, to semistructured data such as forms and unstructured data including freetext, voice, video or social media • The rise in technical data types from digital sensors, GPS devices and RFID tags connected to growing sensor networks • The increasing need for real-time or near real-time analysis and response In order to fully leverage business advantage from Big Data, one needs to realise that Big Data is not just a buzz word, it is a real business opportunity. Rather than just being an IT project, Big Data provides an opportunity to create new business models or to improve existing models. In light of Big Data it’s important to re-think these models particularly in terms of revenue and margin improvement so that Big Data analytics can be integrated, leveraged and measured against realistic total cost. On the one side, Big Data solutions allow the likes of Google, Yahoo and eBay to handle huge volumes of data while on the other side in-memory solutions now guarantee a response time for complex analytical needs in a few seconds or even less.
10
10
10
10
10
10
10
10
10
10
00
00
01
10
01
10
10
10
11
11
10
01
00
00
00
11
10
10
11
10
11
01
00 1 11 01 0 00 01 01 0 11
01
00
10
10 10101 10100010 10101001101 10111010010000 10101000101111101 0 00101010101000101 110 0 1 0 1 0 1 0 1 0 10 11 01 1 0 1 001010 00 10 01 00 10 01 01 11 10 01 11 01 10 10 01 00 10 00 10 01 00 01 10 1 01 01 00 01 10 01 01 00 01 10 10 10 10 11 01 10 01 11 01 11 00 11 01 00 01 01 00 10 1 01 01 10 01 01 01 11 00 10 0 01 01 01 0
No More Data Lost in transit Our Zero Data Loss Solution ensures that your business doesn’t lose even a single byte of data or precious minutes getting your service back on track in the event of a downtime.
Zero Data Loss
DR solution
Data lost in transit during a downtime is irretrievable. Traditional Disaster recovery services take at least 4 to 5 hours to initiate the recovery process, putting a great deal of data at risk. Which is why a Zero Data Loss Solution makes perfect business sense.
To know more, Write to us: marketing@ctrls.com | Call us: 040-42030583
Visit www.ctrls.in/mumbai-data-center
CtrlS Business Solutions DR on demand | MyCloud - Private cloud on-demand | Managed Services | Messaging Solutions
LETTERS COVE R S TO RY
mobility
mobility
Define your mobility goals In a conversation with Ankush Sohoni, Vishal Tripathi, Principal Analyst, Gartner talks about some of the key trends in enterprise mobility
D
to Mak e
Vishal Tripathi Principal Analyst Gartner
USer exPerie
The Chief TeChnology offiCer forum
What are some of the common challenges that CIOs encounter when faced with this scenario? The biggest challenges is managing these devices. you cannot tell people what to buy. Cios are therefore trying to standardise. Some are taking a stand and supporting only a specific set of devices. one has to also understand that these things depend on how important enterprise mobility is to an organisation. Sometimes the iT organisation is not under any kind of obligation to support these devices. it may ro may not be a KrA for them. in this sort of scenario,
COVE R S TO RY
where they are responsible of servicing their users’ issues with devices. Do you see an opportunity for third party service providers to come into the picture and help take the load off the enterprise in terms of mangeability? yes, there is a big opportunity for 3rd party companies to come into the picture and take the load off enterprises. The service provider will have the capability to exclusively service the devices present in a company and
als two go e broaDly ulD be there arbyoD, which cogoals. the with financial t employee or social als are abouetc. go social satisfaction
we are encountering situations where the iT guys are saying this is the level that we support your device to, and we will not do anything else. So it’s not like they will give you every single thing an end user wants. A lot of them are using virtual desktop as a solution, so when someone logs into a computer network they log in using a VPn and even if data is stored, it is not being stored locally. There are broadly two goals with ByoD which could be social or financial goals. The social goals are to do with employee satisfaction, retention policies, or empowerment. users are made too feel that they work in an environment that is open and accepting of change and new technologies. Contrary to this, the financial goals talk about whether bringing in mobile devices or a mobility strategy will cause cost savings. iT organisations can also have a charge back mechanism
allow easier manageability. it then becomes an internal vendor v/s external vendor call that has to be taken by the enterprise. So its obvious that managing devices within the control of the company is better than doing so outside it. So then a third party provider can help a lot as being a vendor to diagnose problems, create opportunities. What would you recommend to CIOs getting onto the mobility path? Well the first thing that Cios need to do is define why they want to do this as per the goals specified above. The reasons could range from social to financial or to a combination of both and can also be used for improvements in productivity. Secondly, it is important that things be June | 07 | 2012 Volum measured. There will be a cost, | 50but the quese 07 Issue 20 Cios need to tion is can this cost be| justified. ensure that they know why the are doing this as opposed to following industry trends.
The Chief TeChnology offiCer forum
nce coU nt
07 june 2012
Techno logy for Growth and
How
CTO fORum
for um
32
cTo
evice proliferation is at an all time high in todays day and age, and more and more organisational employees are looking to these devices to see what they can do with them, and how they can improve the way they work by utilising these devices. on the other hand, Cios of various organisations are looking at new ways of managing these devices. As the information vanguards of the enterprise, Cios are under increasing pressure to bring the most out of these devices from a productivity standpoint, secure the data being accessed by these devices, and to ensure delivery at the same time. This leaves the Cio in quite a tough spot. in light of this, Ankush Sohoni, spoke to Vishal Tripathi, Principal Analyst, gartner to find out where this trend is going and how Cios can secure the end points.
What are the key trends that you see in the Enterprise Mobility space? As far as enterprise mobility is concerned, at this point of time ByoD is the popular contendor of choice, given that at this point companies are still trying to manage the influx of devices into their organisations. Today, users have access to a number of devices, which all come with their own set of operating systems. This paints a very complex scenario. last year ByoD was a fairly new concept and although Cios knew that it would need to be handled, it was not a necessity. We were still in a world dominated by Blackberry strategies. however, things have changed, and today there are a number of news devices like the Android, iPhone and other legacy devices which need to be supported which makes for a very complicated environment Today, users have choices. earlier enterprises were quite rigid when it came to devices, considering at that time the ball was in their court. The past was dominated with enterprise led device distribution, which worked well considering that the enterprise had enough control and clarity as far as policies and data treatment went. however, today, supporting just one platform is not even a remote possibility. end users today have disposable incomes, and they are empowered in a sense that they will bring home a tablet, smartphone and so on. Companies are in process of setting up policies, and infrastructure. So when you talk about ByoD, you need a lot of support and need to see which applications can be distributed and how. Policies can govern functions like remote wipe, data access and so on. So what a lot of companies are also doing is setting up VDi. Applications are then Go distributed on this. Another thing they are vernan ce doing is setting up policies to make sure company data cannot be stored locally on the device. So you have mobile Device management (mDm) that allows you to exercise control on devices. So, a lot of companies are also building security at application level. They are saying they will build their own security. in light of these developments, more and more companies are opening up to the concept of ByoD.
CTO fORum 07 june 2012
33
CTOForum LinkedIn Group Join over 900 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:
| wor
www.linkedin.com/ groups?mostPopular=&gid=2580450
king witH Hybrid
Reduce Risk Exposu re TechnoUsing logy
I BelIe ve
cloUdS
| adaPtin
Page 04
g leg acy
Teachin g Best Practic es BesT
of Bree d
networ kS to tHe clo Ud
Page 18
Some of the hot discussions on the group are: Open Source vs Proprietary SOFTWARE Practically how many of you feel OpenSource Free software are best solutions than any proprietor software's?
e 07 | Issue 20
Volum A Ques TIon of
A 9.9
Media
Publicatio
n
Movin g from Produc ts Servic to es
Answ ers
Page 14
ARE CTOs more interested in satisfying the CFO & Board rather than the consumer?
CTO is aligned to the CFO and the Board in that order, the CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the Consumer? If he is not, then even he may be in hot water sooner or later.
I would rather mention that, you call should depends on the criticality of the application to serve the enterprise business requirement, as opensource application can have security breaches and lack of support in worst come senario
—Vishal Anand Gupta, Interim CIO & Joint Project Director HiMS at The Calcutta Medical Research Institute
Snapdeal implemented a Fraud & Risk Management solution that helped improve the business
Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com
07 july 2012
http://www. thectoforum.com/ content/unleashing -government% E2%80%99s%E2%80%98 innovation-mojo% E2%80%99
Reduce Risk Exposure Using Technology
Handling frauds and cyber attacks are among the biggest risks for any online retailer
WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.
cto forum
Todd Park, CTO of the United States, explains how he has partnered technology with opendata initiatives to tap into the many talented innovators and entrepreneurs across the government
Opinion
ARun gupta, CIO, Cipla
6
CTOF Connect
The Chief Technology Officer Forum
To read the full story go to:
http://www.thectoforum.com/content/reduce-riskexposure-using-technology Amitabh misra vp-Engineering, Snapdeal.com
FEATURE Inside
Enterprise
World's Largest InMemory System Launched Pg 10
illustration by shigil n
Round-up
Less than 10% Indian SMBs Prepared for Disasters Lack of resources, budgets and general awareness key reasons for low uptake
According to Symantec's India findings of its 2012 SMB Disaster Preparedness Survey, more than 90 percent of Indian SMBs are not sufficiently prepared for disasters even as they grapple with high instances of disasters. On a positive note, the survey also revealed Indian SMBs are adopting technologies such as virtualisation, cloud computing and mobility, often with improved disaster preparedness as a goal. India Survey Highlights Long Duration Outages: The survey reveals that Indian SMBs experienced at least one natural disaster in the last 12 months. Power outage (74 percent) and indus-
8
cto forum 07 july 2012
The Chief Technology Officer Forum
trial accidents (72 percent) are the top disasters cited. Indian SMBs also experienced an average of five instances of operational outage, due to power outages, industrial accidents and IT system failures, lasting an average of 11 hours. Indian SMBs underprepared for disaster: Computer systems not critical to business (37 percent), budgets (21 percent) and business priority (16 percent). Showing complete unawareness for the need of disaster preparedness, a sizeable number of respondents (21 percent) said that it never occurred to them to have a disaster recovery plan.
5% Data Briefing
Growth of Global Optical Components (OC) market in the first quarter of 2012
E nte rpri se Round -up
They Naina Lal Said it Kidwai
imaging by shokeen saifi
Even as India’s GDP growth is falling, Kidwai thinks the perception Indians have of themselves is lower than how the world perceives them. Real reform is to march forward on infrastructure investment, and in particular put the power sector back on track. Many new projects took off, but are now stalled. They have to be completed fast.
Cloud, Mobile to Drive Breakthroughs: KPMG Mobility will continue to build on cloud Asked to predict future disruptive technologies and the next epicenter for innovation, technology executives worldwide believe that China and the US will be at the forefront, with cloud enabling both the next indispensable consumer technology and business transformation for enterprises. Mobile technologies will continue to build on cloud, providing the tech breakthrough that will transform businesses, according to the Global Technology Innovation survey by KPMG, the audit, tax and advisory firm. Almost 30 percent of the 668 business executives in the Americas, Asia Pacific (ASPAC), Europe, the Middle East and Africa (EMEA) said China and the US show the most promise for disruptive breakthroughs with global impacts, while 13 percent cited India. Interestingly in the last decade, India has made substantial and rapid strides on the path of innovation-based development and already managed to adapt and implement a number of measures to support this development. The government has invested significantly in technology. Communication technology like 3G has already made a mark in India and with the introduction of the 4G, technology will no longer play a support role in most businesses, it will become key enabler and business models will be driven by the technology.
QUICK BYTE ON Mobility
“We need labour reforms, further growth in services sector, more investment in roads, ports and airports too, and we also want to see the expeditious completion of the Delhi-Mumbai Industrial Corridor project because it will spur the kind of growth we actually require” — Naina Lal Kidwai, Country Head of HSBC India
Google's Android is expected to remain the world's most shipped smartphone OS for the next five years, although its market share will peak this year, according to a new report by IDC. The report also also predicts that Windows Phone 7 will overtake Apple iOS by the end of 2016 —Source: Gartner
The Chief Technology Officer Forum
cto forum 07 july 2012
9
image by photos.com
E nte rpri se Round -up
Global Spend on Enterprise App Software to Cross $120 bn in 2012
This will represent a 4.5% increase over 2011 Worldwide spending on enterprise application software will total $120.4 billion in 2012, a 4.5 percent increase from 2011 spending of $115.2 billion, according to Gartner, Inc. With only limited signs of improvement in the near term, the growth projection for 2012 has been adjusted downward from 5 percent in the previous forecast in 1Q12. The global marketplace is still experiencing a series of conflicting and contrasting economic news reports, and the full impact of the economic uncertainty on the enterprise software markets may not be readily
assessable until the end of the first half of 2012," said Tom Eid, research vice president at Gartner. "Spending in 2012 is anticipated to focus on industry-specific applications; upgrades to established, mission-critical software; integrating and securing established systems and infrastructure; and software as a service (SaaS) deployments representing extensions to, or replacement of, existing applications and new solutions." The key enterprise application software market segments in 2012 include business intelligence (BI); content, communications and collaboration; customer relationship
Global Tracker
Mobile Payments
Worldwide mobile payment
10
cto forum 07 july 2012
The Chief Technology Officer Forum
Source: Gartner
transaction values will surpass $171.5 billion in 2012, a 61.9 percent increase from 2011 values of $105.9 billion
management (CRM); digital content creation (DCC); enterprise resource planning (ERP); office suites and personal productivity; project and portfolio management (PPM); and supply chain management (SCM). ERP is the largest enterprise application software market with revenue projected to reach $24.9 billion in 2012, followed by office suites at $16.5 billion. BI revenue is forecast to reach $13.0 billion, and CRM is on pace to exceed $13.0 billion this year. Gartner analysts said that cost optimisation and shifts in spending from "megasuites" to the automation of processes, will continue to benefit alternative software acquisition models as organisations look for ways to shift spending from capital expenditure to operating expenditure. Because of this, vendors offering SaaS, IT asset management and virtualisation capabilities will continue to benefit from organisations looking to shift upfront capital expenses to operational expenses. An increasing number of organisations are demanding software functionality as a service (infrastructure as a service [IaaS], platform as a service [PaaS] and SaaS) or via cloud-based services rather than on-premises. As a result, vendors are offering more technology as subscription-based solutions and "pay as you go" offerings, positioning them as more cost-effective and as a way to counter the effects of economic belt tightening. SaaS and cloud-based services help vendors to expand revenue growth by making it easier for end users to test and evaluate new types of software, provision new users to current technologies, and migrate users off older versions to newer versions of software. "After more than a decade of SaaS and cloud service use, adoption continues to grow and evolve within the enterprise application markets. This is occurring as tighter capital budgets demand leaner alternatives, popularity and familiarity with the model increase, and interest in SaaS and cloud computing grows," said Eid. "Adoption varies between and within markets. Although use is expanding to a wider range of applications and solutions, the most widespread use is still characterised by horizontal applications with common processes, among distributed virtual workforce teams and within Web 2.0 initiatives."
INSTANT ISSUANCE GIVE CARDHOLDERS THE CONVENIENCE AND SERVICE LEVELS THEY DEMAND New financial instant issuance portfolio Datacard Group offers a full range of new innovative printers, CardWizard® software, the world’s #1 instant issuance software and unmatched global service and support. Our solutions give you the flexibility to issue permanent embossed, unembossed, magnetic stripe, EMV®-compliant cards and NFC enabled mobile devices immediately. Datacard India Private Ltd B-302,Flexcel park,S.V.Road, Next to 24Karat Multiplex, Jogeshwari (W) Mumbai-400102.India Tel:+91-22-61770300 Email:India_sales @datacard.com
Datacard Group makes it easy and affordable to launch a profitable instant issuance card program. Our Secure Issuance Anywhere™ platform empowers you to manage your card and mobile payments programs the way you want to – anytime, anywhere.
To schedule an instant issuance demo, visit www.datacard.com/cto
Datacard and Secure Issuance Anywhere are registered trademarks, trademarks and/or service marks of DataCard Corporation in the United States and/or other countries. ©2012 DataCard Corporation. All rights reserved. Datacard, CardWizard and Secure Issuance Anywhere are registered trademarks, trademarks and/or service marks of DataCard Corporation in the United States and/or other countries. EMV is a registered trademark of EMV CO., LLC. ©2012 DataCard Corporation. All rights reserved.
E nte rpri se Round -up
image by photos.com
World’s Largest InMemory System Launched The new SGI UV can scale to 8 PB of shared memory
SGI has announced the availability of the new SGI UV 2 product family. SGI UV 2 doubles the number of cores (up to 4096 cores) and quadruples the amount of coherent main memory (up to 64 Tera bytes) from the previous generation, available for in-memory computing in a singleimage system. The new system can scale to eight petabytes of shared memory and at a peak I/O rate of four
terabytes per second (14 PB/hour). This unprecedented capability enables users to find answers to the world’s most difficult problems on a system as easy to administer as a workstation. Built on industry standards and supporting a wide range of storage options, SGI UV 2 offers a complete solution for no-limit computing. “The new design advancement demonstrated in this next-generation SGI UV platform is not simply focused on increasing our lead in cache-coherent memory size and corresponding core count. We have been able to deliver all of this additional capability while driving down the cost of the system,” said Eng Lim Goh, chief technology officer, SGI. “In fact, the entry level configuration of SGI UV 2 is 40 percent less expensive than SGI UV 1. This creates a new level of accessibility to large coherent memory systems for researchers, analysts and the 'missing middle,' providing an effective lower overall TCO alternative to clusters.” SGI UV 2 is the only system available on the market that leverages the power of the newest Intel Xeon processor E5 family beyond four sockets and 1.5 terabytes of memory, delivering twice the price/performance of the HP ProLiant DL980 server1. With as little as 16 cores and 32 gigabytes of memory, SGI UV 2 can start small and seamlessly expand. At the upper end of the spectrum, SGI UV 2 holds the world record benchmark for SPECompL2001, and top 64 socket Intel Xeon E5-4600 benchmarks for SPECint_rate_base2006 and SPECfp_rate_base20062. With a peak I/O rate of up to four terabytes per second, and coherent shared memory that is up to 1000 times faster than flash memory, all of these features make SGI UV the most powerful inmemory system for all data-intensive problems.
Fact ticker
Business Content in Motion On Devices
Last year, smartphone shipments beat those of PCs for the first time The new offering allows traditional and mobile workers to securely access, manage and gain insight from structured and unstructured content such as emails, documents, images, Web data and collaboration tools to improve productivity. Last year, smartphone shipments beat those of PCs for the first time
12
cto forum 07 july 2012
ever, with 73 mn more units being sold. With the proliferation of tablets, smartphones and social business applications, organisations are seeking an enterprise content management solution that can help extend their employees’ ability to access and share business content to speed workflow. In IBM's 2011 Global CIO Study,
The Chief Technology Officer Forum
75 percent of CIOs identified mobility solutions as one of their top priorities. IBM is responding to these trends with IBM Content Navigator, new software that gives employees access to a range of documents, records, images and other relevant content to do their jobs effectively. Built on open standards like HTML5 and CMIS, the new software provides a consistent user experience across a variety of mobile devices, OSs and content sources, allowing employees to access, manage, contribute and share content any time, from any location.
web
U
nlike many websites which came crashing down on Sunday because of Leap Second, Google remained safe as it has adopted a solution called Leap Smear. The Leap Second almost brought the Web down on Sunday morning after the world's timekeepers added an extra second to the day. The sites that came crashing down included Reddit, FourSquare, Yelp, LinkedIn, Gawker and StumbleUpon after the extra second hit their servers. Leap Second is an extra second added to Coordinated Universal Time (UTC) - the benchmark time agreed internationally every few years to keep it in line with the time as determined by the Earth's rotation around the sun. But, Google was totally safe because of the lessons learnt from the past. In a blog post, Google says many computers use a service called the “Network Time Protocol” (NTP), which periodically checks the computers’ time against a more accurate server, which may be connected to an external source of time, such as an atomic clock. At times, natural calamities create fluctuations in Earth’s rotational speed that affects accurate clocks, like the atomic clocks used by global timekeeping services, which occasionally have to be readjusted to bring them in line with “solar time.”
PID LTO 5 Advert_20.5 x 28 cm [ converted ].pdf
C
M
Y
CM
MY
CY
CMY
K
1
13/07/12
1:51 PM
A Question of answers
Virtual Desktops: Penetration in India is 10 percent at the moment and Citrix sells 10 million endpoints in a year
PERSON' S NAME
S an j ay D es h m u k h
A Question of answers
Sanjay Deshmukh | Citrix
“Virtualisation Traction More on Desktops”
In a conversation with Yashvendra Singh, Sanjay Deshmukh, India Head, Citrix talks about the adoption of desktop virtualisation and its growth in the Indian market How is Citrix doing in the Indian market? These are exciting times for Citrix as our technology is finding more and more relevance. We are happy that today businesses are involving concepts like mobile work style, bring you own device (BYOD) and consumerisation of IT. We should all understand that desktop virtualisation was the foundation to all this. We have been doing this business for the past 20 to 22 years and our expertise in this field has been undisputed. When we initially started working on the technology it was more about how to get ‘fat applications’ or 'large applications' moving through thin/ narrow pipes. Today, what we have done is to make sure that the applications are not moving anymore, that they remain in the data centres and only their images find their way to
the end-point or desktop. We are now building receivers into new devices and the most important fact is that Citrix receivers are presently available in a billion devices. Can you give us an example where an enterprise has leveraged VDI for better manageability and cost saving? Sure, let me talk about an insurance company in Pune which was in the process of growing and spreading its wings both in terms of business and employee strength. The situation was that they needed to expand to about 1000 end-points or workstations for 1000 employees. Given the real estate costs in Pune, the total expenditure to acquire a space (about 60, 000 sq.ft) to accommodate 1000 employees would come out to be around Rs 3 crore annually. The company also
realised that the kind of work the employees would do, which would basically be processing transactions, there was no requirement of them being at office and that they could do so sitting at home. Realising the return on investment (ROI), the insurance company opted for 1000 virtual desktops (in this case thin clients) which brought down their costs drastically. Some other benefits of desktop virtualisation include: Power consumption down from 150-155 watts per desktop to less than 10 watts in thin clinets used by employees Managing 1000 desktops onsite would have meant employing three to four engineers, but with desktop virtualisation, no engineer was required Also situations like migrating to Windows 7 would have taken close to three to four months in standalone The Chief Technology Officer Forum
cto forum 07 july 2012
15
A Question of answers
S an j ay D es h m u k h
desktops while in this case all migration and updating could happen by the next day itself.
“We expect the penetration of virtual desktops to go up by 20 to 30 percent in the next two to three years.”
What is present scenario of desktop virtualisation in India? The virtual desktop penetration in India is around 10 per cent at the moment. If we talk about Citrix, we sell 10 million endpoints in a year in India. We expect the penetration to go up to 20-30 per cent in the next two to three years. At which level is virtualisation happening more - at the server level or at the desktop level? Server virtualisation is a discussion which is already over (a sold concept basically). It’s not about whether but when it will go main stream or gain traction. People were waiting for triggers like a server refresh etc. Going forward the entire traction will happen around desktops. Virtual desktops will take much less time than what business intelligence (BI) or analytics took to go main stream. I was involved with the concept going back to 2001 and it took almost till 2006-2007 for BI or analytics to go main stream. That was because no one was talking about it. In the case of desktop virtualisation, because all the big companies in the industry are talking about it, we expect it go main stream in the next two to three years. And the big organisations are not doing it to help Citrix but because they have their own interests in mind. For example, according to Microsoft, the adoption of Windows 7 has been around 40 per cent and Windows 8 is already round the corner. So they would also want their technology to gain more traction and desktop virtualisation is a great way to do it. Why is Citrix focussing more on desktop than server virtualisation? Apart from the fact that everyone in business plays to their strengths, we
16
cto forum 07 july 2012
The Chief Technology Officer Forum
have a different strategy towards each segment which is why we probably focus 70 per cent of our energy on desktop virtualisation. In the server space we are targetting the mid-market segment (less than Rs 100 crore revenue turnover) This is because our cost of ownership is 1/8th or 1/10th of competition which makes it a compelling proposition for this segment. For enterprises we are focussing with the cloud environment (we acquired a company called cloud.com whose specialty was to build private clouds for enterprises) So, presently what we have is a technology called the ‘Cloud Bridge’ on the server side which is like a connection between public and private cloud. On the desktop side we have what we call the ‘Cloud Gateway’ which allows seamless access to all applications running on disparate systems) All these technological solutions are unique to Citrix and gives us the advantage our our competitors.
things I Believe in Virtual desktops will take much less time to go main stream Presently we have a technology called the 'Cloud Bridge' on the server side which connects public and private cloud If we talk about hindrances in desktop virtualisation, firstly customers are concerned about the user experience and secondly, about availability and latency
What are some of the main hindrances to desktop virtualisation? If we talk about hindrances, firstly, customers are concerned about the user experience and secondly, availability and latency are key focus areas which needs to be addressed. In Citrix. what we have is WAN optimisation technology to provide a consistent user experience. What are the top things CIO’s should keep in mind before opting for desktop virtualisation? Some of the key things that CIO’s should keep in mind before going in for desktop virtualisation are that it is not the same as buying desktops. CIOs need to ascertain whether a particular user needs dedicated resources or not and other such access control issues.
Best of
Features Inside
Who Knows More About Tech? Pg 20
Breed illustration BY manav sachdev
Manage Technology to Benefit from IT Pg 24
Data Briefing
10% of small and medium enterprises are prepared for disasters
18
cto forum 07 july 2012
Trolling for Tech Talent in a Tight Market
The war for talent is on. To lure IT professionals, it’s important to keep in mind what motivates them
J
By Angela Hills
ob trend reports point to openings and opportunities for growth, particularly among mobile app developers, data warehouse analysts and user experience designers. According to HR thought leader John Sullivan, the war for talent is fully underway in Silicon Valley and will soon heat up everywhere else. To lure these IT professionals, it’s important to keep
The Chief Technology Officer Forum
in mind what motivates them. The sine qua non is job content and the impact of the position. These individuals want to know that they are having an impact; that the animation they create is used and admired by millions of people every day. They are a very diverse group and can only be said to be consistently inconsistent. Some are extremely introverted, while others are the life of a party. Some
it careers
Today it seems that every company is making an app,
and to do so, they need mobile app developers and data warehouse
analysts with computer science and computer engineering backgrounds adopt a traditional approach to their work day and some like the graveyard shift. So as you market your employer brand, be sure to also emphasize your flexibility. They all work differently and you need to assure them that you are accepting of their personal work style whether that means working noon to 10 pm, 8 am – 5 pm, or midnight to 8 am. In looking for the ideal personality type, there is only one thing a recruiter can count on as a predictor of success and longevity, and that is passion; a passion for technology and specifically their area of expertise. If they aren’t curious about the next product release and they don’t get excited about how it relates to what they are doing, they may not be the best fit.
The evolution of the tech market A growing trend is that of people leaving their current roles at big companies for small and start-up companies where they can try their hand at entrepreneurialism or play a larger role in shaping an organization’s direction. The market demand for social media, mobile technology, and e-commerce start-ups is providing abundant opportunities to jump ship. The likely next phase will be a consolidation of promising companies and the withering away of those that are not viable. When this happens, we will see a lot of talent returning to their old positions or looking for new positions at established companies. But until then, start-ups will continue poaching proven talent, especially from those established companies they want to emulate. Before the iPad, recruiting professionals expected this next phase to come quickly. But now, bolstered for the foreseeable future
by the white-hot tablet space and Microsoft’s Windows 8 with its app-friendly platform, it is very hard to predict when this next phase will bring an end to tech’s seemingly limitless growth.
Tapping talent in a tight market To attract the talent critical to their survival, technology companies have long been known for performing crazy stunts. Today, recruiting tactics from the late 1990s dotcom craze appear to be making a comeback. These include give-aways of ice cream, cheeseburgers, beer for life, cats, and of course, cold hard cash. Given the relatively finite universe of talent, companies have become increasingly aggressive in plundering from their competition. Stories, like Google’s $5 million bonus package to keep an engineer from defecting to a start-up or retaining an employee being pursued by Twitter through a significant counter offer, are becoming more and more common. Another approach that some companies are taking quite seriously is to leverage their internal talent to help with the recruiting effort. According to Bloomberg Businessweek, social gaming company Zynga uses software to match prospects with current employees. Employees are instructed to call prospects based on overlapping employers, schooling or just similar hobbies and interests. As creatively inspired as some of these approaches are, the only lasting defense in such a fiercely competitive market is to achieve employer loyalty by emphasizing cultural fit and communicating employment brand during the talent acquisition process thereby ensuring hires that are a great fit and love where they work.
B E S T OF B R E E D
As the demand continues to increase, the available pool of talent will diminish. Together with the evolving demands on tech talent being driven by the consumer marketplace, this environment necessitates a far more sophisticated recruiting approach to find, attract, and retain the increasingly elusive talent necessary for a tech firm to compete during this period of seemingly limitless growth.
Mobile app devs, product designers in demand Today it seems that every company is making an app, and to do so, they need mobile app developers and data warehouse analysts with computer science and computer engineering backgrounds. Another hot area is product designers, not engineering-types, but user experience designers that can understand what the customer is looking for and can convey what the mobile app should look like to engineers, so that they can effectively write the code. Given the hyper-competitive market among apps, the importance of design aesthetic and the people who can deliver it cannot be overstated.
Bay area still where the jobs are In the US, the Bay area is still the major hub, but it is followed closely by New York, Seattle, Boston and Austin. Additional growth markets for tech jobs include Baltimore Boulder, Chicago, St. Louis, San Antonio and Greensboro. Tomorrow’s top technical talent is being produced by Harvard University, Massachusetts Institute of Technology, Stanford University, and University of California, Berkley, and also from less usual suspects like the University of Michigan, University of Illinois at Urbana-Champaign, and University of Texas at Austin. At many more universities across the US there are great programs turning out tech-focused grads, but in lesser numbers. —As Executive Vice President of recruitment firm Pinstripe, Angela Hills is responsible for overseeing the firm’s expansion strategies in the advanced manufacturing, financial services and technology sectors. — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com
The Chief Technology Officer Forum
cto forum 07 july 2012
19
B E S T OF B R E E D
m a n ag e m e n t
Who Knows More About Tech?
Tech knowledge is just as vital to the large enterprise as it is at the small one by Pam Baker
I
t seems like such an easy question: Who needs more hands-on tech skill and experience -- the CIO of a small business, a medium sized company, or a huge enterprise? But alas, like all things tech, the answer is as clear as the bottle of Pepto that all CIOs end up gulping at some point in their career.
was important for a CIO to have that hands-on knowledge in smaller businesses because they were doing the work. Here, that knowledge is a requirement for the effective management of the department as a whole.”
Big work, small company
The consensus is clear The consensus is clearer for the enterprise CIO who most believe must be equal parts tech guru and business sage because, on the technical end, CIOs in large enterprises actually get pushed further and further away from the hands-on end of things. “As the business grows, the IT organisation also grows, adding technical specialists, project managers, business analysts, and architects,” explained Dan Shipley, data center architect for Supplies Network, a $600 million wholesale distributor of imaging and computer supplies. “All of these roles insulate the CIO from the technical details of projects.” But, and there’s always a "but" in the tech world, isn’t there? Tech experience and knowledge are just as vital to the large enterprise as they are at the small one. A CIO without adequate hands-on knowledge in this realm “finds themselves in project-creep hell,” said Darren Schoen, director, Technology Infrastructure at the Broward Center for the Performing Arts. With a much larger staff to do all the nitty-gritty, hands-on work, “these CIOs don't find themselves cabling or configuring a single server,” said Schoen. “So, where it
The company may be little in terms of number of employees or profit count but that doesn’t necessarily mean the CIO’s work is any smaller. However, fewer resources to get the job done require some serious grit in the leader of tech. Conversely, the limitations in available equipment and software may also free them of some burdens, as well. While small business CIOs do tend to have to roll up their sleeves more due to a smaller number of minions, “their companies tend to lack the breadth and depth of technologies that require them to become true technologists and have a detailed knowledge of pure technology,” said John Picciotto, principal, Application Modernisation & Optimisation at Accenture. But CIOs at small companies also must be highly innovative and chockfull of business acumen. “A small business CIO has a lot to do -- budgets, staffing, support both end users and infrastructure,” said Schoen. “If they are not technologically fluent, and if need be, able to pitch in and do the work themselves, they will find themselves being reactive rather than proactive” and forever mired in technical problems and underserved business needs.
20
cto forum 07 july 2012
The Chief Technology Officer Forum
illustration BY manav sachdev
A SMB CIO has a lot to do-budgets, staffing, support end users and infra
m a n ag e m e n t
Small business, big profits
B E S T OF B R E E D
“The CIOs of medium-sized firms find themselves needing to the have the most hands on understanding of If they are technically innovative, the small business will technology,” explained Picciotto. “Their firms have not likely see a huge payout either in a dramatic jump in profreached the size where they can have innovation labs, or its or in an outright buyout. Indeed, small business CIOs dedicated architecture roles, but the business has grown and CTOs have proven themselves savvier in more than ($14.5 billion) is the to a size and complexity where technology, and its effective a handful of cases than they big firm brethren. One need planning, plays an increased role in company success.” only to look at the rash of start-ups and acquisitions to see pie of saas in the As such, the CIO in a medium-sized firm must have that is so. Chris Cali, CEO and co-founder of DevSpark, is global software “a more intimate understanding of the core technology just one example of many. Cali started a company called running the business and what the impact of technoloPanvidea as its CIO/CTO and then became CEO before revenue in 2012 gies on the horizon will have on the company and the he sold the company last year. Now, he is a technology market,” he said. strategy consultant and nearshore software development The mid-sized CIO has more budget to work with than the typical provider who works with CIOs from small, medium and large comsmall business CIO, but (there it is again) he also has more leeway panies. In a nutshell, his staying in the small business arena is a big in decision making than the typical enterprise CIO. They are often business play for him. And he thinks that’s true of many small busifound in the thick of things battling to move the company forward ness CIOs on several levels. CIOs or CTOs of small companies are in any way that’s needed be it in the hands-on or heads-up position. “the most tactical as they're usually the lead programmer or product “This saves their organisations time and money and at the end of developer,” he said. “These types need a hands-on working knowlthe day, they come out as superstars,” said Schoen. edge of technologies in order to choose those that are the most cost But when all is said and done, CIOs everywhere have more in and time efficient for solving their problems.” common than not. “A CIO in any business have obstacles they need to overcome,” explained Schoen. “Their challenge is finding the Mid-sized mojo most efficient way to steer through them.” It is often the guys and gals in the mid-sized companies that get the least respect. That has absolutely nothing to do with their reality and — A prolific and versatile writer, Pam Baker writes about technology, science, everything to do with the lack of star-glazed glitz that both small busibusiness, and finance for leading print and online publications including Readnesses and large enterprises tend to enjoy. WriteWeb, CIO and CIO.com, and Institutional Investor. CIOs of mid-sized companies may not sparkle in the public’s eye, — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com but their work is no less impressive when measured truly.
5%
Manage Technology to Benefit from IT Enterprises need tools to make sense of the technology to rationalise investment decisions
I
n 2004, Symantec, a powerhouse in the security software market, merged with Veritas, a leader in enterprise storage management software. The $13.5 billion deal (the largest in the IT industry to date) promised to unify data security with data storage, creating a series of holistic products that ensured the confidentiality, integrity and availability of data critical
to business operations. Numerous technical and operational challenges confronted the two companies as they came together, but perhaps none greater than unifying their product ordering system.
Consumer vs. enterprise mindsets Veritas grew up as an enterprise-oriented company, where Symantec was born out of
By Faisal Hoque
the consumer market. Their respective pedigrees meant that their ordering and product processing systems were built with different assumptions and expectations. Given that both companies were heavily dependent upon third-party resellers and distributors for sales, the ordering system was critical to ensure the success of the merger. Symantec dubbed the new ERP implementation “ProjThe Chief Technology Officer Forum
cto forum 07 july 2012
21
B E S T OF B R E E D
m a n ag e m e n t
ect Oasis.” It consulted hundreds of partners in designing and implementing the system, and created a project management team led directly by the CIO. When the system went live in November 2006, Symantec encountered the usual hiccups with any new software deployment. However, the hiccups quickly escalated to a full-blown crisis as users couldn’t figure out how to navigate the new system and the system failed to correctly process orders. Making matters worse, the company’s support network of help desk and technology call centers was overwhelmed by cries for assistance. The situation was so bad that it threw off Symantec’s earnings for two quarters and took more than a year of dedicated support to fix.
projects are haphazard and inconsistent. There is no standard for their purchase, development or management. They do not enable decision-makers to detect and adapt to changing market conditions, and this blindness can be fatal.
New technology does not equal innovation The conventional wisdom of technology in the enterprise is that the new technology adoption will result in innovation and
The perfect storm or errors and poor management In the postmortem, Symantec discovered that a perfect storm of errors and poor management assumptions led to the Project Oasis crisis. The company didn’t know it was exposing its ERP system to users who had never used it previously, and had a different set of expectations. It didn’t coordinate the software roll out with product units and operations, which were simultaneously launching new products and initiatives that contributed to swamping Symantec’s support network. And system designers ended up over-engineering the ERP system; providing users with features and information that they had little use for and only confused them. Enterprises implementation of technology often breaks one of the cardinal rules of business: “If it can’t be measured, it can’t be managed.” Compared to other parts of the business -- sales, operations, research and development, human resources, compliance, etc. -- technology remains largely unmanaged and transparent. Technology
need to establish processes for building products and delivering finished goods to market in the most expeditious and efficient means possible, many fail to create standardised decision-making processes. Without business standard and repeatable management practices, enterprises are condemned to reinventing the wheel each time they must assess strategic opportunities or encounter a new challenge to their operations. The process is similar to the progression from commodity to brand: settle on one way to do what is known and reliable, and devote your mental energy to what is new and not yet known, which is where the real action and payoff lie. Today’s enterprises need tools to make sense of the technology, to rationalise investment decisions so that they are centered in operational excellence. They need to know when spending money makes sense and when it doesn’t. They need to trust that when they pay huge sums for technology it will actually work as intended. Some people may think that management processes squelch innovation and creativity. Much to the contrary, sustainable management processes open the lines of communication that empower people to share their new ideas with key decision makers within an organisation faster. These processes are not the fuel of business, but the regulated engine that ensures business efficiently burns its fuel.
Enterprise tech implementation breaks the cardinal rule of business: “If it can’t be measured, it can’t be managed”
24
cto forum 07 july 2012
The Chief Technology Officer Forum
— Faisal Hoque is the founder and CEO of BTM Corporation. Hoque has written five management books, established a research think tank, the BTM Institute, and become a leading authority on CONVERGENCE, innovation, and sustainable growth. — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com
illustration BY manav sachdev
efficiencies that lead to cost reductions and new revenue streams. The trouble with this point of view is that it assumes stability in which organisations step from one static period to another. The reality is enterprises operate in constant change mode. The needs of existing customers, the opportunity for new customers, shifting and globalising markets, new technologies, new suppliers and supply chains, ever evolving competitors -- all of these require an organisation that has no doubt as to its mission but does not cling to any one way of achieving it. While most enterprises understand the
ARE YOU READY TO BECOME A CIO? APPLY FOR INDIA’s FUTURE CIOs
Go to www.next100.in
2012 If you think you are ready to play the role of a Chief Information Officer, prove it to your peers and superiors. ITNEXT will help you echo your aspiration. NEXT100 is an awards program from IT NEXT magazine that identifies senior IT Managers who have the skills, talent and spirit to make to the top slot - the CIO. The process starts with a call for self nomination. The nominees then participate in a series of exercises that test their techno-commercial and management skills. The evaluation and selection of award recipients is made by a prestigious committee of technology and business leaders who judge nominees on career accomplishments, professional expertise, skills and potential to be a CIO. The culmination of NEXT100 is in an awards night that celebrates the NEXT100 CIOs. The ceremony will be held in December 2012
IT IS NOW YOUR TURN TO RISE ABOVE THE REST. YOUR TURN TO CALL THE SHOTS. YOUR TURN TO BE THE NEXT100. PRINCIPAL PARTNER
TECHNOLOGY PARTNER
NEXT100 awardees will be profiled in the NEXT100 book which will be sent to India’s top 1000 CIOs. EVENT BY
NO HOLDS BARRE D
PERSON' S NAME
DOSSIER Company: Kronos Solutions Established: 1977 H eadquarters: Chelmsford, Massachusetts, U.S. products: Time and attendence, Scheduling, Absent Management, HR & Payroll Employees: 3,200
Labour Analytics
the New Focus In a conversation with Varun Aggarwal, Ashok Saxena, Head India Engineering Centre, Kronos Solutions India, shares insights into the global in-house centres in the country and the organisation's future plans 26
cto forum 07 july 2012
The Chief Technology Officer Forum
India is seen as an outsourcing destination, but what level of interest are you seeing in outsourcing or offshoring high end R&D work to India and building global in-house centres (GICs)? Can you share some data? The GICs in India have been crafting a compelling growth story with revenues (across categories) reaching close to $14 billion for FY12, growing at a rate of 18 percent, and adding close to 4.5 lakh employees. GICs have played a key role in the IT-BPO sectors phenomenal growth story, establishing ‘proof of concept’ and branding India as a global sourcing destination. Their impact on India extends beyond revenues and
A s h o k S a x ena
employment- playing a leading role in developing an R&D and product culture, spearheading initiatives to develop affordable products for emerging markets and creating entrepreneurship opportunities. The Kronos R&D center in India is a Value Addition to Kronos corporate. Through this center, Kronos corporate has a strategic opportunity for growing business and reducing the time to market for a Kronos product. And this is accomplished by the use of skilled engineering staff in India.
NO HOLDS BARRE D
India, who has now started using Kronos’ IT solutions including products developed out of India. With regards to the new products/features developed out of the R&D centre – the teams in India and US work as joint teams in development of products. So products like InTouch, Next Generation User Interface, and Analytics have all had teams from India and US working together to deliver the functionalities.
Apart from cost, what were the major drivers for Kronos to set up R&D centre in India? India definitely has a cost advantage. Besides cost, tremendous opportunities exist in India for GICs to add value to the parent organisations helping them gain competitive advantage. Major drivers to setup the R&D centre in India were, expanding the engineering capacity by using the vibrant and innovative talent of India, help in globalisation of our product, and provide excellent support to our customers. Approximately 200,000 engineers join the workforce every year. Coupled with language not being a barrier, this makes for a healthy talent pipeline. We focussed on India as we realised India’s untapped potential to "ramp up" the level of domain expertise in the industry. Today India has become one of the strongest in the world in terms of scientific manpower in capability and maturity.
What are the key areas of research at your GIC in India? Kronos India R&D works with the corporate to focus on enhancing core workforce management product and to deliver capabilities which help users in terms of ease of use, guided decisions and increase workforce productivity. As is the current market trend, we are looking at expanding our suite’s capabilities in mobile and tablet products. Labor Analytics is an area where our customers want to get a better view and our Analytics product is geared towards providing real-time reports in an easy to use interface. In addition, we continue to support the next generation user interface vision of Kronos through creation of Rich Internet Applications. To increase our foothold in the SMB market, we are also developing the cloud-based flavoring of our products. With these different areas, the GIC is in sync with the global vision and execution model and playing an important role in achievement of the mission.
How does Kronos India contribute to Kronos Incorporated? Have you developed any significant product or solution at the India center? Since the India R&D centre launch in October 2007, with it today being called a GIC, it has been working collaboratively with Kronos Incorporated in the US and with other Kronos R&D centres across the globe to develop new products and features for a global platform. Kronos has cutting edge workforce management IT solutions which involves engineers from India and US working collaboratively to reach out to tens of thousands of organisations in more than 100 countries — including more than half of the Fortune 1000. The recent addition includes PVR Cinemas, one of the leading motion picture exhibitors in
Where do you see Kronos as a GIC, moving ahead? We are looking to expand the India R&D centre both in terms of employees and also in terms of building the next generation products from India. A significant chunk of the work involves new product development. We intend to further strengthen the engineering capacity, which involves building our engineering pipeline. We are looking at a variety of roles in performance tuning, architecture, product and program management. While these are largely individual contributor roles, we would need to also build a leadership pipeline which supports the achievement of the strategic vision. India being the market with available expertise and skills, we don’t anticipate challenges in meeting these requirements.
“We focussed on India as we realised India's untapped potential to "ramp up" the level of domain expertise in the industry. Today India has become one of the strongest in the world in terms of scientific manpower.”
The Chief Technology Officer Forum
cto forum 07 july 2012
27
COVE R S TO RY
m a k i n g d ata s i n g
Making
Data Sing
New age BI/BA tools are enabling businesses to cut off data noise and make it sound like music to the management
CIOs increasingly see technologies such as analytics/business intelligence, mobility, cloud and social in combination rather than isolation to address their business priorities. Changing the customer experience requires changing the way the company interacts externally rather than operates internally. Perhaps, this is one of the reasons why analytics/business intelligence was the topranked technology for 2012 globally and in India in a recent Gartner survey. CIOs are combining analytics with other technologies to create new capabilities. For example, analytics plus supply chain for process management and improvement, analytics plus mobility for field sales and operations, and analytics plus social for customer engagement and acquisition. This story talks about how some of the CIOs in India are leveraging the power of analytics to create value from the deluge of data that exists in today’s enterprises. By Varun Aggarwal Imaging by Shigil N
COVE R S TO RY
m a k i n g d ata s i n g
Analytics for Every
Department Business analytics is no more a good-to-have tool. Organisations have realised its strategic advantage and are deploying it in every key function of the enterprise By Varun Aggarwal
W
henever turbulent times block the pathway, it is natural to turn inquisitive and try to overcome the situation with deep analysis and take preventive measures in due course of time. Bad decision making could be attributed to lack of information or improper utilisation of the information available. In the view of above circumstances, BI could be a handy tool in the hands of management which could help the management in making better decisions by providing on the fly analysis, generation of reports and by providing predictive analysis of information available etc. Enterprise information systems built to handle day-today operations do not automatically produce one version of the truth, nor do they deliver analysis and insight, especially when those systems have been cobbled together through mergers and acquisitions in a patchwork of legacy technologies. A large company can spend millions on data warehousing solution, only to spend millions more on manual number crunching in an attempt to extract useful guidance from them. Companies that master business intelligence understand that smart business intelligence and data warehousing solutions can generate significant cost savings, but the real value comes in improving decision making. So, in addition to focusing on cost reduction, the smart companies treat information as a strategic asset and plan accordingly.
30
cto forum 07 july 2012
The Chief Technology Officer Forum
In a global survey conducted by Gartner, the top business priorities among both Indian as well as global CIOs was mentioned as “Increasing enterprise growth”. In order to achieve this growth, CIOs voted Business Intelligence / Analytics as their top technology priority for 2012. KN Swaminathan, GM-IS, TVS Motors, said, “There is a mountain of data generated and thanks to the various ERP implementations, information available on the web, social websites, etc, which has contributed to this deluge. I need a solution that can help me manage this intelligently and help me in making a quick summary and convert it into meaningful information to give to my top management in real time.” The answer to these, Swaminathan thinks, lies in deploying an appropriate BI solution.
Key Reasons for Growth The market for business intelligence (BI) software in India is expected to reach revenue of $81.5 million in 2012 a 15.6 percent increase over 2011, according to Gartner, Inc. Worldwide BI software market revenue is forecast to grow 8.7 percent to reach approximately $12.7 billion in 2012. Gartner analysts said the market for BI platforms will remain one of the fastest growing software markets despite expectations of an economic slowdown. Organisations continue to turn to BI as a vital tool for smarter, more agile and efficient business, and they are increasing
“With the help of analytics, senior management is able to get an integrated view of the entire organisation in real time” —Shailesh Joshi Group CIO Godrej Industries
their current usage scenario from just an information delivery mechanism. "The BI market has remained strong because the dominant vendors continue to put BI, analytics and performance management at the centre of their messaging, while end-user organisations largely continue their BI projects, hoping that resulting transparency and insight will enable them to cut costs and improve productivity and agility down the line," said Bhavish Sood, research director at Gartner. "It's a sign of the strategic importance of BI that investment remains strong." Gartner has identified three major demand-side factors that continue to expand use and drive BI platform revenue growth. They include: 1. Consumerisation of BI: BI tools must be simple, mobile and "fun" in order to expand use and value. Business users are demanding the same experience from their BI tools that they have come to enjoy with their personal tools. The need for more intuitive and interactive BI tools and applications extends to users on the go, but the vast majority of organisations have yet to embrace mobile BI. This is set to change very quickly with the proliferation of Apple's iPhone and iPad products.
Handling Change: It is challenging to make users shift from Excel sheets to a BI tool
Shailesh Joshi, Group CIO, Godrej Industries is already seeing this trend in his own company. “After our successful implementation of analytics in two of the group companies, we are extending it to all group companies. Now, senior management is able to see an integrated view of the organisation in real time, as soon as they reach office." "This report compilation used to take days in the past. And now, we’ll be making the dashboards available on iPads for senior management so that they have a clear view of sales, marketing, project status etc while travelling to work itself,” Joshi further added. While BI still has a long way to go to reach the consumerisation tools status, hope is not lost. TVS’s Swaminathan pointed out, “Consumerisation of BI is possible, if BI can tell people what they do not know based on the underlying data.” 2. Support for Extreme Data Performance; Emerging Data Sources: Capabilities that enable the analysis of large, volatile and diverse data will open up possibilities for a broad range of new, high-value BI applications and will be another driver of BI growth. This includes in-memory technology and The Chief Technology Officer Forum
cto forum 07 july 2012
31
COVE R S TO RY
m a k i n g d ata s i n g
Capabilities that will evolve BI from an information delivery system to a decision platform will increase the value of BI and drive its growth social and content analytics. Combining these capabilities with support for extreme data volumes and consumer-oriented tools opens up possibilities for a broad range of new, high-value BI applications and will be another driver of growth. Navin Fluorine International Limited, (NFIL) a Mumbai based fluorochemicals company deployed BusinessObjects’ BI tool in less than seven months. Created 136 business intelligence (BI) reports and 25 dashboards for use by senior management, covering raw material costs, production costs, sales, collections, and more. And all this was top driven. The company was already on SAP and this implementation acted as an extension for them.
“The biggest beneficiary was senior management, who can now manage the day-to-day business operations through dashboards generated using the SAP BusinessObjects BI package and automated reports. Managers can easily monitor daily sales, compare them with last year’s sales, and view a detailed breakdown of sales by customer or product,” opined Seshadri V, General Manager—IT, Navin Fluorine. 3. BI as a Decision Platform: Gartner's user surveys show that "improved decision making" is the top driver of BI purchases. Capabilities that will evolve BI from an information delivery system to a decision platform will increase the value of BI and drive its growth. Joshi explained how improved decision making for the key focus of their BI implementation rather than looking at just RoI. “Earlier top management used to departmental reports—multiple reports—financial report, project report. No single view of the organisation was available. Effective decision making was a challenge. Now first
“Solution providers take a lot of time to understand the requirements, create a solution, etc., while the users demand quick a solution”
photo BY Subhojit Paul
—KN Swaminathan GM-IS, TVS Motors
Expectations from BI: To convert data into meaningful information for realtime analysis
32
cto forum 07 july 2012
The Chief Technology Officer Forum
m a k i n g d ata s i n g
thing in the morning you get access to the entire organisation’s health. We’ve moved from a weekly reporting to a real-time reporting using role-based dashboards,” said Joshi.
Getting the building blocks right Business intelligence is not just a tool but a massive exercise for an enterprise. Therefore, before embarking on the journey it is important for an organisation to understand what value it wants to derive from the implementation. This is important because if only a certain department needs business intelligence, the enterprise could go for a function-specific solution rather than a generic organisation-wide implementation that would neither serve the purpose nor reduce any cost. Once that is done, the enterprise needs to identify the sources of data. “Make sure you know where your structured and unstructured data resides in the organisation that holds business value. This data can reside in databases, file servers, social media and individual computers. Lack of visibility into the data sources would render all BI efforts useless,” opines Nishchal Khorana, Head - Consulting, ICT Practice, Frost & Sullivan, South Asia & Middle East. Next step is to make sure siloes of data sources are integrated so that the BI tool can easily fetch the data. A good example of this approach is Godrej Industries. Before going for Business Intelligence, Godrej Industries standardised and integrated its IT infrastructure across the group. “For any BI deployment to work effectively, it should be able to access data from various sources. After integrating our IT systems, our reporting is more granular and we are able to derive better analysis,” Joshi said. Finally, a BI implementation can only be successful if there is user acceptance for the same. According to Joshi, “Making users shift from Excel sheets to a BI tool can be extremely challenging. It is therefore important to take a top-down approach. We were able to convince our top management to start using BI tools instead of Excel sheets and after they realised the benefits, the trend saw a trickle-down effect in the entire organisation.” Vendors also play an important role in getting started on a right note. According to Swaminathan, the main reason for the slow adoption of BI is the lack of a proper tool from any vendor which can be configured and implemented immediately. “All solution providers want to take their own sweet time to understand requirement, create a solution, etc., while the users demand quick a solution which can be implemented in a week's time and can be enhanced with ease and speed,” he said.
COVE R S TO RY
Common Mistakes in BI Going Big Bang: You may underestimate challenges. It’s always better to go for limited scope pilot and then scale it up Expecting clean data: There is nothing like a clean data. So make sure that the project / deployment should work with less than perfect data Competing with Excel: Many warriors have fallen flat trying to kill excel. Try to make excel an important part of your BI landscape rather than competing against it Inability to find takers: Without the champions and early adopters, BI projects cannot be sustained Going by the promises made by pre-sales executives of vendors: Instead experiment with the tools and your own data, understand the infrastructure requirements properly. Just going by the size of data may not be enough Change management: BI projects succeed where the organisation has data culture. If your organisation does not have, first focus on the same.
In any case, IT needs to take lead in such deployments and sensitise the business users about the key benefits of BI and how the technology can enable them to perform better and take wellinformed decisions.
Road Map Analysts have clearly seen a positive growth curve for BI, as customers do shift from measurement to analysis, forecasting and optimisation. Going ahead, Gartner predicts that interactive visualisation, predictive analysis, dashboards and online analytical processing (OLAP) usage will increase, with data discovery platforms also earning the highest ease of use and complexity of analysis scores. Vendors and CIOs agree that there would be increased proliferation of interactive visualisation tools, more integrated data mining and packaged analytic applications that encapsulate the complexity of using sophisticated BI analysis tools from business users. CIOs are in sync with Gartner’s predictions in terms of working out ways to absorb BI more aggressively. For instance, Joshi plans to expand the Godrej Industries’ BI footprint to encapsulates all major business functions across the group companies. The group is already in the process of providing drill-down dashboards to senior management on their iPads. The Chief Technology Officer Forum
cto forum 07 july 2012
33
Key Challenges for BI: Data is still non-standard, siloed, dispersed and unstructured
Analytics is Now
Strategic
In a conversation with Varun Aggarwal, Nishchal Khorana, Head Consulting, ICT Practice, Frost & Sullivan, S. Asia & Middle East discusses the evolution and importance of analytics in enterprises 34
cto forum 07 july 2012
The Chief Technology Officer Forum
m a k i n g d ata s i n g
Where do you see the enterprises using analytics the most? What are the key trends in this space? The way enterprises conduct business is changing. The economic uncertainties, market uncertainties and factors that govern business are getting more complex. Given this environment, CIOs, CEOs and business leaders require far more informed decision-making capabilities. They need more information from different data sources. This information isn’t just required at the corporate level but also at the functional level. For this, business intelligence and analytics is a must for any enterprise today. Even analytics has evolved from offering insights using just historical data to a tool that is used for operational purposes. As the next phase in the evolution, analytics is increasingly being used for strategic decision making and forecasting based on not just historical but also real-time data. Following are the key trends in the market: Mobility: Enterprises want to enable their employees with mobile devices. This involves not just basic transactions on the go but the availability of analytics tools on the mobile. Managers want analytic tools that can fetch data from CRM and Sales Force Management on the go. Big Data: Enterprises have spent a lot money on building enterprise mobility strategies, social media strategies, video conferencing capabilities etc. This generates humongous amount of unstructured data. There is no value derived out of these investments until and unless the right analytics tools are built on top of them. That’s where enterprises are moving to the next level and use their existing investments to derive competitive advantage. Cloud-based offerings: SMBs have been able to manage smaller data store and want to deploy analytics. However, the cost of infrastructure is often high to be able to build analytics over it. SaaS solutions in analytics space are enabling even SMBs to have access to analytics, which was previously affordable only for the enterprises. Bundled Offerings: Vendors are increasing offerings bundled solutions in the BI space to offer it as a commodity solution. BI is bundled with both hardware and software making it more accessible for enterprises. What in your opinion are the key components of a next gen analytics solution? A next generation analytics solutions would including higher computing capabilities for faster and
COVE R S TO RY
more real time analytics using technologies such as in-memory computing. The solution should be capable of providing an integrated view of the entire organisation using a single dashboard. Next gen analytics solution would also be a costeffective solution with dashboards and reporting based on employee role. As far as cloud based solutions are concerned, the currently available solutions are more focused towards SMBs and offer mostly limited capabilities. A next gen cloud BI solution would be able to provide a feature-rich, low-cost solution that can be deployed by both SMBs as well as large enterprises who do not want to make capex investments. What are the key challenges for enterprises in deploying a BI/ BA solution? One of the biggest challenges in BI deployments today is that data is still non-standard, siloed, dispersed and unstructured. Moreover, people often do not know what they want from their BI deployment—what do they want to achieve from it. They need to understand whether they need BI for simple reporting or they need a dashboard capability, whether they need reporting on a monthly, weekly or real time basis. Real utility of a BI tool only happens when the end-users start using the tool. People are often used to Excel sheets and are often reluctant to move to BI unless they know BI will enable them to do more with less or add value. For this, the IT team needs to work closely with the business to understand their requirements and their expectations from BI. What should CIOs do in order to ensure a successful BI deployment? There are some key things that a CIO must be careful about while deploying a business intelligence and analytics solution: 1. Identify the sources of data. Make sure you know where your structured and unstructured data resides in the organisation that holds business value. 2. Next step is to make sure siloes of data sources are integrated so that the BI tool can easily fetch the data. 3. Make sure you know what you want from the BI deployment 4. The last step is select the right vendor to meet your needs It is important to follow these steps as against selecting a vendor first and then looking at finding and integrating data sources.
The Chief Technology Officer Forum
cto forum 07 july 2012
35
COVE R S TO RY
m a k i n g d ata s i n g
Analytics is
Evolutionary Analytics was deployed in a phased manner at Aircel as the company believes there are several areas that need to be stabilised within any organisation before embarking on the analytics journey By varun Aggarwal
T
elcos have to deal with humungous amount of data on an everyday basis. The overwhelming data that is generated is of little use unless it is structured in the right way and tools are used to analyse it effectively. Aircel, one of the fastest growing telcos in the country, embarked on its journey towards intelligent data analytics as early as 2009. The aim was to enable intelligent decision making in every department within the organisation. After excessive evaluation process, Aircel decided to go with BusinessObjects’ Warehouse and Business Intelligence solutions. However, Aircel adopted a phased approach towards the deployment as Bharat Bhushan Ahuja, AVP—IT, Aircel explained, “Business intelligence and analytics is not like a typical software implementation. You need to get the basic building blocks right before going for a full-fledged deployment of analytics.” Before even adopting BI, Aircel’s focus was to integrate its IT systems to provide meaningful insights for the BI tool. Yet, for first two years, Aircel used the BI tool as more of a MIS tool in all major departments, which included marketing, business finance, sales etc. “This was an important step to take since you need to convince users about the quality and reliability of data generated from the analytics engine,” Ahuja explains. Once the MIS was stabilised and the users had confidence in the data generated, Aircel moved to the next level and since the last one year or so, is using analytics for informed decision-making.
Not an easy road to take One of the major challenges faced by Aircel during the deployment was that of data quality. Matching the data to
36
cto forum 07 july 2012
The Chief Technology Officer Forum
meet the business user’s expectations was an uphill task. For this, the IT team had to work closely with the business users to understand their requirements and tune the analytics engine accordingly. “We aligned with the business finance initially for BI since they were crunching a lot of data already. Now they understand the importance of analytics and they are able to get better insights. After this success, we moved to the Marketing department. We made them understand the importance of analytics, made them train the users and understand the importance of BI,” Ahuja said. These two success stories within the organisation helped sensitise the users across the organisation about BI. The second biggest challenge was that of change management. Senior managers who are masters in Excel sheets find it very hard to a new way of report generation and analytics. “Telecom is data intensive and building trust on the data generated by analytics takes time. The biggest challenge was to educate the business users about the benefits of BI and what more they can do with the tool,” Ahuja explained. Controlling data quality was another major challenge, which was overcome by working closely with the business and taking a phased approach. “Had we jumped to analytics without stabilising the data quality at the MIS level, the project wouldn’t have been successful,” opines Ahuja. Finally, technology that appears to be seamless can also be challenges in the real world. As BI is still an evolving technology, new versions of software are introduced at a regular intervals and that takes a lot of time of the IT team just to understand the system. “Moreover, compatibility with the previous versions and existing applications is never as seamless as it is made out to be. Therefore, solv-
photo BY Subhojit Paul
BI Success Mantra: Get the data quality to an accepted level for the business
ing these technical issues is a time consuming task,” Ahuja said.
Benefits achieved Even though the journey towards a successful implementation was filled with many road blocks, Aircel was able to garner enough benefits from the deployment that undermine all the challenges faced during the deployment. “Today analytics is an important part of our entire organisation. We are seeing increasing adoption of BI in every department of the organisation and there are demands from management every other day to add newer dimensions to analytics. That speaks volumes about the acceptance of the solution,” Ahuja elucidated. Even though Ahuja believes that quantifying RoI for a BI deployment is not a straightforward thing, there are various other means through which business benefits can be highlighted. Take for example, asset utilisation. Using analytics, Aircel was able to improve the utilisation levels of its assets siginificantly, creating a direct impact on the bottom line. Secondly, channel partners play an important role in the success of a telco like Aircel and analytics helped
map the behaviour of its channel partners and enabled Aircel to deal with them more effectively. Finally, adding to the top line, analytics helped the company create new products that were targeted to specific markets and specific profile of users after gaining insights into usage patterns and user behaviours. As a step forward, Aircel is also looking at using analytics for customer services delivery and the network, which forms the core of the company.
Lessons learnt Through this ongoing process of learning in the business intelligence, there were many lessons learnt by Aircel. According to Ahuja, while embarking on a BI journey, “The first step is to setup your basic data source machine—whoever generates the data needs to be well controlled. You also need to know where the critical data reside.” The second step is to align with the business. “Get the data quality to the acceptable level for the business and then move forward. If you have specific segment for analytics—look at a specific data mart instead of a standard data mart for the entire organisation,” Ahuja opines. The Chief Technology Officer Forum
cto forum 07 july 2012
37
ThoughtLeaders Karl Horne |
karl horne is the CTO for Ciena
Seeing – and Securing – the Light! The Role of Optical
Encryption in Securing Networks Safeguarding confidential or proprietary information has never been more critical than it is today. In a single hacking operation uncovered recently by McAfee, hackers penetrated 72 companies and organisations in 14 countries–among them the International Olympic Committee (IOC), the World Anti-Doping Agency, the United Nations and the ASEAN (Association of Southeast Asian Nations) Secretariat, as well as a number of governments, including Canada and the United States. Events of this type underline the growing importance of information security in business and political environments. Naturally, organisations in these environments are actively taking measures to protect the information stored in their data centres from unauthorised access. IT managers and CIOs have reacted to this challenge with an array of techniques for managing user access and credentialing, intended to secure critical IT infrastructure within the data centre, such as servers, databases, routers, and switches. In the majority of cases, however, secure communications are also
38
cto forum 07 july 2012
The Chief Technology Officer Forum
necessary beyond the walls of the data centre, as information traverses a larger, potentially worldwide network–often even the highly vulnerable public Internet itself. As increasingly more sensitive information gets distributed across fibre optic networks– through VPNs and in applications such as virtualisation or cloud computing–a comprehensive IT security approach must now encompass not only server security and at-rest encryption, but also a robust encryption solution for data “in-flight”. Sophisticated in-flight encryption techniques can camouflage traffic so it cannot be read or manipulated, and can even disguise the fact that there is traffic flowing at all.
Is Fibre Vulnerable? - Yes Historically, fibre optic networks have been considered an intrinsically secure mode of data transport, and that opinion tends to persist today. Because light, rather than electrical current is used to transmit data between networking points, the perception is that information is “naturally” difficult to intercept. The truth is, while fibre-optic cables indeed
“A comprehe nsive IT security approach must now encompass a robust encryption solution for data 'inflight'”
are one of the most secure forms of communication infrastructure, they are far from immune to eavesdropping. In fact, with the right tools and knowledge, eavesdropping and intrusion are not much more difficult than compromising a copper wire. While a large portion of the world’s optical fibre plant is difficult to access, that is certainly not the case for all of it. If and when intruders gain access to the fibre optic cables, they can extract light from the ultra-thin fibres using one of several methods. The simplest, and one of the most difficult to detect, is called bending. In this method, a clip-on coupler is used to create a micro-bend in the cable which makes a small amount of light radiate through the fibre’s cladding. A photo-detector then captures the leaked light and an optical/electrical converter transforms it into a binary, electrical signal which can be processed by external hardware and software to extract valuable information. Only later generations of optical transmission equipment can detect subtle changes in optical power caused by bending, and even then,
Karl Horne
network operators must be watchful and knowledgeable of such changes indicating a potential intrusion. Another intrusion method involves splicing, where a splice in the fibre is created to tap into the transmitted signal. As this technique requires interrupting the light path, it also causes an interruption in service, so it is easier to detect by network operators. Even millisecond level interruptions can result in the traffic being rerouted to a protection path, which will surely make operational staff aware of a potential problem on the link. Methods are now also available of tapping optical fibre without actually physically touching the cable. These contactless taps inject additional light into the cable and extract information on the original optical signal by analyzing interaction between the two light streams. Regardless of the method, a fibre intrusion compromises the entire signal. For this reason, encryption has been and will continue to be a key preventive technique.
Where to encrypt? As many networking applications use Internet Protocol (network Layer 3) for data transfer/ communication, application-level encryption often seems to be the most logical choice for IT managers and CIOs. In this approach, data is encrypted before it reaches optical network elements for transmission over fibre. With the right encryption standards, this approach certainly provides sufficient security for many IT applications, particularly those that are not data-intensive or time-sensitive. Further challenges can exist when multiple traffic streams–of different formats–need to be secured over a common MAN/WAN. Traditional encryption solutions in this environment can be cumbersome and costly. As individual traffic streams require individual encryption devices often specific to the protocol involved, multiple ports on each MAN/WAN network element are consumed, adding to the cost and complexity. Whether the connection is supplied by a carrier managed service or an enterprise-wide network, bandwidth is used inefficiently and end-to-end management is complex. Furthermore, encryption key management is burdensome and labour-intensive.
What to look for in an optical encryption solution Choosing an optical encryption solution involves balancing a number of requirements. Key points to consider should include: a) Regulations compliance: The globalised nature of today’s business means that firms need to adhere to a multitude of information security related regulations, as well as constantly monitor their level of compliance. For example, a typical international
Thought Leaders
Methods are now also available of tapping optical fibre without actually physically touching the cable financial company with operations in the United States needs to comply with a range of regulatory standards, including Sarbanes-Oxley, PCI-DSS, ISO 27001 and Basel II, as well as potentially a multitude of other national and international regulations. It is essential that the solution chosen ensures compliance with these crucial laws. b) Security level and security standards compliance: Robust encryption schemes must offer high levels of intrusion protection, and should further comply to accepted, certified standards and conventions. 256-bit encryption algorithms are recommended, as well as the ability to frequently refresh encryption keys. Ciena’s own wire-speed encryption solution, uses a FIPS-certified, 256-bit Advanced Encryption Standard (AES 256). As a measure of effectiveness, these standards are approved by the US government National Security Agency (NSA) for information classified as secret or top secret. c) Latency: As discussed, for some of the more latency sensitive network protocols and IT applications the excessive delay in the encryption solution can be detrimental to application performance. State-of-the-art optical encryption solutions should be able to minimise latency, ideally not to exceed a few microseconds. d) Transparency, scalability, and future-proofing: As networks evolve, they inevitably add more scale and broaden the range of service and protocol types that need to be supported, and ultimately, secured and encrypted. The Chief Technology Officer Forum
cto forum 07 july 2012
39
T E C H FOR G O V E R N A N C E
securit y
5
POINTS
ensure your team and users make the most with the tools available Soak up knowledge from other disciplines and apply in information security byod losing in control of the device but gaining better control of data is a win-win scenario
Illustration BY manav sachdev
information security does not purely live within the technical domain i t's not that email doesn't work, but users tend to have misguided expectations
Debunking
Information
Security Myths An approach that will help you turn your people from your greatest weakness to your greatest assets and advocates for information security. By Javvad Malik
40
cto forum 07 july 2012
The Chief Technology Officer Forum
securit y
T E C H FOR G O V E R N A N C E
Myth [mith] – noun An
unproved or false collective belief that is used to justify a social institution Myths have existed throughout history in different cultures and times. Sometimes these are created by dynasties in order to pad out their history a bit to make them seem far more awesome than they actually were. In other cases, it’s just a bit of Chinese whispers and misunderstandings that lead to myths being created. The information security industry isn’t excluded from having its own share of myths. So, I got in touch with some European security professionals to share their views on some of the biggest security myths that need busting.
01
Product x will solve all our security problems
stories of what worked and more importantly what didn’t. When you’re looking at buying a piece of security technology, no matter what, ask yourself whether or not you’re able to factor in the cost of gaining and maintaining the necessary know-how to get the most from it. If you’re spending thousands of pounds rolling out software and hardware, you need to put funds and resources aside to make sure that your team and the end users can make the most with the tools available. It can save you way more than you spend if you get it right and when you do, make sure others know.”
02
But we’re so young
An ISC2 Director, an organiser of BruCon, Steve Lord, a Principal at Mandalorian, one of the host ofEurotrash Security and contributor to PTES, founders of 44Con, a regular speaker at many secuit’s not an understatement to say Wim Remes is rity conferences and someone who genuinely scares deeply involved in the security industry. me with the level of technical knowledge he posSo what better person to ask about infosec myths? sesses. When I approached Steve to give his views He started off by saying that there aren’t just myths on what he considers to be a big security myth, he within security, but there are myths built on myths, responded, “The biggest security myth in my opinsupported by myths. ion is the incredibly pervasive idea that products The one myth he particularly would solve problems.” like to see dispelled is the notion that we are a I found this rather strange coming from a young industry, “We are getting pretty good at foolperson whose day job mainly involves breaking ing ourselves that we are a young industry and most into networks and analysing malicious code. Sensof our faults and mistakes should be ing my doubt he elaborated, “Almost all forgiven on that premise alone. I don’t of the customers I work with will spend agree with that view because, and here much more on technology than they do comes the surprise, almost everything on people. we do, or very similar stuff, has been More often than not the spend on done before in other fields. technology is on complex expert There is a wealth of knowledge systems that require specialist knowlData will be on to be soaked up and applied inside edge to deploy and maintain. While it’s cloud in the our little bubble from disciplines like possible to send people on a product next five years law, medicine, psychology, linguistics specific course there’s often very little and so many more! What I would recknowledge sharing after the event and ommend to anybody in information I’ve yet to see anywhere that pays more security is to study those disciplines than lip service to retaining people a and apply the awesome stuff in our own little while after that investment.” realm. Let’s not reinvent the wheel but perfect I prodded him further, asking what could be done one that already exists and make it fit our to dispel this myth. “The only way we can improve broken vehicle.” things is to collaborate more with our peers, share
36%
The Chief Technology Officer Forum
cto forum 07 july 2012
41
T E C H FOR G O V E R N A N C E
03
securit y
We can control our users
Quentyn Taylor is the CISO of Canon Europe, I thought if I included him, he’d be able to get me a nice deal on a new Canon camera. That didn’t materialise, but he did share his thoughts on what he regarded a myth in that there is a misguided belief placed that one can control their users. “Bring Your own Device (BYoD) really has shown that in the majority of cases one cannot control and it is far better that instead of trying to control the tide to use it for your own purpose. I.e. in BYoD losing control of the device but gaining better control of the data is a win / win scenario, the user gets what they want and infosec loses control of something that they didn’t want, the hardware asset, all the while gaining control of what is really important, the data.”
04
Security is for techies
Neira Jones is the Head ofBarclaycard Security. She possesses a vibrant energy and enthusiasm which is infectious. I did make the assumption that due to her current role she would pick up on a myth surrounding compliance. Instead she wrong-footed me by saying, “One of the common myths or misconceptions about information security is that it’s something that lives purely within the technical domain. As a result you have security tarnished with well-worn brushes of it being too expensive, too complicated, prevents business innovation or doesn’t bring any value. However, according to Jones, a portion of blame lies within the information security community for this, “the information security community has also been, on the main, guilty of perpetrating a certain mystique by relishing in the kind of techno-speak that our business colleagues will never be interested in.” What can we do about this? Jones flashes her trademark smile before responding; well I’m assuming she would have smiled had we not been communicating over email. “So, let’s start talking security in plain English to dispel this myth. Security should be an inherent and recognised part of any business at all levels. At the risk of being trite, it’s about People, Processes and Technology.”
42
cto forum 07 july 2012
The Chief Technology Officer Forum
05
Code-breaking is a man’s world
Dr. Sue Black is one of my heroes. I don’t say that lightly either, a one person machine who’s worked tirelessly to save Bletchley Park and whose contributions to information security are undeniable. Anyone with their own Wikipedia page must be legit. For this reason I was slightly apprehensive about approaching the good Doctor. What if she ignored me, what if she was rude? Thankfully, though she’s as pleasant as she is awesome, which made me feel at ease, but also envious of her at the same time because I don’t like people who appear too perfect. Dr. Black often encounters the myth that the code breakers at Bletchley Park were men. A view, that even she, herself may have held until she got closer to Bletchley Park through her work in trying to save its heritage, “Through my involvement with Bletchley Park over the last few years I’ve got very excited about the fact that several of the code breakers were women.” But she’s doesn’t mean a small minority of women relegated to meaningless tasks, as she continued to elaborate, “In fact, more than half of the ten thousand or more people who worked there were women. In 1941 Mavis Batey, nee Lever, cracked the Italian naval codes which led to a crucial victory for the British fleet in the Mediterranean at the Battle of Cape Matapan. She was just 19. Wow!”
06
Mobile security is all new
mobile application security introduces lots of new problems what service or product they are trying to sell them. When you look at the mobile app security issues that we have all tweeted, blogged and no doubt laughed about I don’t think any of them were down to something mobile specific or something we didn’t already know how to prevent or find in code. My own research shows that all of the big mobile application security issues so far fell into one of three categories (Data Security, Authentication & Authorisation and Data Access/Privacy) which we should all already be aware of and know how to prevent.” When asked on how people could become better informed on the topic he said, “I’d encourage people to use the mobile application security resources available from OWASP as these were put together by people with real world mobile application security experience. The OWASP Top 10 Mobile Risks is a good starting point whilst the ‘OWASP Top 10 mobile controls and design principles’ is a brilliant resource to help you design and develop secure mobile apps. I said mobile application security doesn’t really introduce any new security problems so your existing application security approach and training materials can be reused with a few tweaks to include some platform specific guidance around how you implement certain security principles such as secure storage.”
07
Email is a modern way of communication
Leon Van Der Eijk is a security researcher at the Dutch CERT team. His response was David Rook is the Application Secuvery Dutch as in he pretty much got straight rity Lead atRealex Payments and the creator to the point. “The good old SMTP protocol of Agnitio, an open source code security tool. was not prepared for 2012” Like most people, David knows that it’s I was a bit perplexed by his response. difficult to specify one particular myth in Because as far as I could tell, it infosec. But I kept badgering was 2012, and email, which uses him to nail it down to one spethe SMTP protocol is very much cific hot topic until he finally alive and kicking. I asked him caved in, “I’d have to go with if he was in an Amsterdam cofmobile application security fee shop, but only in my head. I right now. of companies didn’t want him to think I was There are a lot of people makstereotyping the Dutch. So I ing this out to be a whole new, were informed big problem whereas in reality of intrusions by asked him to elaborate in a diplomatic way, to which he said, there is nothing new. In fact a third party “It’s not that email doesn’t I’d go as far as advising people work, but users tend to have to ask anyone who tells them
92%
securit y
misguided expectations as to what can and cannot be achieved. At my day job people can get frustrated when they receive a spam email. Computers are very good with numbers, they are lousy in reading. So every once in a while a spam email gets through our defenses.” He advises against people panicking or getting worked up about it. But people swear blind that they’ve never signed up to a mailing list so are perplexed by how they still end up receiving spam. Leon breaks it down like this, “The first time you send an email from a freshly generated email address be it Gmail, Yahoo or whatever, you’ve lost track of your email address. Period! You can’t keep track of every email you send out. Machines get owned all the time and your address is exposed.”
08
We can make it 100% secure
Renowned security researcher Robin Wood has spent many hours neck deep in code, but what baffles him is that he still encounters a good number of security professionals, especially those new to the industry, believe that all businesses can be made 100 percent secure and then get annoyed and surprised when they aren’t. “A colleague recently commented “if they just put a firewall in here, here and here, it would protect everything”. I tried to explain that to put in a bunch of new firewalls isn’t that simple, it takes time to spec and then source them, an initial cost outlay to buy them, time to do the initial configuration then ongoing maintenance.” Aside from the technology, there are other realworld challenges they fail to take into consideration, “They also have to fend off all the business units that have their processes disrupted and cope with the change requests as those processes change. That is just one example where what seems to us, as security people, that there is a simple answer to securing a business but when you think beyond the idea of “just do ….” you soon realise that it isn’t that easy.”
09
The illusion of security
Arron Finnon is a sought-after security researcher and host of the Finux Tech Weekly(FTW) security podcast. Finnon believes the real illusion of security lies in the over reliance of technical controls at the detriment of user education. He spoke of an incident he witnessed, “After dropping my young child off at nursery I was on the bus on my way to work, when I noticed a person outside their house lift a stone and remove a key from underneath, and then proceed to unlock the front door. This all happened on a main road that was busy with traffic and in full sight of everyone on the bus. The very nature of the locked front door had been totally
T E C H FOR G O V E R N A N C E
A few years ago there were people claiming open source is secure and before that having a firewall would make you secure. It doesn’t work like that, nothing is simply secure defeated, in short this person had shown to everyone that noticed how insecure their home actually was. Two things hit my straight away; firstly it seemed that I had been the only one that had noticed, and was totally in shock. No second thought, not attempt to even hide what they were doing. Secondly that how do we begin to talk about security and its risks if the very premise of a lock and its key is ignored? It’s a myth to think that we will ever be secure when the very people using security have no care for it functioning correctly. My only thoughts on fixing this issue in particular are that it’s a long path indeed. That in the end, security must be taught from the front doors of homes, to the telephone conversations on trains, to the very real threat of breaches that everyone works so hard to defend.”
10
Product x is secure
11
We’re not worth attacking
Jitender Arora is a high end security expert specialising in interim security leadership positions and leading global transformation projects. As a regular speaker at conferences, I knew the best chance I had to grab a few minutes of his time was to ambush him paparazzi style after a talk. After a long Q&A session he came down the corridor and I seized my opportunity to put the question to him, and in his typical style he didn’t miss a beat before answering, “Myths change every day. People don’t learn from previous mistakes. The biggest myth I’m facing these days is where users are coming to me believing that iOS is secure. A few years ago there were people claiming open source is secure and before that having a firewall would make you secure. It doesn’t work like that, nothing is simply secure.”
Brian Honan is a globally respected security professional, CEO of BH Consulting and founder of the Irish Reporting and InformaThe Chief Technology Officer Forum
cto forum 07 july 2012
43
securit y
tion Security Service (IRISSCERT) which is Ireland’s first Computer Security Incident Response Team (CSIRT). Having worked with many organisations of different size, Brian pointed out that one of the most common myths he gets from companies is a variation on, “We are too small/have no interesting data/don’t store credit cards for criminals to be interested in attacking us.” “But surely logic would dictate that smaller companies are generally less targeted.” I said, checking to see if his story would hold up to a bit of scrutiny. “I mean, if I were to attack a company, I’d make it worth my while and attack someone big rather than Grannies sweet shop.” With his usual charm, Brian shrugged off my feeble heckle and gave more details, “Companies need to realise that all data has value and as such criminals are interested in that data. Also they need to use computer resources like everybody else but rather than pay for their own computers and bandwidth they would rather use yours for their own nefarious means. So criminals are interested in you no matter how small or how little data you have. They are interested in your bandwidth which they can use to attack other systems or to send spam, they are interested in your computers which they can also use to infect other systems, attack other systems and to send out spam, they are interested in your storage so they can store their own material be that child abuse material, stolen sensitive data or other criminal material and they are interested in your webserver which they can use to host phishing sites, share their illegal material or to spread malware by infecting unsuspecting users to your site.”
12
Information security equals IT security
Kair Roer of the Roer Group, security expert, author and truck driver is one of the most positive people you’ll ever meet. The type
44
cto forum 07 july 2012
The Chief Technology Officer Forum
of guy who has an answer for almost any question you pose to him, so it was natural he’d be on my hit list of security professionals to contact about myths. He was quick to respond that a common myth held by many is that information security equals IT security. He says, “Information Security is the holistic view of how you value, use, store and protect information in general, within any organisation, large or small. Whereas IT-security is a part within Information Security, it is more to Information Security. Information Security also includes informa-
They seem to think it came with the Internet and the first firewall. They are wrong of course (see previous myth) since they mistake infosec for IT-sec. Some are smarter, and consider the Enigma crypto machine to be an early example of information security. Again, they are wrong. Not only decades off, we are talking millenniums off target. Consider people like Da Vinci, who constructed the mechanical, encoded papyrus transporter, a device that would destroy the message if the container were enforced open. That was 500 years ago. Go back to Julius Caesar, who as far as I know was one of the very first to encrypt his messages to his legions. These are only two examples of information security – long before IT, computers and high-tech.“
Your company is secure because you haven’t been hacked yet
13
tion, systems and knowledge that does not use ICT. Some examples include physical security, safety, compliance and business decisions like mergers & acquisitions to name some.” Although this is a very valid observation, I asked Roer for another myth with more “teeth”. I’m not sure how that question translated across email, but he kindly responded with his thoughts on another myth that people think information security is something new. “Somehow, it seems like many people I talk to believe information security is new, like the new kid on the block.
Chris John Riley, security researcher and co-host of the Eurotrash Security Podcast. When talking to companies this is something you unfortunately are used to hearing at one-point or another. The mistaken belief that a company is secure simply because it has yet to be hacked, is prelude on the fact that the company’s security monitoring and alerting are sufficient to raise the red flag when an attack does occur. If the statistics are anything to go by, then this is definitely not the case. According to the 2012 DBIR report, 92 percent of companies were informed of intrusions by a third party. Even if your company’s logging and correlation are state of the art, without somebody trained to monitor, tune and react to alerts, then they’re only useful in the forensic analysis if why your company failed to detect your secret formula walking out the door. -This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
Illustration BY manav sachdev
T E C H FOR G O V E R N A N C E
securit y
T E C H FOR G O V E R N A N C E
The App Security Programme Five reasons to have a programme to deal with application security By Jasmine Noel
M
any organisations looking at application security for the first time struggle with understanding why they should take a programmatic approach to tackling application security. I’ll touch on five reasons in this article to have a program to deal with application security.
1) Address the full scope of the problem A quick look at Quocirca’s survey results shows that financial services organisations track around 800 mission-critical applications, those in other industries track around 400 applications. Those applications are conduits to corporate data and intellectual property. The simple fact is that if someone wants your intellectual property, they are going to use software you bought, built or outsourced to get at it. In our SOSS Feature on Public Companies, we looked at results from several other research projects that track the root causes of data breaches. While none of these research methodologies are perfect, the data from these projects shows that remediating application vulnerabilities goes a long way towards putting a data loss prevention program in place. Securing a handful of applications isn’t going to work anymore. An application security program gives organisations
a way to deal with the large scale of the application risk by making the application conduits to your data as difficult as possible for unauthorised people to use.
2) Simplify the compliance effort Increasingly, industry standards bodies are incorporating requirements to show evidence of how you protect against data breaches and patch software vulnerabilities. It seems like every month I get a request to show how our platform helps a company comply with a standard that I’ve never seen before. Usually I just point folks to one of our webinars on policy management, because what an application security program does is help organisations create selfcomplying software development lifecycle (SDLC). By that I mean that security testing and remediation and retesting are integrated into the SDLC. Then the results are automatically analysed and reported to show compliance (or progress towards compliance) with the OWASP Top Ten or SANS/ CWE Top25, which most standards bodies will accept as evidence.
3) Knowledge is power Managing risks is about making tradeoff decisions. Anyone that participates in fantasy sports leagues instinctively knows this because they have to make tradeoff decisions every week. Would you start or sit a player that’s hurt? The Chief Technology Officer Forum
cto forum 07 july 2012
45
T E C H FOR G O V E R N A N C E
securit y
The answer is maybe – it depends on what you know about his injury and what role he would play in your game plan. Managing application security risks is about making a different set of tradeoff decisions. Would you put this application into production with vulnerabilities? The answer is maybe – it depends on what you know about the application vulnerabilities and what role the application would play in achieving a business goal. Security policies are supposed to encapsulate that knowledge. The problem is that organisations often don’t know much about their application inventory, or their application’s vulnerabilities, or the risks those vulnerabilities pose, or which vulnerabilities to fix and when, or what they are doing right and wrong when it comes to managing vulnerabilities. A program provides a focal point for collecting and analysing information related to application security so that you can make better decisions.
Large organisations purchase and outsource development of a ton of software – their development teams also depend on software platforms and libraries from third-party vendors to speed up internal development. Because organisations have little control over third-party source code, the company must blindly accept the risks inherent in third-party software. While many purchasing and outsourcing contracts include language about software security, it’s been a toothless requirement depending on verification questionnaires which are probably filled out by the vendor’s IT executive, who probably has a plateful of other concerns. An application security programme can enable procurement departments to develop some verification teeth using application testing methodologies to determine the actual software risk which procurement can use as a leverage point during negotiations.
5) Organisational change As one of my executive mentors keeps telling me, “a strategic change plan is something I must repeat to everyone over and over again until they get it, so I’d better make it simple enough to explain in a few minutes but I’d better have a framework
46
cto forum 07 july 2012
The Chief Technology Officer Forum
Illustration BY anil t
4) Enable third-party vendor management
An application security programme gives enterprises the opportunity to organise their efforts around a strategic plan behind it so I can back it up with dashboards and metrics.” An application security programme gives enterprises the opportunity to organise their efforts around a strategic plan which can be widely communicated. With an application security programme, you can lay out a framework for: Tying security activities to business goals and requirements, which you will need to initially garner executive support and keep them interested as time passes. Building a step-by-step implementation roadmap, where each step is designed to deliver tangible results.
Measuring your results, where you choose metrics that matter to your executives in terms of organisational culture/behaviors (e.g. number of development teams scanning application builds), key business processes (e.g. no. of apps rolled back by QA), and the application portfolio’s risk profile. So those are five reasons for a programme, would love to hear of other reasons your company has adopted a programme. -This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
NEXT
illustration BY shigil n
HORIZONS
Cloud Collaboration
An evolution in the role of the IT department calls for a tighter alignment between the CIO and the CFO
C
loud computing has the potential to dramatically change the IT and business landscape. However, the journey to the cloud is not an overnight trip. For most large organisations, the move to cloud will be an evolutionary process not a revolutionary phenomenon. This evolutionary journey requires a proactive and thoughtful approach that combines a technology and financial roadmap.
By Tom Adams
Business benefits of cloud are significant The business benefits of cloud computing can be significant. However, as with any truly disruptive technology, there are a number of pitfalls (both technical and financial) that must be avoided. These factors create a necessity for CFOs and CIOs to work collaboratively on developing a strategic roadmap to cloud that helps uncover these pitfalls. Having a strategic plan up-front will be critical for enterprises The Chief Technology Officer Forum
cto forum 07 july 2012
47
N E X T H OR I Z O N s
m a N Ag E m en t
to maximise the benefits and minimising the risks of cloud. The potential business and financial benefits of cloud computing are great -- reduced cost, increased speed, flexibility and instant access to innovation, to name a few. However, CFOs and CIOs must understand how to work together to build an effective roadmap to attain these benefits.
Understanding the cost of cloud Since the costs of cloud can vary depending upon the cloud strategy, it is important for CFOs and CIOs to be in lock-step as the enterprise-wide move to cloud gets underway. Many companies will want to adopt cloud in a manner that allows them to continue to maximise investments in their existing infrastructure. This means strategically integrating a customised combination of public, private and managed cloud solutions with existing IT. CFOs and CIOs will need to work together to set a budget that makes sense for their specific organisation and then work against it. However, it’s not just about the initial costs of cloud. CFOs also need to understand how to balance the subscriptionbased costs of cloud services with the cost of onsite IT maintenance. The CIO can provide insight into the service level agreements (SLA) costs and technology roadmap needed to migrate legacy systems as they evolve to cloud based services.
Since the cost of cloud can vary depending upon the cloud
strategy, it is important for the CFOs and the CIOs to be in lock-step
as the enterprise-wide move to cloud gets underway Wall Street with accurate forecasts on the company’s capital and operating expenses on a quarterly basis.
Anticipating changes in compliance and data security
As cloud solutions are selected and deployed within an enterprise, CFOs will need to establish new processes and policies to ensure that a cloud service provider meets all industry standards and security requirements. In some cases, an audit may be required to understand if the data associated with a cloud solution resides with the service provider or if it has been further outsourced or subcontracted to third-parties. Closely linked to the issue of compliance, is the issue of data security. For many CFOs and CIOs this is the primary concern associated with moving to a cloud-based solution provided by a third party. In addition, different types of cloud solutions -- public, private and hybrid -- offer different levels of security Understanding financial protection. implications Thoughtfully determining which busiWe’ve all heard time and again that cloud ness applications are ready for can significantly reduce a compa“public” cloud solutions (operny’s capex to create a more agile ated from a platform used by business environment. While multiple businesses) and those many consider this to be a good that require more “private” or thing, CFO’s need to understand dedicated operation is an importhat any capex reduction cloud growth of IT tant area for CFO and CIO colpresents may also come with an spending in 2012 laboration. increased opex expense that can present challenges of its own. to reach $3.6 The CFO will need the CIO’s Managing the threat of trillion insight to accurately anticipate “Shadow IT” any such change. Because the The emergence of cloud soluCIO will be closely monitoring tions has made technology the company’s evolution to cloud, they will much more accessible to users outside of be in a position to advise the CFO on any the IT department. Applications and solupotential shifts in costs and cash flow. This tions that were previously only accessible is critical for the CFO who needs to provide through IT specialists who had to build and
3%
48
cto forum 07 july 2012
The Chief Technology Officer Forum
operate them, are potentially now available to anyone in an organisation with access to a credit card. For the business side of an enterprise, cloud solutions may offer a quick way around the approval process and complexity of receiving access to applications from the IT department. For the CFO, however, this represents a challenge that could undermine years of IT investments and open them up to potential financial reporting inaccuracies. As empowering as it may seem for functional business leaders to “procure” their own IT solutions, CFOs need to work with their CIO to ensure that right processes and models are put in place to fully assess investment choices and to ensure optimal realisation of their value. This new reality will inevitably lead to an evolution in the role of the IT department that will require even tighter alignment between the CIO and the CFO. With a technical understanding of the data and infrastructure requirements needed, the CIO can help the CFO understand the associated risks associated with cloud and how they will be able to address likely CFO concerns such as data governance, compliance and required investment. Together the CIO and CFO can both raise their profile with the CEO and executive board by presenting a united front, and offering their shared insights on the business benefits of cloud. —Tom Adams is the managing director of HP Financial Services, Americas Region. He works for the Americas region which is comprised of the United States, Canada, Latin America and the Caribbean. —The article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com.
Mobility
N E X T H OR I Z O N S
Enhancing Mobility CIOs must work with their IT teams to create security policies to align with platforms within the firm
By Jamie Ryan
W
ithin the last few years, businesses have undergone a major transformation as the consumerissation of IT makes its way into the enterprise and bring-your-owndevice (BYOD) policies become more prevalent.
illustration BY prameesh purushothaman
Workers want the same technologies on the job As today’s workers are more frequently requesting the permission to use the same technologies on the job as in their everyday lives, IT departments have been forced to adapt to their employees’ preferences. As a result, corporations have had to implement policies to support the use of personal devices within the enterprise. According to a 2011 Citrix survey, more than 67 percent of senior executives and IT managers reported that they don’t have policies, procedures or IT systems in place to manage the use of personal devices for business purposes. But the requests keep coming as the consumerisation of IT further enables an increasingly mobile workforce. In order to strategically embrace this trend, CIOs must understand how these changes have and will continue to impact the enterprise. Rather than work to block these technologies, CIOs must find ways to leverage them while maximising employee efficiency and helping to streamline business processes.
Limiting the impact In order to implement necessary policies and provide appropriate IT support, CIOs must first take a holistic approach. They need to understand how the improved workforce mobility made possible by things like BYOD and unified communications (UC) programmes affect day-to-day business within the enterprise.Allowing employees to use mobile devices gives way to more fluid and streamlined communication and information-sharing across departments, one location, multiple locations, or in the field. Employees now have the capability to maintain real-time conversations with clients and customers and extend their services within and outside the enterprise. Maintaining this high level of availability to meet the needs of customers is a critical demand across industries, especially in fields where customer service is a primary business objective. UC and BYOD The Chief Technology Officer Forum
cto forum 07 july 2012
49
N E X T H OR I Z O N s
Mobility
cesses most companies already have in place. Additionpolicies can elevate the lines of communication and create ally, by using on-line recertification on an annual basis, an environment where productivity does not necessarily both the employee and corporation can manage the low require “clocking in.” overhead. The key is to balance usability with an approThis network of a stronger, more available set of priate level of audit and security compliance. employees will not only impact the day-to-day business process but it also prepares companies for the workforce of servers shipped of tomorrow. According to Bersin & Associates, by Consumerisation will continue its impact will be running the year 2014, 47 percent of US workers will be under The consumerisation of IT will continue to impact a virtualisation by wide spectrum of industries in unique ways. The contact the age of 35. The Millennial Generation is by nature more technology-savvy and companies that encourage center, the business we are in, is increasingly moving the year 2015 a more mobile and device-agnostic work environment away from a siloed environment that limits agents to a appeal to this population by offering tools and resources desk and quickly embracing agent mobility, for example. they are familiar with. Organisations can leverage the younger This agent mobility allows workers to deliver consistent customer workforces’ expertise and technical competencies applicable to service regardless of their location, inside and/or outside the call today’s mobile technology. center and breaks down the traditional silos within the enterprise. Contact center managers are able to make schedules more flexible, better address fluctuating call volumes, and grant greater freedom Proper security and policy to their employees. Management can also monitor call thresholds Proper security measures and back-office policies are key to BYOD and receive alerts on their mobile devices and have the ability to act adoption. An all-encompassing inventory of all the mobile soluimmediately. As technology continues to develop at a rapid pace, tions used by employees should be compiled. CIOs must then work employees want to use their own, personal mobile devices in the closely with the IT department to create appropriate security policies workplace and push these demands on the company IT decision to align with each unique and permitted platform used within the makers. CIOs are under pressure to adapt their IT infrastructure to enterprise. Does this mean CIOs should adopt an “everything goes” incorporate these new mobile platforms. Businesses that adapt to policy? Certainly not. CIOs should look at a “manage the middle” these changes and equip staff with the right tools in order to provide approach in order to bridge the gap between the consumer and the best means of communication with those inside and outside the corporation by identifying and allowing the devices that meet the enterprise walls will experience a more satisfied and productive defined security criteria. It is important to establish the appropriate workforce. In the end, isn’t that what the CIO’s role is all about? controls that align with the corporate policies and that make sense for that respective type of organisation. Once the proper security —With more than two decades of IT experience, Jamie Ryan serves as senior measures are finalised, CIOs must ensure the policies are effecvice president of IT and CIO at Aspect. tively communicated to all company employees and require written —The article has been reprinted with permission from CIO Update. To see acknowledgement and understanding of the guidelines from each more articles regarding IT management best practices, please visit www. individual. This can be easily incorporated into the on-boarding procioupdate.com.
20%
Is Surface Tablet an Alternative to the iPad? Microsoft's best kept secret created Surface. Will this be a game-changing tablet?
T
he Microsoft Surface tablet is everything eWEEK said these Windows devices would be, and a lot more: not just an iPad alternative, but a whole different kind of device that will make Apple scramble.
50
cto forum 07 july 2012
The Chief Technology Officer Forum
Here at eWEEK, we knew it would happen. Microsoft was going to announce a new tablet June 18, and it would be something that Apple couldn't really compete against. But the Microsoft Surface is much more than just a tablet, and it s much more
than just another iPad clone. Microsoft, in what had to be the company's best-kept secret ever, created a game-changing tablet that doesn't so much compete with the other tablets out there, as it has become its own thing. The Surface, named after a
Mobility
40-inch screen device designed to be a collaboration tool, is a tablet that runs either Windows 8 RT or Windows 8 Professional. The device is marginally thinner (by 0.1mm) than a New iPad, and marginally heavier (by 24 grams). The device will come with Microsoft Office and will support any software that Windows 8 supports. It will include USB, High-Definition Multimedia Interface (HDMI) and DisplayPort, and it will have a 2X MIMO antenna system for improved WiFi. The version running Windows 8 Professional will be slightly larger and heavier, and may not include Office as standard. But perhaps most important, this device is precision-machined out of magnesium, and has Gorilla Glass 2.0 bonded to the surface. By the looks of it--and that's all we have so far-this reminds one of the build quality of a fine watch. The engineering appears to be impressive indeed. While I could go on and on about the specs of this tablet, what's really more important is whether Microsoft can sell enough of them to make a difference. One of the critical items that can make a difference is the price. Simply put, Microsoft can't charge more than Apple does for its iPad, or people won't buy it. Regardless of the engineering or the many extras that Microsoft has built into the Surface, the iPad still defines the price of the genre. According to Microsoft General Manager Michael Anguilo, the Surface will cost about the same as an ARM tablet (which, after all, is what it is). A good example of an ARM tablet that seems equivalent is the Motorola Xoom, which retails for $499--exactly the same as the iPad. Anguilo also noted that the Intel-based Surface will cost about the same as an equivalent Ultrabook. A check of Amazon shows that Intel i5-based Ultrabooks retail for $800 to $900, although there s a fairly broad range, depending on features. Overall, it seems that Microsoft has priced the Surface to be competitive with the devices that it
N E X T H OR I Z O N S
competes against. But Microsoft has added a lot of features that other tablets don't have, and that Ultrabooks don't have. The Surface tablet has a sophisticated cover that includes keys for typing, either as a touch-sensitive surface or as actual keys, but the cover also has a multi-touch surface, and it has an accelerometer so that it knows when it s being folded away, and turns off its power. There are hundreds of small touches like this, from perimeter cooling to a built-in stylus, to support for a local-area network (LAN) client and network-based printing. In other words, this is the iPad alternative for the enterprise. Because it runs Windows, it s something the IT department is used to managing, security for Windows is a known quantity, and while the iPad learning curve isn't exactly steep, neither is the learning curve for Windows 8. What this really means is that the Microsoft Surface, designed by Microsoft hardware engineers to be the ideal tablet for Windows 8, isn't really intended to be an iPad killer. Instead, it s an iPad alternative. The iPad is a device for consuming content, originally designed for consumer use, but adapted to the enterprise. The Surface is designed for creating, as well as consuming content, and is designed to work within the enterprise as well as for consumers. The differences may seem slight, but they are very real. While the Surface will vie for market share in some parts of their respective shared markets, it s not a direct iPad rival. There will be buyers for the Surface who would never consider an iPad, and buyers for the iPad for whom the Surface is not the answer.
The Surface is designed for creating content and to work within the enterprise as well as for consumers
—The article is printed with prior permission from www. infosecisland.com. For more features and opinions on information security and risk management, please visit Infosec Island.
The Chief Technology Officer Forum
cto forum 07 july 2012
51
VIEWPOINT Ken Oestreich
illustratione BY manav sachdev
Follow IT’s Money Financial Transformation of IT
With all the talk of Cloud Computing and the transformation of information technology, conversations mostly center on technology. But core to real IT transformation is the financial transformation of IT as well. There has not been a dive into the companies - and products that enable this change. In the course of researching I’ve found that the market is getting increasingly crowded with players... and indicator to me that this segment is beginning to become more important to IT leaders. At its core, IT finances are based on capturing and monitoring fixed vs. variable costs, use and utilisation of assets, and then blending-in operational costs. Other more sophisticated IT finance tools then allocate those costs to projects and/or organisations across the enterprise, and some even integrate that data into other finance applications. Still other tools extend out into the public cloud, monitoring usage and cost - even making rec-
52
cto forum 07 july 2012
The Chief Technology Officer Forum
ommendations regarding other pricing options and even other cloud providers. Overall, in my opinion, these tools should be used with one goal in mind: Running IT more like a business. To do so, you need to know your sources of fixed and variable costs, costs of alternative sourcing, perunit service costs, and who costs are allocated to. (Note: knowing costs is a requirement, actually chargingback is not). So, when choosing tools, consider what you might need for your basic here-and-now requirements, also consider where you want to be in a few years, and what vendors are likely to offer those features as well.
Subscription Billing This class of players provide approaches to manage online subscription services, be they recurring SaaS or perhaps even other cloudbased infrastructure services. Many have flexible policy engines to support a variety of recurring revenue models.
This group of vendors isn’t necessarily core to providing IT financial transparency, but may provide important services for specific IT business models.
About the author: Ken Oestreich is a marketing and product management veteran in the enterprise IT and data centre space, with a career spanning start-ups to established vendors.
IT Accounting, Chargeback, Show-back This next set of companies is by far the broadest, with all vendors providing at least basic products for monitoring, allocating and (most of the time) charging-back variable IT costs. This is all a foundation for providing basic IT cost transparency.
IT Finance and Technology Business Management I’ve chosen to break this out from the section above due to the more comprehensive features that appear to be provided by the vendors. These products play a more strategic role to manage and forecast costs, evaluate overall value, and assist in IT/business decision-making.
cto_forum_hi.pdf 1 7/9/2012 12:38:44 PM
C
M
Y
CM
MY
CY
CMY
K