Blending The Cloud by ctof magazine

S p i n e

cTo forum

Technology for Growth and Governance

October | 07 | 2012 | 50 Volume 08 | Issue 04

best of breed

CIO Council Releases BYOD Toolkit | Cloud SLAs: How Do You Fare? | Removing Variability from Problem Solving

Getting IT on the Right Side Page 18

TECH FOR GOVERNANCE

Concerns for a Global Surveillance Project Page 36

Blending The

Cloud Hybrid clouds present a perfect blend of private and public clouds. It is time CIOs looked at this great opportunity and redefined their organisation. Page 26

I Believe

CIO role is a People Function

Volume 08 | Issue 04

Page 04

A 9.9 Media Publication

cto_ad.pdf 1 15-10-2012 PM 07:06:01

CMY

editorial yashvendra singh | yashvendra.singh@9dot9.in

Bang for Your Buck Blending private and

public clouds to come up with a hybrid model can give a CIO the best of both worlds

hen it comes to cloud computing, CIOs have realised that there is no single approach applicable across their enterprises’ IT portfolio. The two much-talked about variants of cloud – public cloud and private cloud – have their pros and cons. While a public cloud promises to decrease the cost of IT and make an enterprise more agile, there are issues pertaining to data security. Private cloud ensures optimum security but has limited scale. No enterprise will

editor’s pick 26

pump money to set up a large private cloud anticipating extra capacity arising in future. So, how can CIOs get the best of both worlds? How can they get the ability to access computing capacity on demand, and at the same time ensure security of their data? The answer seems to lie in hybrid cloud. By deploying a hybrid cloud, enterprises can get the maximum bang for their buck. Hybrid can provide an organisation with the best of both private and public models.

Blending the Cloud Hybrid clouds present a perfect blend of private and public clouds. It is time CIOs looked at this opportunity.

It can give a CIO the flexibility of putting data and workload where they make most sense, thereby mixing and matching private- public clouds to get the best results. As per Gartner, IaaS is anticipated to grow at 45.4 percent in this calendar year to reach $ 6.2 billion, thereby becoming the fastest-growing segment of the public cloud services. Projections are that in the next four years, the market for cloud infrastructure as a service would equal the SaaS. While hybrid cloud is yet to find favour among a majority of enterprises (most of them are going in for private cloud), there are some who have recognised its advantages and are banking on it for growth. I recently met a young CIO of a start up travel portal that offers diverse travelrelated solutions and services

to the corporates as well as individuals. He feels hybrid cloud is the way ahead for him as the organisation exhibits strong growth in business and sensitive customer data. Vendors have recognised this opportunity and are coming up with cloud orchestration and other tools to help CIOs construct heterogeneous hybrid clouds. There are some who are even providing operating systems and management layers built explicitly for hybrid environments. Let us know if you have a hybrid story to share with us. As always, we will wait for your feedback.

The Chief Technology Officer Forum

cto forum 07 October 2012

october12 Conte nts

thectoforum.com

Columns

Cover Story

26 | Blending the Cloud

4 | I believe: CIO role is a people function

Hybrid clouds present a perfect blend of private and public clouds. It is time CIOs looked at this opportunity and redefined their organisation

By ashish pachory

48 | View point: it’s final frontier No more “remote” sites By steve duplessie

S p i n e

cTo forum

Technology for Growth and Governance

October | 07 | 2012 | 50 Volume 08 | Issue 04

best of breed

cto forum 07 october 2012

The Chief Technology Officer Forum

Volume 08 | Issue 04

CIO COunCIl Releases BYOD TOOlkIT | ClOuD slas: HOw DO YOu FaRe? | RemOvIng vaRIaBIlITY FROm PROBlem sOlvIng

Please Recycle This Magazine And Remove Inserts Before Recycling

Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Tara Art Printers Pvt Ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301

Getting IT on the Right Side Page 18

teCH for GoVerNANCe

Concerns for a Global Surveillance Project

Features

Page 36

Blending The

Cloud Hybrid clouds present a perfect blend of private and public clouds. It is time CIOs looked at this great opportunity and redefined their organisation. Page 26

I BelIeve

CIO role is a People Function Page 04

A 9.9 Media Publication

Cover DESIGN: anil t

18 | Best of breed: getting IT on the right side Overcoming the “fear factor” and starting to transform your IT organisation is critical

www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Consulting Editor: Atanu Kumar Das Assistant Editor: Varun Aggarwal & Akhilesh Shukla DEsign Sr. Creative Director: Jayan K Narayanan Sr. Art Director: Anil VK Associate Art Directors: Atul Deshmukh & Anil T Sr. Visualisers: Manav Sachdev & Shokeen Saifi Visualiser: NV Baiju Sr. Designers: Raj Kishore Verma, Shigil Narayanan & Suneesh K Designers: Charu Dwivedi, Peterson PJ, Midhun Mohan, Prameesh Purushothaman C & Haridas Balan MARCOM Associate Art Director: Prasanth Ramakrishnan Designer: Rahul Babu STUDIO Chief Photographer: Subhojit Paul Sr. Photographer: Jiten Gandhi

14 A Question of answers

14 |Denis Dovral, VP, EMEA & APAC, Alfresco, in an interaction with Akhilesh Shukla, talks about how cloud has made life easier for CIOs

RegulArs

01 | Editorial 06 | letters 08 | Enterprise Round-up

advertisers’ index

36 | teCH FOR GOVERNANCE: CIO Council releases BYOD Toolkit It aids

40 | next horizons: Cloud SLAs: how do you fare? Many cloud

today’s mobile workforce to provide government services

vendors will not offer an SLA. Many will provide one if asked

HP IFC CTRLs 5 Sify Technologies 7 Datacard 11 Airtel 13 Sanovi 21 Telstra 23 SAS Institute 25 IBM (Future of IT) 39, IBC HP – PSG BC

advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Sales & Marketing National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) Senior Sales Manager (North): Aveek Bhose (+91 98998 86986) Product Manager - CSO Forum and Strategic Sales: Seema Menon (+91 97403 94000) Brand Manager: Jigyasa Kishore (+91 98107 70298) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Office No. B201-B202, Arjun Centre B Wing, Station Road, Govandi (East), Mumbai-400088. Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5, NOIDA (U.P.) 201301 Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

The Chief Technology Officer Forum

cto forum 07 October 2012

I Believe

By Ashish Pachory CIO, Tata Tele Services the author is the CIO of Tate Tele Services. Prior to this, Pachory has worked with Amdocs, Nokia-Siemens Networks and Flextronics.

CIO role is a people function My success as a CIO depends primarily on the peer relationships

My transition to the role of CIO was preceded by many years of foundation-building at the other end of the IT value chain. For most of my working life, I was in organisations and roles that enabled me to work closely with CIOs in India and other countries, until one day — just

cto forum 07 october 2012

The Chief Technology Officer Forum

current challenge Meeting the expectations of the stakeholders

over a year ago — I was in the CIO’s chair myself! Somehow the grass always looked greener from the other side. My understanding of the CIO from my earlier vantage point was that of a role centered on technology, project execution and cost management. However, as I later discovered, I was missing one, perhaps the most vital, dimension. What I learnt in this last one year as CIO is that the CIO is a people function. I discovered that my success as a CIO depended primarily on the peer relationships, particularly with the business leaders. From the amount of time you spend with them, to gaining an understanding of their real concerns, it is all about building a relationship of trust and mutual confidence. And it’s not just your peers, but also your team members and business partners. The last year has been a year of transition for me from one to the other end of the value chain. In the process there have been some soft, and also some hard, lessons learnt. The CIO is a very critical role, particularly in a technology company, and every time a new CIO comes in, there are high expectations from all stakeholders. Justifiably so, given the potential of information technology to make a big difference to the organisation as well as to the business. It is no longer enough for the CIO to agree or align with the business. The CIO has to integrate with the business — become one with it. So with the other parts of the organisation, including the technology team. The biggest challenge for me, coming in new not only into the company, but into a role that I was assuming for the first time in my life, was to win the trust and confidence of my team members and my peers – quickly and seamlessly. — As told to Atanu Kumar Das

10 10101 10100010 10101001101 10111010010000 10101000101111101 0 00101010101000101 11 0 0 1 0 1 0 1 0 1 0 10 11 01 1 0 1 00 010 00 10 01 00 10 01 10 11 10 01 11 01 10 10 10 00 10 00 10 01 00 01 11 1 01 01 00 01 10 01 00 00 01 10 10 10 10 1 11 01 10 01 11 01 11 00 11 01 00 01 01 00 10 1 01 01 10 01 01 01 11 00 10 0 01 01 01 0 10 10101 10100010 10101001101 10111010010000 10101000101111101 0 00101010101000101 11 0 0 10111001101010101 00 010 00 10 01 00 10 01 10 11 10 01 11 01 10 10 10 00 10 00 10 01 00 01 11 1 01 01 00 01 10 01 00 00 01 10 10 10 10 1 11 01 10 01 11 01 11 00 11 01 00 01 01 00 10 1 01 01 10 01 01 01 11 00 10 0 01 01 01 0

10 10101 10100010 10101001101 10111010010000 10101000101111101 0 00101010101000101 11 0 0 10111001101010101 00 010 00 10 01 00 10 01 10 11 10 01 11 01 10 10 10 00 10 00 10 01 00 01 11 1 01 01 00 01 10 01 00 00 01 10 10 10 10 1 11 01 10 01 11 01 11 00 11 01 00 01 01 00 10 1 01 01 10 01 01 01 11 00 10 0 01 01 01 0

Put the spring back in your business within minutes Our Zero Data Loss solution ensures that your business doesnâ&#x20AC;&#x2122;t lose even a single byte of data or precious minutes getting your service back on track in the event of a downtime.

Zero Data Loss

DR Solution

Data lost in transit during a downtime is irretrievable. Traditional Disaster Recovery services take at least 4 to 5 hours to initiate the recovery process, putting a great deal of data at risk. Which is why Zero Data Loss solution makes perfect business sense.

To know more about Zero Data Loss, Write to us: marketing@ctrls.in | Call us on: 040-42030583

Visit www.ctrls.in/mumbai-data-center

CtrlS Business Solutions DR On Demand | Cloud Services | Managed Services | Messaging Solutions

LETTERS CO V E R S TOR Y

G r e e n I T: A S T r o n G B u S I n e S S C A S e

CO V E R S TOR Y

CTOForum LinkedIn Group green it:

cTo

A Strong BuSineSS CASe

for um

Techno logy for Growth and

Gover nance

For a CIO, going green is no more a fad. It promises to yield significant cost benefits By Akhilesh Shukla

Septemb

er | 07 | 2012 Volum | 50 e 08 | Issue 02

Design by Shokeen Saifi Imaging by Shigil N, Peterson & Prameesh Purushothaman C

cto forum

The Chief TeChnology offiCer forum

07 september 2012

MoBile

The Ri the se of ServiceCloud Bus

viewp oinT

SeCuRiT y exp eRTS

green i t :

on Byo D

A Strong BuSineSS CASe | iT ouT

SouRCin

BesT

of Bree d

Page 18

gone BaD

e 08 | Issue 02

Volum

Media

Publicatio

www.linkedin.com/ groups?mostPopular=&gid=2580450

Page 52

five se cu Tip rity the sos for enterp cial rise

g Dea lS

A 9.9

For a CIO no more , going green is to yield siga fad. It promise benefits nificant cost s Page

Join over 900 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:

Tech

for Gove rnan ce

chan complging a ianc culturee Page 40

are CTOs more interested in satisfying the CFO & Board rather than the consumer?

If CTO is aligned to the CFO and the Board in that order, the CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the Consumer? If he is not, then even he may be in hot water sooner or later.

Some of the hot discussions on the group are: Virtual CTO/CIO A long term IT partner for your business growth This is a model that SMBs are slowly waking up to. While their IT head can chip away with his day-to-day activities, an external help (a part time CIO) can give their IT a proper direction and can review performance to ensure the company's objectives are met.

—Balasubramanian S R, Business & IT Consultant

cto forum 07 october 2012

The Chief Technology Officer Forum

www.thectoforum. com/content/timeripe-intelligentnetworks

Fact from fiction in the shadow of tallinn manual

If we’re not engaged in a cyber war, we cannot win or lose Cyber War has a necessary kinetic component resulting from the violation of Sovereignty and the eventual loss of life To read the full story go to: http://www.thectoforum.com/content/cyber-warfact-fiction-shadow-tallinn-manual

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

Mahesh Gupta, VP, Borderless Networks, Cisco India talks to Varun Aggarwal about the need for networks to become intelligent

Opinion

Arun gupta, Group CIO, Shoppers’ Stop

Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com

CTOF Connect

rafal los, Chief Security Evangelist, HP Software

FEATURE Inside

Top 10 Issues Eroding Cloud Confidence Pg 10

Enterprise

illustration BY Shigil Narayanan

Round-up

$70 Bn: India to Spend on Green IT, Sustainability by 2015 Government

policy key to enterprise adoption India’s spending on green IT and sustainability initiatives will double from $35 billion in 2010 to $70 billion in 2015, according to Gartner, Inc. In 2012, green IT and sustainability spending in India will total $45 billion. In the Gartner report “Hype Cycle for Green IT and Sustainability in India, 2012,” analysts said green IT and sustainability are emerging as key concerns for businesses, investors and technologists across industries and policymakers in India. Though many technologies are available, government policies will eventually drive green IT By 2015,

cto forum 07 october 2012

The Chief Technology Officer Forum

and sustainability solutions adoption by Indian enterprises. “For the first time, a chapter on sustainable development and climate change was introduced in the government's annual Indian Economic Survey, 20112012. The survey has suggested making lower-carbon sustainable growth a central element of India's 12th five year plan, which commenced in April 2012,” said Ganesh Ramamoorthy, research director at Gartner. “This will set the tone for future policy initiatives and regulatory measures from the government that will drive the implementation of some technologies,” he added.

Data Briefing

$60

billion will be the worldwide spending on security in 2012

E nte rpri se Round -up

They Subir Said it Gokarn

illustration BY Shigil Narayanan

Foreign direct investment in multi-brand retail will help increase productivity and ensure an efficient distribution network, which in turn will check rising food prices, said Gokarn.

Indian Dominance in IT Services at Risk from Alternative Locations India’s dominance diluted IT services providers are investing in delivery centers in alternative locations around the world in order to meet the needs of multinational corporations, according to Gartner, Inc. Gartner believes that India’s dominant position as an offshore location is being diluted by effective alternative destinations as more and more countries are considered potential offshore or near-shore locations. In addition to the 30 leading global locations identified by Gartner, analysts said that an additional 50 countries have either started initial activities to establish an environment attractive to companies considering investing in lower-cost countries, or become home to external service providers that are beginning to sell services abroad. “Business opportunities are growing in emerging markets, and this is causing organisations to reassess their global delivery choices,” said Ian Marriott, research vice president at Gartner. “They are reconfiguring their sourcing strategies to support a broader geographic footprint as new locations emerge for offshore services.” Currently, 63 percent of buyers of IT services use Latin American locations, 55 percent use locations in EMEA and 63 percent use locations in Asia/Pacific.

illustration BY photos.com

Quick Byte on Cloud

“We have an inefficient distribution system in the country. You might debate the merits and demerits of FDI in (multi-brand) retail. But let’s focus on the basic problem. We need to increase productivity and distribution efficiency” —Subir Gokarn, Deputy Governor, Reserve Bank of India

EU telecoms regulators said they want to accelerate the use of ‘cloud’ computing by public bodies and companies, in the hope of boosting the bloc’s GDP by nearly 1 trillion euros through the next eight years. —Source: Gartner

The Chief Technology Officer Forum

cto forum 07 October 2012

illustration BY photos.com

E nte rpri se Round -up

Top 10 Issues Eroding Cloud Confidence Government regulations, exit strategies, data privacy are top concerns

Findings from a joint Cloud Security Alliance (CSA) and ISACA survey show that government regulations, exit strategies and international data privacy dominate the Top 10 areas where confidence in the cloud is lowest. A collaborative project by ISACA and CSA, the Cloud Market Maturity study provides business and IT leaders with insight into the maturity of cloud computing and will help identify any changes in the market. The report provides insights into the adoption of cloud services among all levels within today’s global enterprises and businesses, including the C-suite.

The study reveals that cloud users in 50 countries were least confident about the following issues (ranked from least confident to most confident): 1. Government regulations keeping pace with the market (1.80) 2. Exit strategies (1.88) 3. International data privacy (1.90) 4. Legal issues (2.15) 5. Contract lock in (2.18) 6. Data ownership and custodian responsibilities (2.18) 7. Longevity of suppliers (2.20) 8. Integration of cloud with internal systems (2.23)

Global Tracker

India’s SMB cloud market to grow by 45% annually. According to a Parallels report, 90% of SMBs do not currently use servers of any kind; 94% do not have a company website 10

cto forum 07 october 2012

The Chief Technology Officer Forum

Source: Parallels

Cloud

9. Credibility of suppliers (2.30) 10. Testing and assurance (2.30) While there are many positive indicators that support the planned adoption and perceived use and value of cloud services in the years ahead, there remains much progress to be made to engage and gain the buy-in among business leaders. “As a first step, we as an industry must still work to provide a clearer definition of what cloud is and how the many innovative and secure services can help positively impact today’s businesses,” said J.R. Santos, global research director at CSA. “But, we need to start at the top and engage senior management. Cloud needs can no longer be thought of as a technical issue to address, but rather a business asset to embrace.” The survey includes responses from more than 250 participants from nearly 50 countries, representing a global group of cloud users, providers, consultants and integrators from 15 industry segments. Participants, 85 percent of whom identified themselves as cloud users, were asked to rank on a scale of zero to five a number of considerations in cloud computing including: • Use of cloud services and level of satisfaction • Factors in making cloud decisions • Level of cloud maturity • Innovation in the cloud • Expectations about the cloud • Cloud support for business goals • Forces that influence adoption and innovation • Confidence and optimism in the cloud market “One of the most interesting findings is that governance issues recur repeatedly on the list of the top 10 concerns. Cloud users recognise the value of this model, but are wrestling with such questions as data ownership, legal issues, contract lockin, international data privacy and government regulations,” said Greg Grocholski, CISA, international president of ISACA. “As cloud services continue to evolve, it is critical that we work together as an industry to provide insights and recommendations on these issues so that service and solution providers can look to innovate and deliver what the cloud services market needs to advance and what enterprises need to succeed.”

INSTANT ISSUANCE GIVE CARDHOLDERS THE CONVENIENCE AND SERVICE LEVELS THEY DEMAND New financial instant issuance portfolio Datacard Group offers a full range of new innovative printers, CardWizard® software, the world’s #1 instant issuance software and unmatched global service and support. Our solutions give you the flexibility to issue permanent embossed, unembossed, magnetic stripe, EMV®-compliant cards and NFC enabled mobile devices immediately. Datacard India Private Ltd B-302,Flexcel park,S.V.Road, Next to 24Karat Multiplex, Jogeshwari (W) Mumbai-400102.India Tel:+91-22-61770300 Email:India_sales @datacard.com

Datacard Group makes it easy and affordable to launch a profitable instant issuance card program. Our Secure Issuance Anywhere™ platform empowers you to manage your card and mobile payments programs the way you want to – anytime, anywhere.

To schedule an instant issuance demo, visit www.datacard.com/cto

Datacard and Secure Issuance Anywhere are registered trademarks, trademarks and/or service marks of DataCard Corporation in the United States and/or other countries. ©2012 DataCard Corporation. All rights reserved. Datacard, CardWizard and Secure Issuance Anywhere are registered trademarks, trademarks and/or service marks of DataCard Corporation in the United States and/or other countries. EMV is a registered trademark of EMV CO., LLC. ©2012 DataCard Corporation. All rights reserved.

E nte rpri se Round -up

photo BY photos.com

82% Cos Treat Mobile Consumers Separately Investments are driven by business changes

Research commissioned by Tata Consultancy Services (TCS) shows that during 2012, an average large company ($11.2 billion in annual revenue) will spend between $13 million and $22 million to reach out to and service digital mobile consumers through their mobile devices. The study — The New Digital Mobile Consumer: How Large Companies are Responding - shows that by 2015, investment levels will rise to between $22 million and $26 million annually. The race to engage this consumer segment is

not evenly matched. In 2012, companies in AsiaPacific will spend far more on responding to digital mobile consumers than companies in North America, Europe and Latin America. In Asia-Pacific, on an average, companies will spend $2.41 million per $1 billion revenue; the other three regions trail this level of investment with $1.43 million being spent in North America, $1.59 million in Europe and $1.63 million in Latin America. Looking ahead to 2015, levels of investment will grow with spending per $1 billion revenue to increase to $1.98 million in North America (versus $1.43 million in 2012); $1.76 million in Europe (versus $1.59 million); $2.85 in Asia-Pacific (versus $2.41 million) and in Latin America a remarkable $2.72 million (versus $1.63 million). N Chandrasekaran, CEO and Managing Director, TCS, said, “The digital consumer is an exciting and complex customer segment that global corporations have to understand and engage with. These consumers are diverse in their need; their interactions are flexible and often conducted ‘in motion’. Keeping their attention means being able to serve their dynamic needs by leveraging the power of digital and mobile technologies to engage with them.” He added, “Businesses addressing this smart consumer segment must collect high quality data to understand them in real time; engage them in new and innovative ways; and reinforce their relationships through flawless technology interactions.” The study also reveals that investment levels are driven by organisations that recognise fundamental business changes are needed to win the loyalty of consumers. The TCS study makes it clear that the digital mobile consumer is a highly influential profile of customer.

Fact ticker

Majority of Indian Cos Looking at Big Data Ops efficiency

improvement is the top business driver By a greater than two-to-one margin, organisations today view big data primarily as a business opportunity rather than an IT challenge and are moving quickly to do something about it, according to a recent survey of over 200 Indian IT and business professionals conducted by Informatica Corporation. Designed to assess the state of

cto forum 07 october 2012

big data projects and understand big data strategies, the survey reveals an aggressive move on the part of organisations to master big data for business advantage, nearly 70 percent, now considering (27 percent), planning (20 percent), testing (seven percent) or running (15 percent) big data projects. The new survey reveals the diversity of big data and

The Chief Technology Officer Forum

its breadth of opportunities and challenges. When asked which aspects of big data are relevant to their organization, most Indian respondents cite the management of growing transaction volumes (58 percent), indicating there are still challenges even in the traditional enterprise data realm. Meanwhile, the management of big interaction data – including social media data (26 percent), mobile device data (21 percent) and machine-generated data (16 percent) – is rising in relevance due to the insights, efficiencies and customer engagement.

Anti Virus

survey conducted by Kaspersky Lab and O+K, a Russian research firm, says that 95 percent of desktop computers and 92 percent of the laptop worldwide are protected from malware and other threats. However, how effective these security solutions are is a big question. As per the survey, 69 percent of users did not pay for the anti-virus software installed on their computers. They have installed free anti-virus solutions, easily available in the market, having limited functionality. Commercial solutions, meanwhile, offer a very different set of choices as the developers are focused on comprehensive products which include a fire wall, antispam and anti-phishing filters. These modules are seldom seen in free solutions, which provide real security during common user activities: visiting web sites, communicating on social networking sites and performing online financial operations. Interestingly, 22 percent of respondents believe that the existence of free anti-virus software is the result of the developer’s social responsibility. 31 percent of the surveyed believe that free software is kind of platform that developers use to promote their top-level commercial products. During the survey the O+K Research specialists also tried to determine how often the respondents used preinstalled protection software.

Open Source: Bringing technology faster to the market

D e n i s D o r va l

A Question of answers

Denis Dorval | Alfresco

“Cloud is a device to interact and collaborate”

Denis Dorval, VP, EMEA & APAC, Alfresco, in an interview with Akhilesh Shukla, talks about how cloud has made life far more easier for CIOs How is Alfresco different from any other enterprise content management system? What does the Alfresco team mean when they say that Alfresco aspires to be “Documentum fast and free?” Founded in 2005, Alfresco is an enterprise content management software with a commercial open source business model, which differentiates us from existing proprietary enterprise content management (ECM) solutions. What has made Alfresco successful is that we have delivered “ease-of-use” through the open source model in a market where implementation cycles

were long and the technology design was complicated. Open source is very important facet and we have realised that you can you can take a technology faster to market because it helps engineers to deliver quickly by leveraging in big components out there. From the market perspective it has proved great for us. For one, it allows us to test and try the software anywhere in the world. It also gives us a quick check if what we are developing is a good fit for enterprises or not. The other reason why we are different is when you use open source you start treating not just your employees but also your

partners and customers differently because you cannot hide anything. Lastly, we are running a subscription model and if the customer is not satisfied then they have the power to ask us to deliver much better. We are always under pressure to deliver great value. Cloud, mobile and social collaboration are changing the way employees use content. How is Alfresco capitalising on this trend? In India, as far as cloud is concerned, we believe that enterprises are still at an exploratory phase. As such, we

The Chief Technology Officer Forum

cto forum 07 October 2012

A Question of answers

have built “Alfresco One” to allow enterprises to still control the information they want to share while at the same time test the cloud to make sure it is the best deployment for their specific use case. This is also the reason why we are increasingly interacting with Indian CIOs to understand their perspective on the cloud. For us, the advantages are clear. Cloud is now allowing business users to set up their own IT infrastructure and applications within couple of hours at a ridiculously low cost which was not possible before. We did think that 2012 would be a big year for mobile solutions and from our perspective this is starting to happen now. People are looking at mobility through the cloud. You have to be comfortable with putting some content on the cloud so that you can access it through the mobile. We have companies now who would want to put some content on the cloud for just general purpose that is access to content such as executive wanting to access content when away from office. Social collaboration though still early on in its adoption is changing the way people are doing business and the cloud makes this easier than ever. The challenge comes in when organisations don’t have the built in technology capable of handling and syndicating social collaboration features while at the same time manage the amount of content that comes out of these social communications. That is why Alfresco was built using a robust content platform for building any kind of content-rich application along with a more social user-interface for growing collaboration and document management. We think of social collaboration as being where the capabilities of social business systems and traditional ECM meet. What are the latest trends in the enterprise content management space? In the last 12 to 20 months, enter-

cto forum 07 october 2012

D e n i s D o r va l

“People want to use cloud not because it’s the cloud but because it’s a device to interact and collaborate”

prises are definitely looking to do more when it comes to content management. People within enterprises want to access content anywhere. We are hence seeing lot of interest in the cloud. People want to use cloud not because it’s the cloud but because it’s a device to interact and collaborate, synchronise have content anywhere and access content anytime and anywhere. People want ease of use. What is really changing is the use of a unified system; we need to expand enterprise content management across systems and devices in a world that is really becoming hybrid. Security is a critical issue for any cloud environment. How secure is your cloud environment? There has always been a concern about cloud security in the enterprise and there always will be, but I don't think it will slow down the momentum of enterprises adopting cloud services.

The Chief Technology Officer Forum

things I Believe in Social collaboration is changing the way people are doing business Employees need to collaborate beyond the enetrprise level to get the work done We need to expand enterprise content management across systems in a world that is really becoming hybrid

Alfresco in the cloud is provided by Alfresco Software Limited, a UK company which complies with EU data protection standards. Alfresco in the cloud utilizes Amazon Web Services for data storage and Amazon is certified for SafeHarbor. The Safe Harbor framework is a program that provides a way for US companies to show that they adequately protect personal data according to EU standards. Therefore any transfers of personal data that occur while using Alfresco in the cloud are permitted under the European Commission's Directive on Data Protection. Following the growth in BYOD, different platforms and devices are used to access data/ content by executives. Under the circumstances how challenging data/content management becomes for a CIO? CIOs want to reclaim control of what’s allowed to go into the cloud

D e n i s D o r va l

and what needs to stay behind the firewall while at the same time provide users with a great and consistent experience for all the content they need to collaborate on regardless of where it’s stored. The only way to truly provide this level of simplicity and integration on both sides of the firewall is if both services are the same. For the CIOs, that means having the same data models so you don’t lose critical information when synchronizing changes between the cloud and on-premise, the same permission models so you don’t end up losing security when sharing content in the cloud and the same APIs so your developers can create solutions that work for all your content on both sides of the firewall. This is what makes the ECM features invisible to end-users who want to simply work with their content between the services without disruption. Until enterprises move all their content into the cloud, a hybrid solution is the only way to meet both the needs of the CIO and today’s modern worker. Alfresco is the only vendor today who is able to provide CIOs with this hybrid sync solution to meet growing BYOD concerns by providing seamless sync capabilities between cloud and on-premise solutions. How Alfresco’s service supports can help a CIO in smoothening business processes? Can a CIO use folder rules to do things like kick off work flows, transform content and automate process steps? Yes! It was only a short time ago that companies were being warned about the hazards of their employees using USB thumb drives to store corporate information. They were easy to use... and easy to lose with little to no protection for your corporate IP. Today’s CIOs face even bigger content and compliance challenge: the rise of consumer cloud technologies and mobile. More than ever, employ-

ees need to collaborate beyond the enterprise to get work done — with consultants, partners, contractors, prospects, customers or agencies. With the increased usage of tablets, smartphones & apps, people need to find ways to get content on their devices to be productive. Alfresco One is a new approach that blurs the boundaries between the organisation and the cloud. Alfresco One gives employees the freedom to collaborate both within the office and externally, while enabling IT to regain control of all corporate content. AlfrescoOne is a scalable, robust & feature-rich full ECM platform to manage the 80

A Question of answers

immediately if someone leaves or a device is stolen. Please share your roadmap and growth plans for India? As a company we are focused on India and expect to see greater adoption of Alfresco within the community. On the business front, we see the Indian market to be extremely promising. We are going to target the large portion of Corporate India, the Fortune 200 companies of India. Our go-to-market strategy is that we are very partner centric organisation and we create partnerships that can deliver customised solutions to the customer. We are looking at expand-

“Until enterprises move all their content into the cloud, a hybrid solution is the only way to meet both the needs of the CIO and today’s modern worker” —Denis Dorval, VP EMEA & APAC, Alfresco

percent of content that will never leave the organisation. Its is a secure, corporately controlled cloud service. Invite people from outside the organisation to collaborate with employees in the cloud, without having to involve IT every time — but only grant them access to thecontent that you want them to see. Further, it allows an employees to select documents and folders from Alfresco on premise to sync to the cloud. Alfresco Mobile, on the other hand, is a native mobile apps provide secure access to content with any device, anywhere. Content is encrypted in the cloud and on the tablet and smartphones reducing the risk shoulda device be lost or stolen. IT can revoke access

ing our partner network to address other needs relating to the Tier 2 market. We already have partnerships with Mahindra Satyam and have also worked with some big System Integrators like Accenture. We have signed up a global partnership with TCS. We are also looking at other Tier 2 boutique System Integrators. For Tier 2 partners we will look at companies who have deep skills in the ECM space or they have built content-centric applications powered on the Alfresco platform. One big difference that we see is that India has such a big SI community which is different from the rest of the world. Hence there is a need to adapt our messaging for the business as well as the developer community. The Chief Technology Officer Forum

cto forum 07 October 2012

Best of

Features Inside

Breed

Removing Variability from Problem Solving Cloud Pg 20 5 Ways to Minimise the Risk of Outsourcing Pg 22

Illustration by manav sachdev

Getting IT on the Right Side Overcoming the “fear factor” and starting to transform your IT organisation is critical By Marcos Jimenez

cto forum 07 october 2012

The Chief Technology Officer Forum

oday, it’s not just the Microsofts, Oracles, or IBMs of the world that are software companies; businesses in every industry are becoming increasingly dependent on their software investments to generate revenues. They can enable you to do really great things or handicap you by not allowing enough finegrained control. They can enhance the security of your slice of the cloud infrastructure and then cut it off at the knees, sometimes with both in the same feature. Media companies now have a wide range of digital distribution capabilities, not only through services like Netflix, or iTunes, but also through developing their own software tools, like HBO GO. Banks have a long history of migrating from brick and mortar to virtual channels. Every device no matter how big or small has a piece of software in it. The winners will be those that can develop the best software: Why has the iPhone dominated the market? It’s not the hardware, it’s the software, i.e., its ability to run the applications that the users want and need. Companies are fast realizing that IT applications are becoming an ever increasing critical component to generate revenue, profits and to remain competitive. Executive boards are realizing the tremendous value around application portfolios. That's why they keep raising their expectations from the IT departments as high-value generators. Indeed, the world has changed. In a 2011 survey for CIOs conducted by the Gartner-Forbes Board of Directors, results revealed that pressure is mounting for IT performance. Approximately two thirds of respondents reported having “high” expectations for the strategic business value contri-

m a n ag e m e n t

bution of IT -- more than double the results from the previous year. Yet 67 percent of new IT projects are unsuccessful, according to a 2010 report by the Standish Group Chaos Report. Adding insult to injury, 66 percent of companies’ software and services budget is spent on keeping the lights on. So, how does today’s CIO respond to this challenge? How can the IT department meet the boards’ expectations and remain on the right side of value generation? The following is an analysis of how factors like size, geographies, governance and business culture can be aligned to transform IT organisation from laggard to an organisation driven by continuous value generation.

Overdrive Organisations that are not shifting gears to change this equation will pay a price. With this in mind, companies must change their spend and seek ways to maximize the value of the application portfolio through: Increasing business alignment; Improving success rate of new projects; Reducing cost of keeping the lights on; and Improving overall performance and predictability. We’ve learned that the solution to this dilemma is more straightforward than what may be perceived. Failed IT engagements and projects, for example, stem from the simplest of reasons, such as lack of proper communication. Ensuring that objectives are clearly communicated is a critical component, but one too often ignored. Continuous value generation is more than going through the motions. It is an ability and attitude that requires regularly questioning the prevailing status quo. Perhaps surprisingly, the main inhibitor for innovation and value generation in corporate America is fear of change, fear of exploring new ways of doing business and challenging the status quo. This is the reason we see smaller start-ups taking over businesses and reshaping traditional industries. The six key practices we’ve seen work to be on the right side of value generation are: Institute the right culture: It is increasingly important for companies to build a client-vendor culture centered around value, change, efficiency and flexibility. To achieve this, both parties must have a clear under-

standing of the end goal. Who’s to blame? People, not technology, are responsible for changing the “2/3 rule” (spending two thirds of IT's budget on keeping the lights on) with regards to IT expectations and performance. And, underperforming isn't necessarily due to lack of seniority or talent.

Implement the right execution process: The 2/3 rule is evidence that execution remains a key challenge for most organisations. Business requirements must be met on budget, on time, and be first-time-right. Companies must adopt mature project and

Failed IT engagements stem from lack of proper communication. Ensuring that objectives are clearly communicated is a critical component operations management processes and align all execution elements. Improving portfolio value through ongoing conversation with end users (as opposed to release and support functionality only); and following a lifecycle approach (many organisations do not do this) will help achieve right execution through continuous improvement by using mature, process-driven methods that are measured by businessrelevant metrics. Use the right quality metrics: Companies should measure the business impact of quality-related aspects of software and IT services, not just the number of defects in systems entering production. Quality starts with the original end user and business needs, and centers on customer experience.

BEST OF BREED

If an application is cumbersome to use, it will negatively affect team productivity. Furthermore, productivity correlates with revenue and cost; finding the right balance of the cost of quality vs. the cost to the business is key. There is also a fine line between too much vs. too little testing. How do companies achieve right quality? Business performance baselines, cost-effective service levels, mature process framework through Lean Six Sigma are just some ways. Establish periodic goals for whatever you want to improve or innovate. Timing is everything! Apply the right governance system: This is the core of the value generation model. You can’t improve what you can’t measure. Creating a digital governance system is easier and faster to implement than many people think. Define your IT Service Catalog (the simpler the better); define a Service Delivery Lifecycle (SDLC) for each service within the catalog (the leaner the better); define key metrics or KPIs at critical points in the SDLC. Automate SDLC with a digital governance tool (there are many in the market). Establish periodic performance goals for each KPI which will become your SLAs. Once that’s tackled, it’s all about continuously measuring and increasing performance goals little by little. The governance system will provide you visibility across all aspects of your IT organisation and will enable proactive management; the digital governance system will facilitate managing IT services and initiatives (innovation, development, AMS). The SDLC starts with needs of the end user and concludes with the approval of the end user.

Choose the right place for service delivery: Where it makes the most sense for the business considering the right balance of cost, skill sets, and service quality. Once you have a process in control, leveraging capabilities around the globe becomes easier. Whether motives are driven by costs or skills, you will seamlessly and effectively integrate them as part of your SDLC because you will have visibility at all times through your governance systems. Ensure a team that is the right size: As a natural consequence of setting periodic performance improvements, you will notice that your teams will become more productive which will enable adjusted team The Chief Technology Officer Forum

cto forum 07 October 2012

BEST OF BREED

m a n ag e m e n t

folio to virtualise, consolidate sizes for specific functions, and retire, leveraging cloud such as IT support (applicawhere it makes sense (internal, tions, infrastructure, users, hybrid, public) are all crucial etc.), and you will be able to aspects of determining an optiallocate more resources to mal work force. application innovation. projected it As technology is steering Therefore, little by little you spending in india today’s economy and enterprise will change the spend equation by the year 2013 competitiveness, overcoming from 2/3 on support and 1/3 the “fear factor” and starting to on innovation to 1/3 support transform your IT organisation and 2/3 innovation, without is critical. If you don’t do it, increasing your total IT budget. somebody else will. While applications conBuilding the right size of teams, servers, tinue to become the business, CIOs need to infrastructure, facilities, adjusting teams to focus on generating the right value through KTO mode, reviewing the application port-

$71b

innovating and modernizing the application portfolio. — Marcos Jimenez is the CEO for Softtek USA and Canada, while continuing as a member of the organisation’s executive board. Marcos joined Softtek in 1992, and quickly became a partner of the banking business unit, to later venture into opening Softtek Peru. —This article has been reprinted with prior permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com

Removing Variability from Problem Solving

The driver must decipher what the vehicle’s issues are in order to assess the problem By John Jankowski

cto forum 07 october 2012

The Chief Technology Officer Forum

Illustration by prameesh purushothaman

riving along the highway, suddenly a sharp, loud noise startles an unsuspecting driver. As the vehicle begins to grow increasingly uncooperative, it becomes apparent to the driver they likely have a flat tire. So what should the driver do next? When asked, most people would respond “Replace the tire.” Though they would be right in the general sense, the response ignores quite a few critical steps in the process such as safely pulling the car over, turning off the engine or even determining whether a flat tire is indeed the problem. Just like any critical path method (CPM) plan for a project, a sequence of tasks emerges, though simple and largely intuitive, that must be performed in a specific order, one right after the other, to ensure a

m a n ag e m e n t

successful result. So it is with many problems a project team is faced with on a daily basis. In essence, a critical path of steps must be taken to arrive at the proper solution to any given problem. Any large scale IT project demands a very rigid, detailed means of solving problems. Designing a data center, for instance, requires a variety of experts including the project’s architect and consultants, the general contractor and subcontractors, and the client’s own technology experts. Each of these parties have a stake in designing and delivering a state-of-the-art data center, and each have their own perspective on how it should be done. To focus on problem resolution, I have adapted an analytical approach I call the Critical Path Problem Solving (CPPS) method. Like CPM scheduling, this approach effectively frames the issue and presents a clear path to resolution to all of the stakeholders. More importantly, however, this method also helps to efficiently arrive at a consensus solution.

Assessing the problem Though to many, identifying and defining the problem would be self-evident, it is also the most crucial step in the process that sets the foundation for everything that follows. Returning to the example of a flat tire, there are a series of assessments that must be made to come to the proper solution. For instance, the driver needs to assess: what is the extent of the damage, can the problem be repaired on the road, is the vehicle in a safe enough location to attempt a roadside repair, is the spare tire in operable condition and does the driver have the necessary tools? To answer any of these questions, the driver must get out and decipher what the vehicle’s issues really involve in order to assess the problem in more detail. In many cases, when a specific issue or problem is inspected closely, more ques-

tions arise. For example, take the simple question: Can an end user install “x” number of servers in a particular row of cabinets? This question then yields a series of supporting questions such as is there adequate space, power or airflow? Although not exhaustive, these questions can help to produce an outline that can serve as a guide through the process. Though the example above is very simple, a critical path of questions does emerge. Answering question A.1 provides an avenue to answer B.1 and C.1, and answers to B.2 and C.2 are simply mathematical extensions of B.1 and C.1 and so on. This is a good example how a very linear process of answering relevant questions begins to provide a very clear path to what is reality is a complex project with many interrelated components. If we were to act quickly in an attempt to address the first problem that presented itself and ignored the tangential issues, it could take significantly more time and resources to install a series of servers within an existing data center. In essence, the critical path method of problem solving defines the problem not simply by evaluating a singular problem as much as it defines an entire situation that impacts the final solution.

Identifying questions and constraints Once the problem is properly defined, it may be necessary to then define not only the questions that must be answered, but also what constraints or limitations will be faced while working to solve the problem. By identifying the questions that need to be answered, the direction of the critical path becomes clearer. There are a number of techniques that can help identify the questions that need to be answered within the problem solving process. A common method utilised by many project managers is the programme evaluation

BEST OF BREED

and review technique, better known as a PERT chart. Typically used in the context of scheduling, in our case, this technique lists out the questions that must be answered throughout the problem solving process. Smaller bubbles connected by lines that are either “questions with dependencies” that are shown in sequence if one must be answered to progress to the next, or “stand alone questions” that diverge from the original path if they represent mutually exclusive questions, all of which lead to the eventual solution. This particular technique not only helps to organise any thoughts on the problem, it also provides a visual representation of the theory behind the critical path problem solving method.

No problem exists in a vacuum There are always parameters that exist within a problem that not only affect the outcome, but also the way in which a problem can be solved. Two good examples that present themselves in most problems are money and time. For instance, the unfortunate driver of that vehicle with a flat tire may prefer to have a mechanic in a tow truck help them with their problem, but they may not have the money to pay for the service or the time to wait for them to arrive. As a result, the driver of the vehicle is forced to fix the flat tire themselves. Conversely, if the driver has neither the skills nor the required tools, then waiting for a professional may well be the most efficient solution.

Identify dependencies and assumptions In many cases, the answer to one question can provide the answer to others. To maximise the efficiency of the process, it is important to identify which questions in a given problem can help to answer others. This is an instance where using the PERT chart can really prove to be useful.

BEST OF BREED

outsourcing

By going through the exercise of thinking through the problem on paper and organising the questions in the order they must be answered, it helps to identify exactly what the dependencies in a problem might be. For the most part we are taught not to make assumptions. However, in context of solving very complex problems we do need to rely upon our expertise and experience. For instance, we know servers require space, power, cooling and connectivity. We also know it is necessary to verify these requirements before assuming a critical value. Though making the assumption is necessary, it is also important to verify each value as a small mistaken assumption will be a costly mistake in the context of a large deployment.

Check your work Once the situation and questions are identified in previous steps, the critical path problem solving process truly begins to pay dividends. As defined earlier, the critical questions can be divided into “stand alone questions” and “questions with dependencies.” As many of the questions have been answered through establishing assumptions, dependencies and constraints,

that answer is also very clear. the questions that truly encomThis is particularly useful pass the critical questions can when working with individuals be established and efforts can who possesses very different be focused. and diverse areas of expertise, as Though it would be nice to we often do at JanCom. Because assume the answers derived telecom of their diverse base of knowlfrom the process of analysis are spending in india edge and the perspective they correct, this is certainly a time are working from, the answers when assumptions should not by the year 2013 they arrive at tend to vary. be made. For instance, prior to The critical path problem a data center being turned over solving process helps to for the deployment of hardware, remove their varied perspective from the it is very important to test whether each supequation. By presenting the problem, porting system has been properly installed, the steps to solve it and the solution in a calibrated, and tested. clear and concise way, we can achieve conAs new problems are discovered during sensus to the more complex issues this commissioning process we would be our clients face. forced to go back through our process to identify what, specifically, the problem was. In the end, a very detailed and thorough —For over 15 years, John Jankowski has problem solving process leads us to an specialised in applying proven principals and equally thorough conclusion. processes resulting in the implementation of The true benefit to this process is not only cost effective, manageable telecommunications the answers it renders, but also the fact that systems and data center designs. it arrives at the conclusion in a way that achieves a high level of agreement and con—This article has been reprinted with prior persensus. In many ways, it is very similar to a mission from CIO Update. To see more articles mathematical proof. Not only is an answer regarding IT management best practices, please established, but the work used to arrive at visit www.cioupdate.com

$47b

5 Ways to Minimise the Risk of Outsourcing The time has come to rethink the decisionmaking process along five lines By JRamesh Dorairaj

n an ideal world, companies that effectively leverage the global delivery model stand to gain in several areas, ranging from cost advantages to access to talent to the ability to innovate rapidly. However, outsourcing to another entity in another country where the culture, legal

cto forum 07 october 2012

The Chief Technology Officer Forum

framework, language and commercial contexts are very different from one’s own, tends to increase the perception of the risks. While distance makes the heart grow fonder, it does make the risks seem larger. Partner selection and how you engage with the partner are the two fundamental aspects of managing outsourcing risks.

Traditionally, assessments of partner capability, size, financial stability, track record, references and perceived ease of working together were the criteria for choosing a partner; while in-house capabilities and confidence in the partner were prime factors in determining the model of outsourcing. The assumption was that if the partner was

BEST OF BREED

outsourcing

stable and had the ability to deliver, then the program risk would be the aggregate of the individual project risks and that these can be tackled in a tactical manner. While this model has its merits, it tends to distort the decision criteria, leading to an uneasy relationship that could become an increasing burden for both parties. Therefore, I believe that the time has come to rethink the decision making process along these lines: Strategic position: What is the industry in which you operate? Are you in a crowded market place looking to eke out a few basis points of profit over competition, or are you in the rather nice position of being able to command premium pricing due to your differentiated offerings? The truth, usually, is somewhere in the middle. Based on your competitive position, choose your partner. If most of your business is commoditised and you are looking for some cost leadership, then go with a partner who can bring in efficiencies (over and above cost arbitrage). Structure your contracts in a manner that improves your costs year-onyear, in an aggressive manner, but think of partner risks in terms of the ability of the partner to recover from project or programme crashes and deliver. However, if your competitive position does not demand focus on costs as much as building for the future, then you can choose partner(s) with track records that showcase greater capability to deliver innovative solutions, rather than their capability to reduce costs. Your learning needs: Are you an organisation that needs to learn to continuously to retain market position? Are you in a place where you are under threat from competition’s innovation? How much of your IT needs to be in step with the business in learning and innovating? Again, the answer these questions not only determine your partner selection, but also the extent to which you are willing to outsource and the commercial model of engagement. Recoverability: How quickly can you recover from a bad choice of partner or engagement? While legal protections should exist, they can neither guarantee successful execution nor can they ensure that

2 3 24

cto forum 07 october 2012

The Chief Technology Officer Forum

Illustration byphotos.com

Structure your contracts in a way that improves your costs year-onyear, in an aggressive manner things can be recovered without significant impact on business. Evaluate your eventual dependence on the partner — and the costs of having critical internal knowledge outside your organisation. Calibrate your engagement model accordingly. Depth of partner management: While it is definitely an egoboost to have the CEO or senior executives of your partner company promising to be available to you for any issues, explore if there are people on the ground empowered to take decisions. Try to gain an understanding of the organisation structure and see if the people who are immediately above the partner people in your engagement are capable and empowered.

Your roadmap: Do you have a technology roadmap laid out? If so, look for partners who have made a commitment to the technologies that are part of your roadmap. If you have chosen J2EE as your basic technology, then there is little merit in choosing a partner who has a significantly larger number of people and investments on the Microsoft Technology Stack.

— Ramesh Dorairaj is vice president of IT and product engineering services company at consulting firmMindTree. —This article has been reprinted with prior permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com

COVE R S TO RY

B l e n d i n g t h e c lo u d

COVE R S TO RY

Hybrid clouds present a perfect blend of private and public clouds. It is time CIOs looked at this great opportunity and redefined their organisation Gartner defines Hybrid cloud computing as the combination of external public cloud computing services and internal resources (either a private cloud or traditional infrastructure, operations and applications) in a coordinated fashion to assemble a particular solution. Hybrid cloud computing implies significant integration or coordination between the internal and external environments at the data, process, management or security layers. Going by this definition, there are hardly any companies around the world that are leveraging this concept in the true sense and it is for a reason. While most enterprises are gearing towards some or the other form of cloud, there are many basic building blocks of hybrid cloud that are yet to be put in place. There are many challenges that lay ahead in the widespread adoption of hybrid clouds and security is just one of them. As the underlying cloud technologies mature and confidence is built on public clouds, hybrid clouds present a compelling case for most enterprises. But they need to be geared up before they are forced to jump to this concept. By Varun Aggarwal Design by Shokeen Saifi | Imaging by Anil T & Peterson PJ

COVE R S TO RY

B l e n d i n g t h e c lo u d

A combination of public and private clouds, coupled with internal IT can help your enterprise reinvent itself. By Varun Aggarwal “Cloud is not just about saving money, it means flexibility, scalability and better manageability,” opines Sandeep Phanasgaonkar, President and CTO, Reliance Capital. Reliance Capital has virtualised most of its core and non-core applications and is leveraging cloud in every possible way. The company runs on a hosted private cloud and uses Google Apps and Oracle CRM On Demand—both running on public clouds. A mix of both private and public clouds helps the company manage costs, efficiency, mobility and compliance. “Choosing between private and public clouds is no more an option”, he avers. “A company needs to use the combination of both to get the maximum output and cost efficiencies.” However, this journey hasn’t been easy for Reliance Capital. Phanasgaonkar feels that cloud is a completely different monster to tame and you need to understand issues such as connectivity, access control, multi-tenancy, security and external audits. "Even for Google Apps, we route the outgoing traffic via our DLP servers to ensure no ensure no sensitive data goes out of the company and we maintain the same controls and policies over Google Apps as we would do in our in-house email server," Phanasgaonkar added. Similar sentiments are echoed by CIOs around the country. With the adoption of cloud computing continuing to occur in the enterprise, analysts see continued growth in both public and private cloud investment, with

cto forum 07 october 2012

The Chief Technology Officer Forum

public the public cloud market set to reach nearly $100 billion by 2016.

A promising growth According to IDC, worldwide spending on public IT cloud services will be more than $40 billion in 2012 and is expected to approach $100 billion in 2016. IDC forecasts that from 2012 to 2016, public IT cloud services will grow at a compound annual growth rate (CAGR) of 26.4 percent -- five times that of the IT industry overall, as companies accelerate their shift to the cloud services model for IT consumption. "The IT industry is in the midst of an important transformative period as companies invest in the technologies that will drive growth and innovation over the next two to three decades," said Frank Gens, senior vice president and chief analyst at IDC, in a statement. "By the end of the decade, IDC expects at least 80 percent of the industry's growth, and enterprises' highest-value leverage of IT, will be driven by cloud services and the other third Platform technologies." By 2016, public IT cloud services will account for 16 percent of IT revenue in five key technology categories: applications, system infrastructure software, platform as a service (PaaS), servers, and basic storage, IDC said. More significantly, cloud services will generate 41 percent of all growth in these categories by 2016.

B l e n d i n g t h e c lo u d

Software as a service (SaaS) will claim the largest share of public IT cloud services spending over the next five years, but other categories -- notably basic storage and Platform-as-a-service (PaaS), will show faster growth, IDC said. Accelerating PaaS rollouts over the next 12-18 months will be critical to maintaining strong cloud momentum, according to IDC. Geographically, the United States will remain the largest public cloud services market, followed by Western Europe and Asia/Pacific (excluding Japan). But the fastest growth in public IT services spending will be in the emerging markets such as India, which will see its collective share nearly double by 2016 when it will account for almost 30 percent of net-new public IT cloud services spending growth, IDC said in its study, Worldwide and Regional Public IT Cloud Services 2012-2016 Forecast. Meanwhile, as the public cloud market will be growing at a CAGR of 26.4 percent through 2016, the private cloud market is expected to grow at a CAGR of 21.5 percent through 2015, according to research distributed by ReportLinker.com.

“We shortlist applications for public cloud based on security, performance and cost requirements. So far we’ve deployed Salesforce CRM, HR management system and our email system on public clouds.” —Shailesh Joshi Group CIO, Godrei Industries

The best of both worlds While public clouds help you reduce management headaches and reduce costs, private clouds give you the controls that you need. Applications that deal with customer data or financial data could be best fit for private clouds while internet-facing applications might work well on a public cloud. Take for instance DHCL. As with all other companies that communicate via email, DHFL found that they were vulnerable to spam attacks. In 2010, the company was dealing with some 631,200 emails per month, of which 20 percent was spam mail. On average, users were getting around 8-10 spam emails per day. DHFL’s IT team soon became inundated with calls from frustrated users as spam mails continually clogged up the company’s email bandwidth.

COVE R S TO RY

B l e n d i n g t h e c lo u d

The IT team also found that resources were being over-burdened with approximately 2 man-hours per week allocated to operational duties dealing with security issues. This proved to be a highly expensive activity and put a drain on resources which led the company to go on a quest to streamline cost structures whilst maintaining service levels. “We want a solution that requires little or no management on our part and at the same time, provides comprehensive protection for our network. This will free our IT staff for more critical tasks at hand,” explains Satish Kotian, Head IT for DHFL. “Furthermore, we have promised our customers to safeguard their interests and as such, eliminating spam and viruses from our network is

critical. Being housing finance company these IT security issues affect our core business.” Similarly, Godrej uses multiple public cloud services. Shailesh Joshi, Group CIO, Godrei Industries explained, “We shortlist applications for public cloud based on security, performance and cost requirements. So far we’ve deployed Salesforce CRM, HR management system and our email system on public clouds. This is important to reduce our infrastructure management overheads.” However, Godrej hasn’t gone all out with public cloud. It has virtualised and consolidated its 60 servers into 18 virtualised servers and plans to have a central private cloud for all group companies. Joshi feels security is still a big concern in public clouds and therefore, critical applications need to remain in-house or in a private cloud. "However, putting non-critical applications on the public case make a strong business case and it should be considered, especially for Internet-facing applications and applications that require mobile connectivity." Joshi also strongly believes that it is important to have multiple service providers in order to get best service quality and to reduce dependability on a single vendor. He

“Choosing between private and public clouds is no more an option. A company needs to use the combination of both to get the maximum output and cost efficiencies.” —Sandeep Phanasgaonkar President and CTO, Reliance Capital

B l e n d i n g t h e c lo u d

COVE R S TO RY

Handling Cloud Security Challenges 1. Do Your Pre-Contract Due Diligence As always, doing due diligence on your cloud service provider is critical. You need to ensure that the provider will meet your organisation's cost, qualityof-service, regulatory compliance and risk management requirements. Your cloud-service provider due-diligence review should include, at a minimum: Data classification: How sensitive is the data your organisation will place in the cloud? Is it confidential? Critical? Public? What controls should be in place to make sure it is properly protected? Does the cloud service provider appropriately encrypt or otherwise protect non-public personal information (NPPI), material non-public information or other data whose disclosure could harm your organisation or its customers? Data segmentation: Will your organisation's data share resources with data from other cloud clients? Will your data be transmitted over the same networks and stored or processed on servers that are also used by other clients? If so, what controls does the service provider have to ensure the integrity and confidentiality of your organisation's data? Where will your organisa-

feels with hybrid cloud, it is easier to have multiple vendors for the quality of service required by different applications. Similar is the case with travel firm, Epitome Travel Solutions. The company runs a private cloud to cater to its 5 lakh odd end users. According to Vishwajeet Singh, CIO, Epitome, "Scale is an important factor when it comes to hybrid cloud. We already have 5 lakh end users on our private cloud and in order to scale the requirements, we would soon adopt the hybrid cloud." Singh believes, it is critical to have a private cloud infrastructure in place before embarking on a hybrid cloud journey. "Hybrid cloud would help us offload our servers in case of sudden spur in demand and we can continue to grow without increasing our capex investments."

tion's most sensitive data be kept? Recoverability: How often are back-ups done? How does data recovery work when there is a blackout or technology shuts down? How will the cloud service provider respond to disasters and ensure continued service? And how quickly? Do your organisation's disaster recovery and business continuity plans include appropriate consideration of the risks of cloud service outsourcing, the service provider's disaster recovery and business continuity plans, and the availability of essential communications links within the cloud? 2. Define "Act of God" Narrowly An event of force majeure (an "Act of God," circumstance beyond controlfrom an earthquake to a riot) can allow a vendor to get out of commitments, including service-level agreements, or SLAs. Make sure that in its cloud service contract your organisation negotiates a narrow definition of force majeure. Also, there should be a right to terminate the agreement if the force majeure event goes on for too long. Understand the cloud service provider's back-up procedures, how the provider's cloud is structured (for instance, to make sure

Conclusion Hybrid cloud presents a great opportunity for enterprises who want to scale rapidly without worrying about incremental capex costs. It also lets organisations cut costs by running servers at higher capacities and leverage public clouds for peak loads. That said, the technology is still on the peak of its hype cycle and would take a couple of years at least to mature to the level where we see wide scale adoptions taking place. However, before we see hybrid clouds becoming mainstream, there is a lot that needs to be done on technology, security and regulations front. Public clouds need to mature to the level wherein the SLAs can be customised as per customer requirement and an enterprise should have the ability to sign up standard SLAs for all its public

a data center is not located directly on an earthquake-prone fault), and the service provider's disaster recovery plan. What's more, you should be able to readily transfer to another cloudservice provider, if needed. 3. Know What You Should Know As regulations already require financial institutions to do, you must understand where your organisation's cloud service-stored data will be kept, how it will be kept, who can look at it, how you can get it back if needed, how quickly it will be restored if there is a disaster. You must be able to answer these questions before entering into a cloud services transaction for your organisation. Cloud service providers are learning that they must give more information if they want to acquire larger, more sophisticated customers. Even outside the financial-services industry, for large public companies that handle large amounts of data, especially sensitive data, there would be significant risks, financial and otherwise, in not asking and answering the questions posed here. Source: cioinsight.com

cloud providers. This would help organisations move from one provider to the other without much hassle. Also, the clouds need to evolve to the level wherein migrating from one public cloud to the other can be done in a seamless manner. Currently public clouds are more popular among the SMBs instead of enterprises. Once enterprises start adopting the public cloud, they'll understand the true challenges with the public cloud and would work on their applications keeping cloud dynamics in mind. Connectivity, performance, authentication etc are some of the things that CIOs can learn about the public cloud only once they start using it. With the right skillsets and technologies available, hybrid could then truly deliver what it promises for an enterprise. The Chief Technology Officer Forum

cto forum 07 October 2012

COVE R S TO RY

B l e n d i n g t h e c lo u d

What are your views on hybrid cloud? Hybrid cloud is the ultimate form of cloud. There is a good amount of adoption of private cloud taking place among the Indian enterprises. Public cloud adoption is more popular with the SMB segment in the form of Infrastructure as a service and software as a service. Hybrid cloud is where for the same IT application, you use both private and public clouds. The rate of adoption of private cloud is expected to drive hybrid cloud adoption as this is a natural progression for any enterprise. What according to you are the prerequisites for a hybrid cloud? In order to go for a hybrid cloud, enterprises need to have cloud management tools, cloud brokerage system and automation implemented. These systems would aggregate all functionalities together, would create a service catalogue for both private and public clouds. Also, policies can be centrally viewed and enforced using automation. Moreover, the IT operations need to be streamlined in order to standardise processes for private and public clouds. However, with multiple cloud providers avail-

cto forum 07 october 2012

The Chief Technology Officer Forum

able, the biggest challenge is to ensure common SLAs, common standards etc. While some providers adhere to COBIT, IBIT etc. Others follow different standards, making it difficult to sign up standard SLAs and switch between cloud providers. What are the key adoption challenges in hybrid cloud? There are four key challenges that lay ahead in the large scale adoption of hybrid clouds: 1. Cost—the cost to setup a private cloud is still very high and unless there are large adoptions of private cloud, we can’t expect to see hybrid clouds shaping up. 2. Quality of service—not all applications are suitable for the cloud environment. There are applications that can be best managed in-house, for certain applications you can’t find the right public cloud service provider. You therefore need to look for the right service providers for various applications, based on the quality of service required by each of the application. 3. Security—there are already many concerns around the security of a public cloud. With a hybrid cloud, you

COVE R S TO RY

B l e n d i n g t h e c lo u d

Biswajeet Mahapatra, Research Director, Gartner talks to Varun Aggarwal about some of the important points to consider while planning a hybrid cloud deployment would typically have multiple public cloud providers, which is like a perfect storm. With too many stakeholders, people tend to pass on the buck and security therefore is even harder to manage. 4. Technologyâ&#x20AC;&#x201D;you need to stitch unrelated platforms and tools in order to move to a hybrid cloud. This is important since not many applications are built for the cloud and you need to test the integration of on-premise and cloud applications since most systems are heavy interrelated in most enterprises. Can you suggest some best practices for companies planning to go for a hybrid cloud? It is important to understand that hybrid cloud or for that matter any form of cloud, would not clear up the mess in your organisation. If the internal IT is in a mess, a private cloud would only create a bigger mess and hybrid cloud would further worsen the situation. Therefore, it is important to improve internal IT before deploying a hybrid cloud. Organisations also need to consolidate their data centre and virtualise important applications as a first step towards a hybrid cloud. The next step is to have a private cloud in place with a service catalogue and chargeback mechanism in place. Only once these basic blocks are in place, can you think about going ahead with a hybrid cloud.

The most important thing to understand about hybrid cloud is that not all applications are suited for it. You need to take into consideration, the financial and quality viability of putting any application on cloud. Instead of putting up everything on cloud, you should rather spend the effort and resources on managing these different environments and take a step-wise approach. What are your expectations from hybrid cloud? Hybrid clouds present a great opportunity for the enterprises. However, there are very few organisations even globally who have implemented a true hybrid cloud. Therefore, we expect it to be widely deployed not before 2-3 years from now. Hybrid cloud would be successful only when private and public clouds are big enough in the country. The adoption for private and public clouds has already begun in the country and we expect growing interest towards hybrid clouds going forward. We believe government would be a big cloud implementer. It has the perfect scale for a highly beneficial hybrid cloud deployment. Take for eg. The income tax department that hosts its data in NIC data centres. On 28th of each month, companies file their advance tax, which pushes NICâ&#x20AC;&#x2122;s server utilisation to over 90 percent. With the help of a hybrid cloud, this burst capacity can easily be handled without worrying about a system collapse.

The Chief Technology Officer Forum

cto forum 07 October 2012

COVE R S TO RY

B l e n d i n g t h e c lo u d

Prashant Gupta, Head of Solutions, India, Verizon shares his innovative perspective on how to take advantage of the rapid evolution and vast benefits of cloud computing while simultaneously managing risks and staying secure

he cloud will change the way that we secure data philosophically more so than technically. What I mean by that is to say that we’re used to securing data by controlling it. When we move to the cloud we relinquish control of that data so we are going to have to figure out ways to continue to secure that data yet not have the ultimate control over it as we were used to. There’s some data to suggest that 90% of all the information that exists in the world today was created in the last two years. That means there is this appetite to create, to produce, to share, to consume information as there never has been before – and that’s what the liberation of information is all about. The cloud changes the way that we do business because it really powers this phenomenon called ‘The Democratization of ‘IT’.’ What that means is today the smallest companies in the world have access to the same enterprise-class IT resources and compute power that previously were monopolized only by the largest enterprises and largest governments. What that means is that information is now accessible at more places, by more people, from more devices, through more applications than ever before.

The first step is to start with the data. So to understand what data is to be moved to the cloud, what data processes that data specifically supports and to understand its importance therefore to the business. The second step is to address the users. To understand what users are going to need access to the data that resides in the cloud. The third step is to determine your controls. So what standard controls have to be applied on a given set of data in order to ensure that it’s adequately protected. The fourth step is to choose the right cloud. In choosing the right cloud you need to know what controls are available and can feasibly be implemented in that. The fifth step is to bring it all together. So you move the data into the cloud. You make sure all the users have the right access to it and the controls have now been implemented to adequately protect the data in the cloud. The last step is to validate and monitor the effectiveness of security in the cloud. If you want to make sure on an ongoing basis that your data continues to remain secure and in addition you also need to make sure that you can demonstrate compliance.

Six step process for cloud migration

Cloud Migration: What’s at stake?

In addition to the data-centric approach to security, we also came up with a framework of six steps to help customers securely make the transition to the cloud.

The four things that are at stake when it comes to moving your information or resources into the cloud are reputation, agility cost and compliance.

cto forum 07 october 2012

The Chief Technology Officer Forum

B l e n d i n g t h e c lo u d

When it comes to your reputation that’s something that you certainly cannot outsource. You may have a contract that legally obligates a third party to look after your information but as far as your customers are concerned, as far as the market is concerned, they are doing business with you for making sure that breaches don’t happen is still ultimately something that you need to really care about even though you have a cloud provider that’s taking care of that day to day. On the subject of agility, when you’re moving to a cloud provider make sure that agility does not mean you are compromising security. Clouds usually are multi-tenant shared environments so the issue of data-remnants becomes an important one to consider so make sure that your data that’s important does get destroyed when it resides in a shared environment. One easy way to get around the issue of data remnants is to encrypt that data and when you no longer require the data leave it encrypted or throw away the key. One of the big drivers to moving into the cloud is of course economics and when you want to reduce the cost you have to do so without sacrificing security. One good rule of thumb is to say some of the costs that you are saving is the result to move in the cloud and apply that towards security. The fourth thing that’s at stake is compliance. When you move your information, especially one that’s governed by regulations and standards into a third party’s

COVE R S TO RY

“Cloud is going to continue to liberate information. This means that we are going to have information available to us at our fingertips like never before and we’ll get to consumer information on our terms” —Prashant Gupta cloud, make sure that you are able to demonstrate compliance to the standards that you care about.

Finding the right cloud Cloud is going to continue to liberate information. This means that we are going to have information available to us at our fingertips like never before and we’ll get to consumer information on our terms. Whether it be access to our banking records, access to our medical records, access to our energy usage, you name it, the amount of information being produced and consumed out there is going to be at a level that is unlike anything we’ve ever seen before.

T E CH F O R G OVE R NAN CE

c o n s u m e r i s at i o n o f i t

POINTS

CIO Council views BYOD as a growing trend that is still in its infancy socialise the concept of BYOD to explain the BYOD concept to employees and managers

Illustration BY MANAV SACHDEV

select and prioritise important security features for initial implementation successful byoD implementations combine high level driving factors

CIO council

follow the premise, when it doubt, delete it out

Releases BYOD Toolkit

The toolkit is designed as an aid to enable todayâ&#x20AC;&#x2122;s mobile workforce to provide government services By Richard Santalesa

cto forum 07 october 2012

The Chief Technology Officer Forum

c o n s u m e r i s at i o n o f i t

Bring Your Own Device (“BYOD”) is the

latest overnight IT sensation. But like most “overnight sensations” the foundational work took years before now familiar names “suddenly” hit the bright lights. In broader response to the ongoing Consumerisation of Information Technology trend (“COIT”), no less than the Federal government has jumped on the BYOD bandwagon. Recently the Federal CIO Council released a BYOD resource toolkit for agencies contemplating BYOD programmes. You can download the Toolkit in PDF athttp://www. cio.gov/byod-toolkit.pdf or view it online. Not surprisingly, the CIO Council views BYOD as “a growing trend that is still in its infancy, but shows early promise as a driver of cost savings, increased productivity, and improved user experience.” The “Bring Your Own Device — A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programmes” (“Toolkit”) is designed as an aid to agencies in furthering one key stated federal goal of the Digital Government Strategy (PDF), issued earlier this year on May 23, 2012, to enable today’s increasing mobile workforce to efficiently provide government services. The accompanying Toolkit announcement states that it represents a “great starting point for agencies considering BYOD programmes” but that more complicated issues related to BYOD need to be further addressed, such as “how the government can reimburse employees for voice and data costs as well as additional security, privacy, and legal considerations, including supply chain risk management and legal discovery.” Indeed. Nevertheless, the Toolkit is a solid resource worth review by any organisation — private, non-profit or governmental — exploring BYOD options and implementations. It provides: Key BYOD considerations Three case studies of agencies implementing BYOD and concludes with Five sample policies, covering mobile

device usage, BYOD rules, wireless communication reimbursement and finally a wireless network access device policy. What’s to be learned from the Toolkit? A good amount. For as the Toolkit notes “the key takeaway of our efforts is that while BYOD may not be right for every agency, it can, given the right environment, succeed in a secure and records-managed way.”

Key Considerations A key BYOD issue all too commonly skirted in many articles on BYOD is the reality that BYOD proper is typically but one piece of a bigger shift in an entity’s technological pie, combing often enough concerted IT restructuring, data security life-cycle reviews, and budgetary reactions – as the case studies highlight. The Toolkit depicts BYOD’s current characteristics as serving to offer choice to employees while, in theory (depending on a cost-benefit analysis) being cost-effective for both employees and employers. The key issues the Council identifies for consideration in any BYOD programme include: Selection of an overall technical approach from one of the three identified approaches (based on either virtualisation, a walled garden or a hybrid limited separation) Identifying and allocating roles and responsibilities (among and between the entity, users, help/service desks and the carrier(s)’ technical support) Providing appropriate incentives organisationally and for individuals Surveying employees on benefits and challenges specific to the entity Consideration of voluntary versus mandatory participation in a BYOD programme and the potential impact on applicable terms of service Security assessments, including information security, operations security and

T E CH F O R G OVE R NAN CE

transmission security; determining applicable security requirements, standards and selection of a system architecture to provide secure interoperability Establishing a balance between personal privacy and organisation security Reviewing applicable ethical and legal questions (with the Toolkit identifying defining “acceptable use”, addressing legal discovery and liability issues and implication for equal rights employment Identifying supported devices and applications (with consideration of mobile device management (MDM) and mobile application management (MAM) enterprise systems; content storage, ownership of apps and data and data portability) and Asset management to address device disposal under various situations; reporting and tracking lost/stolen devices; funding for service and maintenance.

Case Studies From the Dept of the Treasury While the Toolkit doesn’t explain why the three case studies provided were selected, other than that they “highlight the successful implementation of a BYOD pilot or program at a government agency,” each provides a useful brief synopsis of “the specific challenges, approaches, and lessons learned.” Case Study #1 - Department of the Treasury’s Alcohol and Tobacco Tax and Trade Bureau (“TTB”) The TTB’s BYOD implementation depicts a programme built of budgetary necessity that dovetailed neatly with the fact that the TTB’s workforce is widely dispersed with over 80 percent of employees teleworking on a regular basis. Its programme highlights that its BYOD rollout was conducted hand-in-hand with a broader IT initiative to break the agency’s desktop and laptop refresh cycle through the introduction of a Linux based thin client that transformed user desktop/ laptops into thin clients which delivered the “additional benefit of delivering every TTB application, with user data, to a wide range of user devices without the legal and policy implications that arise from delivering data to or allowing work to be accomplished directly on a personal device.” The result today is that “about 70 percent of TTB personnel access all TTB computing The Chief Technology Officer Forum

cto forum 07 October 2012

T E CH F O R G OVE R NAN CE

c o n s u m e r i s at i o n o f i t

process and allow input on the BYOD resources through thin devices, provided by programme and policies from thought TTB as well as BYOD. There is no typical leaders, and user setup. If the desired user configuration works, TTB allows it.” Select and prioritise important security Case Study #2 - U.S. Equal Employment features for initial implementation, and Opportunity Commission (“EEOC”) then expect to cycle back to identify addiBYOD Pilot tional security measures after the first set Striking a familiar refrain the Toolkit depicts are completed. the EEOC’s BYOD program are growing Case Study #3 - State of Delaware BYOD “out of the necessity of meeting new budget Programme Transitioning from State-owned challenges with limited resources” as the Blackberries EEOC faced “a 15 percent reduction in its IT to a Personal Device Reimbursement Plan operating budget for FY 2012.” In response You have to feel for Blackberry these days, the EEOC’s CIO reviewed the EEOC’s entire at least if the recounted case studies are any IT structure, which, in addition to other guide. At least two of the three case studies changes, slashed the agency’s budget for involve pushing Blackberry out as the exclugovernment-issued mobile devices, which sive mobile option as BYOD moves in. were centered on the Blackberry platform. As in the other two case studies, Delaware The EEOC case study provides a nice sought to “realise significant savings” as its roadmap for anyone pushing toward a Blackberry infrastructure reached the end BYOD while migrating from a single vendor of its lifecycle. The State decided to, within source. Over alpha and beta phases of the two years, migrate all users off its existing rollout (in fact the beta phase is still ongoinfrastructure toward the choice of using a ing and should conclude in Sept 2012) the personal device (with a proposed reimburseEEOC not only moved toward a BYOD solument) or a device running directly through tion, but also toward a cloud-based provider the state’s wireless carrier with a goal of savto assist in device management. ing $2.5MM annually. The case study further demonstrates Among Delaware’s lessons learned were: that a BYOD rollout need not have “all Tax issues — When discussing reimbursethe answers” at the start. Draft policies for ment, the State had to structure the proBYOD Rules of Behaviour were crafted gramme so it was not providing a stipend, in parallel with the pilot phases, develbut a reimbursement to avoid stipends opment choices for existing Blackberry being taxable under IRS regulations. users, including a “status quo” option, and Freedom of Information Act issues, which expressly includes BYOD training sessions the State has avoided in large part by to stress security and procedures. keeping the stat’s e-mail centralised with Interestingly, the pilot states one goal a copy of every transaction on the central of the BYOD pilot was to obtain feedback servers to provide a clean copy for discovon the first version of the Rules of Behavery in litigation if necessary. iour, which continues to evolve in the Unexpected carrier changes – The face of outstanding questions, such as move by many carriers from common whether to include an enforceable waiver unlimited data plans to capping data exempting employees from holding the plans has resulted in employees being EEOC accountable and reimunwilling to use personal devicbursement for a portion of the es for work as Delaware will not data/voice services. provide additional reimburseThe EEOC BYOD pilot “lesment if employees go over their sons learned” include recomdata maximum. mendations to: will be the Socialise the concept of Example Policies spending on BYOD to explain the BYOD The Toolkit’s sample policies

$45b

concept to employees and managers Work with legal counsel and unions, if any, early in the

cto forum 07 october 2012

green IT in the year 2012

The Chief Technology Officer Forum

are, in my opinion, a mixed bag, and include the following sample forms: #1: Policy and Guide-

lines for Government-Provided Mobile Device Usage #2: Bring Your Own Device—Policy and Rules of Behaviour #3: Mobile Information Technology Device Policy #4: Wireless Communication Reimbursement Programme #5: Portable Wireless Network Access Device Policy Nevertheless the forms highlight general issues that IT departments, users, managers and legal should be considering in the BYOD arena. For instance, sample #2 – Policy and Rules of Behaviour includes a list of user duties that include that a: User will not download or transfer sensitive business data to their personal devices; User will password protect the device; User agrees to maintain the original device operating system, keep the device current with security patches and updates, as released by the manufacturer, and not “Jail Break” the device; User agrees to delete any sensitive files that may be downloaded and stored on the device through the process of viewing e-mail attachments. "Follow the premise, 'When in Doubt, Delete it Out'"

Take Aways and the Bottomline The BYOD movement, barring some black swan type of event, is likely to continue to gather steam — though not without various detractors. And as the Toolkit notes, BYOD remains a nascent movement with real concerns and numerous issues to be worked through, along with the establishment of new practices and expectations each organisation must develop and manage. The successful case studies each reveal that successful BYOD implementations combine high level driving factors with a bottom-up buy in as well as IT, management and legal involvement throughout. To discuss the Toolkit's lessons, discuss your own BYOD legal concerns or take advantage of our industry experience in technology rollouts, feel free to contact me or any of the attorneys at the InfoLawGroup. —This article is printed with prior permission from infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.

Future OF IT

www.itnext.in/futureofit

more on web

White Paper

Get Your Projects under Schedule Two thirds of the companies go over schedule on their project deployments. More than 70% of the IT budget is spent on operations and maintenance. To know why you need a new category of systems, read the white paper

Resource Planning is Critical

http://bit.ly/NP2GLN

Most IT heads that IT Next interacted with echoed the need to look at a change management strategy to address the unusual business trends that the cloud brings in. V C Gopalratnam, VP–IT and CIO–Cisco India & Globalisation, who has built a cloud strategy says that it is critical to bring in architectural changes before jumping into the cloud as opposed to delivering point products. “The important aspect of cloud planning is that the IT resources should not be restricted to only keeping the lights on; they must be clued in to understand the business growth plans, the changing business needs and take account of how much is spent on running the business, including maintaining the head counts and so on,” says Gopalratnam. Gopalratnam and his team have put together an enterprise architecture framework to make the environment cloud friendly. “We created a concept called BOST (Business Operations, System and Technology) which works closely with business and operations to understand their requirements,” says Gopalratnam. According to him, it is the reference architecture and the integrated work culture that allows the IT team to be clued in to various business verticals and work out a strategy around the business models which allows for better scalability, besides helping build an effective service management framework and gain insight into customers’ core applications, and evolve a standardised framework. To read the full article and get more insights from IT decision makers, visit http://bit.ly/S1UKFl

Interview

Ramnath Ramchandran

Are You Ready for the Cloud? With effective planning and best practices in cloud computing, IT teams can indeed bring more fluidity to businesses. However, they must use the best-of-breed technology infrastructure and architect their systems in ways that are conducive to cloud

Most organisations, big or small, who intend to adopt cloud computing services, face many obstacles, the biggest of which remains security. Understandably, all IT heads are sensitive about customer information, business data, legal documents, or trade secrets residing outside of the premises.

Most cloud adopters and service providers argue that the potential benefits of the cloud, in terms of reducing capital and operational expenses, are hard to ignore. Prashant Gupta, Head of Solutions, India, Verizon Business justifies the promise of the cloud, “Cloud computing represents a shift in IT thinking, similar to the justin-time phenomenon that exists in most organisations, where the IT head can stop tying up capital expenses (CAPEX) in IT systems that are under-utilised.” Anurag Shah, COO and Head of Global Operations, Omnitech Solutions, a cloud service provider, argues that the cloud strategy of any company is defined by the infrastructure that is put on the cloud with a single window strategy, which could address the concern of the top management to stay connected.

The Deputy VP of IT at HDFC Bank shares his views on the need for more agility in banking, how virtualisation is key to rolling out quicker solutions, and doing more with less http://bit.ly/MYMTpe

Expert View Rethinking Authentication

The challenge in authentication is to have a secure yet user-friendly and affordable solution that can replace passwords, opines ArrayShield CTO Rakesh Thatha http://bit.ly/RzTBUn

BROUGHT to YOU BY

The Chief Technology Officer Forum

cto forum 07 October 2012

HORIZONS

Features Inside

Should I Wait for Windows 8? Pg 42 Mobile Users Getting Serious About Privacy Pg 44 Are MBAs Worth it for Tech Pros? Pg 46 More

photo by photos.com

T Cloud SLAs: How Do You Fare? Many cloud vendors will not offer an SLA. Most will provide one if asked. Some will agree to negotiate the SLA, if only along the edges

By John Pavolotsky

cto forum 07 october 2012

The Chief Technology Officer Forum

he potential for cloud service outages raises a basic, but important, question: Would a more stringent SLA have helped your organization avoid problems? Of course, an SLA can do nothing to prevent an outage caused by a force majeure event, such as Hurricane Isaac. Rather, an SLA is a promise. If a cloud vendor fails to live up to that promise, there are certain, often exclusive, remedies available to the customer, usually in the form of service credits. Sometimes, if negotiated into the SLA, you'll even have right to terminate the cloud services agreements. For example, this right of termination might be applicable if your vendor fails to provide services consistent with those promises over a certain agreed-upon period of time, such as three consecutive months, or four (non-consecutive) months in any six-month period, or six months in any 12-month period. Many cloud vendors will not offer an SLA. Most will provide one if asked. Some will agree to negotiate the SLA, if only along the edges. No reputable vendor will agree to rip up its SLA and accept one proposed

c lo u d

by any one customer. If there will be any changes, they will be financial (example a bigger service credit) and not operational. The vendor will cite administrative reasons why proposed variations will not be accommodated. It will also point to the prospect of reputational damage as a further motivator to provide good service.

Cloud SLAs: Beware The Litany of Exceptions

NEXT HORIZONS

Most SLAs allow your cloud vendor to have some permitted downtime, including scheduled maintenance. This may represent fairly significant period of time, but it is rarely quantified

SLAs are subject to a litany of exceptions, including force majeure. Force majeure events excuse performance failures. As a becomes significantly more complicated. customer, you’d be able to ask for some The application (including any customisamodification of the force majeure exception. tions to it), and underlying infrastructure For example, your SLA can state that force would need to be fully replicated. majeure can only be used as an excuse for In either case, however, the location of service failure if the outage could not have the redundant data center can be a major been prevented by the vendor taking presticking point. There are a variety of reacautionary measures. These precautionary sons - including export controls, intellectual measures could include having in place a property protection and regulatory complibackup generator, or perhaps even a backup ance - why you might not want your data to the backup, accompanied by periodic transferred outside the United States. If testing of one or both generators. In pracyour cloud provider can't assure you that the tice, few vendors would agree to anything redundant data center is US-based, then be so intrusive. If they did, as a customer you prepared to use another vendor. Otherwise, would probably wonder about their abilyou'll be running the risk of degraded availity to deliver. Further, SLAs are not really ability due to a lack of data center redunintended to address force majeure, but dancy where you need it. rather outages due to poor management or In fairness to cloud vendors, your risks of technical failures. outages do not magically disappear if you Some observers posit that a cloud vendecide to keep running your enterprise softdor that offers redundant data centers - in ware on-premise or in your own data cenlocations not affected by a particular force ters. In fact, in many cases, it’s questionable majeure event — may alleviate, if not prewhether an organisation’s internal team can clude, an outage of cloud services. Perhaps. address such risks better than experienced But keep in mind that cloud providers often cloud vendors. make such backup options available only for Certainly, the use-case matters. For an additional cost. Redundant data centers example, if internal email is down for mean redundant costs for you. a period of time, It's inconvenient but For some cloud services, especially Infraunlikely to have significant impact on your structure-as-a-Service (IaaS), such redunrevenues.. On the other hand, dancies are particularly attractive if the e-commerce Website that to customers because your costs accounts for the vast majority of can be tied to actual usage. But your company's sales goes down, even if there is another data cenrevenue and brand impact will ter in a different region, there be immediate and damaging. is still the question of whether was the amount In the latter case, you'll want your cloud service provider can to carefully consider whether assure seamless failover in the of quarterly to host that Website yourself, event of an outage. loss incurred especially if you have a proven For other cloud services by HP globally disaster recovery plan and conespecially Software-as-a-Service siderable resources. (SaaS) -- true redundancy

$9bn

If you do opt for cloud vendors for some or all of your needs, there are clear benefits to having a strong SLA for your cloud services. For starters, an SLA may simply incentivise the vendor to perform to the agreement. Most SLAs allow your cloud vendor to have some permitted downtime, including scheduled maintenance. This may represent fairly significant period of time, but it is rarely quantified. In general, cloud vendors compensate customers for SLA breaches by providing service credits. To receive service credits, the customer must notify the vendor — usually within five business days to 30 calendar days, depending on the SLA. Some SLAs give customers audit rights to confirm the SLA determinations. Typically, service credits in cloud SLAs are limited to 25 percent of recurring charges, at most. Some SLAs assign a flat percentage to a failure to meet a particular service level, such as service availability (uptime). Others give the customer one service credit (equal to, e.g., 1/30 of the month during which the applicable service level was not met) plus additional credits for each increment (measured in minutes) beyond the permitted downtime. Service credits have value in that they can be obtained without your company having to prove actual damages as a result of the SLA breach. In addition to addressing uptime/downtime, SLAs may exist for restore time, response time, specific transactions, and resolution of critical defects. Some enterprises even look to cloud vendors to provide a service level for user satisfaction. Other key SLA concepts include measurement periods for unavailability (usually monthly or quarterly). This is typically

The Chief Technology Officer Forum

cto forum 07 October 2012

NEXT HORIZONs

o p e r at i n g s y s t e m

defined as total hours during a measurement period minus permitted downtime in that period. Annual measurement periods are almost useless, especially if there have been persistent outages and the sole remedy is a credit (for a service that the customer no longer wants). Quarterly measurements are a better option than annual measurements. But they bring their own dangers: For example, if there have been outages in the first and second months of the quarter, it's

possible that the vendor will still be able to provide the required availability for the total quarter, and thus not violate the SLA. You should be aware of the limits of the SLA with your cloud vendors. An SLA is not a substitute for backing up your data or otherwise creating and executing a disaster recovery plan. In fact, some cloud services agreements contractually require the your enterprise to back up its own data, in addition to making it absolutely clear that

the vendor is not responsible for such services. — John Pavolotsky’s legal practice focuses on technology transactions and other intellectual property matters at Greenberg Traurig, where he is Of Counsel. He works primarily with clients in the software, hardware, Internet, mobile, wireless and life sciences industries. — The article was first published in CIO Insight. For more stories please visit www.cioinsight.com.

Should I Wait for Windows 8?

The best strategy is to stay where you are until you’re good and ready to move. By Aaron Suzuki

cto forum 07 october 2012

The Chief Technology Officer Forum

Illustration By photos.com

ntil very recently, IT teams and their tools have controlled hardware allocation, the operating systems deployed throughout the organisation, as well as the timetable on which new OS migration takes place. But with the potential for workers to bring their own Windows 8, with its Metro interface for touch screens, devices to the office, IT’s task has become more difficult. Will it be possible for employees to force an organization’s hand and push early support of Windows 8? Windows 8 is going to be more capable and more ready for the enterprise infrastructure than any of the Android or iOS devices on the market. Non-Windows tablets are generally limited in a business environment to run email, calendaring, and some Web apps that are supported in their browser. Windows 8 on the other hand, has the full robustness and capability of other Windows platforms in terms of application operation and manageability. If it can join an Active Directory domain, people will join their Windows 8 devices to the domain and expect “normal” interoperation. So a possible IT nightmare scenario looms: non-standard hardware running an unapproved OS and legions of workers expecting IT to support them by pointing to the CEO whose iPad has been supported by IT for years. There are a variety of ways to address this, but it will require IT involvement. There has to be some preparation and pro-

activity on the part of IT to be ready for this potential new wave of IT demand and the potential security threats that accompany this unique generation of devices. The end-state is that companies are left trying to support the IT-deployed and managed operating system while also supporting employees trying to utilize their personal devices on the network. IT could be in a position where, unless they are prepared, they will be forced to support Windows 8 whether they want to or not.

mobility

NEXT HORIZONS

The decision to migrate directly to Windows 8 will depend on a variety of factors including your company culture, your worker’s technical abilities, and the technical level of the work you’re doing. You also need to consider hardware investments, and whether you will be able to get touch-enabled hardware that can really make the most of Windows 8 that is reliable and within budget, and you also have to consider whether your applications will run properly on Windows 8. Eventually, the OS you choose for your migration will depend on timing. If you wait long enough, it will make sense to skip Windows 7 and go straight to Windows 8. But the bigger strategic consideration is how you will approach OS migration After 7 comes 8 over the next decade and beyond. We are witnessing a As consumers are forcing enterprises to support their relatively quick turn-around between the release of Winlatest devices, enterprises will have to decide how to dows 7 and Windows 8. It is reasonable to expect the handle their deployment strategy. Depending on the time between major releases of operating systems will be deployment timeline an organization has targeted, some just as swift in the future. might find they are better off skipping Windows 7 and The smartest money is to evaluate your strategy first, going directly to Windows 8. Many organizations simply will be the n0. of won’t have the option to buy Windows 7 by the time they employees hired with a good, hard look at the entire landscape. We have get around to migrating. by bpo industry observed that our most sophisticated customers are in no hurry. They are slow to make change, and very But if organisations are ready to deploy Windows in 2012 methodical when they do; operating IT from the singular 7 now, they should continue with their migration perspective of empowering the business and constantly plans. You shouldn’t put your project on hold and wait making it more efficient. Stay where you are until you’re because if you are among those who deploy Windows good and ready to move. And when you are ready make an informed 8 early, you will undoubtedly find that users will spend nearly all decision that is going to be most beneficial to your organisation. of their time in the classic Windows desktop, and it is very likely IT will be required to make modifications to Windows 8 to operate —Aaron is the CEO and co-founder of SmartDeploy, a recognized leader and look like Windows 7. This is out of both necessity and sheer in providing IT systems management solutions that reduce the time, cost, practicality. With Windows 7, both users and IT knows what it’s and complexity of managing Windows clients and servers.a investing in. IT gets a proven, generally stable operating system. —This article has been reprinted with prior permission from CIO Update. Users get another version of Windows with incremental learning To see more articles regarding IT management best practices, please visit required to be efficient. www.cioupdate.com.

In order to prepare for Windows 8 devices, IT departments can take precautionary steps and evaluate current policies and consider what new policies to create in light of Windows 8, before it comes to market. With the right policies in place, IT organisations won’t be surprised or frustrated by knowledgeable workers who expect IT to help them use their home devices for work, rather they will be in a more strategic position to either operationally support employees or decisively prohibit use of personal devices at work, and that will help IT stay squarely aligned with the needs of the business.

2 lakh

Mobile Users Getting Serious About Privacy Intrusive applications are being removed or avoided by a growing number of mobile users

n increasing number of mobile device users are becoming more aware of their online privacy and are taking the initiative to remove or avoid apps from their smart-

phones and cell phones that demand large amounts of personal information to be used. The trend shows that 54 percent of cell phone users who download apps have chosen not to install an app “when they

discovered how much personal information they would need to share in order to use it,” according to a Sept. 5 “Privacy and Data Management on Mobile Devices” study conducted by the Pew Research Center s Internet & American Life Project. The Chief Technology Officer Forum

cto forum 07 October 2012

NEXT HORIZONs

m a n ag e m e n t

“Thirty percent of app users have uninstalled an app that was already on their cell phone because they learned it was collecting personal information that they didn't wish to share,” according to the report, which was compiled based on results from a nationwide landline and mobile telephone survey of 2,254 adults between March 15 to April 3. The sample has a margin of error of plus or minus 2.4 percentage points. Cell phones users are also taking other steps to better protect their data and privacy, the study reported. Forty-one percent of cell owners back up the data on their phones, from photos to contacts and other files, in case their phone is ever broken or lost, while 32 percent of cell owners have cleared their browsing or search histories on their phones. About 19 percent of the users turned off the location tracking features on their phones to prevent anyone from tracking them. “Smartphone owners are especially vigilant when it comes to mobile data management,” the study reported. “Six in 10 smartphone owners say they back up the contents of their phone; half have cleared their phone s search or browsing history; and one third say they have turned off their phone s location tracking feature.”

Smartphone owners are also twice as likely as other cell owners to have experienced someone accessing their phone in a way that made them feel like their privacy had been invaded At the same time, “smartphone owners are also twice as likely as other cell owners to have experienced someone accessing their phone in a way that made them feel like their privacy had been invaded,” the report continued.

Some 88 percent of adults in the United States own cell phones, and 43 percent say they download cell phone apps to their phones, according to Pew. Jim Dempsey, vice president for public policy at the Center for Democracy & Technology, said the findings from the Pew study on mobile privacy awareness show progress in terms of users becoming more aware of the risks that can affect them and their personal information. “It’s an important finding because it suggests that the message is getting through that consumers need to be paying more attention, particularly in the apps environment and across the board, as they use mobile devices,” said Dempsey. “We and other consumer privacy advocates have been arguing for a long time that we need better laws to regulate user privacy, but also that we need better informed consumers and consumers who are paying more attention.” Dempsey said it is encouraging, particularly since “Congress is making no progress at all on the legislative front” to better protect consumers. “We’ve been arguing for a long time that the platform developers need to offer users better controls and that the apps developers need to be more explicit about how their apps are working.”

Are MBA’s Worth It for Tech Pros?

A Dice report finds some IT pros have interest in obtaining an MBA, but most see tech knowledge as more important

n IT professional with an MBA could have a distinct edge over competitors looking to land that perfect position, according to a report from online technology jobs site Dice. Among current MBA holders with technical expertise (nine percent of survey respondents), higher pay was the top reported impact of their degree, but

cto forum 07 october 2012

The Chief Technology Officer Forum

other benefits included moving into management within the technology department, obtaining employment at a preferred company or helping to land work in a new, business-oriented technical role. However, a majority (52 percent) of survey respondents said they don't think having an MBA would be important to their future technical careers, while 32 percent said they thought it would. Sixteen

m a n ag e m e n t

NEXT HORIZONS

Illustration By prameesh purushothaman

Survey respondents seemed to indicate having technical knowledge was more of a concern than general business knowledge was the top metro area for IT jobs, with 8,814 available positions, percent said they had no opinion. Out of Dice's daily tech listings, down four percent from the same period in 2011. The Washington the company found about 1,500 job postings on any given day that D.C./Baltimore area placed second, down one percent from the require or prefer a candidate with an MBA. Survey respondents same period last year, for a total of 8,063 available jobs. seemed to indicate having technical knowledge was more of a conUp three percent from September 2011, IT stalwart Silicon Valley cern than general business knowledge, but those who saw the value placed third with 5,675 open tech positions, while Chicago IT jobs of an MBA cited additional career marketability and greater likeliedged up four percent from the same period last year hood of advancing into management. to reach 3,847 positions. Rounding out the top five best “Major League baseball teams lust after five-tool playcities for tech jobs was Boston, which surged six percent ers. In the marketplace for technology talent, multiple when compared with September 2011 to post 3,451 availthreats are IT professionals who combine technical expeable tech jobs. rience with business acumen,” Tom Silver senior vice Los Angeles, with 3,439 available IT positions, placed president of Dice, North America, wrote in a company mobile devices sixth and saw its overall tech jobs market improve six blog post. “For tech professionals without an advanced

251m

percent compared with the same period last year, folbusiness degree, only one in five (19 percent) said they to be sold in lowed by Atlanta (3,195 IT positions and a six percent will likely get an MBA in the future. That seems to india by 2013 uptick), Dallas, which saw available positions rise one ensure tech professionals with MBAs will be as tough to percent to 3,071, and Seattle, with 2,668 positions and find as the great Willie Mays.” a four percent boost from September 2011. The City of According to the company’s information, the nationBrotherly Love, Philadelphia, posted far and away the biggest gain in wide number of available tech jobs stands at 84,268 in September, the number of IT positions in the top ten: Philly's available tech jobs with full time positions numbering 52,106, contract positions numsurged 16 percent when compared with Septmeber of 2011, with the bering 35,542, part-time positions numbering 1,771, and telecomtotal number of IT positions hitting 2,432. muting posts reaching 1,047 positions. As of September 4, New York The Chief Technology Officer Forum

cto forum 07 October 2012

NEXT HORIZONs

h e a lt h c a r e

ICT for Better Healthcare

Wiproâ&#x20AC;&#x2122;s innovation has enabled hospitals in providing healthcare services beyond the physical boundaries

cto forum 07 october 2012

The Chief Technology Officer Forum

T K Padmanabhan, CTO, Wipro

imaging By peterson PJ

limited number of hospitals in India has led to the challenge of providing quality healthcare services to the masses. Staff shortage (doctors and nurses) is also an added worry for the healthcare system. To overcome these challenges, stakeholders are looking at the ICT industry for solutions that promise to take healthcare beyond the physical boundaries of hospitals. On its part, Wipro is helping hospitals to improve the speed and quality of medical treatment, even when there is a shortage of caregivers. By combining mobile devices, scanners, and bar code technologies with applications, Wipro can help increase the precision of sampling, labeling and analysing specimens. This will in turn reduce the chance of collecting the wrong specimen from the wrong patients. Besides, it helps hospital administration to remotely monitor the health of a patient. By leveraging mobile devices, doctors are now able to perform multiple tasks without being bound to a single monitoring location. Mobile technologies, developed by Wipro, can help medical staff to capture patentsâ&#x20AC;&#x2122;

h e a lt h c a r e

vital parameters, view lab reports and place medical requirements on handheld devices. These devices have an in-built analytic system to easily monitor and analyse critical medical data. As a result, physicians spend less time filling out charts and more time working directly with patients, diagnosing and treating symptoms. They can focus on high-risk patients and move low-risk cases out of beds more quickly. Another innovative solution developed by Wipro is the Remote Fetal Monitoring (RFM) solution. The technology has successfully completed pilot projects at two of the leading hospitals in Bangalore and Delhi. The device has been used on about 50 patients for both pre-natal care as well as for labour and delivery. First home trial for foetal monitoring has been a success, as well. The device was used by a 24-year old obese diabetic patent at home for more than two days with four recordings taken. It has proved to be helpful for monitoring

Mobile solutions can help medical staff to capture patentsâ&#x20AC;&#x2122; vital parameters, view lab reports and place medical requirements on hand-held devices high-risk pregnancies. There are instances when the physiological condition of the mother puts the foetus at risk. In such cases, the expecting mother is required to visit the doctor frequently for pre-natal care. Wiproâ&#x20AC;&#x2122;s wireless solution helps in accurately monitoring the maternal and foetal

NEXT HORIZONS

status from home and providing remote access to the consulting doctor on a mobile device. Sitting remotely, the doctor can view and recommend appropriate intervention as required. This can avoid unnecessary admissions, reduce mental anxiety for the patient and families and empower physicians to make informed decisions. Most importantly, Wiproâ&#x20AC;&#x2122;s solution allows remote viewing of the patient data from any location under the highest security and privacy standards. The innovative technology is US FDA approved and ensures accurate data for making appropriate clinical decisions. The technology eliminates any confusion of maternal or foetal heart rate that may occur with the existing CTG technology. Further, the data for each patient can be viewed centrally at the nursing station in the ward. Wipro plans to offer the solution to hospitals and consultants on a transaction-basis or pay-per-use model. This will ensure that small care providers and government-run maternity centers will be able to offer the solution to patients.

The Chief Technology Officer Forum

cto forum 07 October 2012

VIEWPOINT Steve Duplessie | steve.duplessie@esg-global.com

Illustration by raj verma

IT’s Final Frontier

No More “Remote” Sites

Remote offices/users have always been a pain in the rump for IT. Even when IT could legislate/mandate what devices, network, VPN, access control, security, etc. were to be used by the remote user, it was still a pain. Something goes wrong out in the Podunk plant, and some poor office manager has to deal with an IT guy a billion miles away over the phone trying to troubleshoot the issue while 187 people are now totally unproductive. Fast forward to today, and it’s a thousand times worse. Now IT can’t legislate/mandate anything. Users want access to their data from their iPad, phone, tomato soup can, etc. You can’t tell them anything except “NO!” Guess what? They don’t like that. Since a four year old is now more than competent to surf anywhere they wish on a McDonalds happy meal toy device, it’s hard for IT to control grown-ups. “But, you don’t understand, Mr. Remote Executive, if you don’t do it my way, we can’t back it up, and when you inevitably delete it because you are a moron, you won’t be able to

cto forum 07 october 2012

get it back - then you’ll tell my boss’s boss that I suck, and I’ll take the heat.” Think that slows him down? Nope. “But you don’t understand, Ms. Podunk, when you leave your iPad in the Starbucks with every single employee’s name, social security number, bank account, routing number, 401k password, and photo ID on it, the company is put at a significant risk!” Whoopdie doo, IT boy, deal with it. “But you don’t understand, Code Man, when you use Box or Dropbox or whatever to keep all your double secret code on because you want to ‘collaborate’ with that girl you met on the internet who seems to live in Bulgaria, there is nothing IT can do to protect/secure that asset!!” Not my issue, man. This is the new reality IT has to deal with. You can’t fix dumb, my friends. Thus, you have to deal with it. You need to give the user what they want - access to their (and often others’) data, from wherever they are, on whatever they want to use, whenever they want it. You have to do it such that it’s completely secure, and totally protected. You

The Chief Technology Officer Forum

About the author: Steve Duplessie is the Founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com

have to “enable” their productivity. You have to do it without LEGISLATING or MANDATING. In short, you have to do it all without them even knowing you are doing it. The good news is you now can. Here are a few examples of how: By putting a lightweight remote proxy file server out in the remote office, like Nasuni, IT can effectively extend the reach of whatever is in the core data center — and give local access to every single remote. Think of it as adding the world’s longest ethernet cable to your filers. No more “walls” of the organisation when it comes to IT. Works with Active DIrectory, so nothing changes in the overall architecture or methodology. It’s like your remote office was just relocated to the 3rd floor of the main building. Users access via whatever mobile device they want. IT maintains control of backup and security. Fun for all. Druva is a little company that does this kind of stuff too. They will automatically back up any remote device without you knowing it. They can remotely wipe out the device Ms. Podunk leaves in Starbucks.