Indian CIOs Viz-a-Viz Consumerisation of IT by ctof magazine

Technology for Growth and Governance

April | 07 | 2012 | 50 Volume 07 | Issue 16

Indian

CIOs

vis-Ă -vis consumerisation of IT CTO Forum's comprehensive survey provides insights into what CIOs think about this hot trend Page 21

NO HOLDS BARRED

From Information to Innovation

Officer

PAGE 12

A 9.9 Media Publication

BEST OF BREED

Best Practices Innovation for PAGE 14

I BELIEVE

The Next Big Wave PAGE 04

WHY LOSE CAPITAL, WHEN YOU CAN USE IT PROFITABLY?

``` ` ` ` ` ` ` `` ```

` `` `

` ` `` `

`` ` `

Scale up or down in no time with 5,000 racks available Save up to 40% in Total Cost of Ownership Slash your CAPEX on IT infrastructure Get freedom from managing technology changes, upgrades and versions Be assured of uninterrupted business during disasters with DR on demand and a 600-seat BCP set up Benefit from Indiaâ&#x20AC;&#x2122;s most secure datacenter

Given the increasing data businesses generate today, Gartner* predicts that a typical datacenter will be obsolete in just seven years. Imagine pumping hefty capital into building datacenters ground-up, every seven years! At CtrlS, we have all the space for you to grow, with design features to maximize space usage and power efficiency. Whatâ&#x20AC;&#x2122;s more, with flexible infrastructure that lets you scale up or down as you require, you could save up to 40% in Total Cost of Ownership. And use it to your advantage instead.

Scan using your QR code reader or download one from www.mobile-barcodes.com/ qr-code-software

Visit www.ctrls.in/mumbai-data-center CtrlS Business Solutions DR on demand | MyCloud - Private cloud on-demand | Managed Services | Messaging Solutions

* http://www.forbes.com/2010/03/12/cloud-computing-ibm-technology-cio-network- data-centers.html

Asia's Largest Tier IV Datacenter

editorial yashvendra singh | yashvendra.singh@9dot9.in

The Hidden Opportunity It may be a

headache for CIOs but if leveraged properly, consumerisation of IT has a strong case for business growth

ust when the CIO thought he had everything under control, another trend or technology emerged that left him unsettled. The new trend of consumerisation of IT, seeping rapidly into enterprises, has started to give CIOs sleepless nights. The explosion in the growth of tablets and smart phones, and their rapid ingress into the workplace is turning into a security and management nightmare for any CIO. He no longer has to take care of a single operating

editorâ&#x20AC;&#x2122;s pick 21

system. Today, there are multiple devices running multiple OSs. Besides, these issues are not restricted within the four walls of the enterprise. Tech leaders now have to shoulder the responsibility of securing these devices outside the office too. Manufacturers, meanwhile, have taken the cue. They are increasingly coming out with devices that can play movies and games with equal ease as they can handle a power point presentation. The management,

7 Points to Analyse Technology leaders give their mandate on seven astuteÂ questions on consumerisation of IT

on the other hand, has realised that allowing employees to bring their own devices to work stands to revolutionise productivity. The employee, thus, has a wide range of devices to choose from, and the mandate from his management to get it to his workplace. That consumerisation of IT will proliferate in the next few years is corroborated by various reports. According to one such report from Gartner, enterprise sales of media tablets will account for about 35 percent of total tablet sales sold in 2015. Gartner expects enterprises to allow tablets as part of their buy your own device (BYOD) program. More of these tablets will be owned by consumers who use them at work. This leaves technology decision-makers like you with little choice. They way ahead for CIOs is to quicky put a comprehen-

sive strategy in place to securely harness these technologies and leverage them to increase productivity and speed up the decision-making process. I feel consumerisation of IT is like a powerful weapon in the hands of a CIO. If used irresponsibly, it can cause a lot of harm to the enterprise. However, if used judiciously, it can help his organisation ward off competition. One thing that is certain for a CIO is to realise there is no running away from this trend. He needs to proactively frame a strategy that takes into consideration the requirements of his employees and his organisation.Only then will he have everything under his control, till another disruptive trend comes up!

The Chief Technology Officer Forum

cto forum 07 april 2012

april12 thectoforum.com

Cov e r D e s i g n by a n i l t | i l lu s t r at i o n by R E T H I S H K R

Conte nts

21 Cover Story

21 | 7 Points to Analyse

Columns

4 | I believe: The Next Big Wave Supporting the devices that employees want, creates a secure enterprise and helps in employee retention By Oliver Bussman

Technology leaders give their mandate on seven astuteÂ questions on consumerisation of IT

48 | View point: The Magic Of Amazon AmazonÂ recently announced some big price cuts for its AWS and EC2 services, amongst others By Steve Duplessie

Please Recycle This Magazine And Remove Inserts Before Recycling

Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301

cto forum 07 april 2012

Features

14 | Best of breed: Best Practices for Innovation Steps to ensure processes yield optimum value

The Chief Technology Officer Forum

www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Consulting Editor: Sanjay Gupta Assistant Editor: Varun Aggarwal Assistant Editor: Ankush Sohoni DEsign Sr Creative Director: Jayan K Narayanan Art Director: Anil VK Associate Art Director: Atul Deshmukh Visualisers: Prasanth TR, Anil T & Shokeen Saifi Sr Designers: Sristi Maurya & NV Baiju Designers: Suneesh K, Shigil N, Charu Dwivedi Raj Verma, Prince Antony, Peterson & Prameesh Purushothaman C Chief Photographer: Subhojit Paul Sr Photographer: Jiten Gandhi advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay

12 NO HOLDS BARRED

12 |From Information to Innovation Officer In conversation with CTO

Forum, David He, Huawei’s President of Marketing, Enterprise Business Group, reveals his strategies and the challenges that lie ahead 34

34 | next horizons: Mobility: The Future is Now Organisations can ensure that the use of mobile is on their terms

40 | TeCH FOR GOVERNANCE: Cyber Self Defense For Non-Geeks The direction of a strike depends on where your opponent stands

RegulArs

01 | Editorial 06 | letters 08 | Enterprise Round-up

advertisers’ index CTRLs SAS Institute Microsoft Ricoh Dell

IFC 5 7, BC 37 IBC

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

Sales & Marketing National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) Senior Sales Manager (North): Aveek Bhose (+91 98998 86986) Product Manager - CSO Forum and Strategic Sales: Seema Menon (+91 97403 94000) Brand Manager: Gagandeep S Kaiser (+91 99999 01218) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bungalow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in

I Believe

By Oliver Bussman CIO, SAP The author is a global IT executive with over 20 years of influential leadership with SAP, Allianz, Deutsche Bank & IBM.

The Next Big Wave

Supporting the devices that employees want, creates a secure enterprise, attracts young talent, drives innovation and helps in employee retention In our experience, the best use-case scenario in the enterprise is business intelligence. Typically you have a lot of dashboards and reports available on laptops, etc. Moving them onto mobile devices, there's a different mobility, a different usability. We see a huge increase of usabil-

cto forum 07 april 2012

The Chief Technology Officer Forum

current challenge Managing and Making data accessible on mobile devices anytime, anywhere

ity of the information. First of all, maybe you need three to five clicks to get you to the information, instead of going to your laptop, logging in, going to the Website, etc. here it takes 20 or 30 seconds or less and you have access to the information. So the joy of the consumption of that information is going up. On the other side, if you also provide real-time updates of this information, then the desire to go into that mobile app and see how is my business doing is there. We have applications that measure our entire sales business globally, to see which deals we are working on, is there progress, are there any seeds of opportunity. So, there’s much better insight, and if there’s a crisis we see this immediately. I also see a huge change of consumption behavior, which is similar to the introduction of mobile email. Compared to 10 years ago, everyone's checking email every 5 or 10 minutes now. We see this now also with mobile devices, looking at real-time business results, updated financials. Because I can jump into that information between meetings, I am always on top of that. So I think that's the next big wave that we will see in the corporation: the combination of managing huge amounts of data, and making it accessible on mobile devices anytime, anywhere. That's a big change that we already see internally, and my prediction is that we'll also see it in entire industries, that you have to be on top of your business and be always available [to react]. We had the infrastructure enabled to manage tablets in May 2010. We added more mobile apps — business analytics, workflow, customer relationship management tools. We have more than 40 apps now and working fine for us. —This article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

LETTERS CTOForum LinkedIn Group Join over 900 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:

S P I N E

CTO FOR UM

Techno logy for Growth and

“There is no dou m coind that“T rea bt in my Gover nance

HOW

TO SET UP A HIGH

m un l-time “Th commun ic in em re a-titi mo e p eer icatal comthth islo in ns com uioinnsd incloegudcan of g anopo“Taw he d will is bro wlytic

-PERFOR MING SEC TEA M

an broader adoptio d n” —Andre

ader ad op

| BIG DATA

“W it “With n cry cptircloonhudcloud so edosolenti ution no ot nens,edyyostopu, ytioon notlu nworry about yo eed to wu do orr ur the wrodata landing y A $50 BILLION

MARKET

Fredde

Andrew

Miller

CEO Polyco

| WHA T

IT PRO FES

High F

ng ha

nds.” —Chris Fredde

I BELIE VE

a K Sen

PAGE 52

into

SIONALS

ive

Sudipta

K Sen

CEO & MD Institute – SAS (India)

REALLY

“Hav extrem ing a mento r is an el “H yavvin algu th WANT

Hugh Njem

anze

ArcSight and VP Founder & Security CTO, HP Solutions

Five int rer sourc lea thatrocaunvaghluiselabanplegexreuatrabmsoidemenurleeeltoceC e clo derseronvietows with top bu y pics ra “sW nging siness challehnthe maIO curity an to lea e suddeptorsesehipn yt o“W d ad from froUCm ges thanclo ft ofetispm they fa ende lo t u a w s tim w ce.” tran to custm —Harve om eesr sithVanirtdith y Koeppe slate th er l ei e 07 | Issue 14

Volum

tha CIOs t can help gu challen through the ide ma ges tha t they fac ny e.” —Harve y Koeppel

A 9.9

Media

Publicatio

Harvey

www.linkedin.com/ groups?mostPopular=&gid=2580450

PAGE 04

VIEWPOIN T

—Sudip ta K Sen

data land about your wrong ing into the hands.” —Chris

CEO, SafeN e et

Strategi c Sourci Path ng, ic Delivet ery

er of drive is alan alyt low ic inthe gsthe owing busibuisnallsines ess be le andstoto b anditsagico course correct e agile before rrll.”ec t bit efore Mar it hithitssaa wa wall.” Researket —Sudi ch pt

w Miller

tion” —Andre w Miller

Chris Fredd

March | 07 Volume | 2012 | 50 07 | Issue 14

here is mind tha no doubt in my t

will dri ve

Some of the hot discussions on the group are: Open Source vs Proprietary SOFTWARE Practically how many of you feel OpenSource Free software are best solutions than any proprietor software's?

| Page 25

Koep

pel Execu Centre tive Director, for CIO Leadership

translate and into som their needs eth

into somakes sen ingrthant eed lisatio s Jo n ets.”hsein for our gineer makesenm g that Indiaurney of engineesense for our Begins rs .” —Hug ua

A QUES TION OF

ANSW ERS

—Hugh Njemanze

PAGE 14

h Njem anze

Are CTOs more interested in satisfying the CFO & Board rather than the consumer?

If CTO is aligned to the CFO and the Board in that order, the CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the Consumer? If he is not, then even he may be in hot water sooner or later.

I would rather mention that, you call should depends on the criticality of the application to serve the enterprise business requirement, as opensource application can have security breaches and lack of support in worst come senario

—Vishal Anand Gupta, Interim CIO & Joint Project Director HiMS at The Calcutta Medical Research Institute

cto forum 07 april 2012

The Chief Technology Officer Forum

http://www.thectoforum.com/content/ need-cloud-security-standards

Fit Technology to Specific Need

technology should not be used just because it is the cutting edge solution to a business problem Fitment of technology to specific organisational needs should be the approach To read the full story go to:

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

Costin Raiu, Director, Kaspersky Lab talks to Varun Aggarwal about security challenges in cloud.

Opinion

Arun gupta, Group CIO, Shoppers' Stop

Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com

CTOF Connect

http://www.thectoforum.com/content/fittechnology-specific-need N. Eswaranatrajan Head – Operations and Technology, ICICI Lombard

E nte rpri se Round -up

Enterprise

FEATURE Inside

Cyber Attacker of Indian govt Sites Traced to China Pg 10

Illustration by anil t

Round-up

India Mobile Services Market to Reach $30 bn By 2016 India’s mobile connections to

exceed 900 million

The India mobile subscriber base is forecast to reach 696 million connections in 2012, up nine percent from 638 million in 2011, according to Gartner, Inc. Total mobile services revenue in India is projected to reach $30 billion in constant US dollars in 2016. The average revenue per user (ARPU) began to stabilise in 2011 — a notable change from the double-digit decline of ARPU between 2008-2010. “The staggering growth of mobile connections has been driven by the expansion of mobile services in semi-urban and rural markets and the availability of cheap mobile devices,” said Shalini Verma, principal

cto forum 07 April 2012

The Chief Technology Officer Forum

analyst, Consumer Technology and Markets, at Gartner. “However, the other performance indicators of the Indian mobile market seem modest in comparison to those of markets such as China.” At $40, the ARPU in India is among the lowest in the world and about one-third of that of China. India also lags behind China in mobile service penetration. The mobile service penetration in India is currently at 51 percent and is expected to grow to 72 percent by 2016, whereas China already achieved 71 percent mobile penetration in 2011 and is forecast to grow to 119 percent in 2016.”

Data Briefing

$14.5 Billion Expected worldwide SaaS Revenue in 2012

E nte rpri se Round -up

They John Said it Scully

Illustration by charu dwivedi

“Do you want to sell sugar water for the rest of your life, or do you want to come with me and change the world?” was Steve Jobs’ legendary pitch some 30 years ago enticing John Sculley, then PepsiCo's president, to join a fledgling Apple Computers. In an email interview with Economic Times, Sculley looks back at his career and also looks ahead at the tech world.

50% Corporate Apps to be on Cloud by 2014 US and Europe are more conservative in cloud adoption Large companies in Latin America and Asia Pacific are the most aggressive adopters of the cloud computing paradigm, while their European and US counterparts remain conservative about shifting applications to the cloud. A study by Tata Consultancy Services (TCS), involving senior managers and corporate IT executives from over 600 large companies across the globe, reveals that while cloud applications are still in the minority of all applications, companies in Latin America and Asia Pacific have a much higher proportion of cloud applications to total applications. The average Latin American company has almost two-fifths (39 percent) of its total applications in the cloud. Asia Pacific follows closely behind with over a quarter (28 percent). In contrast, less than one fifth (19 percent) of the average US company’s applications are hosted in the cloud. In Europe, the figure is closer to one-tenth (12 percent). The findings come from an extensive study conducted by TCS into the factors driving companies to shift on premise or put new applications into the cloud and the competitive advantages those applications are generating.

QUICK BYTE ON Imaging and Printing

“The line between IT and the business is disappearing. It is becoming essential to how they all conduct their businesses. They want choices about where their technology lives, from the hybrid cloud to public cloud infrastructure.” — John Scully, Former CEO, Apple

The combined serial inkjet and page printer, copier and multifunction product (MFP) market in India totaled 641,274 units in the fourth quarter of 2011, a 5.9 percent decline compared to the fourth quarter of 2010, according to Gartner —Source: Gartner

The Chief Technology Officer Forum

cto forum 07 April 2012

image by photos.com

E nte rpri se Round -up

Cyber Attacker of Indian Govt Sites Traced to China Attack is

similar to a spy operation, Shadow Network, targeting the govt since 2009 A breach of computers belonging to companies in Japan and India and to Tibetan activists has been linked to a former graduate student at a Chinese university — putting a face on the persistent espionage by Chinese hackers against foreign companies and groups. The attacks were connected to an online alias according to Trend Micro Researchers. The owner of the alias, according to online records, is Gu Kaiyuan, a former graduate student at Sichuan University, in Chengdu, China, which receives government financing for its research in computer

network defense. Gu is now apparently an employee at Tencent, China’s leading Internet portal company, also according to online records. According to the report, he may have recruited students to work on the university’s research involving computer attacks and defense. The researchers did not link the attacks directly to government-employed hackers. But security experts and other researchers say the techniques and the victims point to a state-sponsored campaign. “The fact they targeted Tibetan activists is a strong indicator of official Chinese government involvement,”

Global Tracker

Impact on Social Media Websites

cto forum 07 April 2012

The Chief Technology Officer Forum

Source: Adobe

The use of last-click attribution, may cause marketers to undervalue social media’s website impact by up to 94 percent

said James A. Lewis, a former diplomat and expert in computer security who is a director and senior fellow at the Center for Strategic and International Studies in Washington. “A private Chinese hacker may go after economic data but not a political organisation.” “The Trend Micro report describes systematic attacks on at least 233 personal computers. The victims include Indian military research organisations and shipping companies; aerospace, energy and engineering companies in Japan," said Baburaj Varma, Head — Technical Services (India & SAARC), Trend Micro. He further added, “At least 30 computer systems of Tibetan advocacy groups have been attacked so far. The espionage has been going on for at least 10 months and is continuing.” “This was not the only attack that was started and is stopped, it is a continuous effort by the Cyber criminals to attack Government websites and Defence authorities in India.” Trend Micro Researchers traced the attacks to an e-mail address used to register one of the command-and-control servers that directed the attacks. They mapped that address to a QQ number — China’s equivalent of an online instant messaging screen name — and from there to an online alias. The person who used the alias, “scuhkr” — the researchers said that it could be shorthand for Sichuan University hacker — wrote articles about hacking, which were posted to online hacking forums and, in one case, recruited students to a computer network and defense research programme at Sichuan University’s Institute of Information Security in 2005. The New York Times traced that alias to Gu. According to online records, Gu studied at Sichuan University from 2003 to 2006, when he wrote numerous articles about hacking under the names of “scuhkr” and Gu Kaiyuan. Those included a master’s thesis about computer attacks and prevention strategies. The Times connected Gu to Tencent first through an online university forum, which listed where students found jobs, and then through a call to Tencent. Reached at Tencent and asked about the attacks, Gu said, “I have nothing to say.” Tencent, which is a privately managed and stock market-listed Internet company, did not respond to several later inquiries seeking comment.

E nte rpri se Round -up

illustration by prince antony

Solution to Integrate Mobile, Social Apps New software offerings from HP

HP has announced new Application Transformation solutions designed to help enterprises drive an enhanced user experience by integrating mobile-based enterprise applications into the traditional computing environment. The growing adoption of smartphones and mobile applications is changing the way enterprises create value and drive competitive differentiation. In fact, the economic survival of enterprises

now depends on their ability to respond to customer and citizen demands, generated through enterprise applications as well as social applications such as Facebook, Twitter and LinkedIn. The expanded HP Applications Transformation solutions portfolio enables clients to design, build and manage applications that drive interaction between people and enterprises while optimising traditional application environments to deliver an improved user experience. “Modern enterprise applications require a different approach to design and testing than traditional applications,” said Amit Chatterjee, Director, HP Software and Solutions, HP India. “HP ensures that enterprise applications provide the highest level of quality, availability and scalability while elevating the user experience to an entirely new level.” The enhanced HP Application Lifecycle Intelligence (ALI) improves collaboration among delivery teams and reduces cycle times by offering realtime visibility and traceability of activities across the application life cycle. As part of HP’s IT Performance Suite, HP and Perfecto Mobile, a provider of cloud-based testing and automation solutions, have extended HP Unified Functional Testing to support multifunctional applications by allowing developers to emulate and test the user experience of mobile applications across devices and networks. Additionally, new software offerings from HP complement the agile development of mobile applications and drive social collaboration that include HP Anywhere and HP Enterprise Collaboration. The HP Application Transformation solutions portfolio of software products is also complemented by new services for enterprise applications.

Fact ticker

Is Cloud Creating Tension Between Business & IT?

Strategy needed to tackle growing tension between business and IT BMC Software has announced the findings of a new commissioned cloud survey conducted by Forrester Consulting. The survey, published in a study entitled “Delivering on High Cloud Expectations,” reveals increasing tension between business and IT stakeholders. With a growing demand for pub-

lic cloud services, CIOs are rightly concerned that business teams are willing to circumvent IT in order to acquire cloud services on their own. The survey included in-depth responses from 327 enterprise infrastructure executives and architects across the United States, Europe and Asia-Pacific (APAC).

High expectations for speedy, low-cost implementation of new software systems in the cloud are putting unique pressures on IT departments within the enterprise. Initial findings of the survey reveal that while IT teams work to meet the needs of the business, the demand for more speed and agility is creating an environment in which business teams are looking outside the organisation to provision services in public clouds. As a result, IT departments must expand plans to incorporate public cloud services into their overall cloud strategies.

Big Data

new in-memory business intelligence (BI) solution from SAS uses a highly visual interface to bring powerful analytics to a broader class of users than ever before. SAS Visual Analytics, the newest product in the SAS HighPerformance Analytics family from the leader in business analytics, provides a fast, simple and costeffective path to business insight and better decisions. SAS Visual Analytics combines in-memory architecture, intuitive data exploration, Hadoop support and information-delivery options, including the iPad, claims a company release. It is the only in-memory engine designed specifically for business visualisation of big data on inexpensive, nonproprietary hardware. “The speed of in-memory architecture offers tremendous benefit. Firms can explore huge data volumes and get answers to critical questions in near-real time,” said Dan Vesset, Programme Vice President of IDC's business analytics research. “SAS Visual Analytics offers a double bonus: the speed of inmemory analytics plus self-service eliminates the traditional wait for IT-generated reports. Businesses today must base decisions on insight gleaned from data, and that process needs to be close to instantaneous.” “SAS Visual Analytics helps business users to visually explore data on their own,” said SAS CEO Jim Goodnight.

The Chief Technology Officer Forum

cto forum 07 April 2012

NO HOLDS BARRE D

PERSON' S NAME

From Information to

Innovation Officer Huawei is aggressively targeting the enterprise IT market. It plans to ramp up its revenue from this segment from nine percent to 20 percent by 2015. In conversation with CTO Forum, David He, Huaweiâ&#x20AC;&#x2122;s President of Marketing, Enterprise Business Group, reveals his strategies and the challenges that lie ahead 12

cto forum 07 april 2012

The Chief Technology Officer Forum

Huawei is looked at as a company providing solutions to telcos. Do you feel this image will come in your way when pushing into the enterprise IT segment? We already provide advanced technology, reliability and stability to network vendors. This is proof that we have the technical strength and delivery capabilities. This image would serve us well when we enter the enterprise market. We also want to emphasise on our strong relationships with partners because in the enterprise space we need to work closely with them. In terms of the technology, there is technology that can be used both in the enterprise and the carrier space. For example, in the carrier space, there is router, LAN, data centre, all of which can also be seen in the enterprise customer space. There are vendors such as IBM who supply to both the carrier and enterprise customers. Besides, we know that both these seg-

D av i d H e

“The challenge for us is to ensure that every customer in the enterprise space knows about Huawei. Every market in the world is important to us” ments need to be addressed in different ways. Therefore, we have entirely different sales models in the carrier network and enterprise segments. In the former, we provide products and services directly, while in the latter, we will rely on our partners. So what could be the biggest challenge for your growth? The biggest challenge for us is brand awareness. We have strong ICT solutions. The challenge for us is to ensure that every customer in the enterprise space knows about us. Every market in the world is important to us. I don’t like to rank any country with respect to importance to Huawei. Currently, the enterprise business contributes nine percent to our overall revenues. We want to increase this to 20 percent by 2015. We are confident we will be able to reach the target. But you are taking on biggies like Cisco and Apple. Do you stand a chance against them? Of course we will have opportunity to be successful in the market. The most important differentiator for us is that we have a comprehensive ICT solution. We have a wide spectrum of products ranging from cloud computing, network, and data centre. This is what differentiates us from competition. We will certainly run into stiff competition with Cisco but then we compete with them everyday, and have been growing steadily. In terms of cloud computing, we are not competing with Apple. Apple’s cloud computing is consumer oriented. In other words they are actually operating their cloud. We are providing products and solutions to enterprises, which is different from operation cloud.

How are trends such as social networking, BYOD and cloud computing impacting a CIO? I would say these trends are impacting CIOs significantly. After the advent of cloud computing and the convergence of ICT solutions, IT has become the driving force behind businesses. A recent report from Gartner says it is time to change what the word CIO stands for. From Chief Information Officer, it is time to change it to Chief Innovation Officer. Similarly, another report from Forrester says IT should not be called Information Technology. Instead, it should be called BT (Business Technology) as technology is the driving force for business innovation. I think this is a great change for a CIO. So how should a CIO approach these trends? One area that a CIO needs to focus is to rework on is the network planning. It is important for a CIO to standardise his network. I personally feel that lots of CIOs face challenges when they migrate to the cloud because they use a lot of proprietary products. With the advent of cloud, huge amounts of data are stored in cloud data centres. This is an important asset of an enterprise and in the future it will be necessary to expand the capacity. In the future it will be very important for a CIO to adopt open standards when it comes to his network. This will ensure data accessibility and business continuity. It is believed that your OS is more complex as compared to Juniper’s Junos and Cisco’s IOS. What are your comments on this? I don’t think so. Our routers and

NO HOLDS BARRE D

switches are very simple and very compatible. We have been there for 20 years. I know Cisco’s routers because before entering Huawei, I was a R&D engineer. I can confidently say that Huawei products are not at all complicated. What message would you like to give to CIOs? I would like to tell CIOs that Huawei is a better choice for them to face the challenges. I believe the biggest challenge for a CIO today is cloud computing, which is a new business model. There is no doubt that security is an issue with respect to cloud computing. However, in Huawei this is at the top of our mind. We will continue to enhance our security and R&D strength in this area. You are focusing a lot on the government vertical in India. Why? The government vertical is looking towards end-to-end ICT solutions for cementing its security and governance related infrastructure. Huawei Enterprise has emphasised on its capability to develop and deploy ICT driven solutions specifically designed for the government segment. We have a unique approach towards solving government issues and problems. We have our ICT solutions and solution platforms, others can develop unique applications on these solutions and together we can deliver localised applications that are cost-effective for the government segment. We have solutions directed towards the citizens like e-city, e-education, e-health etc. which can be delivered to different stakeholders. We are in an ideal position to enable office collaboration. We have products for IP, IT and CT and all these can enable converged communication among different departments of a government system. So our solutions can help government in improving efficiency, facilitating service and realising the full potential for e-governance.

The Chief Technology Officer Forum

DOSSIER Company: Huawei Technologies Co. Ltd. Established: 1988 Founder: Ren Zhengfei Products: Mobile and fixed broadband networks, consultancy and managed services, multimedia technology Network: Total employees 140,000 Products deployed in 140 countries Serves 45 of world's 50 largest telecom operators

cto forum 07 april 2012

Best of

Features Inside

Breed

The CIO-CMO Team: Rules for Success Pg 16 The Heart and Soul of Value IT Pg 18

illustration by shigil n

rganisations are facing mounting pressure to innovate in order to spur growth and increase the bottomline. Despite belief to the contrary, the invention of new products and services does not occur spontaneously. There is a process involved, and organisations can take practical steps to ensure that their innovation processes yield maximum value. APQC has identified 10 key elements in the innovation processes at IBM Corporation, Kennametal Inc, and Mayo Clinic that make these organisations best-in-class for innovation. In this two-part series, we will look at the 10 elements and dive into how the three best-practice organisations have incorporated the elements into their innovation processes. This first installment of the series focuses on the first five elements: Drive innovation from the top and bottom. Cross traditional organisational boundaries to help innovation thrive. Strategically select opportunity areas through the eyes of customers. Distinguish among different types of innovation. Cast the net wide for ideas.

Innovation is part of each business unit's strategic focus in IBM

Best Practices for Innovation Firms take these steps to ensure that their innovation processes yield optimum value By Becky Partida

cto forum 07 April 2012

The Chief Technology Officer Forum

Drive innovation from the top and bottom It is a given that leadership support for innovation is important. Without this support, few resources would be allocated to these efforts. However, sup-

I n n o vat i o n

port from employees who work closely with customers is also important. Without buy-in from these employees, it is difficult to source ideas and embed a culture of innovation throughout the enterprise. Thus, support from both the top and the bottom is of the utmost importance to innovation. Securing buy-in from front-line employees while aligning innovation efforts with top-down strategy enables relevant ideas to surface and be taken through to production or implementation. For several years, IBM has stressed that innovation is the responsibility of every employee. However, it recently shifted innovation accountability to focus more on employees who engage regularly with customers. This shift has given front-line employees greater decision making power regarding innovation. However, even with the spreading of accountability, IBM holds that senior level sponsorship is vital to ensure that the organisation maintains support, guidance, and direction for innovation.

Cross traditional organisational boundaries Innovation is not isolated to specific areas within an organisation. The best-practice organisations identified by APQC encourage innovation within areas of the business that may not normally be associated with innovative thought. They also facilitate innovation by creating collaborative teams comprised of members from multiple business units. Collaboration is vital to Mayo Clinic’s innovation strategy. The organisation has established cross functional innovation teams that meet regularly to analyse ideas generated by staff members and to identify strategic targets for innovative projects. Separate leadership teams, made up of physicians and non-physicians, also meet to brainstorm and execute new projects. These collaborative teams have generated ideas for new products and services, suggested quality improvements, and designed new business models for the organisation. In addition to the responsibility for innovation placed on each employee, IBM includes innovation as part of each business unit’s strategic focus. IBM has an Integration and Values Team that meets regularly to discuss important issues and innovations across business units.

B E S T OF B R E E D

For several years, IBM has stressed that innovation is the responsibility of every employee. However it recently shifted

innovation accountibility to focus more on employees who engage regularly with customers Select opportunity areas using customer input The best practice organisations identified by APQC make a point of gathering customer feedback, determining customer requirements, and aligning their processes with the customer in mind. By keeping customers front and center throughout the process, organisations can tailor innovations to their target audiences. In the end, the creation of new products and services means nothing if the organisation isn’t giving customers what they want. Kennametal is a maker of tooling, engineered components, and advanced materials consumed in the manufacturing process. It considers innovation to be a constant process focused on the demands of the market. The organisation has developed the term “exciters” to describe innovations that are radical in that they satisfy unarticulated needs. The organisation connects with customers at regular intervals to determine where the potential for exciters exists. IBM has implemented a programme called First of a Kind that relies on customer input for solution development. Here IBM conducts research in a customer’s own environment and applies technologies that it feels are appropriate solutions for the customer.

Embrace technologies and tools for innovation Adopting the right enabling technologies for innovation can support the creative process, facilitate collaboration, and provide a way to capture new ideas. However, technology is pointless unless it matches an organisation’s innovation objectives. Best-practice organisations focus technology adoption

on the needs of the enterprise as well as individual innovation teams. The organisations also consider whether open source technologies can provide them with the tools they need without a lot of extra cost. The best-practice organisations studied by APQC favour tools that allow a large number of employees to capture and build on ideas. For example, Mayo Clinic implemented a software application to capture, categorise, and archive ideas for innovation around a defined topic. Virtual events are held to drive brainstorming, and users can rate others’ ideas as well as submit comments, suggestions, and observations. Mayo also adopted social media tools to facilitate collaboration among employees. Wikis enable staff to capture and modify notes and other project-related communications. The organisation has created an innovation toolkit that serves as a central location for materials and resources needed during the innovation process.

Focus on experimentation

For every successful idea, there are many ideas that do not make it through the process. Best-practice organisations accept this fact and do not allow failure to hinder innovation. The organisations studied by APQC emphasise the effort behind the innovations, even if the ideas do not yield profitable results. This fosters a culture in which employees feel free to explore all creative soluAmount lost tions and ideas. IBM balances its research agenda by companies among three groups: globally due to Exploratory research (underphishing attacks standing how nature works); Applied research (connecting in 2011 the understanding to issues); and

$1.3 b

The Chief Technology Officer Forum

cto forum 07 April 2012

B E S T OF B R E E D

I n n o vat i o n

Development (making the research usable to IBM customers). The organisation measures success not only by the innovation but also by how its research increases scientific understanding. Unsuccessful projects are considered learning experiences and are documented so that the lessons-learned can be applied to future work.

Recognise the human side of innovation The best-practice organisations studied by APQC use more than just financial rewards to encourage innovation. These organisations create spaces conducive to innovation, and they tailor their rewards programmes to suit employee interests. To reward innovation, IBM uses internal programmes such as peer-to-peer awards, recognition of technical accomplishments in a particular research area, and an innovation client value award given to teams that exemplify dedication to client success. The organisation also seeks publication in external journals and recognition through professional societies to gain external exposure for its employees’ efforts.

Keep measurements simple IBM, Kennametal, and Mayo all recognise that no one metric can convey innovation success. However, when measuring innova-

The best-practice organisations use more than just financial rewards to encourage innovation tion and its results, these organisations use only a select group of measures which are meaningful to users. Although innovation can involve multiple activities and processes, the metrics selected for use should be customised. Kennametal, a maker of tooling, engineered components, and advanced materials consumed in the manufacturing process, uses only a few high-level, cross-functional measures to evaluate the success of innovation. These measures include the percentage of revenue resulting from new products and the cycle time of new product development. By keeping measures high-level and simple, the organisation can easily communicate performance across the enterprise in a way that employees at all levels can understand. Kennametal also tracks three other groups of performance measures to obtain a more

detailed view of the innovation process and its outcomes: Project metrics; RD&E functional metrics; and Special focus metrics (such as the percentage of employees trained in Six Sigma).

Look to the future and the past When developing measures and improvement plans, it can be easy to focus solely on results. However, the organisations studied by APQC emphasise predictive factors as well as outcomes when developing measures. The organisations look both at leading indicators that provide a foundation for performance (such as employee training and environmental conditions) and the results of innovation processes (such as cycle time and customer satisfaction). Most importantly, the best-practice organisations allow their measures to change over time to meet enterprise needs. Frequently updated measures are balanced with consistent measures to enable longer-term trending. — Becky Partida is knowledge specialist with APQC, a member-based nonprofit and one of the leading proponents of benchmarking and best practice business research. —This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.

The CIO-CMO Team: Rules for Success

A look at the rules needed to build a dream CIOCMO team By Jim Nash

mong history's more implausible relationships — Reagan/Gorbachev, Van Halen/Roth, Unger/Madison — the budding hookup between CIOs and CMOs is not so much bizarre as it is unexpected. Market trends including social media are forcing CIOs to look at the world beyond the firewall and prompting CMOs

cto forum 07 April 2012

The Chief Technology Officer Forum

to focus as much on employees as on would-be customers. Combined, their complementary skills and backgrounds can profitably address a mobile, vocal and savvy audience at home in an inherently insecure digital world. However, neither they nor their companies can expect to succeed in this era without a strong alliance with the other.

m a n ag e m e n t

In fact, some companies are creating chief customer officer posts, says Prof. Peter Fader, marketing professor at the University of Pennsylvania's Wharton School. Fader is also co-director of the Wharton Customer Analytics Initiative. “The post is going to be tight with the CEO and the CIO — because it’s designed to create hard-number metrics — and the COO, because it will analyse the supply chain,” says Fader. It will gain respect that the CIO and CMO by rights could be getting by collaborating. So, what are the cardinal rules you need to follow in order to foster and maintain a deeply collaborative partnership between the CIO and CMO? Of course, it's all about communication and earning trust. It has to be broken down to elementary actions. Recognise that technology isn't the business. Technology is just one tool in a company's arsenal. It's not even the most strategic tool all the time, says Craig Neeb, CIO and VP of multichannel marketing for International Speedway Corp, which owns and/or operates 12 NASCAR tracks. It's relevant only to the extent that it's understood internally and it delivers on the corporate strategy. A corollary to this: “True” marketing is instinctively distrusted by would-be buyers, says Neeb. That's why social media is the revolutionary business development that it is. It opens the messaging to the entire market, dismantling iron-sided brand statements. And CMOs need CIOs if they ever hope to organise the chaos of social networks in their favor. Leave your ego (and career fears) in the car when you arrive at work. There absolutely is risk involved for CIOs and CMOs when they are told to reach over the divide, says Sri Raju, CEO of Smartbridge, a business-app maker and consultancy. But the hard truth is that it's easier to hire people who understand this critical need than it is to retrain senior executives. CEOs are less and less likely to allow a “shadow IT unit” to exist in marketing, says Raju. And CIOs who are most proud of the money they save will fall out of favor in organisations pushing for innovations. There must be a healthy overlap of skill sets for the CIO and CEO. Too many glassy stares for one while the other excitedly discusses important developments means the pair are moving in separate directions. Each has to have a solid grounding and appreciation for the lot of the other.

B E S T OF B R E E D

Dahlberg goes so far as to say the CIO and CMO should be able to fill in for each other in certain situations. The model needs to be applied across the C suite. As revolutionary as it can be to have CIOs and CMOs who are joined at the hip, the same needs to be true among all of their peers, says Dahlberg. The site of the CFO heading for one's office, for instance, can't be cause for anxiety. The integration must go deeper than the chiefs. IT and marketing staffs have to get the religion and permission when it comes to interacting with each other. Departmental stovepipes must be replaced with flexible hierarchies that promote cross-organisational communication, which leads to innovations. The CMO and CIO both need to be involved in the R&D budget process. Dave Dahlberg, CMO of Model Metrics, an international cloudcomputing consultancy, says they have separate but parallel views of products and product capabilities informed by being in the field with customers and in the trenches with IT support. Where possible, free IT from commodity tasks. Dahlberg says his firm, unsurprisingly, has dumped all of its servers in favor of cloud computing. “John (Barnes, CIO of Model Metrics) is able to take his team and focus on being innovative.” Barnes and Dahlberg say this reduces the incidences of IT refusing reasonable requests for lack of resources. It also cleanses tech staffs of those who are overly comfortable with the familiar. Don’t underestimate your value to marketing. Lisa Arthur, CMO of marketing software maker Aprimo, says CIOs are “an absolute gem” in helping to create strategic marketing roadmaps because technology underpins and promotes the firm's conversation with its market. If you’re the CIO and the firm is looking for a new CMO, get involved. Collaborative teams more often occur when one or both CIO and CMO are hired for that purpose. Execs unanimously said that it's hard to retrain for this need. So when you get word that a new CMO is being sought, work with the C-suite to describe the ideal candidate. Suggest people you've met who might meet the needs. Interview candidates in depth. And then, following these rules, build a dream team.

illustration by shigil n

CEOs are less likely to allow a “shadow IT unit” to exist in marketing

—This article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

The Chief Technology Officer Forum

cto forum 07 April 2012

B E S T OF B R E E D

m a n ag e m e n t

The Heart and Soul of Value IT

CIOs are quickly forgetting what the critical skill of business analysis entails By Marc.J. schiller

or years CIOs (or should I say, IT managers) were chastised for being too reactive, too technical, too tactical. In an effort to address this “shortcoming,” CEOs and their consultants schooled IT managers on how to think strategically. And what fine students you have become. During the last few years (which we all know have been very tough on IT budgets) IT leaders the world over have put in place a number of strategies to maximise efficiencies, drive cost savings and generally improve the speed and responsiveness of IT. Unfortunately, the highly lauded strategies of yesterday have had some very negative consequences for CIOs and their teams. Consequences that are so significant that, if we don’t do something about them soon, will relegate the CIO (and the IT group overall) to a position of vastly diminished relevance to the business. I’ll explain.

In the quest for ever-improving efficiency and customer responsiveness, CIOs the world over have applied three basic strategic themes. 1 Standardise around key packages: Avoid custom applications like the plague. Go for standardised software. And what’s more, if it can be SAP or Oracle, even better. Build a focus and competency in a specific application suite and work it. 2 Outsource, outsource, outsource: Wherever possible, outsource to a third party. ASP, MSP, BPO, consultants, bodyshop.

cto forum 07 April 2012

The Chief Technology Officer Forum

illustration by raj verma

Strategic IT management: Unexpected side effects

Whatever could be found that offered a cost and speed advantage to doing it in house. 3 Get “tight” with the business side: In order to get closer to the business side of the operation, improve understanding, shorten implementation time frames and increase

accountability, CIOs made a number of organisational changes. Chief among them: creating the IT-business liaison role. These are all basically sound strategies driven by good intentions. But the way in which these strategies have been imple-

B u s i n e s s a n a ly s i s

mented has brought about one particularly disastrous consequence: The virtual disappearance of the business analyst (BA). In the rush to standardise on specific packages and to improve business relationships, the traditional in-house business analyst role has morphed. First, outsourcing brought about a reduction in the number of BAs needed. After all, the outsourcer said they would cover that work as part of the contract. Second, with solution development firmly focused on a specific application environment (such as SAP, Oracle or Siebel) much of the traditional duties performed by the BA shifted to the application analyst. Just without a whole lot of business analysis. Because with a solution already in hand, the application analysts focused their efforts on configuring and administering the chosen package solution and “making it work” for the business. This meant that the classic role of business analysis and solution definition yielded to the force of the customisable package. Finally, the role of the IT liaison, which many BAs took on in early days, turned out to be more about managing budgets and expectations, and providing a single face to the customer than it was about engaging in problem analysis and solution design. The problem analysis and solution design work was left to the outsourced solution provider.

The changing role of the Business Analyst I first noticed this change in the BA role about 10 months ago, when two separate clients had great difficulty coming up with a single BA to participate in the project with which I was involved. It took almost two months to finally get budget approved to bring in a new person once the CIO gave up on finding anyone internally with the right skills. At first I thought these were just isolated incidents, until I noticed this issue recurring nearly every place I went. I finally realised how pervasive this issue is while attending a recent industry conference. Sitting at a table with 10 CIOs who are employed by companies with revenues of $1 billion or more, I asked the group whether they had noticed the virtual disappearance of the BA in their organisations. Without

B E S T OF B R E E D

In a rush to standardise on specific packages and to improve business relationships, the traditional in-house business analyst role has morphed missing a beat, the CIO of a famous consumer packaged goods company said: “Are you kidding me? It’s an absolute disaster. I dread getting a call from a business unit to discuss an issue or problem they are having. If it’s not about SAP, I’ve got no one to send them who can have an intelligent conversation. All I can do is send them a consultant.” Ouch.

What happens when the Business Analyst goes away? The decline of the business analyst has been gradual. Yet, their traditional capabilities are crucial today for IT to add value to the business. In particular I’m talking about the skills of: Problem analysis; Requirements definition; Business case formulation; Project scoping and definition; And finally translating all that into a set of solution options and sound technical requirements. Without in-house BAs to do this work, IT organisations now find themselves with a major void in their service capabilities. IT’s customers are feeling these effects, even though they can’t quite identify how or why. But it won’t be long now. Pretty soon they won’t bother calling IT at all. They will just reach out to the consultants and the outsourcers, since these are the people with whom they end up dealing anyway. What’s even more distressing to me is that it seems that most IT leaders have lost sight of what a real BA is suppose to do. Case in point: I recently searched the job site Dice.com for “business analyst” and found about 2,500 relevant postings (about three percent of all IT jobs). Yet, when I examined these closely, it turned out that the vast majority of

the posts were placed by outsourcing companies, professional services firms, software companies and contract labor companies. Very few of these positions are for in-house BA jobs. Digging just a little deeper into the job postings reveals that the list of key skills required of today’s Business Analyst falls far short of what we all know is needed for success. Of the 50 skill areas identified in the posted positions, only three are related to a specific functional business competency. The rest of the required skills are all IT-specific technical or process skills. Many of the posted jobs are essentially describing project managers.

BA and the Bottom line Business analysis is the absolute most important competency for an IT organisation. It is the very heart and soul of the value IT is meant to bring to the business. Despite the best intentions, many CIOs have lost this critical skill in their organisation and they are quickly forgetting what it really entails. Therefore, strategy No. 1 for any CIO looking to retain a strategic role vis-a-vis your business peers is to bring back the business analyst with the right skills and capabilities.

— Marc J. Schiller, author of “The 11 Secrets of Highly Influential IT Leaders,” is a speaker, strategic facilitator, and an advisor on the implementation of influential analytics. He splits his time between the front lines of client work and evangelising to IT leaders and professionals about what it takes to achieve influence, respect and career success. —This article was first published in CIO Insight. For more stories, please visit www.cioinsight.com.

The Chief Technology Officer Forum

cto forum 07 April 2012

Points 7 to Analyse Technology leaders give their mandate on seven astuteÂ questions on consumerisation of IT by TEAM CTO FORUM T t RE il n by :A n g io i n at ag tr Im lus Il H IS H K R

The Chief Technology Officer Forum

cto forum 07 April 2012

CO V E R S TOR Y c o n s u m e r i s at i o n o f i t

Do you view consumerisation of IT as a risk?

Work is so much more fun than before!

SELF

ASSESSMENT

“No,

I do not consider it a risk. Rather it is an opportunity. However, a careful approach is required.” Subhash Mittal, SrED (MS&IT) & Group CTO, IFFCO

cto forum 07 April 2012

The Chief Technology Officer Forum

YES

CO V E R S TOR Y c o n s u m e r i s at i o n o f i t

Is consumerisation of IT driving unrealistic expectations from IT departments?

Yes, you can do it!

SELF

ASSESSMENT

â&#x20AC;&#x153;Yes,

it is driving unrealistic expectations. There is a huge investment both in managing and providing mobile devices to employees. This scenario is putting a lot of burden on the IT department.â&#x20AC;? Saradindu Paul, Associate Vice President Corp IT, Electrosteel Group

The Chief Technology Officer Forum

YES

cto forum 07 April 2012

CO V E R S TOR Y c o n s u m e r i s at i o n o f i t

Is support for employee mobility possible considering their reliance on external networks? Hold on, I'm getting the signals now

SELF

ASSESSMENT

â&#x20AC;&#x153;Yes,

to ensure this support, we have started to implement a private cloud and virtual desktops. This will help us in making application delivery possible in a well-controlled and secured manner. We are now about to implement a BYOD policy.â&#x20AC;? Pratap Gharge, Exec.VP & CIO, Bajaj Electricals ltd

cto forum 07 April 2012

The Chief Technology Officer Forum

YES

CO V E R S TOR Y c o n s u m e r i s at i o n o f i t

Is your IT department fully involved in enterprise mobility projects?

Excuse me! Will anyone bother to explain?

SELF

ASSESSMENT

YES

“No,

not at the moment. Presently, we are supporting only a few projects.”

Bala Variyam, VP, Collabera

The Chief Technology Officer Forum

cto forum 07 April 2012

CO V E R S TOR Y c o n s u m e r i s at i o n o f i t

Are you able to get a deeper insight into end-users' experience of applications?

Save this plant from dying

Here, take this watering can and put life back into the plant

Ha-ha, I got a new paper plant!

SELF

ASSESSMENT

â&#x20AC;&#x153;Yes,

we now have a better understanding of the end-users' external needs. This has helped us in proving them the best of breed solution.â&#x20AC;? Suresh Shanmugam, National Head BITS and CIO,Mahindra Finance

cto forum 07 April 2012

The Chief Technology Officer Forum

YES

CO V E R S TOR Y c o n s u m e r i s at i o n o f i t

Is your IT department prevented from supporting SAAS and social media applications?

Get back to work!

SELF

ASSESSMENT

“Yes,

we do not allow such applications and therefore we have built our own social media application” Subbarao Hegde, CTO, GMR Infrastructure Limited

The Chief Technology Officer Forum

YES

cto forum 07 April 2012

CO V E R S TOR Y c o n s u m e r i s at i o n o f i t

Are you trying to provide your users with enterprise apps that have user interfaces akin to consumer apps such as Facebook, Gmail, Yahoo etc. I am pleased to announce double bonus for all our emplooyees

SELF

ASSESSMENT

Yes,

consumerisation is here to stay and IT teams have to gear up to meet challenges and use this as an opportunity to improve processes, systems, value to business and user delightâ&#x20AC;? VijaySethi, VP and CIO,Hero MotoCorp

cto forum 07 April 2012

The Chief Technology Officer Forum

YES

CO V E R S TOR Y c o n s u m e r i s at i o n o f i t

Survey Findings The survey covered a total of 119 CIOs. Of the CIOs included in the survey, a whopping 94 per cent say that support for employee mobility is possible considering their reliance on external networks, while 61 per cent felt that consumerisation of IT is driving unrealistic expectations from IT departments. More than three-fourth of the CIOs (78 per cent) felt that their IT department is fully involved in enterprise mobility projects, whereas majority of CIOs (55 per cent) view consumerisation of IT as a risk. Of the respondents, 72 per cent felt that they are able to get a deeper insight into endusers' experience of applications. Only 33 per cent of the CIOs felt that their IT department is prevented from supporting SAAS and

Are you able to get a deeper insight into end users' experience of applications?

social media applications. Surprisingly, there has been

equal voting from the CIOs (50 per cent), in terms of providing employees enterprise applications that have user interfaces akin to consumer applications such as Facebook, Gmail, Yahoo etc. The other important

YES

55%

45%

YES NO

Is support for employee mobility possible considering their reliance on external networks?

3/ YES

2/ YES NO

39%

61%

94%

Is your IT department fully involved in enterprise mobility projects?

4/ YES NO

Is your IT department prevented from supporting SAAS and social media applications?

33%

67%

YES

Is consumerisation of IT driving unrealistic expectations from IT departments?

72%

takeaways from the exercise are given below.

Do you view consumerisation of IT as a risk?

28%

22%

78%

Are you trying to provide your users with enterprise apps that have user interfaces akin to consumer apps such as Facebook, Gmail, Yahoo etc.

7/ YES

50% 50%

The Chief Technology Officer Forum

cto forum 07 April 2012

E V E N T R E P ORT

Akamai

Event

Living in a Hyperconnected World CTO Forum hosted Brad Riklin, CMO, Akamai to talk about the increasingly connected world Hyperconnected World, a recent concept was discussed in detail by Brad Riklin, CMO, Akamai

Delegates networking with each other during the event

he term hyperconnectivity was coined by John Friedmann, the author of the famous book The World is Flat. In its recent State of the Internet report, Akamai noticed that we are already living in a hyperconnected world. The older generation used to go online to check their mails, or look for information etc. However, the youth today do not have to go online because they are always connected online. From a business perspective as well, we are constantly connected and online. To throw more light on this subject, CTO

cto forum 07 April 2012

The Chief Technology Officer Forum

Shivangi Nadkarni, Consultant, 9.9 Media introducing the panel

Forum hosted, Brad Riklin, Chief Marketing Officer, Akamai. In a session moderated by Shivangi Nadkarni, Consultant, 9.9 Media, Riklin talked about the opportunities and challenges that this new concept brings along in today’s enterprise.

“Previously you had to download all your mails before getting into a flight and then go through them. Today, you can access your mails and even make Skype calls right from the airplane. That’s the kind of world we are living in. Right from watching mov-

Akamai

E V E N T R E P ORT

Delegates listen as Brad Riklin highlights key trends in the hyperconnected world

One of the delegates interacting with Brad Riklin post the event

ies, listening to music, paying bills, sharing business reports—all these things had nothing to do with the Internet about 10 years ago. But today, all these activities rely on an Internet connection,” Riklin said. This concept of hyperconnectivity comes with not just challenges but also great opportunities. Giving an anecdote, Riklin said, “The Internet itself used to be a niceto-have to our business model. Now, Internet has become the most important channel of growth for most businesses.” “Your online presence is now your face to the world. Also, with an online presence you have to be up and running 24X7. This also presents a great opportunity as you can monetise the concept of hyperconnectivity and turn it into an innovative lead into the market place and disrupt the existing business models,” he elucidated. For CIOs, hyperconnectivity means that

It was an excellent opportunity for the delegates to connect with their peers during the event

there is a lot less cost involved for businesses to work online. It also allows the CIOs to be better aligned with the business and take part in shaping the P&L for the company. Now the CIO can show a precise return on investment in every IT investment. Riklin highlighted the key trends in hyperconnectivity as media, mobile, cloud and security. “While the first three trends are positive trends, the security issues that hyperconnectivity comes with, is something that CIOs need to seriously consider. With hyperconnectivity, your organisation is exposed to a lot of different types of threats from across the world,” he said.

“Your online presence is now your face to the world. Also, with an online presence you have to be up and running 24X7. This also presents a great opportunity as you can monetise the concept of hyperconnectivity and turn it into an innovative lead into the market place and disrupt the existing business models,” Riklin concluded.

The Chief Technology Officer Forum

cto forum 07 April 2012

E V E N T R E P ORT

n u l lco n

Event

Nullcon Goa 2012

Security professionals gather in Goa to discuss security issues and suggest countermeasures nullcon 2012 brought together training sessions, workshops and technical sessions from various security professionals

During one of the training sessions, audience paying keen attention to the trainer

One of the speakers at the event being felicitated

ith the digital infrastructure expanding and new computing platforms being adopted, organisations are beginning to realise that they have more to manage than ever before. They now require a focus on security continuity that allows them to continuously respond not only to online threats but also external changes. To address this issue, nullcon Goa 2012a four day vendor neutral event brought together security companies, buyers, consultants, business decision makers etc. from across the globe. The prime focus of this conference was to spread security aware-

cto forum 07 April 2012

The Chief Technology Officer Forum

ness and provide a platform for consultants, security companies, security buyers and security professionals to share expert knowledge and experience. The conference was held from 15- 18th February, 2012 at the Bogmallo Beach Resort, Goa. The conferenceâ&#x20AC;&#x2122;s inaugural note on why

government and policymakers should get involved on the information security front was delivered by Janardhan Swami, the Member of Parliament from Karnataka. The first two days of the event were dedicated to training sessions and workshops. Some of the themes of the training sessions were XtremeXploitation, Xtreme Web Hacking, Advanced Wi-Fi security etc. A new concept called â&#x20AC;&#x2DC;Jailbreakâ&#x20AC;&#x2122; was introduced this year (This is one of a kind game challenge where the participants are kept in house arrest to

n u l lco n

combat the real life hurdles and yet make a mark, solving complex security challenges or finding a vulnerability is what makes them free from the Jail (House arrest). Torture and difficult conditions to be tackled to be a winner). Keynotes speakers for nullcon 2012 included Muktesh Chander, the center director for National Critical Infrastructure Protection Centre (NCIPC) who spoke on cyber-crime prevention, and Alok Vijayant, the director at National Technical Research Organization (NTRO) on the need for understanding the changing nature of cyberspace and cyber security. The keynote by Kamlesh Bajaj, the CEO of Data Security Council of India (DSCI) spoke on the topic ‘Cyberspace - A global commons or a national asset’. The conference witnessed some exceptional security professionals who stunned the audience with their expertise. One of them were a group of security experts who demonstrated the vulnerability of GSM mobile networks, which can be easily exploited by hackers enabling them to impersonate a user's identity and make calls from his account without a clue to the consumer. The group claimed that most of the telecom networks were not encrypting signals, which is common at the international level. Another leading cyber security expert explained today how IVRS can be a hacker’s paradise for stealing anyone’s personal information using their phones as these systems remain mostly unaudited and lack key security features. He also said that said one of the major lacunae with the IVRS is lack of confirmation procedure whether data is entered by human or machine — called as CAPTCHA. “The worst part is most of these phone banking methods are usually unaudited for security checks and the programs are also not up to the mark, making them vulnerable”, he said. With every new technology comes some

E V E N T R E P ORT

Audience paying attention to one of the sessions at the conference

A speaker at the event sharing his views on the current security environment

A speaker at the event taking questions from the audience

risk and even the Smart Electricity Meter is not spared of vulnerabilities according to one of the experts from the US who spoke about Smart Meter Hacking at the conference. In his opinion, in the US which has used smart meters for a decade, he said that hackers have recovered passwords stored in the optical interface and used them to attack other smart meters causing massive blackouts. Along with these some of the other topics that were spoken about were WarTexting, secure capacity building for developing nations, android hacking, CAPTCHAS, open source revolution etc. The conference covered all walks of the cyber- security thus

promising a better and brighter future in the space of cyber security. nullcon- an initiative by null is a four day vendor neutral event will bring together business decision makers and security professionals from national and international arena to address the important security issues and innovative mitigation solutions. The prime focus of this conference is to spread security awareness and provide a unified platform for consultants, security companies, security buyers and security professionals to share expert knowledge and experience. It also provides companies an exclusive platform where they can display their competencies to the audiences. The Chief Technology Officer Forum

cto forum 07 April 2012

HORIZONS

Features Inside

Crowdsourcing, Info Age and Globalisation Pg 36

Illustration by anil t

Mobility: The Future is Now Employees will use mobile devices one way or another but firms can ensure that the use is on their terms By Brian Duckering

cto forum 07 April 2012

The Chief Technology Officer Forum

hroughout the modern history of business, there have been countless technological innovations that have improved the way companies work. However, a few stand out from the rest in their capacity to disrupt the status quo. Perhaps the most obvious recent examples of such technological advances are the PC and the Internet. For younger generations, it is nearly impossible to imagine doing business (or anything for that matter) without these technologies, and for older generations, it is painful to imagine ever going back to the way things were before them. We call these “disruptive technologies” and we are now witnessing another such technology firmly entrench itself in the business world: mobile devices. Smartphones are now being used by hundreds of millions of people throughout the world to access corporate information to keep up with today’s 24/7 business cycle. Indeed, the current generation entering the workforce and future generations will wonder how business was ever done without such devices. To learn the extent of mobility’s reach into the enterprise and organisations’ perception

mobility

of the benefits and challenges of the ever increasing swarm of devices flowing into and out of their infrastructures, Symantec recently fielded a survey of 6,275 organisations of all sizes in 43 countries. The survey shows that we have reached a tipping point in the business use of mobile devices. However, this all comes with a price, both in terms of resources and risks. Despite this, most organistions feel the benefits are worth the risks.

The enterprise mobility tipping point

Gartner says Worldwide Media Tablets Sales to Reach 119 million Units in 2012 worldwide media tablets sales to endusers are forecast to total 118.9 million units in 2012, a 98 percent increase from 2011 sales of 60 million units, according to Gartner, Inc. Apple's iOS continues to be the dominant media tablet OS, as it is projected to account for 61.4 percent of worldwide media tablet sales to endusers in 2012. Despite the arrival of Microsoftbased devices, and the expected international

The survey highlights how mobile devices have become essential tools for doing business. Employees are seeing significantly improved productivity by being able to across the board. Enterprises were slightly access business resources from anywhere more optimistic in the benefits they would at any time and as a result, 59 percent of realize but did do as well as they expected. respondents to the survey said their compaSMBs, on the other hand, had slightly lower nies are now making line-of-business appliexpectations that were exceeded. The main cations accessible from mobile devices. difference was that smaller businesses Even more impressive is that mobile were less likely than enterprises to have device enablement is commonplace enough plans regarding custom apps or corporate that nearly three out of four businesses are app stores. now looking at implementing a corporate “app store” for mobile applications. Just why is it that so many organisations Mobility is consuming significant IT are going all-in on mobility? resources The survey asked about the most imporFor all of mobility’s perceived and realised tant business benefits companies hope to benefits, the survey also demonstrates that achieve from mobility and the top answers it is also creating challenges for IT as they were a desire for increased efficiency, try to balance it with other critical focus increased workplace effectiveness, and areas. In fact, nearly half of the organisareduced time required to accomplish tasks. tions who responded to the survey said they Taken together, these represent major busisee mobile computing as “somewhat to ness agility gains. extremely challenging.” As a consequence, Ask any IT manager and they will tell mobility in general is requiring significant you that such expectations of impleeffort to manage. In fact, an average of 31 menting a new technology are rarely percent of the IT staffs at the organisations ever matched by the results. Amazingly surveyed are involved in some way with though, when it comes to mobility the mobile computing. survey shows that expectations much And just what is it that is demanding so more closely match reality. For much of their time and resourcexample, about three-quarters es? They reported their top priof businesses expected to orities to be security, backup and increase efficiency through dealing with lost or stolen devices. Amount mobile computing and 73 perWhen the survey asked where

$1 bn

cent actually realised that gain. microsoft has Interestingly, the survey spent to acquire showed that these results largely 800 plus patents held true for both small businesses and enterprises alike; from AOL with efficiency being the top goal

mobility ranks in terms of IT risk as compared to other contemporary technology trends, it was cited as one of the top three risk areas by 41 percent of respondents — more than

N E X T H OR I Z O N S

rollout of the Kindle Fire, Apple will continue to be the market leader through the forecast period. “Despite PC vendors and phone manufacturers wanting a piece of the pie and launching themselves into the media tablet market, so far, we have seen very limited success outside of Apple with its iPad,” said Carolina Milanesi, research vice president at Gartner. “As vendors struggled to compete on price and differentiate enough on either the hardware or ecosystem, only 60 million units actually reached the hands of consumers. The situation has not improved in early 2012, when the arrival of the new iPad has reset the benchmark for the product to beat.”

any other trend or initiative, including virtualisation, Web 2.0 and even public cloud computing. IT’s top mobile-related concerns include device loss, data leakage, unauthorised access to corporate resources and malware infection. In this brave new world of enterprise mobility, organisations are grappling with some very real challenges. However, mobility also offers tremendous opportunities for organisations of all sizes. Businesses should be exploring how they can take advantage of this trend and develop a phased approach to build an ecosystem that supports their plan. The simple truth is that employees will use mobile devices for business one way or another but, by getting out ahead of the curve, companies can make sure that use is on their terms. This all comes down to companies thinking strategically, enforcing appropriate policies and managing and securing devices and data efficiently and comprehensively.

—Brian Duckering is a senior manager, Enterprise Mobility at Symantec. Brian is responsible for product marketing of Symantec’s mobility initiatives, covering everything from mobile management and security to protecting the networks that mobile devices rely on. —This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.

The Chief Technology Officer Forum

cto forum 07 April 2012

N E X T H OR I Z O N s

Crowdsou rci ng

Crowdsourcing, Info Age and Globalisation Crowdsourcing is becoming an increasingly crucial component of successful globalisation By Rob Vandenberg

Illustration by anil t

ore and more companies are choosing crowdsourcing as a way to outsource and innovate. From big corporations like Kraft Foods to sole proprietorships, companies are accessing software platforms to capture ideas and labour from an anonymous collection of people who can collectively accomplish a task. Whether it be research and development (R&D) or Web design, crowdsourcing often generates quality results more quickly and at a lower cost than in-house alternatives. Crowdsourcing holds numerous benefits, as proven by its viral adoption across companies and industries. Perhaps the biggest advantage is that crowdsourcing can effectively replace employees, making it a less expensive way to accomplish a task. The crowd also diminishes the time commitment associated with finding and vetting labour. Crowdwork is often done in a competitive setting, enabling the best talent and most clever solution surface quickly and with little effort on the company’s part. Instead of launching a search for the best global talent, companies tap into a massive talent pool that comes to them. Because of the number of people involved, a crowd generally encompasses a more diverse knowledge base and skill set, leading to creative and unexpected solutions. A crowd can generate a greater variety of solutions and innovations for a company to choose

cto forum 07 April 2012

The Chief Technology Officer Forum

from. Not only can companies build the products that best suit their needs, they can build a pipeline of innovations by harvesting the many ideas generated in a crowdsourced project. With crowdsourcing and open innovation — a similar process in which companies consult with a designated crowd of people rather than launching an open call to the public — companies can also outsource important functions such as R&D, innovation and design while saving money and increasing efficiency. As an example, personal products company Kimberly-Clark, used open innovation to decrease the time it takes to launch new products by 30 percent, according to Editor Paul Sloane’s A Guide to Open Innovation and Crowdsourcing. Problem solving and bringing products to market almost become just-intime, on-demand propositions empowering companies to keep up with the breakneck pace of business today.

Crowdsourcing and competitive advantage The crowd is a powerful tool for companies wanting to thrive in today’s fast-paced global business environment. Business is moving more quickly than ever before and is ignorant of time zones. Companies face losing market share if they don’t keep pace with their competitors, who may be international or multinational. Companies need to globalize more quickly and in a more networked, efficient manner. Because crowdsourcing can quicken the pace of everything from manufacturing optimisation to video market-

N E X T H OR I Z O N s

Crowdsou rci ng

ing, it is a powerful tool for any business penetrating a new market. Localization is another ingrained benefit. A business can crowdsource functions that require localisation, such as customer support and product design, to a crowd located in a global target market. The crowd of that country will automatically create products and services that fit local culture. For example, if a company crowdsources the design of a product it wants to launch in Singapore to a crowd of Malaysians, the product will gain built-in local flavor that will automatically suit the cultural preferences of the target market. Companies save time and energy trying to figure out the tastes of their target market. Moreover, if the community is aware that it is crowdsourcing for a specific company, that company can gain brand recognition and affinity within that community.

Create the right crowdsourcing environment Crowdsourcing isn’t without its risks, however. The Facebook Turkey localization fiasco is a prime example. Facebook crowdsourced the translation of its user interface into Turkish. A swarm of anonymous translators took it upon themselves to imbue the UI with X-rated error messages and dirty words. To ensure successful crowdsourcing projects, companies need to create an environment that encourages quality. The solution is to provide incentives and stay engaged with the crowd. Incentives could include: Rewards; Contests; The advancement of individuals within the crowd; Achievement milestones; and

cto forum 07 April 2012

The Chief Technology Officer Forum

Community events. Individuals in the crowd need to feel engaged and like they’re part of the solution, otherwise companies risk skewed or even mutinous results. Other techniques to ensure engagement include: Setting clear objectives for each crowdsourced project, so results stay on-target. Engaging with participants during the course of the project, to ensure motivation. Giving participants clearly-defined and achievable tasks, to prevent burnout. Crowdsourcing is becoming an increasingly crucial component of successful globalisation. The speed, quality and creativity provided by crowds is taking the pace of globalisation to a new and interdependent level. Understanding why to crowdsource and how to do it right is poised to become one of the major competitive advantages of today’s businesses.

—Rob Vandenberg is President and CEO of Lingotek, a provider of translation services to global companies. Prior to Lingotek, Rob was one of the first 20 US employees at Intershop Communications where he helped build its worldwide business and helped make the Intershop IPO one of the most successful enterprise software company IPOs in US history - ($10 billion market cap). —This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com.

T E CH F O R G OVE R NAN CE

securit y

POINTS

If you are on Twitter and receive a tweet with nothing but a shortened URL, ignore it Passwords should be longer than 10 characters All applications running on your computer should be up to date

Illustration BY prince Antony

Don't use removable media to transfer data between computers don't open email received with attachment from unknown person

Cyber Self Defense For Non-Geeks

The direction of a strike depends on where your opponent stands, what he is doing at the moment, and what target on his body you want to hit By jeffrey carr

cto forum 07 APRIL 2012

The Chief Technology Officer Forum

securit y

T E CH F O R G OVE R NAN CE

The only rule you need to know about passwords

The best way to think about cyber

security and self defense is to compare it to boxing or any martial art. Your body, like a computer network, has numerous vulnerabilities When you find yourself being attacked, you need to position your arms and your torso in such a way that you shrink the number of vulnerabilities exposed to the attacker. This is known as “shrinking the attack surface.” Trained fighters will angle their body to present a reduced attack surface to their opponent. They’ll keep their arms up to cover everything from the bottom of their ribcage to the top of their skull because most of the lethal points of the body are in those regions. They’ll still get hit, but it probably won’t be on a vital point. Similarly, there’s no way to stop an attack against your network, but you can make sure that the attack hits only nonvital data rather than your company’s most valuable information. The following are some basic principles for you to follow both at home and abroad to help keep your valuable data safe. They won’t be sufficient for when you’re in high-risk locales and they won’t stop a targeted attack, but they will make it much less likely that you’ll suffer a serious breach because of poor cyber security habits or an over-reliance on your antivirus or firewall application. A 64-year-old friend of mine who’s been a lifelong bodybuilder and a fighter is fond of saying “I may not be able to feed a guy his lunch any more, but I’ll definitely feed ‘em a sandwich.” That’s all we want to do with this strategy. If someone wants to attack you, we want that person to know that it’s going to cost them something — and that may be enough to get them to leave you alone.

Develop a healthy paranoia about everything in your Inbox or your Browser If you receive an email from an unknown person with an attachment, don’t open it. If you recognize the name of the sender but the text in the email doesn’t sound like her, pick up

the phone and call her to verify that the email is legitimate. If the email asks that you click on a link, read the link first. A lot of malicious links are designed to look like the real thing but won’t stand up to close scrutiny. Is the word spelled correctly? Does it end with a “dot com” or a “dot co”? Take a minute and check before you click. If you’re on Twitter and receive a tweet with nothing but a shortened URL, ignore it. If you receive a Direct Message from someone you know with a shortened URL, but the message doesn’t sound like it would have come from that person, pick up the phone and make a call to verify that your friend Jody actually sent you the message “You should see what this guy is saying about you at fakeURL.com!”

Use the most secure Web browser that you can find

There is one simple rule to remember about constructing a password: make it as long as possible — definitely longer than 10 characters. One example is to use the latitude or longitude of your favorite city. For example, Rio de Janeiro’s latitude is “Latitude:-22.9181189”. That password has 20 characters of all 4 types and it’s almost impossible to crack using any of the password cracking tools out there today. If you like that idea, visit www.findlatitudeandlongitude.com and pick your favorite destination. If you can’t memorise it, write it down and keep it in your wallet, but be sure to obfuscate it in some way that only you know. For example, just write down the number portion and obfuscate that by adding numbers to it: e.g., 22.918118904, or turn it into something that looks like a credit card number: 2291 8118 9040 5592. You’ll remember that everything from the 0 onward is extraneous but no one else will know that. Add an expiration date 01/15 and anyone who finds your little cheat sheet will automatically assume that it’s a credit card number. It’s important to remember that no matter how complex your password is, if your computer becomes infected with a keylogger (an application that captures your keystrokes), you’re done.

It doesn’t matter if you’re a Microsoft Do preventative maintenance on geek or Apple chic. Don’t let your loyyour computer alty to a company brand determine your Your computer is a tool just like all of your online safety. Find and read independent other tools, including your automobile, and as research on which browser is the most such it requires regular maintenance. Make secure and make your decision from the sure that all of the applications running on evidence. For example, Accuvant Labs your computer are up to date. One way to do recently published “Browser Security that is by using a free program called Secunia Comparison: A Quantitative Approach” on Personal Software Inspector (PSI). December 14, 2011. The website address is http://secunia.com/ They examined Internet Explorer, Mozilvulnerability_scanning/personal/. Once it’s la Firefox, and Google Chrome loaded on your machine, it will for security flaws and came to search for security patches for the conclusion that Chrome applications that you use, notify was the most secure browser. you if any are out-of-date and However, take your time and point you to the download site. read the full report so that you understand what the Avoid free Wi-Fi Acquisition size issues are and why Accuvant One of the most popular ways of Instagram by made the decision that it did. for bad guys to steal your login Facebook Feel free to look for contrary credentials is to hang out at coffindings as well and make an fee shops, airports, and other informed decision. locations that offer free Wi-Fi

$1 bn

The Chief Technology Officer Forum

cto forum 07 APRIL 2012

T E CH F O R G OVE R NAN CE

securit y

and use an application known as a “sniffer” to intercept your username and password for whatever application you’ve logged into while drinking a cup of coffee or waiting for your flight. So, use the mobile hotspot that comes with your smartphone or pay for a service that protects your session. Both are secure from wireless sniffers.

Don’t use USB thumb drives or other removable media One of the worst breaches ever to occur at the US Department of Defense came about because of the popularity of transmitting data from one computer to another via thumb drives.The following article was written by Deputy Defense Secretary William J.

Lynn III for the magazine Foreign Affairs in the September/October 2010 issue: “In 2008, the US Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a US military laptop at a base in the Middle East. The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the US Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control. It was a network administrator's worst fear: a rogue programme operating silently, poised to

deliver operational plans into the hands of an unknown adversary. This previously classified incident was the most significant breach of US military computers ever, and it served as an important wake-up call. The Pentagon's operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in US cyberdefense strategy.” To put it simply: don’t use removable media to transfer data between computers. The only time it should be used is when you travel and then only to store your own critical data as an alternative to storing it on your travel laptop. —The article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please visit Infosec Island

Applications Need to Respect User Rights

Illustration BY prince Antony

An application can never be considered a viable product unless it respects the rights of users

By Parker Higgins

new iPhone app called Highlight is poised to be this year’s breakout hit at South by Southwest, the Austin tech and media conference that has become known as a web service kingmaker after launching services like Twitter and Foursquare to a wide audience in years past. In the context of a major tech conference, Highlight makes an appealing promise: let it run in the background of your phone, persistently collecting your location data, and it will notify you when your friends, their friends, or people with shared interests are nearby. Highlight is only the most prominent in a collection of apps offering this sort of “ambient social networking.” These features are nifty, and could certainly help enhance serendipity for users in Austin and elsewhere. But the application and its website provide no privacy or data retention policy, or even any technical explanation for how it works in order to allow users to make an informed decision about their data. We’ve e-mailed Highlight to ask about their privacy policy, but haven’t yet heard back. Instead, upon instal-

cto forum 07 April 2012

The Chief Technology Officer Forum

Securit y

T E C H FOR G O V E R N A N C E

privacy and security practices isn’t after there’s been a problem and lation, the application tells the user that it requires a connection to her bad media coverage — it’s during the initial development. Facebook profile and access to her iPhone’s location sensors. Unlike These issues bring to the fore a bigger problem in the world of “check in” services like Foursquare, Highlight collects and shares locamobile development today. In an effort to work quickly to put out tion data with other users continuously unless you manually pause it. a “minimum viable product” and see what sticks, developers are It doesn’t take much to figure out how sending such a steady stream sometimes cutting one too many corners. of location data to a third party with no posted privacy or data retention An app can never be considered a viable product unless it respects policy could go very wrong: the application could be indefinitely storthe rights of users, and one without a published privacy policy runs ing location histories on their servers for every user. Further, Highlight afoul of our recent mobile user privacy bill of rights; withhas access not only to locally stored personal data but also out providing a user with the transparency and accountcan access the Facebook photos, profile details, and other ability of a policy, an app can’t even be evaluated to see if it data on that service. respects the other rights. In the process of installing and authorising this app, Of course, a privacy policy that’s readable and accuusers don’t know how much information they are handAmount of IT rate is one necessary step: the California Online Privacy ing over. Without more details about their policies and

$70 b

practices, how confident can they be in the security of Exports done by Protection Act of 2003 requires operators of online services that collect personally identifiable information that data against the threat of government subpoenas, india in 2011-12 from California residents to conspicuously post and unauthorised intrusions, or rogue employees? financial year comply with a privacy policy. John Biggs at TechCrunch has already written an article Application developers need to think about both poliabout Highlight’s privacy practices,complaining that their cies and practices from a privacy perspective, and do text message feature “leaks” the phone numbers of other their part to respect their users from the ground up. user contacts — the equivalent of using “CC” instead of “BCC” on Highlight may yet come out of South by Southwest as the mosta bulk email. Biggs doesn’t point the finger directly at Highlight (his buzzed about new service. But unless they change their privacy actual words are: “I don’t want to go all EFF on you”) but it’s not a very problems, they could be undone just as quickly by another privacy auspicious introduction for the newly launched app. scandal. Highlight’s creators are probably well-intentioned, and their practices seem to be common in the world of mobile app development. —The article is printed with prior permission from www.infosecisland. But “industry standard” is no defense, and as companies like Path and com. For more features and opinions on information security and risk Hipster have learned the hard way, the right time to implement good management, please visit Infosec Island

The Eternal Struggle

If you can deal with never-ending security war then do gird your loins and wade into battle By Scot Terban

he Five Stages

It seems today, with the ever present cyberdouchery over “cyberwar” and the seeming eternal specter of Dr. Cyberlove (Richard Clarke) prognosticating our doom vis-a-vis China, I feel compelled to talk about it all again. Mostly though, I want to impart to you all a sense of how things are going, where we are headed, and the general malaise that I feel the world of “INFOSEC” is faced with on a daily basis. In listening to the last EL podcast, I once again heard the frustration in Lizzie’s

and Chris’ voices and, as I was having a stellar week myself (which will be talked about on the podcast tonight) I came to some conclusions on what it is we all do, perhaps some motivations behind why, and a feeling that perhaps nothing will ever really change in how things happen within this business. In the past I have lamented, but, like any process of grieving or other, there are stages right? I guess this means that I have come to the last stage, that of “acceptance” This is a conclusion I have come to recently and I think all of you out there may in fact come to

the same conclusion eventually in your own INFOSEC experiences. I personally have come to the stage of acceptance recently. I accept that in truth, there is only so much I can do and beyond that which I have direct control over, nothing else can be done.

The Hype and The Realities Like I said, we have Dr. Cyberlove out there every day it seems, hitting a new news resource to get his name and his company out there with outlandish plots of how we are already pwn3d by China. The Chief Technology Officer Forum

cto forum 07 April 2012

T E CH F O R G OVE R NAN CE

Securit y

The generals in the military and the government movers and shakers are all moving with fear tinged with desire, for more control over the internet as a whole while the beltway bandits are all in the wings, like a murder of crows on a powerline, watching dark eye’d, waiting for their moment to strike. You see, it will be the crows that have the best day of all… For every headline, every law enacted, and every grab at power made, there will be one person that will have to deal with the outcomes..You. On they will roll with cyberwar talk and fearful stories of how the world will come to a screeching halt once the hackers (or APT if you listen to Dr. Cyberlove and others) hack into the power grids and the nuclear silo’s. We will be at an existential threat to humanity because of the likes of Chinese hackers or worse... Anonymous. We MUST protect ourselves by making many more laws to govern how we act on the internet as well as grant ultimate domain to protect intellectual capital for Hollywood!! We must prevent world war III in CYBERSPACE! Or so Dr. Cyberlove would like you to believe…. The realities are much more pedestrian and not as sexy a story line befitting a new “Die Hard” movie. The realities are that there are issues with digital warfare, that could make our lives a bit more difficult, but, they would not end our way of life. However, the perceptions of many might fit a more common scenario that we in the community and without, may be more familiar with. Batman and his “Rogues Gallery” of evil doers. It’s not reality, but, many of us tend to gravitate to the stories and the ethos right? So, lets take a look at it all from the pantheon of Batman. I know, I have gone down this path before but it is an amusing one if not at least an apt one.

“I’m The Batman” You Say? So, you… yes you… the one in the batcowl. Protecting your domain, your “Gotham” as the network warrior, the lone sentinel holding back the night of the internet. How are you feeling about your job of late? Post APT and Anonymous, how are you feeling about the safety of your city? Do you feel that you have the tools and the know how to protect it? Are you backed up by the right people? Funds? Tools? Do you sleep at night or do you toss and turn... Oh, sorry, during the day, as you work at night…

All of you though likely have days when you ask “What the frak am I doing?” We all love the illusions but the realities, like those above about the hype and the douchery often creep in and brow beat us into submission. Some of the realities are things like no one wanting to take your advice, others might take the form of outright loathing of you for your stances being too hard on the users and the management objectives as they are counter to theirs. Things would be much much simpler if you were just the Dark Knight, alone and able to mete out justice with a Batarang huh? Still though, this is reality and the closest you will get to being a protector short of either becoming a bodyguard or Secret Service. So Batman, evaluate your goals in life. Do you want to be just like the Dark Knight? A vigilante to some? Loved by few? Generally seen as someone to put a stop to? That romantic notion of being the lone sentinel wearing thin a bit now?

Can You Really Protect Your Gotham City? This should be the first question that you ask yourselves if you are in the position of being the “protector” of the domain that you live or work in. As security people, you have a myriad of kinds of jobs, but the majority of them are not the sexy hacking gigs. No, there are many others out there who are the grunts doing the security architect work or some other management security positions or, you may even be part of the “C” class and be management. What you will always find though, is that it’s not only the external forces of the rogues gallery looking to take you down, but also the lack of cognition on the part of those you protect as well that may be your demise.

Illustration BY prince Antony

Security, even today, is still seen by many as just a cost-centre as well as a nuisance at the worst

cto forum 07 April 2012

The Chief Technology Officer Forum

This seems to be a common mentality in many of the network security folks out there, that of the protector, the Batman. You get into this business for sundry reasons, but many have had it from the avocation stage to now being paid fairly well for it. Some of you may have trod the path of Bruce Wayne and gone to live in the criminal world, to test yourselves, to know your enemy. Others, may just want to live the dream and be the Dark Knight of the Network because you think its cool.

Securit y

Security, even today, is still seen by many as just a cost-center as well as a nuisance at the worst. Your job, every day, is to protect the companies data, and by proxy, depending on the company, the data of clients or perhaps consumers as well. The business as a whole is seeking profit, and profit means that they do things quickly or “agile” as the term of the day seems to be. To be agile though, the businesses often don’t want to be burdened with the extra steps of security. Steps mind you, that you need to carry out to insure that the “product” or “the data” that the company uses, manages, or sells, is in fact safe from theft. You sir/madam are now “The Batman” Feared by some, loathed by others, and generally looked upon as someone to avoid as the story goes. Sure, you are likely a hero to still others, but, those are not the majority, and it is your thankless job to protect them all.. .With or without their help. Are you really prepared for that? Can you keep that fact at bay and do the thankless work or will it trouble your sleep just as much as the chinks in the armor that you aren’t able to fix in your cities defenses?

Do You Have A Commissioner Gordon? In the world of Batman, he has one key player, and that is Commissioner Gordon. Gordon helps Batman, he agree’s that there is a need for something more than the status quo to protect the city and, Batman has stepped up to help. Do you have a Gordon in your organisation? Is there someone who really believes in security as a necessity and will fight for it? Or are you the Dark Knight who, after Gordon has been killed has little to no help in the crusade. Unless you have some real help, all too often you will only find yourself alone fighting a battle that you cannot win. In the world of Infosec, you have to have this advocate as well. Unless there is a top down approach, you will end up just flailing around and gnashing teeth trying to protect your Gotham, but will only end up frustrated and likely burned out. This is something I have seen and heard a lot about these last couple of years within the community. Batmen and women are getting burned out, jaded, and angry because they do not have the Gordon to help them on top of being misunderstood or maligned because

T E CH F O R G OVE R NAN CE

Unless there is a top down approach, you will end up just flailing around and gnashing teeth trying to protect your Gotham, but will end up frustrated their beliefs and their willingness to take action are misunderstood or ignored. So, if you do not have an advocate in a position of power such as a commissioner, consider yourself in an even poorer position.

Is It All Really Worth It? Another good question to ask one’s self before taking on the cowl, is whether or not this is all worth it. Being the Dark Knight is not glamorous, it is not lauded, it is thankless and often maligned as jobs go. Sure, it looks really cool in the comic books and movies, but the realities aren’t so pretty. While Bruce Wayne does all of this out of compulsion, we today in the INFOSEC field are doing it maybe out of an avocation, but to most it’s a mix of avocation and a living. Once that veneer of fun and accomplishment wears off, just what do you have? Will you really want to go to work every day? Or would you rather just walk away. Face it, you are protecting things and people who generally do not see the validity in what you do in many places. Sure, some get it, some Gotham’s lap it up and are true pockets of belief, but, on average, look at all the corporations out there who got popped this last year even after giving lip service to performing “security” to protect their clients and their data. The realities are that the majority don’t get it and perhaps don’t care to. Hopefully you find yourself in a place that gets it and you have the Gordon and perhaps even a Harvey Dent (before the scars and insanity) to help you in your quest to guard the line… But... I am not saying you will. So, is it worth it getting into this career? I guess for some of us there is no other choice. For good or for bad, we toil on in whatever environment we are in to try and make it better. Others, well, they like to break shit, and get to on a regular basis, but even those guys often are heard lamenting the state of affairs because they aren’t just malevolent. They truly want to be Batman too… But they are more Nightwing instead.

Ultimately, you have to take stock of your battles and wars to decide whether or not this is the life you want.

Time To Hang Up The Cowl? Meanwhile, just like the escalation of the rogues gallery, you too will have to face new threats every day. Jack Napier made Batman by killing Wayne’s parents in front of him. Batman made Joker by battling Napier later on and ultimately driving him insane, thus becoming the main nemesis for Batman. After that others came along, seeing the Batman as their nemesis and upping the ante. Do you see where I am going with this? Look at the INFOSEC world today.. APT, ANONYMOUS, HACKERS, CRACKERS, HACITVISTS, LULZSEC, LULZSEC REBORN. It’s all about escalation. Some want to one up the other while many are looking for ways to make easy money by stealing. When you look at the progression and then the response in the government and military sectors as well as the corporate clowns looking to sell security snake oil, you start to see a bleak picture. Mostly from the perspective though that no matter what you do, you will never truly be able to staunch the flow of loss. And that’s the most simple of truths. If you can deal with never-ending war then do gird your loins and wade into battle. If not, if you take stock and the battlefield is not even remotely in your favour nor will it ever be, consider what you are doing. This is a battle you can never win. And in that realisation, you have the final of the 5 stages. Acceptance. If you can accept these things, and you feel you can fight on. Then let the battle rage. If not, then you might want to consider moving out of Gotham. — The article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please visit Infosec Island

The Chief Technology Officer Forum

cto forum 07 April 2012

ThoughtLeaders Munjal Kamdar

Munjal kamdar is Senior Manager at Deloitte Touche Tohmatsu India

Emerging Trends in Outsourcing US has been the largest outsourcing market globally and accounts for 60 percent of business for outsourced service providers The outsourcing industry has traveled a long way. An apocryphal story on outsourcing revolves around the American company that pioneeredthe offshoring model. It is believed that their legendary CEO along with a high-level executive team was traversing the dusty roads of Bangalore to visit sites for offshoring. As the convoy of cars was speeding down the outskirts of the city, the car that the CEO was riding broke down. He was immediately transferred to another car. The second car also broke down. He completed the journey in 3 different cars. The CEO was left wondering whether a location that could not support a road journey will be able to execute high tech offshoring tasks! When you look at the gleaming towers at Whitefield now in Bengaluru (the new name for Bangalore), that CEO’s experience seems to be a lifetime away. If at all the problem now is to deal with the volume of traffic at these locations. Outsourcing has matured since its early days. Globally it a multi-billion dollar industry with coverage spanning all corners of the globe.The global outsourcing industry, includ-

cto forum 07 April 2012

The Chief Technology Officer Forum

ing offshoring and on shoring, is forecasted to close the year with revenues reaching US$464 billion, up 9.2 percent from the US$425 billion revenue for 2010. The outsourcing yearend revenue of the offshoring segment is estimated to reach US$144.8 billion, with India capturing 42.5 percent of the offshore market or US$61.5 billion in revenues. From the earlier days of time and material (T&M) billing the industry has evolved into a sophisticated medium to transport skills globally. We will now look at 4 recent trends in outsourcing industry.

Trend 1 - Near shoring (or should we say Farm Sourcing??) Lately we have seen the word ‘nearshore’ being used along with the legacy terms’ off-shore’ and ‘onshore’. Near-shore is a practice of outsourcing processes to a location which is neared to the base business location rather than engaging a supplier across continents. For example, multi-national banks operating in UK may opt to outsource work within Europe such as Hungary, Ukraine

Clients have now started viewing outsourcing as a strategic lever and not just a cost-saving exercise

or Bulgaria rather than looking at South-East Asia as an outsourcing destination. Few of the obvious pros for looking at geographical proximity are easier travel, similar cultures and language speaking population etc. USA has been the largest outsourcing market globally and accounts for roughly 60 percent of the business for Outsourced Service Providers (OSPs). The US economy has not been very healthy since 2008 leading to high unemployment rates. Correspondingly, wages have risen in emerging economies such as India leading to a narrowing of wage arbitrage. Now less expensive labour pool can be found in large metropolitan areas within USA such as, Northwestern Wisconsin and Northeastern Minnesota. These areas might just be positioned to offer cost savings to companies both now and in the future. And the benefit would be mutual in a region that has long struggled with high unemployment and a lack of well-paying jobs.In some regions, that discussion continues as those having a stake in the region’s economic future try to identify opportunities for rural outsourc-

M u nja l k a m da r

Thought Leaders

ing, also known as farm shoring. The topic has been identified as a statewide strategy for Wisconsin. How are global OSPs fighting back? For this let’s look at trend 2.

Trend 2 - Increased skill and sophistication of OSPs Here is another apocryphal story about the initial days of outsourcing. One of the currently leading software companies in India wanted to sell the outsourcing concept to a skeptical client in USA. Finally the client manager got a brainwave. He had a team of software developers housed in the neighboring building with an agreement that they would not physically step into the client office next door but communicate only on phone and email. After observing the progress for a month the client was finally convinced to adopt the outsourcing project. With the maturing of the outsourcing industry the OSPs have acquired not only technological expertise but also industry knowledge. OSPs are capable of running business processes for client with low-error rates and quick response times. With heightened competition most OSPs have acquired multiple service quality, information security and industry specific certifications such as ISO, PCI etc. Clients have now started viewing outsourcing as a strategic lever and not just as a cost-saving exercise. Where is this sophistication of OSPs causing the maximum innovation? Look at trend 3.

illustration by anil t

Trend 3 - Pricing models The greatest impact has been on pricing models. The start of outsourcing has fairly straightforward pricing – Time & Material (T&M). Basically you had a count of persons attached to a project and paid a fixed cost per hour. As project grew larger other pricing models were adopted. These were fixed price, T&M with a fixed ceiling, Codevelopment, Managed sourcing etc. As outsourcing comes a full circle it is back to simple pricing model – Transaction-based or Unit-based

With the maturing of the outsourcing industry the OSPs have acquired not only technological expertise but also industry knowledge pricing. Basically the clients pay for what they use. The transactions or units may be specified as workload volumes, device counts, capacity or transactions etc. Typically a base fee is applied within specified bands of consumption with a negotiated increase or decrease in per unit fee for increase / decrease in consumption. This is termed as Additional Resource Charge (ARC) or Reduced Resource Charge (RRC). This provides customers flexibility in contract as well transfers a large portion of risk of the user organisation to the OSP. Which areas are these innovative pricing models pressurising most? Refer to trend 4.

Trend 4 - Governance All outsourced and offshored processes are witnessing an increased rigor of governance both with the OSPs as well as internally within the outsourcing organisations. Outsourcing has assumed a significant position within any organisation that is utilising the outsourcing function.

Outsourcing has gained a seat in the leadership table. This illustrates that companies are considering outsourcing as a strategic lever. The Governance model asks for a strategic layer involving top management from the client end and the OSPs. This layer is supported by business layer and region level committees and finally at the operations level there are relationship level committees and business level committees. This also helps clients manage their regulatory requirements more stringently. These trends are manifesting themselves acutely as the outsourcing industry matures. There are new and innovative models developing for client service, delivery and engagement. Winning organisations are the forefront of these developments.

— The authors are Munjal Kamdar, Senior Manager and Manish Sehgal, Manager, Deloitte Touche Tohmatsu India Private Limited. The views expressed herein are personal.

The Chief Technology Officer Forum

cto forum 07 April 2012

VIEWPOINT Steve DUplessie | steve.duplessie@esg-global.com

Illustration BY prince Antony

The Magic Of Amazon Amazon recently announced some big price cuts for its AWS and EC2 services, amongst others

I love it when IT vendors poo poo anything Amazon does, but man are they wrong. Amazon has completely altered, and continues to alter, the way our entire industry operates – or will. They are simply amazing.They aren’t fast enough. They aren’t enterprise enough. They aren’t cheap enough. They aren’t, they aren’t, they aren’t. But they do. And they are. They are changing the game. The difference is they aren’t coming into our game and taking over. They are making us play their game. And we don’t like it. We don’t know how to play their game. We got dragged in by the neighborhood kids and now we look like goofballs. The IT industry as we know it is built on massive R&D budgets ending up in massive cost structures ending up in huge margin requirements on relatively low volume. Amazon has built one of the world’s biggest businesses on enormous volumes and low margins. When you have a company like that, more margin is a boondoggle. When you are built on a margin profile that NEEDS big to survive and

cto forum 07 april 2012

The Chief Technology Officer Forum

someone cuts your margin down, you tend to die. This is a very different business than traditional IT, and running high volume, low margin business is in Amazon’s DNA. As AWS has grown and become more efficient, they have lowered prices, now 19 times, with no competitive pressure to do so (sorry Rackspace, but I know Amazon, and frankly, you are no Amazon). Driving cost efficiencies is what they do – but NOT because they are an IT company (they now are) – but because they need to do that to support their Bazillion dollar online retail company! Big huge difference. IT is a ancillary benefit to Amazon’s core business – not the other way around! Jeff Bezos recently stated, “We are willing to think long-term. We start with the customer and work backwards. And, very importantly, we are willing to be misunderstood for long periods of time.” That is the most awesome statement ever issued in the computer industry right there. He doesn’t give a rat’s ass that no one following the

About the author: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com

IT biz gets it – because his “real” biz does. Disrupting the IT world is SECONDARY in his mission. It’s an accident! And it’s happening. How many of your favorite IT vendors are using Amazon right now? All of them – only none will admit it. Just like in yesterday’s blog when I talked about how no one will admit to using Dropbox or Box for corporate data. But they all are. Why? Because Amazon represents the best of all possible worlds at the top of the user’s list – perfect economics in real time. I know exactly how much it costs to use, and I get what I want right stinking now! Swipe! The real game changer is not that Amazon is going to put the IT industry out of business, it’s that its going to force IT to in turn force their vendors to enable them to act EXACTLY like Amazon for their own internal users – or else lots of folk will be out on the street. Maybe selling books. Oh, that job’s been eliminated. Maybe raincoats. With all the talk about clouds, folks will definitely need raincoats. Right?.