ChannelWorld November 2014 Issue 8 by Sreekanth Sastry

FOCAL POINT: The three key segments of IoT are on different paths; don’t think of them as one entity. PAGE 29

ChannelWorld STRATEGIC INSIGHTS FOR SOLUTION PROVIDERS | COVER PRICE Rs.50

Sudhir Sharma, Director, Versatile Infosecurity, has mastered the art of adapting to security changes.

Inside NOVEMBER 2014 VOL. 8, ISSUE 8

News Analysis If the Internet of Things is going to work, it has to make life less complicated, not more. PAGE 10

Case Study: Sterlite Copper was able to adopt next-gen client computing facilities with hand-in-hand assistance from Futurenet Technologies. PAGE 27

SECURITY

Not all proven IS practices work in today’s interconnected, heterogeneous world. Here’s what you need to do differently. >>PAGE 16

SHIFT

On Record: Mark Hickman, COO, Winmagic, says that India is at the cusp of adopting data encryption solutions. PAGE 12

Feature Business intelligence experts and business leaders discuss common mistakes that companies make when selecting and implementing a BI solution. PAGE 25

CHANNELWORLD.IN

www.cyberoam.com

Turning CIO into the next-generation catalyst Cyberoam NGFWs enable enterprise CIOs harness IT & network transformation with insights beyond security, helping them innovate, monetize and differentiate.

Key business benefits of Cyberoam NGFWs to CIOs: • Next-generation threat protection (also secures critical infrastructure / SCADA networks)

• Wirespeed gigabit performance • Visibility into BYOD and Virtual environments • Easy compliance • On-appliance Web Application Firewall (WAF)

Also available through

NICSI / NIC

Cyberoam Product Line : Network security appliances (Next-Generation Firewalls/UTMs)

Centralized Management (Hardware & Virtual)

Centralized Reporting

n CASE STUDY

The Virtual Element

Snapshot Key parties: Sterlite Copper,

Sterlite Copper was able to successfully adopt next-gen client computing facilities with hand-in-hand assistance from Chennai-based Futurenet Technologies.

Futurenet Technologies

access to the IT infrastructure that impacted service levels, hardwarerelated issues that demanded physical presence

T STERLITE Copper’s Copper

plant in Thoothukudi, Tamil Nadu, about 200 desktops were due for replacement. Also, as the company’s IT team was operating out of the datacenter situated in the premises, but outside the plant, several issues came up related to access to the IT infrastructure that impacted service levels. It was also becoming cumbersome to seamlessly address hardware-related issues that demanded physical presence on an immediate basis. “Considering the on-going challenges of system upkeep and automation, it was extremely critical to adopt the

right technology to improve service levels and business continuity,” says Neha Kini, IT head, Sterlite Copper. Sterlite Copper—a company that represents the copper business of Sesa Sterlite in India (the principal operating subsidiary of Vedanta Resources plc)—wanted to invest in a technology that could address the hybrid scenario of dedicated and shared desktops spread across multiple locations along with the vital requirements of backup and DR, faster patch, and software deployment for any organization. Sterlite Copper approached Futurenet Technologies. “Keeping the nature of industry and requirement in mind, we

L. ASHOK, Director, Futurenet Technologies

Location: Chennai Cost: Rs 95 lakh Challenges Faced: Issues related to

Key Technologies: Citrix VDI Key Benefits: Reduced capex on

desktop upgrade, decrease in routine non-value activities, flexibility and data security for end users

showcased the effectiveness of Citrix VDI through a POC which meant replacement of physical desktops by thin clients. The proposal encompassed licensing costs and standard server storage stacks,” says L. Ashok, director, Futurenet Technologies. “We were experiencing server virtualization benefits, hence, we related to the merits of application virtualization, which, at the same time, could also boost our green IT drive. The technical competency, price, and project delivery of Futurenet was unmatched,” says Kini. The pilot plan included the rolling out of the Citrix VDI solution for around 200 virtual desktops at a onetime cost of Rs 95 lakh. “We did our best in ensuring Sterlite is not hard pressed in terms of exceeding their costs due to inadvertent delays,” says Ashok. Kini Agrees. “User adoption was a challenge and issues that came up post go-live made it more difficult,” she says. Both the teams worked together to fix it amicably without compromising end user requirement. Besides reduced capex on desktop upgrade, the new solution ensured smooth application deployment, expandable hardware, and device support with central administration. Besides replicating the solution model across other locations, Sterlite plans a full-scale survey for user feedback. “The current solution will help us consider BYOD and adopt remote access on the fly,” says Kini. 

NOVEMBER 2014

—Shantheri Mallaya INDIAN CHANNELWORLD

n EDITOR’S NOTE

Vijay Ramachandran

Take it Easy “You are what you think. All that you are arises from your thoughts. With your thoughts you make your world.” —The Buddha

WAS RECENTLY with a group of solution providers

who were discussing mergers and acquisitions. When the mechanisms of funding mergers and valuation came up, the debate predictably heated up. A large part of the anguish was focused on why solution providers don’t see anything like the billion-dollar valuations that e-commerce entities seem to acquire with ease. Through the conversation about differentiators and unique propositions, I was struck by how many solution providers, especially those who have been around for a while, struggle to either enhance their portfolio, or even change tracks and diversify. Very few mature organizations have been able to take this leap successfully. One of those is the Sumitomo Group. One of the largest of Japanese kieretsu, its roots lie in a 17th century book and medicine store in Kyoto founded by Masatomo Sumitomo. Over four centuries, the Group has thrived, getting into new markets and actively seeking new opportunities (copper smelting, trading in textiles, mining, forestry and banking, to name just a few). Each time the Group has translated its dominance in one sector to growth in another, before the earlier cash cow ran dry, while

staying true to its founder’s principles of not pursuing “easy gains.” Of course, the mental strength to do so doesn’t come easy. How many organizations I wonder would be willing to risk killing a solid line of business in order to build a potentially more profitable future? The logic of conventional wisdom holds that startups are more agile by nature, and that the inertia that builds with time and size holds organizations back.

n It’s gravity,

often with you at its center, rather than inertia, that holds your organization back.

But is it only that? What about how your organization is structured? In a 1967 paper on ‘How do Committees Invent,’ Melvin Conway, a veteran computer scientist, stated: “Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization’s communication structure.” On the surface, it is about software, and how two separate teams structured differently would not only come up with extremely different ways to code but also build radically different end products. However, the very Zenlike nature of the statement, which went on to be dubbed ‘Conway’s Law,’ also contains a profound sociological truth—an orga-

nization equals its product. Complexly-structured organizations produce complex products and services and simply-structured ones craft simple, easier to use products and services. I suspect that it’s gravity, often with you at its center, rather than inertia, that holds your organization back. As founder and typically the person who dictates the direction that your firm takes, your organization equals who you are. How can you re-capture the energy and daring of your early days? Sumitomo has done this by consistently allocating effort, funds, and personnel to new projects and potential lines of business. It’s also required not falling in love with just one direction or mode of work. In the case of the many solution providers, I believe it will take a bit more. You will need to devolve and delegate the future of your company to smaller teams. You will need to empower your direct reports to make critical calls. You will need to take a step back—not to divorce yourself from business but to allow other buds to prosper and flower in your garden. That’s where differentiation lies. That’s where your future lies as well.  Vijay Ramachandran is the Editor-in-Chief of ChannelWorld. Contact him at vijay_ramachandran@ idgindia.com

NOVEMBER 2014

INDIAN CHANNELWORLD

FOR BREAKING NEWS, GO TO CHANNELWORLD.IN

Inside INDIAN CHANNELWORLD n NOVEMBER 2014

■ NEWS DIGEST

■ NEWS ANALYSIS

07 Microsoft Develops Meetingroom App | Microsoft is developing

10 How Microsoft Thinks of Smart Devices | If the Internet of

an app to streamline the process of sharing data and recognizing participants, said Bill Gates. 08 Networking Market to Remain Strong: IDC | India’s enterprise

networking market is flourishing, said IDC.The Ethernet switch market has grown by 19.2 percent Q-o-Q and 29.1 percent Y-o-Y. 08 Former TIBCO Execs Launch ‘Avaamo’ Mobile Messaging App | Avaamo, created by former TIBCO

Things is going to work, it has to

make life less complicated, not more, says Satya Nadella.

■ OPINION

03 Editorial: It’s gravity rather than

inertia, that holds your organization back, says Vijay Ramachandran. 34 PlainSpeak: Yogesh Gupta

explains how enterprises can gear themselves up for the fast-paced future of the tech industry. 15 Scott M. Angelo: Surviving

data breaches requires you to know the threats specific to your industry, your company, and ultimately, your data. Here’s how you can make the bad guys’ job just a little more difficult.

■ ON RECORD

12 Mark Hickman, COO,

execs, has announced a $6.3 million seed financing round and launch of the Avaamo mobile messaging app.

Winmagic, says India is on the cusp of adopting data encryption solutions that will translate into opportunities for the channel.

09 Post Split, HP to Advance With Cloud | HP’s break-up plan will

Cover Photograph by: SUJITH Cover Design by UNNIKRISHNAN A.V

give the company’s cloud unit more room to maneuver, which needs to make faster progress on private and public clouds.

16 ■ COVER STORY

16 Security Shift

The fight for security is harder than ever. Most organizations are fighting today’s war with yesterday’s tools and approaches—such as protecting perimeters with passwords and firewalls—and losing. Not all proven practices of the past work in today’s interconnected world. Here’s what you need to do differently.

■ CASE STUDY

27 The Virtual Element

Sterlite Copper was able to successfully adopt next-gen client computing facilities with hand-inhand assistance from Chennaibased Futurenet Technologies.

CHANNELWORLD ■ FAST TRACK

24 Vinay Vohra, CEO, CorporateServe

of what is called IoT is not IoT. Despite the industry’s attempts to scrub all meaning

Solutions, shares how the company excels in

Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India

CHANNELWORLD.IN

Publisher, President & CEO Louis D’Mello n EDITORIAL

from the IoT label, something valuable is occurring. But users can’t take any advantage without its full understanding. completing ERP projects in record time, which ultimately helped it gain ground in the industry. 14 Akhilesh Khandelwal, Director, System-

atix Technologies, explains how the company’s

■ FEATURE

25 Avoiding BI Software Pitfalls With companies spending millions on traditional BI software, cloud BI services, and and even social BI, the possibility of failure, of picking the wrong BI software has grown. To help you avoid a potential costly mistake,

Editor-in-Chief Vijay Ramachandran Executive Editors Yogesh Gupta Deputy Editor Sunil Shah Features Editor Shardha Subramanian Assistant Editors Radhika Nallayam, Shantheri Mallaya Special Correspondent Sneha Jha Principal Correspondents Aritra Sarkhel, Shweta Rao, Shubhra Rishi. Senior Copy Editor Vinay Kumaar Video Editor Kshitish B.S. Lead Designers Suresh Nair, Vikas Kapoor Senior Designer Unnikrishnan A.V. Trainee Journalists Bhavika Bhuwalka, Ishan Bhattacharya, Madhav Mohan, Mayukh Mukherjee, Sejuti Das, Vaishnavi J. Desai n SALES

& MARKETING

President Sales & Marketing Sudhir Kamath Vice President Sales Sudhir Argula Associate Publisher Parul Singh General Manager Marketing Siddharth Singh General Manager Sales Jaideep M. Manager Key Accounts Sakshee Bagri Manager Sales Support Nadira Hyder Senior Marketing Associates Arjun Punchappady Benjamin Jeevanraj, Cleanne Carol Serrao, Margaret Sunitha Dcosta Lead Designer Jithesh C.C. Senior Designer Laaljith C.K. Designers Vinoth P, Vivekanandan Management Trainee Aditya D. Sawant, Bhavya Mishra, Brijesh Saxena, Chitiz Gupta, Deepali Patel, Deepinder Singh, Eshant Oguri, Mayur R Shah, R. Venkat Raman n OPERATIONS

customer-friendly approach backed by services helped it become a big name in Indore.

■ FOCAL POINT

29 3 Ways Internet of Things Will Unfold IOT: The Internet of things is the tech in-

dustry’s latest overhyped technology—most

BI experts and business leaders discuss common mistakes companies make when selecting and implementing a BI solution.

ADVERTISERS’ INDEX Cyberoam Technologies Pvt. Ltd................................................................................................................ IFC

Epson........................................................................................................................................................... IBC

Grass Roots................................................................................................................................................. BC This index is provided as an additional service. The publisher does not assume any liability for errors or omissions.

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company. Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. Editor: Louis D’Mello, Printed At Manipal Press Ltd, Press Corner, Manipal-576104, Karnataka, India.

Vice President HR & Operations Rupesh Sreedharan Financial Controller Sivaramakrishnan T.P. CIO Pavan Mehra Senior Manager Operations: Ajay Adhikari, Pooja Chhabra Senior Manager Accounts Sasi Kumar V. Senior Manager Operations T.K. Karunakaran Manager Operations Dinesh P. Executive Assistant to the CEO Tharuna Paul Manager Credit Control Prachi Gupta Assistant Manager Accounts Poornima n OFFICES

Bangalore IDG Media Pvt. Ltd. Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, Karnataka Tel: 080-30530300. Fax: 080-30586065 Delhi IDG Media Pvt. Ltd. DLF Corporate Park, Tower 4 B, 3rd Floor, Room 301, MG Road, DLF Phase 3, Gurgaon- 122001, Haryana Tel: 0124- 3881015 Mumbai IDG Media Pvt. Ltd. 201, Madhava, Bandra Kurla Complex, Bandra East, Mumbai 400051, Maharashtra Tel: 022-30685000. Fax: 022-30685023

ChannelWorld.in Get

Online FIND THESE STORIES AT CHANNELWORLD.IN

Hotlines Partner hotlines are a one-stop-shop for all your business needs. This section is dedicated to India’s leading ten OEMs to help you keep tabs on their latest announcements and tech offerings. This includes their latest acquisitions, executive movements, product releases, and more! Visit www.channelworld.in

■ CASE STUDIES Learn how principals and their channels work together to overcome complex business challenges at the customer end in our case studies section. Visit www.channelworld.in/case-study

■ FAST TRACK True to its name, this section tracks the path of channel companies that have posted exponential growth in recent years. To read their secret recipes, their success strategies and the challenges they overcame, visit www.channelworld.in/fasttrack

■ OPINIONS ■ VIDEOS From peer-to-peer advice and new technology developments to what the channel community expects from the enterprise market, our videos cover everything that affects you. Watch them on www.channelworld.in/videos

■ FEATURES Our features delve into a vast range of topics that interests principals and the channel alike. From industry trends to technology trends, and from global best practices to surveys—we have it all. Visit www.channelworld.in/features for more.

Apart from columns from IDG’s editors on technology trends and business challenges, this section offers insights from global experts and management gurus. Visit www.channelworld.in/opinions

■ SLIDESHOWS View our slideshows to get a hang of the latest tech gadgets, the craziest IT inventions, technologies that have flopped, new trends in the channel community, and a lot more. Visit www.channelworld.in/slideshows

■ PREMIER 100

The ChannelWorld Premier 100 event recognizes enterprise channel partners who have set new benchmarks in Indian IT landscape. This annual event showcases the achievements of the winners. Log on to www.channelworld.in for more.

NEWSLETTERS ChannelWorld newsletters are ready reckoners for all you want to know about the channel space. A daily dose of the latest news served straight to your mailbox.

Interviews

Our interviews are a platform for top executives of India’s prestigious channel organizations—and global OEMs—to share their business strategies and what makes them tick. Visit www.channelworld.in/interviews

Don’t receive our newsletters? Log on to www.channelworld.in and subscribe today! FOLLOW US ON:

www.facebook.com/ChannelWorldIndia www.twitter.com/ChannelWorldin

News

WHAT’S WITHIN

PAGE 08: India’s Networking Market is Flourishing, Says IDC PAGE 08: Former TIBCO Execs Launch Mobile Messaging App PAGE 09: Post Split Plans, HP Advancing With its Cloud Unit PAGE 10: Microsoft CEO Talks About How Big IoT has Become

F I N D M O R E A R T I C L E S AT CHANNELWORLD.IN

APPLICATION DEVELOPMENT

Microsoft Develops Meeting-room App

ICROSOFT IS ac-

tively developing a meeting-room application designed to streamline the entire process, including sharing data and recognizing participants, said company co-founder Bill Gates. The disclosure is buried inside a lengthy personality profile of Microsoft executives Satya Nadella, Steve Ballmer, and Gates, describing the relationships tying together—and pushing apart—each of the three. But there is something else Microsoft is actually do-

ing these days—especially Gates, who’s dedicating exactly 30 percent of his time to the company. Gates describes an upcoming meeting with a “genius guy” who is pushing the idea for a new app. “[W] hen you write an application you don’t write an application for this thing and then another application for that thing and another application for this thing,” he told Vanity Fair Magazine. “When you fire up the meeting-room application, everybody’s machine has a part of that.”

Why this matters: Microsoft has already built out a strong—some might say redundant—platform of collaborative technologies. Extending it to the meeting room or boardroom would make sense, especially as connecting a videoconferencing session still robs a meeting of valuable time. Whether this would be a standalone app, or simply a feature of an existing Microsoft technology, remains to be seen. The app, which Vanity Fair dubs “Meeting Room Plus,” would do everything that needs to be done, from sharing notes to videoconferencing, without having to pause to open something else up. “On that one, I think we’ll take the lead,” Gates said. “That’s a very cool thing, and it does kind of trump what’s come before.” If the app did come to fruition, it would be another in a long line of different ways of sharing content and collaborating within Microsoft. At one time, that was seen as Skype’s role, but that product was integrated with Microsoft Lync in 2013. At the time, Microsoft announced Lync Room System, a hardware package combining large touch monitors and a 360-degree camera.

NOVEMBER 2014

-Mark Hachman INDIAN CHANNELWORLD

BUSINESS MANAGEMENT

Symantec to Split into Two Security vendor Symantec is splitting into two companies, with one focused on security and the other on information management. Its board of directors have unanimously approved the plan to break into two independent, publicly traded companies, Symantec said. “It has become clear that winning in both security and

information management requires distinct strategies, focused investments, and goto market innovation,” said Michael A. Brown, president and CEO, Symantec. The security business will include consumer and enterprise endpoint security, endpoint management, encryption, mobile, SSL certificates, user authentication, mail, Web and datacenter security, data loss prevention, and hosted security. The separation is expected to be completed by end of December 2015. -Nancy Weil

FINANCIAL RESULTS

Networking Market to Remain Strong: IDC

2014’s Q2 was also attribnetworking market is uted to the various anflourishing. According nouncements and framing to research firm IDC’s of tenders for government APeJ quarterly switch and projects which are due to router tracker, the Ethernet be executed in the followswitch market stood strong ing quarters. at $ 128.4 million (about Further growth is exRs 768 crore) in terms of pected in the coming customer revenue during quarters as well. Large Q2 2014, growto midsized ing 19.2 percent deals were also Q-o-Q and 29.1 visible in the the total amount that percent Y-o-Y. government verIndia’s enterprise According to tical. The SMB networking market the company segment also garnered this year. statement, the witnessed deals router market, in various verhowever, has witnessed ticals, specially in tier-II a sharp decline from the and tier-III banks. previous quarter that had Manufacturing, utila spike due to various reaity, and banking were the sons, by 17.4 percent. fastest growing verticals However, the market in Q2 and are expected to garnered a total of $ 68.4 continue with their spendmillion (about Rs 41 thouing pattern in the coming sand crore), a 12.3 percent quarters as well, the comgrowth Y-o-Y. pany said. Cisco retained its domiThe WLAN market in nance in the switch and India registered a 7.8 perrouter market winning cent growth Q-o-Q and deals primarily in the tele- 23.9 percent Y-o-Y during com vertical. Q2 2014, and clocked $ NDIA’S ENTERPRISE

$68 mn

38.5 million (about Rs 23 thousand crore) in terms of customer revenue. Education, banking, and hospitality were the key segments that contributed to this growth in Q2 2014 and are expected to continue with the same investments. Today’s networking market is not just defined by technology, but also by the collaboration among the vendors, partnercentric initiatives, and cost-competition, which are also, at the same time, some of the reasons for disruptions in the market. “The WLAN market in India is growing due to the enterprises, large or small, and campuses that are all investing in the wireless infrastructure as a primary option,” said Suman Bisht, market analyst-enterprise networking, IDC. She added, “Q2 was the quarter of telcos, with huge investments to build their backhaul for expansions as well as new network build-outs. SDN is also gaining traction through innovations and aggressive initiatives by the vendors to strengthen their position.” —Team ChannelWorld

APPLICATION DEVELOPMENT

Former TIBCO Execs Launch ‘Avaamo’ Mobile Messaging App Avaamo, a company created by Ram Menon and Sriram Chakravarthy, former executives from TIBCO, has announced a $6.3 million (about Rs 3,780 crore) seed financing round and launch of the Avaamo mobile messaging app, available simultaneously on Google Play and the Apple Store. “The smartphone is rapidly redefining workplace commu8

nications,” said Ram Menon, founder and CEO, Avaamo. “Legacy enterprise communication tools have failed to keep up with a mobile-first world where requirements are being redefined by ease of use, form factor, bandwidth and battery life,” he added. WI Harper Group led this seed round. “We believe

INDIAN CHANNELWORLD NOVEMBER 2014

Stay Connected: The app is available on Google and Apple.

Avaamo’s founders have an outstanding track record of execution and understanding of global enterprises needs. We are impressed with their ability

Short Takes  Kaspersky Lab has ap-

pointed Peter Hewett as it’s new MD. He is taking over the position from Harry Cheung who retired after holding it since 2008. In his new role, Hewett will be responsible for the company’s overall business operations in APAC, including sales, marketing, and business development functions.  Infosys bids adieu to S.

Gopalakrishnan, the last among the group of founders to leave the company. With Gopalakrishnan’s retirement, the last of the founding team at Infosys has moved on, carving a new path for Infosys under the leadership of Dr. Vishal Sikka.  Salesforce.com has

given the company’s customer-support and sales software new names and announced a slew of additional features. This reflect the new reality business software vendors face as companies desire a mobile-first approach to serve customers across multiple channels.

to put together a world class enterprise software team to pursue this opportunity,” said Peter Liu, founder and chairman, WI Harper. Avaamo is the first messaging application that lets you have a secure bi-directional messaging inside and outside your company. It aims to improve mobile workforce productivity and address enterprise needs around scale, security, reliability and governance, said Menon. -Team ChannelWorld

BUSINESS MANAGEMENT

Post Split, HP to Advance With Cloud

P’S BREAK-UP

plan will give the company’s cloud unit more room to maneuver, which it needs to make faster progress on private and public clouds. But success will still be hard fought because of a slow start. HP will be split into two companies within 12 months: Hewlett-Packard Enterprise will get the enterprise hardware, software and services businesses and HP Inc. the PC and printing businesses, the company recently announced. Along with storage and networking, the company will depend on cloud services for its growth. Like other old-school IT companies, HP has had trouble finding its place in the cloud as services from the likes of Amazon Web Services (AWS) and Google have become increasingly popular. But the split could turn out be a good thing for the cloud unit. “It reduces the amount of distraction for the HP enterprise company. It will also allow the company to allocate a greater percentage of research and development or acquisition dollars to the cloud,” said Crawford Del Prete, chief research officer at market research company IDC. The main goal with the split is to make HP’s different units more nimble, according to CEO Meg Whitman. A successful HP will bring more choice and competition to the enterprise market.

HP has made a number of moves this year to boost its fortunes in the cloud sector. In May, the company announced the Helion platform and a $ 1 billion (about Rs 6 thousand crore) bet on open-cloud products, including its own OpenStack distribution, and services over the next two years. HP acquired Eucalyptus Systems, a company that offers open-source private cloud software compatible with AWS, in September. Former Eucalyptus CEO Marten Mickos, perhaps best known for his previous tenure as CEO of MySQL, is now the head of the company’s cloud unit.

“HP wants to accelerate its efforts not only in building private clouds, but also to the cloud management and security spaces,” Del Prete said. He added, “Marten brings credibility and focus to [those] efforts.” Although Eucalyptus was an HP competitor, Marten Mickos voiced his support for OpenStack in August. This was not long

before it was acquired by the company. While espousing its advantages, he also said that the company faces very serious challenges. “It’s difficult to produce technically brilliant products when governance is shared among very large corporations, each one with their own agenda,” Mickos said then. —Mikael Ricknäs

Array Networks Claims its Products to be Bash-proof

Commonwealth Bank Exec is Now Xero CMO

Around

TheWorld AVG Becomes Sony’s Mobile Security Partner

Security software vendor, AVG Technologies, has won a three-year contract to be the exclusive provider of mobile security to Sony Mobile smartphones and tablets. As part of the deal, AVG’s AntiVirus Pro for Android app will come pre-installed on Sony’s Xperia Z3 range in the US and UK. It is yet to be confirmed if the Xperia Z3 products sold in Australia and New Zealand are included in the contract. -Nermin Bajric

NOVEMBER 2014

Array Networks has announced that its products including APV, vAPV, AG, vxAG, and EOS are not exposed to the bash vulnerability. The company said its products do not expose bash at user-level and are not affected by the vulnerability, thereby not requiring any actions or mitigation on the part of Array Network’s customers or users. The company was allegedly also not affected by the recent OpenSSL vulnerabilities such as Heartbleed and man-inthe-middle (MITM). -Team ChannelWorld

INDIAN CHANNELWORLD

Accounting software company Xero has appointed former Commonwealth Bank executive, Andy Lark, as its new chief marketing officer. Lark will lead Xero’s global marketing strategy as it continues to build on the 370,000 businesses that use the platform. Xero chief executive, Rod Drury, said that Andy’s caliber demonstrated the company’s ability to attract world-class talent and commitment. -Brian Karlovsky

n NEWS ANALYSIS

How Microsoft Thinks of Smart Devices

If the Internet of Things is going to work, it has to make life less complicated, not more. By Mary Branscombe

ICROSOFT CEO

Satya Nadella has talked about the opportunity of connected devices and the more than 200 billion sensors he expects to see. But so far, Microsoft has stuck to handing out developer hardware kits to build your own Internet of things devices. Those kits are currently based on Intel’s Galileo board—a cut-down PC system with no video and the ability to connect Arduino shields. Intel is promising to make future Quark systems more powerful and far smaller; at the Build conference this year Terry Myerson talked about something “the size of a pencil eraser or mouse cursor” and speculated about “what kind of devices are possible when a PC is the size of an eraser.” What Microsoft wants is a

INDIAN CHANNELWORLD NOVEMBER 2014

low-power SoC that’s small enough to fit into a mug or a child’s car seat or any other object and make it smart. Few of those have a screen, hence the lack of video. Unlike many of the companies churning out hardware designed to build smart, connected objects for the Internet of Things, what Microsoft hopes to bring to the table (or the back seat of the car and all the other places we’ll use smart objects) is a familiar developer model. If it can get .NET and C++ and JavaScript running on Windows IoT hardware, developers could create a universal app that runs on Windows, Windows Phone, Xbox, and IoT—and the interface for your smart object can be on the object if the form factor allows it, and on any of your other devices if it doesn’t.

Really, the interface should be on whichever device makes sense and is most convenient. We already have multiple devices— phones, tablets, PCs, entertainment devices. That’s going to get far worse with smart objects. Wouldn’t it be nice if working multiple devices got easier the more of them you have rather than more complicated? TOO MANY DEVICES MEAN DIGITAL INDIGESTION When Nadella laid out his vision about productivity at the partner conference this summer, it reminded me of what Microsoft principal researcher Bill Buxton has been saying about ubiquitous computing for a while. Smartwatches sound very like tabs, but ubiquitous computing isn’t actually about having devices everywhere. It’s about always being able to get what you need, invisibly. For that, Buxton says, you need “the right thing, in the right place, at the right time, for the right person, for the right price.” “When ubiquitous computing works you don’t even notice there’s a computer there. But when things are everywhere, it’s easy to make the mistake where I put the dining room table in the bedroom and the toilet in the living room,” says Buxton. You don’t want your personal e-mail on your big screen TV where everyone in the family will see it if you’re watching a movie. And just having more and more devices, however great they are individually, quickly turns into a recipe for disaster. Buxton—who has been collecting gadgets for three decades and keeps a virtual museum on

his web site—calls it the Crackerjack principle. “The more you eat, the more you want. The iPhone led and everybody followed and now we’re making all these gadgets, all these apps. You keep eating them because it’s so great but you get full. At a certain point I’m going to be sick and throw up.” The way to avoid the gadget version of indigestion is to tackle the problem of complexity and how quickly we get to the point of frustration. Individually gadgets are getting easier to use, but using them together is just too hard. Imagine you’re in the middle of a call on your phone and you walk over to your Xbox One and Kinect; why can’t you automatically carry on the conversation using the far-better microphone in the Kinect? Or if you’re using your phone and Bing Maps to navigate as you walk the street; do you want to clutch your phone the whole way, swiveling your head from the screen and back to the street and dodging everyone who’s down gazing at their phone? Directions on a smart watch aren’t any better. Instead Buxton imagines you getting the navigation on your phone—and then putting it back in your pocket. “You just follow the blinking red dot that will appear in the left corner of any ad you walk past so you know you’re going the right way. The ad people love this because I’m imprinting on all the ads because I have to look at them to find the dot. But I can also be having a conversation as I walk, I’m not going to step in dog doo, and I can look around and enjoy the weather. We’ve turned

The Wearables Market Will Hit 112 Mn Devices in 2018

earable computers “took a huge step forward” in the last year and shipments of smart watches and related devices are reported to grow by 78 percent a year until 2018, IDC said. The number of such devices should top 19 million by the end of 2014, triple the number from last year, IDC said. In 2018, that number should swell to almost 112 million. IDC for the first time issued a wearables forecast that divides the market into three categories ranging from low-cost, simple devices to highercost products with expanded capabilities. The three categories are known to be complex accessories, smart accessories, and smart wearables. IDC’s category of complex accessories include fitness bands worn on the wrist such as Nike+, FuelBand, and Fitbit. Some of these devices cost as little as $50 (about Rs 3,000), but more typically $100 (about Rs 6,000). They will be the most popular of all three categories through 2018. The middle segment, which is smart accessories, will slowly gain momentum and surpass shipments of complex accessories by 2018, the research firm said. Examples include the Samthe way ads work on its head; because now I have a ‘popup’ that gives me real value, rather than an ad that annoys me that I only bear with because it gives me something for free.” THE INTERNET OF MAKING YOUR LIFE BETTER Done right, wearables and smart objects and the sensors in the IoT will turn the way of loT of things work on their head. The important question, according to Buxton: “Now that we can build anything, what should we build?” As Forrester’s J.P. Gownder pointed out, a smartwatch can’t just be a shrunken phone; it has to be a device that’s natural to use in the “mobile moments” when you need something relevant, and more quickly.

sung Galaxy Gear smartwatch, Sony SmartWatch and Pebble smartwatch. The third and most complex category—smart wearables such as Google Glass—is only in early stages. It won’t be until 2016 that shipments of smart wearables top two million units shipped. Some companies are already experimenting with uses for Google Glass, which is now being sold only to early adopters in a special program at a cost of $1,500 (about Rs 90,000), a price that’s expected to drop once Glass ships. Google is holding to a planned 2014 release, but some analysts are doubtful. Even at more than $1,000 (about Rs 60,000), a wearable headset like Google Glass would cost much less than many ruggedized headsets sold for industry use that can cost in the multiple thousands of dollars. IDC said that Apple should enter the wearable technology market in 2015, although some reports expect a product to be announced later this year. Rumors have focused on a smartwatch, which some are calling the iWatch. As for a possible Google Watch, IDC called that “still just a rumor.” -Matt Hamblen

That’s what makes Microsoft’s Cortana digital assistant part of the “ambient intelligence” Nadella has been promising rather than just a friendly voice to text system. Getting a warning that the meeting you’re scheduling falls in the middle of your child’s football match, or getting the reminder to pick up milk as you walk past any branch of your favorite grocery (rather than at the time you’d predicted you’d walk past the shop when, in fact, you’re still stuck in traffic) can make you a lot more productive personally. The “dual user” phrasing Nadella uses when he talks about re-inventing productivity is a clunky way of expressing something very important; these days people “who use technology both at work and in

their personal lives” means just about all of us. Anyone who juggles family, work commitments, hobbies and a social life—which also means pretty much all of us—would like some help with getting everything done. But we don’t want it at the expense of jumping through hoops to make all the technology that should be helping us work better together. If you have to fumble around in that “mobile moment” you’ll give up on smart objects. So will we see a consumer smartwatch, wearable technology from Microsoft any time soon? Only if Microsoft thinks it can get the experience right, give you what you need as you move between work and personal life, and fit in with the right context—and tie it in with Microsoft services. 

NOVEMBER 2014

INDIAN CHANNELWORLD

ON RECORD n

Mark Hickman,

COO, Winmagic, says India is at the cusp of adopting data encryption solutions that will translate into opportunities for the channel. By Yogesh Gupta 12

INDIAN CHANNELWORLD NOVEMBER 2014

What major shifts do you expect as the cloud overtakes on-premise models? HICKMAN: The biggest trends in the security space are cloud and mobile. More people now use Dropbox, iCloud, or Google drive to share information. The problem with that is you are entrusting the cloud to encrypt data. In our view, it’s critical that organizations control the encryption keys. We have a solution that locks and unlocks the information flow in and out of the cloud. Adding Dropbox or other components to a file folder capability is an evolution of the cloud platform. We will leverage key strengths around authen-

tication and key management, and we are launching full-blown cloud solutions next year. But encryption isn’t as easy to implement as it sounds. HICKMAN: In the movies, the encryption process takes five minute to complete. But that’s impossible. Encryption is difficult, disruptive, and invasive. The challenge is to make it look simple to ensure a seamless end-user experience. When organizations appraoch encryption as something that needs to be checked off on their todo list, they often end up with cheap solutions—and nightmares. Winmagic Securedoc (an all-in-one

MARK HICKMAN | ON RECORD n encryption suite) is safer and more fail-proof than firewalls and e-security. You can’t hack encrypted data, unless you know the password. Winmagic is a relatively new vendor. How is it planning on beating its more well-established rivals in India? HICKMAN: We play in the mobile endpoint security segment, which includes mobile devices, desktops, and servers. All super vendors—McAfee, Symantec, Sophos, Check Point—with their hundreds of offerings— AV, IPS, firewalls—pitch encryption as just another product. As a provider of full-disk encryption software, we win most deals in this space. We have strong OEM relationshipa with Lenovo

and HP—that’s 40 percent of the global PC market. With Amtrak as our India distributor, we have had big strategic wins in India. To address the challenge of skillsets at the partner level, we have ensure that we have more technical team members on field than sales people. We offer add-on services to end customers through partners to ensure a good experience and successful deployments. Are there more opportunities in India because vendors are not focused or because of the nascent state of the encryption market? HICKMAN: Encryption is a highly competitive market. If some vendors are not focused, it does not mean they have bad products. If we weren’t better, why

would customers pick us as their preferred encryption vendor? The Indian market is exceptionally ready for our encryption solutions. Hordes of Greenfield accounts present big opportunities for partners and us. We need to stay focused and innovative in this survival-of-the-fittest market, and keep delivering a better customer experience and better-trained partners. Isn’t it difficult to find channel partners who will sell Winmagic offerings exclusively? HICKMAN: Partners have moved beyond being product-focused. They sell according to customer needs, and we have to live with an environment of multivendor partners. Encryption has long sales cycles and it is hard to

sell compared to other security technologies. Hence, we are cultivating the encryption market, something no vendor has done effectively till date. Encryption is like the icing on the security business cake. We are creating more business for partners with a services-oriented, profitable model. Channels with strong enterprise connects and resilient security businesses will be the success mantra for us. At the start of 2013, we committed strongly to India. We made heavy investments in terms of infrastructure and people. In the past few quarters, the company’s India Country Manager, Nishant Verma, and his team have ensured a strong pipeline of key partnerships to accelerate our business. 

n FAST TRACK

Snapshot

Systematix Technologies

Founded: 1996 Headquarters: Indore Key Executives: Akhilesh Khandelwal, Director; Harsha Khandelwal, Director Revenue 2013-14: Rs 2.7 crore Revenue 2014-15: Rs 3.2 crore (expected) Principals: HP, Cisco, Lenovo, APC, Microsoft, D-Link, AMP (Tyco) Key Activities: Networking and system integration, field services, peripherals and allied products

A customer-friendly approach is our differentiator, says Akhilesh Khandelwal, Director, Systematix Technologies.

N EMINENT manage-

ment writer, G.S. Alag, once wrote, “A satisfied customer is the best source of advertisement.” Akhilesh Khandelwal, director, Systematix Technologies, embodies this in his everyday business. “It’s that effort of maintaining relationships, talking nicely, following industry ethics and moral values, and delivering what customers need in record time, that ensures steady business with the existing clients. Also, a lot of new clients come to us through word-of-mouth and customer referrals,” says Khandelwal. Owing to this quality, Systematix Technologies is expecting a revenue increase of 20 percent, from Rs 2.7 crore in the last fiscal to Rs 3.2 crore in the current fiscal. “Essentially, we want to be recognized as the most 14

customer-friendly and service-based organization that provides solutions in record time,” says Khandelwal. The company holds expertise in activities related to sales and services of networking and system integration. It owns a team of ex-

TECHNOLOGY SPLIT 4%

Networking Security

Others

Servers

Storage

Enterprise Applications

30%

Services

SOURCE: Systematix Technologies

INDIAN CHANNELWORLD NOVEMBER 2014

45% PCs

Ph o t o g r a p h by FOTO C O R P

Industry Verticals: Hospitality, BFSI, IT/ITeS, government, education, manufacturers and exporters

pert engineers in field services to cater to all their customer service requirements. Due to this, within a short span, the company was successful in building one of the biggest setups in and around Indore. Apart from offering support to its IT infrastructure, Systematix Technologies is also planning to venture into the industrial services, industrial PCs, and industrial solutions for companies with higher revenues and margins. Having a hold in the area of computer marketing and maintenance, Systematix Technologies boasts of providing true value to its customers by building an honest relationship with them, and thus, retaining them for a long time. “We have always been the bestbehaved, ethical, honest, and a customer-friendly company that believes our customers are the primary reason for our existence,” he says. Currently, the company is building expertise to furnish its customers with cloud-based solutions. “With the cloud business kicking in, we are planning to work with HP or Microsoft for implementing cloud-based solutions efficiently and enhancing the company’s optimal utilization of customers’ business needs,” says Khandelwal.  — Sejuti Das

n OPINION

SCOTT M. ANGELO

Surviving a Data Breach Surviving data breaches requires you to know the threats specific to your industry, your company, and ultimately, your data. Here’s how you can make the bad guys’ job just a little more difficult.

Scott M. Angelo is a global technology and security leader. His knowledge and experience base covers a variety of industries and complex challenges.

F SOMEONE with the proper motive and means wants

what you have badly enough, they are going to get it. Many companies fail to prepare for a breach until it’s too late. Unfortunately, there is no true, tested method for preventing and/or stopping a breach. Then how does one survive the inevitable? The three survival points that I touch on briefly—but by no means should be considered a comprehensive list—will help.First, you had better know your data, know how your data flows in and out of your organization, where data is stored when not in use, and who has the potential access to it. Remember that there are different types of data driven by the business you are in, and understanding the sensitivity of that data is critical. Due to the nature of technology and expansiveness of data through your network, trying to protect all of your data at the same security level is futile. You must be able to identify and separate the non-sensitive data from the sensitive. Second, manage access to critical data on a “need-to-know-only” basis. Monitor and log every person and/or system that touches (or attempts to touch) sensitive data. Implementing a security information and event monitoring program within your organization is a must. Log, log, log—log as much data as your budget allows. If you cannot afford this step, then you will have a difficult time explaining a breach to the data’s owner. If you cannot substantiate how the breach happened with logs, how are you going to defend against a compromise? You can’t! This is the operationally expensive part of surviving a breach; a necessary cost of doing business in today’s globally interconnected business world.

Third, know who the bad guys are, what they’re looking for, where they’re coming from, and how they’re getting to your data. This information is not easily obtained, but is becoming more readily available, if you know where to look. You need to act like a company that has already been breached and proactively working with law enforcement, commercial incident response teams, security researchers, industry specific information sharing and analysis centers, etc. If you are not working with the aforementioned entities, don’t be surprised when bad things happen to your data! Knowing who wants your data and how they are most likely going to get it is necessary if you want to have a fighting chance of surviving a breach. Intrusions are inevitable, especially if you have “data of interest.” It is up to you to make sure that the breach does not result in a complete compromise, and you cannot do that without knowing your data inside and out. Please know that a breach does not have to be synonymous with a compromise, and you alone are the one that will determine the end result; therein lies the ability to survive a breach.  NOVEMBER 2014

INDIAN CHANNELWORLD

n COVER STORY

Security

Shif t! Not all the security practices of the past work in today’s interconnected, heterogeneous world. Here’s what you need to do differently.

By Terry Retter, Bud Mathaisel and Galen Gruman

E SHALL fight on the beaches. We shall fight on landing grounds. We

shall fight in the fields and on the streets. We shall fight on the hills. We shall never surrender,” said Winston Churchill in his famous June 1940 speech in the face of Nazi attacks on England. His earlier commitment to the goal of victory, “however long and hard the road may be,” is an apt analogy to the security battles that enterprises face today. The bad guys are persistent, sophisticated, and they are making inroads. It is hard to be optimistic when customers, investors, and regulators expect us to totally protect precious assets and preserve privacy, while some governments and vendors on whom we depend are themselves compromising our data, software, and networks. The fight for security is harder than ever. Most organizations are fighting today’s war with yesterday’s tools and approaches—such as protecting perimeters with passwords and firewalls—and losing. There is too much emphasis on walling off our data and systems, and a misplaced belief that the secured-perimeter approach is adequate. We’ve talked to dozens of security experts, industry experts, and business executives to come up with a better framework for security today. What follows is that framework. NOVEMBER 2014

INDIAN CHANNELWORLD

n COVER STORY A much better defensive approach is built around a risk mindset. Yes, a key risk is the loss of critical or sensitive data, so you must adequately protect data. However, there are other risks, such as disruption of business operations, damaged reputations, regulatory non-compliance, investment risks, and intellectual-property loss. Which of these dangers could most hurt you? How do you assess threats? How would you protect against those threats, from greatest to least impact? Perimeter protections often don’t address these concerns. For example, credit card processor Visa International undertakes a full risk assessment of all its processes, including—but not only—where technology supports those business processes. “Risk is where a vulnerability meets a threat, and taking a holistic view of risks is the basis of a solid approach to security,” says George Totev, former VP of information security, governance, risk, and compliance at Visa. In essence, assessing risks is what you do while buying insurance. When you buy insurance, you (or your insurer) are thinking about vulnerabilities that lead to bad consequences. Risk assessment and risk protection vary by industry and enterprise. Some require the use of technology, some require process change, and others require changes in people’s behavior. Other organizations are forced to address some forms of security risk because of regulation, regardless of their own risk analysis. Their focus becomes about meeting the requirement effectively and without an undue burden on their operations, finances, or strategy. Whatever a company’s risk philosophy and its outside requirements, being selective and focusing on highest risks is the practical approach. But how to focus on those risks? Most companies—as well as the security vendor industry—treat security as a technical challenge. They seek to have software, hardware, and services identify and reduce the risks. Few involve their people—the very folks who create and use the information that is being protected. Many organizations actively exclude their people from 18

INDIAN CHANNELWORLD NOVEMBER 2014

Riding the Security Wave

SUDHIR SHARMA Director, Versatile Infosecurity

It takes vision and persistence to stay on top of the security curve. Versatile Infosecurity has mastered that art. SECURITY is a lot more than just bread-andbutter for Versatile Infosecurity. For the sevenyear-old company, more than three-fourth of it’s revenues emerge from security (product, solutions and services). But rapid changes in the security landscape are compelling the security service provider to innovate, change, and adapt to customer needs. “The major shift in the security landscape at the customer-end has been the advent of cloud computing, insider threat, mobility, and BYOD. Firewall is more of a commodity now, hence, we are educating our team and customers on IRM and mobile security,” says Sudhir Sharma, director, Versatile Infosecurity. According to Sharma, innovation, planning, and cloud services can reduce business risks by providing greater flexibility, resiliency, and security. The Delhi-headquartered company is gradually moving towards offering security solutions on the cloud. “Migrating to virtual, shared infrastructures and then towards the cloud changes how we address information security and risk management. Also, due to security issues, the hybrid cloud wave is catching up for mission critical applications,” he says.

That’s a clear indicator of the fact that the company catches the right technology trend at the right time. “We invest in resources for a technology which lies in the hype cycle phase to command first-mover advantage. Customer demand, too, sparks our decision,” says Sharma. He adds that MDM, APT, IRM, and DLP are the key trends for the next 12 months. “And we are in great sync with these rapid changes to secure organizations,” he says. Sharma has also figured out that new technologies bring along elongated sales cycles which ensures decent margins and better customer stickiness. “The security posture is more of a cultural change as organizations look to secure data with DLP and IRM,” he says. The company has realized that a multilayered security architecture makes it more of a business benefit than an IT need, he says. That’s one reason why the company trains its technical team in technology enablement. A test lab conducts POCs through a virtual cloud for products of various OEMs before pitching them to customers. The team, powered with consultancy skills, ensures the highest service level. “We focus on upgrading the security architecture with almost 100 percent retention rate through upsell and cross sell of technologies. We add 15 percent new customers, on an average, each year,” he says. — Yogesh Gupta

Photograph by SUMEET

FOCUS ON RISKS AND PEOPLE

their security approaches because they do not trust people. There is no technology silver bullet for security, and automating people out of the security equation has the perverse result of making people lazy or uncaring about security. After all, IT will take care of it, and take the blame when there’s a leak or breach. That’s why a security strategy for today must change the primary defense emphasis from devices to people. The key successful attacks today involve people, whether those using social engineering methods such as phishing to physically putting interception hardware on automated sales terminals. Security is a dynamic game of risk relativity—namely, are your defenses better than the current level of threats? The words “dynamic” and “game” are both relevant. Security follows the laws of entropy: The energy levels will run down if not renewed. Constant vigilance is required. And a gaming mindset is crucial to keep the vigilance both active and adaptive. After all, each new defense is challenged by a new trick. People are naturally good at this, and you should be engaging your people to tap into that human ability, not automating them out of your defenses. You need to get into the mindset of the people who create the threats. They’re gaming your employees; you need to game them—and your employees need to be active participants as your eyes and ears, not blinded users. In other words, stop treating your people as a problem to contain and instead begin making them part of the solution.

THE NEW SECURITY MODEL Although you’re years away from perfection, enough plausible patterns have emerged to let businesses begin the necessary adjustment. The new model is additive. You must continue the best practices you have employed in the highest areas of risk, while incorporating the risk and people orientation of an improved defense. The new model has five dimensions: Narrow the information security focus to core, critical assets. Protect key assets with multi-layered defense systems. Engage the people who use information to protect the assets they work with. Team with business part-

Over 69 percent of attacks last year were focused on large enterprises. This means protection must focus on information, and not on the device. Enterprises should adopt a security framework that not just prevents, but prevents, detects and responds TARUN KAURA, Director, Technology Sales, India, Symantec

ners to boost their (and your) immune systems. Make security a business problem—not just IT’s problem. Narrow the information security focus to core, critical assets. Perfect security is impossible. Yet protecting everything equally has been the unsustainable security objective. A “best efforts” risk-based approach is more rational. Apply your best efforts to what is most valuable and what has the most impact on your business. In doing so, you prioritize levels of risk, which should be familiar ground to CIOs and other IT leaders from their work in business continuity and disaster recovery. Determining what the organization’s most precious assets are is hugely important but is often controversial. Some organizations believe that data is the most valuable asset needing protection. However, if risk attributes are assigned to an array of assets—data,

Actionable intelligence is the most critical information we need to protect. This requires an architectural approach; adding layers of security products is not going to help. We are seeing a generation shift, but maturity levels remain low. AMBARISH DESPANDE, Managing Director, India, Blue Coat

software, networks, and personnel—it becomes evident that there is much more that needs consideration about penetration of and attacks on enterprise assets. The notion of classifying business information assets to determine criticality is the least common factor in enterprise information security today. This risk-based approach is not easy, and requires a mental shift for many organizations. But there’s a good reason to make the effort: The bigger the stash of assets and the more complex the rules, the harder it is to protect them. A more focused and less complex approach could better balance the risk with the benefits and let you actually achieve your desired protection. Protect key assets with multi-layered defense systems. Any approach that requires 100 percent prevention will fail. There’s no way to ensure that something is perfectly protected, so seek resilience rather than prevention. Recognize that defenses have to be built from multiple components. A better model for security is a biological one, where you can recover from and function despite infections or injuries. The biological system seeks to confine an intrusion to the system first infected so there’s not a broader penetration. The biological system assumes there will be ever-evolving risks, and that one may be attacking now. All of these principles should be applied to the technologies and business practices you use to secure your business. You should assume you’re compromised, and develop a strategy around that assumption. (It’s now clear that most companies are already compromised, whether by cyber criminals, competitors, or governments.) Understand that there are many sources of infection, not just the datacenter, PC, or mobile device. Most biological systems also use redundancy. Do the same for your security approaches. Intel CIO Kim Stevenson has described a three-tier approach that her company has effectively used that is based on this principle. A tiered approach to access makes sense, using read-only or otherwise tiered containers—the equivalent of keeping your precious jewels in a safe

NOVEMBER 2014

INDIAN CHANNELWORLD

Right on the Security Track DigitalTrack Solutions is keeping pace with the changes in the IT security space through DDoS and WAF solutions and is pushing security audits as part of its next move.

ITH the advent of technologies like cloud and mobility, security becomes a major challenge for organizations, says Muneer Ahamed, director of Chennai’s DigitalTrack Solutions. The company is a long-time solution provider with alliances with security vendors such as Checkpoint, Fortinet, Dell Sonicwall, Juniper, Cyberoam, Watchguard, McAfee, Symantec, Trend Micro, IBM ISS, Iron Port, Barracuda, Bluecoat, Websense, RSA, Array Shield, among others. “Data is everywhere, right down to the device. This is the picture we have to keep in mind,” he says. This challenge gets compounded with some customers resisting larger investments in security. However, the flip side is that in the Chennai market, which is traditionally inclined towards UTM solutions, there is now an increasing number of customers asking for bundled solutions, moving away from anti-virus and firewalls. “In the last couple of quarters, we have been looking at exploring the market in newer ways,” says Ahamed.

DigitalTrack has been actively talking to customers about DDoS and Web Application Firewall (WAF) solutions, in particular to the ISP customers. Ahamed believes that IT/ITES customers have been and will continue to show interest, while pharma is also a traditional sector that will take to DDoS. “With the shift in market trends and also in the security paradigm, it is quite natural that customers, irrespective of the vertical, will start asking questions about

in the house or locking your car even in the garage. You should couple such an approach with basic protection against accidents, such as requiring encryption and password sign-in to gain access to information in the first place—the equivalent of locking the house door and setting the alarm before you leave. Multi-layered defense systems for software rely heavily on a combination of human scans and scans by software designed to identify vulnerabilities. You embed security into the software development lifecycle with techniques such as risk analysis and peer review of code (sometimes by a QA organization), and you use commercial software that can check for vulnerabilities. There is currently no single software package that can scan for all potential vulnerabilities, so combine manual reviews with multiple scans by different

threat identification packages. “Deal with vulnerabilities in the design rather than after the fact,” says former Visa security exec Totev. A good resource for understanding what to look for is the Open Web Application Security Project (OWASP), a non-profit organization that provides insight into vulnerabilities and suggests mitigations. A critical layer is identity management. Several technologies are available to do that, with differing hurdles for users and systems to jump. How many identity checkpoints you impose should relate directly to your risk analysis, and of course you should also use isolation to limit a compromise’s reach. Biological systems typically do both. An example of the combination of identity-based authentication and isolation is Salesforce.com. It uses twofactor authentication twice to allow

INDIAN CHANNELWORLD NOVEMBER 2014

MUNEER AHAMED Director, DigitalTrack Solutions

newer technologies that will ensure the security of their data, network and applications, all in one go,” he says. The next step in being a serious security player would be in foraying into security audit and consultancy services. For this, the solution provider is investing in people and certifications and hopes to proactively kick start its consultancy practice soon. In fact, the company is reportedly already pitching its audit piece to customers. “In a hugely compliance driven set up, security audits give a macro view to the customer about their security pain points,” says Ahamed. DigitalTrack hopes to leverage its security services and consultancy in other markets in the Middle East as well. DigitalTrack will be boosting its customer base with region-wise pre-sales teams. Also, the company is in the process of hiring full-time expertise at the mid-level as well as the senior level. “We will enter new geographies in the domestic market. There are opportunities for us to tap into,” says Ahamed. The security company is now looking at Vijayawada, post Andhra Pradesh’s bifurcation. The expansion, both domestic and international, will be DigitalTrack’s parallel strategy for the remainder of this fiscal and also over the next year. — Shantheri Mallaya

access to its production environments, where the damage from an intrusion could be very high: A user must satisfy two-factor authentication to get into a trusted environment, and then satisfy a different two-factor authentication to get into an operational environment that is delivered through a dumb terminal from which no data can be moved or copied. A different standard is applied to e-mail access, where the risk profile is different. Identity management would be more effective if it could be applied to the data itself. DRM (digital rights management) at the information level would take such technology to a new level of assurance—but only if it could be deployed in a standard way. Reliable identification matched with consistent and portable permissions would reduce inappropriate access to

information, even if devices and networks are breached. Engage the people who use information to protect the assets they work with, both critical and noncritical. Until machines totally take over the universe, people are the ultimate source of threats, and frequently the entry point for vulnerabilities. They’re also a source of prevention. Some of the most sophisticated threats arise through social engineering, where the bad guys worm their way in through social media and e-mail contacts with unsuspecting users—particularly targeting executives and key operational staff. From there, deliberately and stealthily, the bad guys can assess the enterprise security provisions in place, and work around them. Put yourself in the shoes and mindset of both the bad guys and your own staff and business partners. Because people are often the conduit for the intrusion, include them in the prevention. Stop automating them out of the process, as has been the standard IT mode for the past two decades. The “loose lips sink ships” management style from the pre-PC era was effective, making security everyone’s responsibility, not something that employees could slough onto someone else. Today, it again needs to be a core component of modern information security. Not only will it help those individuals avoid risky behavior, but there will be lots more eyes to observe whether something may be amiss. When you bring people back into the security equation, don’t neglect workforce and partner training. Yes, people can learn and apply what they’re taught. That was the case at Long Island University, which several years ago began a security awareness initiative coincident with a shift away from PCs to iPads, mobile apps, and cloud services. The university is subject to HIPAA (Health Insurance Portability and Accountabillity Act) and FRCP (Federal Rules of Civil Procedure) regulations due to its medical school and status as a federal loan dispenser, yet found it could straightforwardly handle such regulations, CIO George Baroudi has reported.

What differed was how information tehnology engaged with the students and faculty, as a compliance-aware participant in the process, not an “in the basement” developer of technological constraints. Some industries have figured out how to make employees active participants in achieving key behaviors. People are natural gamers, and creating game incentives for employees to avoid or detect threats can be a powerful antidote. Taking a qualityimprovement management approach, some firms have used gamification techniques such as publicizing the number of incident-free days, creating both awareness and active participation in favor of safer behavior. Happily, if employees are screened, trained, and monitored to be trustworthy, the risk around the other, known-to-be-lowerrisk information becomes even lower. The good news is that a significant percentage of companies have peopleoriented security methods in place, as the CIO/CSO/PwC survey shows, even if not necessarily handled in a holistic, pan-enterprise way. However, that bigpicture approach is critical to success, because only then can you architect and deploy a system that works. Team with business partners to boost their (and your) immune systems. You now live in a big digital information and process world that encompasses the enterprise sources of raw material, production, distribution after-sale service, and support. This is true whether you are in a business that produces tangibles (such as cars and

Weak security has a direct impact on business operations, meaning losing IP or customer trust. An attack can push a company years behind in product development and reputation. Thus, security, today, is board-level conversation. KEVIN MANDIA, Chief Operating Officer and SVP, Fire Eye

Security teams want integrated controls that can scale as threats constantly mutate. Today, customers want NGFWs that do more than firewalling and IPS control; they want gateways that fight advanced threats like zero-day. RAJESH MAURYA, Country Manager, India & SAARC, Fortinet

electronics products) or services (such as schools and hospitals). In the last decade or so, companies have become highly virtualized thanks to outsourcing (to providers, contractors, and cloud services), distributed workforces (also a mix of staff and contract), distributed workplaces (satellite and home-based offices), outsourced workplaces (such as call centers), and work-anywhere/digitalnomad workers. There’s no way to build a wall around this modern digital ecosystem. You see this futility in the loss of effectiveness of traditional defenses, such as passwords, virus protection, intrusion detection, and other signature-based detection methods. Threats change too dynamically, and indeed can now self-adapt. Sophisticated bad guys go directly to servers or networks and bypass user devices’ password protections. Recent massive customer data thefts at major retailers and the revelations by former NSA contractor Edward Snowden should make this situation evident to all. While many companies fret over whether iCloud or Google Drive is a threat, their core systems are already deeply compromised more directly. The notions of inside and outside the company rarely apply so cleanly any more. As a consequence, a top issue for CIOs is cascading risk. Customers may trust the enterprise with which they interface, but can that trust extend to every other entity that may be part of the supply chain? You should work with your suppliers and other business partners to apply the concepts described in this article

NOVEMBER 2014

INDIAN CHANNELWORLD

n COVER STORY to all your systems, not just the ones that interact. After all, there are likely more connections to exploit than anyone realizes, and having a common security framework is more likely to work than having multiple frameworks in place. (Of course, the implementation will need to vary based on the core risk analysis for each entity.) Sharing best practices is synergistic. And active partnering is a far better approach than merely using contractual threats. You can expect more demands from your customers, regulators, investors and others to demonstrate your security prowess and perhaps to demand to independently test those defenses. As part of this assurance, a “statement of applicability” will be requested, wherein the specifics must be provided of how broadly security measures are applied. This ties into the “you can’t protect everything equally” points we’ve already raised. The costs of security are rising. Although they are an inevitable part of doing business, the

costs can be managed at reasonable levels if you focus on the things that truly matter. Some companies take a “checklist security” approach where they can enumerate the tactics they’ve followed to explain away the inevitable information losses to regulators and customers. They knowingly implement this checklist approach not because it works but because it minimizes the risk of lawsuits or fines. The checklist approach is an indictment of the status quo—a strategy that tacitly acknowledges the current perimeter approach is failing but doesn’t offer a better alternative. The checklist pretense is no longer adequate. Make security a business problem—not just IT’s problem. Information security isn’t just an IT or technology problem—it’s fundamentally a management problem that few organizations treat as such. Yes, the enterprise will look to the CIO and CISO for leadership on infor-

mation security, but accountability has to be more broadly shared. Technology and security organizations can’t be held accountable if the actions of individuals outside IT are the basis for compromises. It’s time to think of this evolving information security model as holistic security, using multiple technology and management techniques, with broad buy-in and accountability, layered and tailored to the estimated risk and value. Broad governance is key, requiring actions and responsibilities across the entire organization, engaging employees, customers, suppliers, the C-suite, and the board as active participants. It requires management to assess, actively manage, and hold accountable managers, employees, and business partners—not deflect responsibility as a technology failure by the IT or security organization. For example, is marketing using CIO-approved cloud or business analytics providers, which have dem-

‘Security Compliance is Not Proactive in India’

Pavan Duggal, Cyber Law Expert at the Supreme Court of India, explains why channel partners need to look beyond the IT Act 2000 as the security standards, in the fast-changing threat landscape, evolve. How does IT Act 2000 hold up in India’s complex IT architecture? The IT Act 2000 was an e-commerce-enabling legislation passed in the year 2000, wherein cyber security was never the focus. In 2008, another IT amendment 22

came into being, that detailed cyber security requirements and mandated relevant stakeholders including intermediaries to implement and maintain reasonable security procedures. However, India’s IT acts are still not in sync with global IT security standards. Almost all security issues pertaining to mobility and mobile platforms remain untouched. Increased use of applications like WhatsApp, Viber, and Line and their capacity to impact corporate data requires channel partners to look at security in a more dynamic manner. With the advent of IoT, security as a legal paradigm in India definitely needs a revisit. What elements of IT Act 2000 should partners focus on while creating security standards? Indian channel partners are covered under the IT Act 2000 as intermediaries, and The IT Intermediary Guildelines Rules 2011 mandate intermediaries to legally maintain rea-

INDIAN CHANNELWORLD NOVEMBER 2014

sonable security practices when they deal, handle, or process third party data or sensitive personal information. Partners who process credit card payments should also comply with PCI standards. These are, in the real sense, bare-minimum requirements. Do channels need to re-align themselves to global security standards? In India, security compliance has never been a proactive phenomenon. Enterprises are invariably driven by business needs. There is a huge need for creating more awareness among target stakeholders about updating their security mechanisms and constantly upgrading to be in tune with the emerging cyber security challenges. In India, under-reporting of breaches is an unspoken rule. Reporting security breaches can involve reputational risks and most businesses do not want to be seen as unsecured destinations. - Shweta Rao

We have always thought of security as a business problem. Organizations that are affected by a breach look at data loss as something that they need backups for. Backups help, but protecting that data from never being stolen again is as important. JAGDISH MAHAPATRA, Managing Director, India and SAARC, McAfee

onstrated security capabilities? Do suppliers who routinely access critical data use compliant security processes? Does the board communicate through protected channels or does it distribute financial and sales data as attachments via open-environment e-mails? (Emails are never secure, and legal disclaimers at the end are a false palliative.) You need a pan-enterprise security governance similar to how HR or legal operate in leading companies, with engagement from the board of directors down to the individual employees. Notice the phrase “operate in leading companies”—that’s key, because too many companies confuse lots of rules and procedures with effective governance. If you tie up your staff in knots in the name of security, you won’t gain security and, in fact, you are likely to be less secure, as people struggle to comply or, worse, stop trying and instead actively work around the barriers you’ve created. Effective governance means enabling and encouraging people to do the right thing as the path of least resistance wherever possible. Monitor their performance, educate and retrain them when necessary, and apply both incentives and penalties for a pattern of non-compliance. For example, if you have many employees who work in the field or at home, provide a secured cloud storage option that works with popular devices, so they’re not tempted to use their own or, worse, resort to thumb drives, recordable CDs, and personal e-mails to maintain access to data when not at their desk. Do some internal phish-

ing to identify employees who need further training or perhaps impose penalties such as loss of bonus or even loss of position for repeat or egregious lapses. Reward individuals and business units that are proactive in their safe practices and that act on suspicious behaviors. Getting a flu shot does not assure you won’t catch the flu, but it is a powerful tool that works best when combined with good hygiene and other defenses. Some enterprises perform self-assessments or routinely hire ethical hackers. Various industry groups have assessments you can do yourself or hire a professional to do. Use them. Monitoring and pattern analysis technologies, such as DLP (data loss prevention), database logging, security event tracking, and information-forensics tools, can help, too. They’re not that useful as a preventive real-time shield, but they can deliver the benefit you really need: Identifying data theft, fingerprinting it, and gaining the very useful understanding of how data is moving, who’s doing what with it, and when it’s trying to leave your systems.

TIME TO PLAY CATCH UP It’s true that the efforts to digitize business over the past two decades have occurred swiftly and often not so obviously until a tipping point was reached. So it’s understandable that the information security model hasn’t evolved as quickly as the environment you operate in. But it’s clear that the mismatch is huge, and the only reasonable way forward is to adapt to the new ecosystem:

Cyber-attacks and breaches are becoming the new normal. Security is no more restricted to IT, and management is equally taking note of the implications that cybercrimes can have on their organization’s brand, revenues, and customers. SURENDRA SINGH, Regional Director, India & SAARC, Websense

Change your focus to risks and people. It’s time to stop trying to protect information in the network-connected era the same way you did in the “only in the datacenter” era. The perimeter approach is equivalent to the Middle Ages philosophy of protecting cities with fortress walls when the enemy has air superiority. Of course you can and should put a perimeter defense around the most critical cores. Access control is the best defense, because the fewer people and devices that can access what is truly critical, the less intrinsic risk you have. If you grant access, you must trust those who have the access, because a determined person will find a way around your defenses. Your focus should increasingly center on holistic risks and factoring people more prominently in your IT security approaches. Information security is not a set-and-forget policy or technology exercise. Risks change, the nature of information changes, as do the business contexts, business relationships, and operational contexts. People will always game around obstacles. Having an organization where information security awareness and responsibility belongs to everyone increases the chances that the unknowns will be identified faster. Companies have to accept that losses and breaches will occur, and thus change the mindset from absolute prevention to targeted prevention combined with resiliency and a notion of acceptable loss—the approach common to biological and human systems. For 40 years, security efforts have focused on the equipment and, to a lesser extent, the data—removing the human factor in an attempt to reduce surprise and behavioral variations. Your key vulnerability and key line of defense are one and the same—people. Security is ultimately a human responsibility shared by everyone—it’s not an IT problem alone. Security-minded management must be made standard across enterprises, where accountability is real and awareness is high: that proven “loose lips sink ships” approach that defense security experts generally call a counterintelligence model. We don’t mean to suggest this shift is easy or swift. But it is necessary. 

NOVEMBER 2014

INDIAN CHANNELWORLD

n FAST TRACK

Snapshot

CorporateServe Solutions

Founded: 2003 Headquarters: Gurgaon Branches: Ahmedabad, Delhi, Jaipur, Kolkata Key Executives: Dharmendra Sharma, VP; Dinesh Parashar, VP; Sanjay Baweja, Director Operations Revenue 2013-14: Rs 10.8 crore Revenue 2012-13: Rs 8 crore Employees: 150 Principals: SAP, Microsoft, Epicor Key Business Activities: ERP and BI implementations, business process consulting, staff augmentation, services

Completing complex ERP projects in record time is our USP, says Vinay Vohra, CEO, CorporateServe Solutions.

ORPORATESERVE SOLUTIONS might not be the

largest ERP implementation company out there, but that’s not necessarily a bad thing, says Vinay Vohra, founder and CEO of the company. “As a medium-sized company, we are in a unique position. Unlike small companies, we have the capabilities and the know-how to implement complex solutions, and unlike the large players, we have the element of personal attention to detail,” says Vohra. CorporateServe Solutions provides niche ERP functionality to the manufacturing industry. Over three-quarters of its revenues comes from that vertical, including textiles, auto ancillary units, publishing, and dairy. It also focuses on education institutions. The Gurgaon-headquartered company became a SAP partner three 24

years ago. It was a major boost to the company’s fortune, says Vohra. Today, it works primarily on SAP Business All-in-One, Microsoft Dynamics AX, and Microsoft Dynamics NAV. More than 75 percent of the company’s revenues come from SMBs. “This

VERTICAL SPLIT 5%

Logistics

20%

Education SOURCE: CorporateServe Solutions

INDIAN CHANNELWORLD NOVEMBER 2014

75%

Manufacturing

Photograph by SUMEET

Website: www.corporateserve.com segment demands a combination of customized solutions, greater responsiveness, and accurate project management. We have successfully implemented ERP across hundreds of SMBs in different verticals,” says Vohra. It’s that attention to detail and its ability to manage complex projects that ensure that a greater chunk of new clients come through customer referrals and word-of-mouth. Still, closing deals isn’t a cakewalk. “When we approach a client, our offerings are pitted against rival products. We usually win by finding out the pain areas of customer,” says Vohra. “Retaining clients against all odds, and completing the most complex implementations in record time has been our USP, while other smaller companies try to undercut the competition using aggressive pricing,” he says. It helps that the company has invested heavily in developing a strong HR pool for its implementation and services arm. “We have skilled manpower in application consulting for SAP (ECC 6.0); Epicor 9; Microsoft Dynamics NAV, and Microsoft Dynamics AX, ABAP, X++ and .NET,” says Vohra. CorporateServe expects to growth its revenues by 50 percent this fiscal over FY13-14.  — Mayukh Mukherjee

n FEATURE | BUSINESS INTELLIGENCE

Avoiding BI Software Pitfalls Business intelligence experts and business leaders discuss common mistakes companies make when selecting and implementing a BI solution. By Jennifer Lonoff Schiff

CCORDING TO Gart-

ner, business Intelligence and analytics will remain a top focus for CIOs through 2017, with companies spending millions on traditional BI software, cloud BI services, and now mobile apps and even social BI. However, as the type and number of BI

solutions has grown, so has the possibility of failure, of picking the wrong business intelligence software for your business problem or problems or of having end users not understand or properly use the solution. To help you avoid a potential costly mistake, and get the most out of your BI software

investment, here’s a list of nine most common mistakes organizations make in regard to selecting and implementing a business intelligence software solution—and how you can avoid them. Mistake No. 1: Not defining the business problem(s) you are trying to solve. “Compa-

nies [should] not rush into leveraging any BI tools unless they have a distinct business case,” says Scott Schlesinger, senior vice president and head of Business Information Management, North America, Capgemini, a provider of consulting, technology and outsourcing. “One of the biggest [mistakes in] pursuing an analytics initiative is jumping in too soon without clearly defining what it is the company wants to accomplish,” Schlesinger says. “Companies will not be able to generate any real ROI if they don’t outline the business case first and determining why and where leveraging big data makes the most sense in their operations.” “Too many folks look for the one silver bullet tool that will solve all analytics problems they ever have without fully defining the immediate problem to solve. And that is why so many BI projects fail,” Caldwell says. Instead, “start with the business problem to be solved, understand the capabilities required to solve those problems and then purchase the BI tool(s) that meet those specific needs.” Mistake No. 2: Not getting buy-in from end users. “IT has a tendency to purchase BI tools in a vacuum, without first getting buy-in from the people ultimately expected to use them,” says Joanna Schloss, business intelligence and analytics evangelist, Dell Software. But “assuming employees will use newly purchased BI technologies simply because the organization is standardizing on them is a mistake,” she continues. “Even the best BI tools are ineffective if they’re not utilized, and no amount of training or standardizing will convince people to use technology they don’t feel ben-

NOVEMBER 2014

INDIAN CHANNELWORLD

n FEATURE | BUSINESS INTELLIGENCE efits them personally,” she explains. The solution: “Instead of telling employees they have to use something, help them understand why they’ll want to use it. Clearly articulate the value proposition and adoption will follow.” “Companies underestimate the difficulty in changing corporate cultures to accept and use the output of BI systems,” adds Ray Major, chief strategist, Halo Business Intelligence. “A successful implementation, regardless of which technology you choose, mandates that a company have both executive buy-in and end-user buy in. End-user buy-in requires a concerted and focused internal marketing and educational effort to highlight the benefits of the new BI system,” he says. “To ensure successful adoption, companies can influence end-user behavior by tying individual employee goals to metrics driven results.” Mistake No. 3: Being dazzled by features and forgetting about legacy systems and integration. “Most companies evaluate BI [solutions] in terms of the features available in the tool, such as reporting and querying, dashboards, exploration and discovery, OLAP and analyses, data visualization, predictive analytics and performance management KPIs,” says Kiriti Mukherjee, director of Information Management, Collaborative Consulting. Yet they forget one very important feature: integration. “Integration with office applications (many tools integrate with Excel), embedding BI objects in other applications or enterprise portals and integration with thin and thick clients, including with custom mobile devices,” Mukherjee says. 26

BI Vendors Focusing on Data Discovery

I and analytics will remain a top investment priority for CIOs, but by 2015 BI vendors will make ad-hoc data discovery, rather than report generation, the prime focus of their product development efforts, according to a Gartner report. During the past 10 years, the BI industry has grown based on “IT-centric BI platforms for largescale systems of record,” Gartner said. “These have tended to be highly governed and centralized, where IT production reports were pushed out to managers and knowledge workers.” While ad-hoc querying and other analytic tools have been available, “they were never really fully embraced by the business analyst masses, primarily because they are perceived by most as being too difficult to use,” the report adds. As it stands, only about 30 percent of potential BI users have adopted their company’s standard BI tools. In recent years, demand for user-friendly BI tools sparked the “meteoric rise” of vendors such as TIBCO Spotfire and Tableau, Gartner said. As a result, “the majority of current IT-centric vendors will shift the focus of new product investment and platform emphasis from IT-authored production reporting, to governed, business-user-driven data They also forget about “integration capability with enterprise applications (such as ERP), cloud applications (Salesforce.com) or contextual services (MDM, DQ or external services such as D&B),” Mukherjee says. The point: While features are important, it is also important to make sure the BI solution you choose integrates well with your other business systems.

INDIAN CHANNELWORLD NOVEMBER 2014

discovery and analysis,” the report adds. BI vendors and customers will also embrace the “Internet of Things” trend, with more than 50 percent of implementations using “event data streams generated from instrumented machines, applications and/or individuals” by 2017, Gartner said. “Sensor and other forms of instrumentation (for example, video/sound monitoring, system and usage log data, GPS, weather) comprising the Internet of Things can provide a more direct and immediate representation of an object’s, system’s or individual’s behavior,” the report adds. Gartner is also predicting competition will heat up between BI platform vendors and the systems integrators who have created specialized analytic applications for various industries and business processes. BI vendors “recognize that in order to expand their reach beyond traditional power users, they must deliver packaged domain expertise and applications to enable self-service by a wider range of users,” Gartner said. As a result, by 2017 packaged analytics applications from vendors and systems integrators will be “indistinguishable” from one another, according to the Gartner report. -Chris Kanaracus Mistake No. 4: Not choosing a solution that can scale and adapt. “One of the biggest mistakes you can make is choosing a solution that’s not agile,” says Francois Ajenstat, director, Product Management, Tableau Software, a data visualization company. “At fast-moving, cuttingedge companies, self-service analytics are becoming the norm,” he explains. “The monolithic infrastructure

stack is crumbling in favor of solutions that can work with new data sources, and flexibility and usability from dashboards are key.” You also want to make sure the business intelligence solution you choose can grow, or adapt, to your business needs, so you do not have to look for a new BI solution right away. Mistake No. 5: Rushing implementation. “A successful deployment is not always a rapid deployment, and a rapid deployment is not always a successful one,” says Daniel J. Ronesi, director, Business of Law Services, Aderant, a provider of legal software. When deploying a BI solution, patience is a virtue. “It is imperative that the implementation is not overly rushed so that sufficient time is set aside for training to ensure users are given the time to develop or acquire the skill sets needed to use the BI software effectively.” “Deploy your business intelligence software incrementally,” advises Southard Jones, vice president of Product Strategy, Birst, a provider of cloud-based business inteligence solutions. “Rather than expecting to solve every business problem all at once, prioritize specific outcomes you want to achieve. When you have answered the first business problem, add on incrementally and be flexible in your approach,” Jones says. “Consider what answers will validate a recently introduced strategy or will have the biggest impact on your business operations,”Jones says. “Then choose one as a starting point. While business intelligence can eventually answer all of your questions, don’t expect all of the answers from it, all at once.” 

Focal Point EVERYTHING ABOUT INTERNET OF THINGS

Ways IoT Will Unfold

The three key segments of IoT are on different paths; don’t think of them as one entity. By Galen Gruman

HE INTERNET of

things is hot. Practically every tech vendor is using the label for some of its products. Cisco Systems and PwC both predict that the market will be worth trillions of dollars. The Internet of things is also the tech industry’s latest overhyped technology—most of what is called IoT is not

IoT, and the IoT market will never be worth trillions of dollars unless you declare that IoT includes anything that uses power, a chip, and some communications capability, which is a pointless definition. Despite the tech industry’s fierce attempts to scrub all meaning from the IoT label, something real and valuable is occurring

in the Internet of things. But users and IT organizations can’t take advantage of it without understanding what’s going on. Several technologies are making IoT widely possible, mostly from the mobile space. One is the lowpower processor, typically based on the ARM designs already in use by nearly all smartphones and tablets. They’re much cheaper and smaller, as well as more power-efficient, compared to traditional Intel and AMD x86 chips. About 40 percent of them are used in devices you may not expect, says ARM Holding marketing VP Ian Ferguson, such as in-car infotainment systems. Companies like Texas Instruments also make a bevy of chips—some based on ARM—that power everything from sensors to alarm clocks to garage door openers to beacons. Then there’s Bluetooth and Wi-Fi, including the networkless Wi-Fi Direct (WiDi) variant standard in recent mobile devices and computers. (This is how Apple’s AirDrop works, as well as Windows’ and Android’s Miracast.) The two networking standards are commoditized, so they’re finding their ways into all sorts of devices. Industry efforts like Thread are trying to develop a constrained communications standard that lets devices communicate over a common protocol (as opposed to a radio technology) without the full computation and energy consumption overhead of the typical IP stack. The Thread effort sees IP at the edge of the stack, so the low-requirements communications eventually can

connect to the Internet and heavier-weight systems, but it doesn’t force every component to be able to do so. Basically, it’s getting cheap and easy to put a chip in it. And it’s getting easy to add co-processors for everything from motion detection to radio connectivity, from graphics processing to encryption. More devices can compute and connect as a result. Power sources are shaping up as the limiting factor, so there’s lots of research on everything from better batteries to converting radio waves into power. There are three clusters of real IoT activities, and each is on its own path. Some paths may cross, but understanding the three separately will help you strategize about your own IoT engagement: Machineto-machine is simply about efficiency, not fundamental new opportunity; the notion of smart systems will gain trac-tion, with Bluetooth peripherals as the first step; the ad hoc Internet of things is well under way.

M2M IS NOT A NEW OPPORTUNITY For decades, we’ve had industrial, medical, and office equipment that could talk to other equipment, such as thermostats that communicate temperature information to normalize HVAC settings, assembly-line sensors that make robots stop welding if the line is delayed or stopped, and EKG readers that alert a nursing station if worrisome readings occur. This is known as machine-to-machine (M2M) communications, and it’s really useful. These established M2M uses are now

NOVEMBER 2014

INDIAN CHANNELWORLD

n FOCAL POINT | INTERNET OF THINGS getting the IoT label, but they are not really changed by IoT. However, they’re cheaper and easier to deploy because of greater technology standardization that is making the larger IoT trend possible. We’ll thus see the “industrial Internet of things” (the new name for M2M) become more widespread, as smaller companies can afford to join in and larger companies can afford to bring the notion outside of expensive manufacturing systems. It’s like when PCs arrived in business: Suddenly, a computer didn’t cost millions of dollars, so computing could go beyond the datacenter. What’s made M2M easier and cheaper to deploy? Bernie Anger, the general manager of General Electric’s Intelligent Platforms division effectively points to three factors.

Hadoop and similar mass-scale data processing technologies: They allows analysis of massive data in cost-effective way. When analytics was an expensive, scarce resource, companies limited what data they collected and analyzed to the most critical areas. Now they can apply analytics to more areas, and they’re doing so. The ubiquity of the HTML5 Web standard in client devices: That means more than the use of iPads, smartphones, computers, and other offthe-shelf equipment — it also means that specialty devices now use a client UI that’s well understood and compatible with all the computing devices you have. The burden of writing to proprietary user interfaces is greatly reduced, and operator familiarity is greatly improved.

while making them more valuable overall.

SMART SYSTEMS WILL GAIN TRACTION Connecting M2M systems to the rest of the world will scare many IT pros, though “rest of the world” really means “other parts of the world.” But it’s inevitable because it’s so useful. I recently profiled a simple example of a utility company managing its systems via iPads to be able to respond to problems faster. That’s the simple example we’ll see first. That example is not restricted to M2M systems. It’s basic field service, and it’s happening in all sorts of ways. For example, some oil rig equipment has sensors that a field engineer can tap into via an iPad, then communicate to home base over satellite or other communications systems to get diagnostics and

There are three clusters of real Internet of things activities, and each is on its own path. Some of their paths may cross, but understanding the three entities separately will help you strategize about your own Internet of things engagement. ODBC user agent adoption: This version of the venerable database connectivity protocol is not Windows-dependent, so devices on all sorts of platforms can now share data through a well-known protocol, not just PCs or devices running Windows Embedded. Due to the relatively low cos—ODBC UAcapable devices with local computation ability and network access cost just $200 (about Rs 12,000)— it’s affordable to have devices connected. 30

“None of these is a revolution, but they come together now to enable the scale and speed not possible a decade ago in the M2M/SOA worlds, when everything was essentially custom, nonstandard, and heavyweight,” Anger notes. Over time, the use of standard protocols and technologies will allow the “back end” M2M systems to interact with user-facing technologies, which will provide some white-knuckle moments for the guardians of the core systems

INDIAN CHANNELWORLD NOVEMBER 2014

proposed fixes, as well as interactive manuals. The same is true for airplane engine and copier repairs. This too is not a new area. What is new is using consumer-grade equipment like the iPad, standard communications technologies like Bluetooth and WiFi, and standard application languages like JavaScript and environments like HTML5. Again, it’s oldfashioned industrial computing made easier through modern technolo-gies, then rebranded as IoT.

You’ll see more of it. As an example, Motorola Solutions recently announced a Bluetooth barcode scanner that works with Android and iOS devices. Such scanning equipment is proprietary and expensive. Special training is also required to use and maintain them. By making the scanner a Bluetooth peripheral for common mobile devices changes that equation. Now, your employees can use equipment they likely know how to operate, using Web or native apps that are familiar to them to control the peripheral. There are many examples of using mobile devices as computing hubs to sensors and specialty peripherals, especially around Bluetooth. This is going to change the specialty-gear industry in profound ways. It’s already altering the consumer sphere, with everything from fitness wearables to ice-fishing aides. But cheaper, easier-to-use equipment running on common devices is merely the first step. What comes next is what I call smart systems. Because these peripherals are connected to, in essence, mobile computers and those in turn can be connected to the Internet and all available cloud resources, they form a network of both data and operation. This is where the “IoT” label rightfully applies. What do I mean by that kind of network? Think of a delivery driver, who now has a signature pad that collects your signature and lets the driver input status like “addressee not home, package not delivered.” The data could then be transmitted via a radio in the truck so that the ship-

ping info is updated on the tracking website that both the sender and recipient can monitor. That existing technology has proven quite useful, but imagine if the signature pad were a peripheral or used a tablet’s touchscreen. If the addressee is not home, the driver could take a photo of where the package was left, so the person knows where to look for it—or of the menacing dog preventing delivery or of the person who signed for the package (because they almost never ask for ID). That’s just the camera. If Bluetooth-powered door locks ever take off, they could interact with a backend service for which the addressee has door-lock access rights temporarily, so the driver could open the door to leave the package in a safe location. As the day progresses, the status of deliveries could be compared for nearby trucks, allowing transfer of cargo to equalize workload—or even shift packages to a second driver who can revisit an address that day knowing the person is now available, rather than ship the package back to the distribution center and try the whole process the next day. All the pieces exist in some form today, but their distribution is uneven— both the hardware and the cloud-connected apps. As they become more common, we’ll get smarter interactions that let us improve service in a whole range of fields, not simply package delivery. A quick example: A smart pillbox coupled with the sensors in a wearable or smartphone could allow remote monitoring of

patients anywhere and provide a way for the patient to engage back. Such technology is already in trial sessions. But these trials focus on the center monitoring the edge: the patient, the home alarm, and so on. They’re not so focused on the reverse, which is letting the edge query the center — the delivery service, the doctor’s office, the alarm company. That’ll come after the center-to-edge uses are in place. Once a connection

smartphone or tablet, running apps for each service and collecting alerts into email or messaging apps. The user is the integrator. What’s changing here is the growing collection of ecosystems. Apple is the furthest along in this effort, with its three ecosystem integration APIs debuting this fall in iOS 8 and OS X Yosemite: HomeKit for home automation devices, CloudKit for cloud storage and sync, and HealthKit for fitness and medical devices.

It’s also why so many providers want to be the ecosystem of choice. Apple is the furthest along, but Google is also pushing hard on several fronts including its Nest purchase, its Chromecast effort, and its active participation in the Thread effort. Samsung has talked about similar efforts, but its execution has been, to be polite, uneven. The carriers all want to be the hub for such an ecosystem, too, so they can charge even more monthly access fees.

The carriers all want to be the hub for such an ecosystem, too, so they can charge even more monthly access fees. Most large telephone and cable companies are trialing such subscription-based homeautomation hubs, but they’re likely to fail. is set, exploiting it in two directions becomes much easier. Then we’ll see connections across multiple systems in a federation, in the same vein we’ve seen in the Internet and the cloud.

THE AD HOC IOT IS WELL UNDER WAY The third IoT segment is the least controlled. That’s both good and bad. If you’re a techie, you probably have several IoT devices: an Apple TV or Google Chromecast, a Nest or Honeywell Lync thermostat, an Internet-connected Liftmaster garage door opener, your car’s Bluetooth ignition lock, and so on. Some interact, some don’t. Some should, some shouldn’t. When they interact, and when they should, is often a personal choice for the user’s context. It’s ad hoc and, thus, messy. If there’s an integration point it’s usually a

On iPhones, the new Health app in iOS 8 acts as a central repository, managed by the user, of health information provided by the compatible devices and cloud services that users choose. It can also be a conduit to other systems, whether an electronic health records system or a weight-loss service. Apple is using non-network connectivity to make its Macs and iOS devices federate on the fly in what I call “liquid computing,” bringing IoT to more than small devices. This integration is still ad hoc, but it’s organized by a specific ecosystem. It’s not so much a closed system as it is a compatible system, sort of like Windows was in the PC era for software and hardware. This native compatibility allows easier interoperability, which lets create a custom IoT. That’s powerful.

Most large telephone and cable companies are trialing such subscriptionbased home-automation hubs, but they’re likely to fail. One reason is that users hate these companies and their log track record of arrogantly bad customer service. The other is that their vision is quite narrow, covering a small collection of things and in a way that is about user lock-in rather than empowerment. Only a fool would trap themselves in a carrier-based offering. All this leaves us with a set of distinct but overlapping markets all sharing the “IoT” label. They may share some technology underpinnings and basic characteristics, but that’s like thinking of PCs, networking, and databases as the same because they are all computer technologies. IoT is many things. Understand the one that matters to you. 

NOVEMBER 2014

INDIAN CHANNELWORLD

n FOCAL POINT | INTERNET OF THINGS

What IoT

Really Means

Get past the confusion caused by all those technologies claiming to be in the Internet of things. By Galen Gruman

or go to a conference these days, and someone is likely trying to sell you on the concept of the Internet of things. However, the Internet of things doesn’t necessarily involve the Internet, and sometimes things aren’t actually on it, either. In some cases, IoT is simply a buzz phrase that companies use to sell whatever they’ve long had—just as the cloud, green, Internet, e-, and mobile labels have long been abused. IoT has a real meaning that’s useful to understand, as it will affect every corner of both IT and consumer technology. 32

NSWER A call

At its core, the Internet of things means just an environment that gathers information from multiple devices (computers, vehicles, smartphones, traffic lights, and almost anything with a sensor) and applications (anything from a social media app like Twitter to an e-commerce platform, from a manufacturing system to a traffic control system). Basically, you need data and a means to access it— that’s where the “Internet” label comes from, though of course you don’t need the Internet itself, or even an always-on network connection. The Internet may be the backbone of an In-

INDIAN CHANNELWORLD NOVEMBER 2014

ternet of things, but it’s not the only bone in that body. Then you need something that works with that information to analyze it, act on it, or otherwise process it. That something is typically software, whether automated, semi-automated, or human-controlled.

THE INTRIGUE OF THE INTERNET OF THINGS Where the Internet of things gets interesting is when you combine information from devices and other systems in novel ways, tapping into the huge processing capabilities available today to do the kinds of expansive analysis

usually associated with the concept of big data—meaning analysis of data not necessarily designed to be analyzed together. Otherwise, you’re talking about sensor networks and machine-to-machine (M2M) networks common in factories, hospitals, warehouses, and even streets (think the streetlights and “next bus” electronic signs) or networkconnected product systems (like an Apple TV-based entertainment system, the Bluetooth stereo in your car, or iPod Touch-based cash registers in retailers)—useful but not profoundly new. To achieve the notion of the Internet of things, you need most of the following pieces in place: Network connectivity, which is typically wireless; sensors and/ or user input that capture or generate data; and computational capabilities, at the device and/or back-end. I say “most” because you could have a storeand-forward connectivity approach such as plugging a device into a USB port on a computer. Store-andforward is essential in any case, because connectivity is not ubiquitous, so you need a way to send data captured when offline. That’s a hallmark of the Internet, which was initially designed to allow communications even after a nuclear war through store-and-forward and auto-rerouting.

PUTTING THINGS IN THE INTERNET OF THINGS You need things, but they need not be independent items like printers or earbuds or sneakers or golf clubs. A thing in an Internet of things could be sim-

ply status information, such as where you are or where the temperature is at a certain location or the engine temperature—that may be collected through a general-purpose device such as a computer or smartphone. In other words, the thing itself need not be in an Internet of things, though data about it must. And you need a real purpose for having all these connected devices. There are thousands of possible purposes—perhaps millions. That is why the Internet of things is not a thing but a concept that can be applied to all sorts of things. In most cases, those purposes are expressed through applications or services—whether local, cloud-based, datacenterbased, or a combination of any or all of those.

In some cases, the services sift through huge amounts of data, which Hadoop and other big data technologies in combination with cloud services now makes possible. But an Internet of things doesn’t have to involve big data—there are small-data uses too, such as the Web of sensors on highways to detect chemical and nuclear weapons that are always monitoring but transmit only when an anomaly is detected. Combine that sensor network with traffic management systems, electronic highway signage and perhaps emergency broadcast notices, first-responder deployments, and so on, and you get a public-safety Internet of things. Its versatility is what opens up so many possibilities for the Internet

BECAUSE

Better information EQUALS

of things. For example, running an app like Foursquare or Google Now that monitors user locations takes an existing set of devices (smartphones), their sensors (location data), and their network connectivity to aggregate information to a data center somewhere in the cloud that uses that information for, in this case, ad delivery and market research. It’s an example of how the IoT can simply be an application taking advantage of today’s connected environment.

TWO (OR MORE) IS BETTER THAN ONE An Internet of things can enable hybrid uses. For the car example, multiple services might get pieces of that automobile and travel data for everything from traffic management to in-

“ We encourage partners to chalk out a long-term strategy, each time an organization needs a new security widget. - Andrew Littleproud, President, McAfee

Better business Read the latest interviews from the biggest names of leading IT organisations on their company direction, technology roadmap and channel strategies.