InformationWeek India April 2013 by Viraj Mehta

Edit

Can mobile solutions transform the economy? hat can your humble mobile phone do? Plenty, if the GSM Association (GSMA) has to be believed. A recent report by the GSMA developed in collaboration with PwC, states that innovative mobile solutions can revolutionize peopleâ&#x20AC;&#x2122;s lives over the next five years. The report says that mobile-enabled solutions can save 1 million lives and used to great effect in the fight against malaria, TB and HIV. For example, in the state of Andhra Pradesh, the NIC team has developed an integrated disease surveillance program, which uses mobile phones to proactively track and prevent diseases. Information on diseases and their impact is automatically marked on maps for health authorities to pinpoint the exact locations, where the disease outbreak is severe. More recently, Nokia India and Arogya World announced that they have enrolled 1 million people into mDiabetes, an innovative diabetes prevention mobile health initiative. Alerts have been sent in 12 regional languages informing users about diabetes and its prevention with lifestyle changes. As mobile phones are ubiquitous, and are becoming smarter and cheaper by the day, their impact on every sector is bound to be huge and transformative in nature. As the GSMA report notes, besides healthcare, mobile-enabled automotive solutions can improve food transport and storage, and help in feeding more than 40 million people annually. Mobileenabled education systems can enable 180 million students to further their education. Truly, mobile phones and tablets have become so popular, that enterprises are now going beyond building mobile functionalities on top of their existing systems. CIOs are now using smartphones and tablets to push customer service to new heights of excellence. Godrej Properties, for example, is using iPads to virtually showcase flats to its customers. Similarly, Leela Palaces, has introduced in-room iPads, wherein a guest can use the iPad as a console to change lighting in the room, or open the door. The potential for transformation is huge in every sector, and a young India is leading the charge. For example, when the news of the horrific Delhirape incident angered the whole country, several entrepreneurs pitched in to either develop or offer free smartphone apps for ensuring women safety. Apps are now being created for every business or personal need. We have apps for booking autorickshaws, for monitoring our calorie intake, and even for contesting in Indian Idol contests. A sign that apps have become intrinsic to our lives, can be seen from the recent announcement by the Government of India, inviting developers to develop innovative apps on the Android platform that can be used by citizens to avail public services. With more and more users accessing the Internet via their mobile phones, one can expect a significant transformation in the overall economy. From providing banking to the unbanked, ensuring education to the underprivileged, and providing basic healthcare to the poor â&#x20AC;&#x201D; mobile phones can succeed where traditional solutions have failed to deliver.

As mobile phones are ubiquitous, and are becoming smarter and cheaper by the day, their impact on every sector is bound to be huge and transformative in nature

u Srikanth RP is Executive Editor of InformationWeek India. srikanth.rp@ubm.com

informationweek april 2013

www.informationweek.in

contents Vo l u m e

I ss u e

0 6

A p r i l

20 1 3

18 Cover Story 11 interesting use cases of enterprise mobility in Indian enterprises From healthcare organizations, insurance firms to cement manufacturing companies and retail establishments, Indian companies across verticals are accruing significant business benefits by adopting enterprise mobility. InformationWeek takes a detailed look at 11 enterprises that are leading the way in showing how mobile platforms can be used innovatively to increase employee productivity, enhance customer service and bring in process efficiencies

Indian CIOs use tablets innovatively to push customer service excellence to new level From real estate to the services sector, Indian enterprises are taking customer service standards to a new level by using tablets innovatively

Cover Design : Deepjyoti Bhowmik

The rising trend of enterprise mobility opens new opportunities for vendors Realizing the business benefits of mobility, various industry verticals have started mobile-enabling apps specific to their distinct needs. Vendors are pursuing this opportunity and are coming up with unique enterprise mobility applications and solutions for specific industry verticals

The story behind India’s first commercial NFC payments solution PVR’s new app for the BB10 platform boasts the country’s first NFC-based payment system and constitutes a small revolution for mobility in India. We take a closer look at its inner workings and the backend infrastructure that promises to transform your retail experience in the future

case study

BYOD ROI: Intel sees annual productivity gain of 5 million hours from BYOD in 2012 The global consumerization initiative across offices in 65 countries has helped Intel’s employees save an average of 57 minutes daily

Do you Twitter? Follow us at http://www.twitter.com/iweekindia

informationweek april 2013

Find us on Facebook at http://www.facebook. com/informationweekindia

BSE slashes operational costs by adopting Linux Asia’s oldest stock exchange has saved huge costs by deploying SUSE Linux for powering a majority of its applications

If you’re on LinkedIN, reach us at http://www.linkedin.com/ groups?gid=2249272

www.informationweek.in

THE BUSINESS VALUE OF TECHNOLOGY

interview 38 ‘Mobility poised to play a significant role in healthcare’ Dr. Ruchi Dass Founder & CEO, HealthCursor Consulting Group

interview 40 How Wikipedia plans to use mobile phones for empowering knowledge seekers Kul Takanao Wadhwa Head of Mobile, Wikimedia Foundation

10 11 12

Vishal Sharma Founder & Evangelist, appycab

56 interview ‘Interoperability among video endpoints and service providers is critical’ Alan Benway ED, AT&T Business Solutions

EDITORIAL �� 4

42 percent of IT leaders have invested in Big Data or plan to do so within a year: Gartner survey

INDEX �� 8

NASSCOM announces 10,000 Start-ups program

news analysis �� 16

Rogue clouds prevalent in nearly 90 percent of Indian organizations 77 percent of Indian users use mobile for social media

opinion ��44, 61, 64, 65

Android to dominate 2013 mobile app downloads

FEATURE ��46, 48, 57

Cisco launches cloud-based remote education platform for Indian classrooms VMware ups R&D focus in India

Mumbaikars can use free Android App to book autorickshaw in real time by June

News

Wipro launches cloud-based healthcare platform in partnership with Microsoft

42 interview

cio profile ��66

analyst angle �� 67

Maharashtra Government teams up with Microsoft to create apps for addressing social issues

global cio �� 69

Global public cloud services market to total USD 131 billion in 2013

down to business �� 70

april 2013 i n f o r m at i o n w e e k 7

Imprint

VOLUME 2 No. 06 n April 2013

Managing Director Printer & Publisher Associate Publisher & Director Editor-in-Chief Executive Editor Principal Correspondent Correspondent Principal Correspondent Senior Correspondent Copy Editor

: Joji George : Kailash Pandurang Shirodkar : Anees Ahmed : Brian Pereira : Srikanth RP : Jasmine Kohli : Varun Haran : Ayushman Baruah (Bengaluru) : Amrita Premrajan (New Delhi) : Shweta Nanda

Design Art Director Senior Visualiser Senior Graphic Designer Graphic Designer

: : : :

Marketing Marketing Head

: Samta Datta

online Manager—Product Dev. & Mktg. Deputy Manager—Online Web Designer Sr. User Interface Designer

: : : :

Deepjyoti Bhowmik Yogesh Naik Shailesh Vaidya Jinal Chheda, Sameer Surve

Viraj Mehta Nilesh Mungekar Nitin Lahare Aditi Kanade

Operations Head—Finance Director—Operations & Administration

: Yogesh Mudras : Satyendra Mehra

Management Service

: Jagruti Kudalkar

Sales Mumbai Manager- Sales : Ranabir Das ranabir.das@ubm.com (M) +91 9820097606 Marvin Dalmeida marvin.dalmeida@ubm.com (M) +91 8898022365 Bengaluru Manager—Sales : Kangkan Mahanta kangkan.mahanta@ubm.com (M) +91 89712 32344 Sudhir K sudhir.k@ubm.com (M) +91 9740776749 Delhi Manager—Sales : Rajeev Chauhan rajeev.chauhan@ubm.com (M) +91 98118 20301 Sanjay Khandelwal sanjay.khandelwal@ubm.com (M) +91 9811764515 Production Production Manager

: Prakash (Sanjay) Adsul

Circulation & Logistics Deputy Manager

: Bajrang Shinde

Subscriptions & Database Senior Manager Database : Manoj Ambardekar manoj.ambardekar@ubm.com Assistant Manager : Deepanjali Chaurasia deepanjali.chaurasia@ubm.com

print online newsletters events research Head Office UBM India Pvt Ltd, 1st floor, 119, Sagar Tech Plaza A, Andheri-Kurla Road, Saki Naka Junction, Andheri (E), Mumbai 400072, India. Tel: 022 6769 2400; Fax: 022 6769 2426 International Associate Offices USA Huson International Media (West) Tiffany DeBie, Tiffany.debie@husonmedia.com Tel: +1 408 879 6666, Fax: +1 408 879 6669 (East) Dan Manioci, dan.manioci@husonmedia.com Tel: +1 212 268 3344, Fax: +1 212 268 3355 EMEA Huson International Media Gerry Rhoades Brown, gerry.rhoadesbrown@husonmedia.com Tel: +44 19325 64999, Fax: + 44 19325 64998 Japan Pacific Business (PBI) Shigenori Nagatomo, nagatomo-pbi@gol.com Tel: +81 3366 16138, Fax: +81 3366 16139 South Korea Young Media Young Baek, ymedia@chol.com Tel: +82 2227 34819; Fax : +82 2227 34866

Editorial index Person & Organization Alan Benway, AT&T ......................................................56 Alpana Doshi, RIL ..........................................................33 Amit Bhatia, PVR ...........................................................37 Anil Nadkarni, Thermax...............................................22 Anoop Handa, Fullerton India.................................66 Ashok Asawale, Mahindra & Mahindra.................25 Avishek Mukhopadhyay, Mindtree .......................29 Chandrakant Deshmukh, Mastek...........................30 Daya Prakash, LG Electronics....................................18 Dr. Ruchi Dass, HealthCursor Consulting Group .............................38 Eswaranatarajan N, ICICI Lombard.........................19 Gaurav Agarwal, InMobi.............................................53 H Sudarshan Ballal, Manipal Hospital....................22 Jayantha Prabhu, Essar Group..................................21 Jeby Cherian, IBM..........................................................51 Jitender Verma, PVR Cinemas...................................36 Jitendra Singh, HIL Limited.......................................33 Joydeep Dutta, ICICI Securities................................27 Kersi Tavadia, BSE...........................................................50 Kishore Banerjee, Wind World India.......................26 Kul Takanao, Wikimedia Foundation ....................40 Meenakshi Agarwal, MIAL.........................................33 Naveen Chopra, Vodafone Business Services....29

Printed and Published by Kailash Pandurang Shirodkar on behalf of UBM India Pvt Ltd, 6th floor, 615-617, Sagar Tech Plaza A, Andheri-Kurla Road, Saki Naka Junction, Andheri (E), Mumbai 400072, India. Executive Editor: Srikanth RP Printed at Indigo Press (India) Pvt Ltd, Plot No 1c/716, Off Dadaji Konddeo Cross Road, Byculla (E), Mumbai 400027.

Neeraj Gill, Polycom......................................................30 Parminder Singh, BPTP Limited..............................32 Pramod Kumar, Newgen Software ........................21 Prashant Veer Singh, Bharti Infratel.......................20 R Venkateswaran, Persistent Systems ..................29 Ranjan Tayal, Ramco Systems...................................30

RNI NO. MAH ENG/2011/39874

Ravish Jhala, The Leela Palaces................................26 Shailesh Joshi, Godrej Industries............................25

ADVERTISERS’ INDEX

Srinivas Tadigadapa, Intel..........................................34

Company name Page No.

Website Sales Contact

Sudehndu Bali, Lodha Group..................................32

Interop

2 www.interop.in

salil.warior@ubm.com

Sunil Soni, Punjab National Bank...........................32

CloudConnect

3 www.cloudconnectevent.in salil.warior@ubm.com

ICSC

5 www.icse.in

Sunil Varkey, Wipro Technologies..........................33

FTS

7 http://fts.informationweek.in anees.ahmed@ubm.com

Emerson

15 emersonnetworkpower.com marketing.india@emerson.com

Varadarajan N, Madras Cements.............................20

4 G World

Vijay Sethi, Hero MotoCorp.......................................23

www.4gworldindia.com

anees.ahmed@ubm.com

yogesh.joshi@ubm.com

TFM&A

43 www.tfmaindia.com.in

salil.warior@ubm.com

Dell

71 www.dell.co.in

www.dell.co.in/domore

Microsoft

72 www.windowsserver2012.in microsoft.in/readynow

TG Dhandapani, TVS Motor Company..................21

Vinayak Khadye, India First Life Insurance...........27 Vishal Sharma, appycab..............................................42

Important Every effort has been taken to avoid errors or omissions in this magazine. In spite of this, errors may creep in. Any mistake, error or discrepancy noted may be brought to our notice immediately. It is notified that neither the publisher, the editor or the seller will be responsible in respect of anything and the consequence of anything done or omitted to be done by any person in reliance upon the content herein. This disclaimer applies to all, whether subscriber to the magazine or not. For binding mistakes, misprints, missing pages, etc., the publisher’s liability is limited to replacement within one month of purchase. © All rights are reserved. No part of this magazine may be reproduced or copied in any form or by any means without the prior written permission of the publisher. All disputes are subject to the exclusive jurisdiction of competent courts and forums in Mumbai only. Whilst care is taken prior to acceptance of advertising copy, it is not possible to verify its contents. UBM India Pvt Ltd. cannot be held responsible for such contents, nor for any loss or damages incurred as a result of transactions with companies, associations or individuals advertising in its newspapers or publications. We therefore recommend that readers make necessary inquiries before sending any monies or entering into any agreements with advertisers or otherwise acting on an advertisement in any manner whatsoever.

informationweek april 2013

www.informationweek.in

News B i g D ata

42 percent of IT leaders have invested in Big Data or plan to do so within a year: Gartner survey After a few years of experimentation and early adopter successes, 2013 will be the year of larger scale adoption of Big Data technologies, according to Gartner. According to a worldwide Gartner survey of IT leaders, 42 percent of respondents stated they had invested in Big Data technology, or were planning to do so within a year. “Organizations have increased their understanding of what Big Data is and how it could transform the business in novel ways. The new key questions have shifted to ‘What are the strategies and skills required?’ and ‘How can we measure and ensure our return on investment?’” said Doug Laney, Research VP at Gartner. Organizations are becoming aware that Big Data initiatives are critical because they have identified obvious or potential business opportunities that cannot be met with traditional data sources, technologies or practices. In addition, media hype is often backed with rousing use cases.

Gartner predicts that by 2015, 20 percent of Global 1000 organizations will have established a strategic focus on “information infrastructure” equal to that of application management. In anticipation of Big Data opportunities, organizations across industries are provisionally collecting and storing a burgeoning amount of operational, public, commercial and social data. Yet in most industries — especially government, manufacturing and education —

combining these sources with existing underutilized “dark data” such as e-mails, multimedia and other enterprise content often represents the most immediate opportunity to transform businesses. Although most of the Big Data hype is about handling the size and speed of data available, the research shows that the ultimate wins will be from those making sense of the broadening range of data sources. — InformationWeek News Network

S o f t wa r e

NASSCOM announces 10,000 Start-ups program NASSCOM recently announced the launch of “10,000 Start-ups”, a program aimed at incubating, funding and supporting 10,000 technology start-ups in India over the next 10 years. The program is partnered by Indian Angel Network and supported by Google, Microsoft and Verisign. 10,000 start-ups brings together key stakeholders of the ecosystem including start-up incubators/accelerators, angel investors, venture capitalists, start-up support groups and technology corporations to support entrepreneurs at early stages of their venture. The program will focus on three core pillars to achieve the above goals: 1. Evangelize and create awareness about technology entrepreneurship

informationweek april 2013

as a preferred career option. 2. Engage with aspiring entrepreneurs through digital/social channels and start-up support groups to create entrepreneurial capability. 10,000 startups program will facilitate over 7,000 start-up events like hackathons, investor roadshows and best practices workshops across 30 cities. 3. Incubate and facilitate funding of 10,000 start-ups through partnerships with some of the leading incubators/accelerators and angel networks in India. 10,000 Startups will also extend support to incubators/funding partners in the form of industry connects and co-working infrastructure and a start-up kit consisting of hosting credits and

other technology and business tools valued over USD 25,000. Som Mittal, President NASSCOM, said, “10,000 start-ups aims to catalyze the technology start-up ecosystem by 5X. This is one of the largest initiatives that NASSCOM is undertaking and will be vital to realize the industry vision of USD 300 billion by 2020”. Rajan Anandan, VP and MD, Google India said, “At Google we are very excited about the possibilities that India represents and are committed to extend all the support to make this initiative a roaring success. We will work very closely with NASSCOM and all the players in the ecosystem to boost the technology innovation rate in India.” — InformationWeek News Network

www.informationweek.in

Mobile

Cloud Computing

Rogue clouds prevalent in nearly 90 percent of Indian organizations Indian organizations are widely migrating to the cloud to gain competitive advantages around speed, agility and flexibility, according to Symantec Corp’s. recent ‘Avoiding the Hidden Costs of Cloud 2013’ survey. In fact, nearly all the surveyed large and small businesses in the country are at least discussing cloud. However, increasing complexity and the proliferation of “rogue clouds” — prevalent in about 90 percent of Indian businesses, according to the survey — is resulting in escalating costs related to cloud. Rogue clouds are defined as business groups implementing public cloud applications that are not managed by or integrated into the company’s IT infrastructure. Other key survey findings showed enterprises and SMBs are experiencing escalating costs tied to complex backup and recovery, and inefficient cloud storage. “For Indian businesses cloud computing means reduced CAPEX, more predictable OPEX, easier management, enhanced scalability and better disaster preparedness,” said Anand Naik, Managing Director-Sales, India & SAARC, Symantec.“ However, in a rush to implement cloud, a majority of organizations in India are unwarily incurring hidden costs, which can be avoided by taking control of cloud deployments while also minimizing the data control and security risks linked with rogue cloud use.” According to the survey, rogue cloud deployments are one of the cost pitfalls. It is a surprisingly common problem, found in 89 percent of Indian

enterprises and 92 per cent of Indian SMBs within the last year. Among Indian enterprises who reported rogue cloud issues, 57 percent experienced the exposure of confidential information, and more than a third faced account takeover issues, defacement of web properties, or stolen goods or services. The survey found that top rogue cloud issues for Indian SMBs include security, data protection and loss of confidential information. The challenge is escalating, with nearly half (48 percent) of Indian SMBs indicating that rogue cloud deployments are becoming more frequent. The most commonly cited reasons by Indian businesses for undertaking rogue cloud projects were to save time and money. The survey also revealed that nearly two-thirds of organizations lost cloud data (60 percent of enterprises and 70 percent of SMBs), and most (80 percent) experienced recovery failures. Finally, most see cloud recovery as a slow, tedious process; 85 percent estimate it would take three or more days to recover from a catastrophic loss of data in the cloud. With growing regulatory and internal compliance frameworks, the survey revealed that two-thirds of Indian enterprises are concerned about not only meeting compliance requirements, but also proving it. However, nearly half (47 percent) have been fined for privacy violations in the cloud within the past 12 months. — InformationWeek News Network

77 percent of Indian users use mobile for social media The number of social media users in urban India reached 62 million by December 2012, and it is estimated to reach 66 million by June 2013, according to a report on Social Media in India, by the Internet and Mobile Association of India (IAMAI) and IMRB. According to the report, about 74 percent of all active Internet users in urban India use social media.

The report finds that of the social media users, 34 percent are from the top 8 metros while 35 percent of the total users are from small towns of population up to 5 lakh.The report further finds that the highest proportion of social media usage was observed among the demographic segments of “Young Men” and “College Going Students”, with 84 percent and 82 percent penetration levels respectively. —InformationWeek News Network

april 2013 i n f o r m at i o n w e e k 11

News Mobile

Android to dominate 2013 mobile app downloads Smartphone owners are expected to download about 56 billion apps this year, reports ABI Research. The lion’s share of those apps will head to Android devices, with Apple, Microsoft and BlackBerry trailing Google. Of the 56 billion app downloads, nearly 58 percent of them, will go to Android smartphones. Apple iPhone owners will download 18.5 billion apps, representing about 33 percent of the 56 billion total. That means 88 out of every 100 apps downloaded in 2013 will come from the Google Play Store or the iTunes App Store. Considering that Android and iOS together account for nine out of every 10 smartphones sold, these figures line up nicely. Similarly, Microsoft and BlackBerry’s shares of the overall app market will reflect their respective share of the smartphone market. ABI expects Windows Phone owners to download 2.25 billion apps,

making up just 4 percent of the total app market. BlackBerry smartphone owners are expected to download about 1.7 billion apps, or 3 percent of the total app market. The app market for tablets, however, looks a bit different. ABI believes tablet owners will download about 14 billion apps throughout 2013. The Apple iPad will crush every other tablet in terms of app downloads. iPad apps will amount to 75 percent, or 10.5 billion, of the tablet app downloads this year. Google’s Android tablet share is a distant second, with 17 percent, or 2.4 billion, of the tablet app downloads. ABI accounts for Amazon Kindle Fire apps separately. About 4 percent of the apps downloaded to tablets this year, or about 560 million, will go to the Kindle Fire. As expected, Microsoft’s share of the tablet app market will be laughable at about 2 percent. — InformationWeek USA

Cloud Computing

Wipro launches cloud-based healthcare platform in partnership with Microsoft Wipro Technologies recently announced the launch of the Wipro AssureHealth platform in partnership with Microsoft. This is primarily targeted at healthcare providers to deliver innovative solutions for remote fetal monitoring and cardiac care that will ensure high quality treatment at reduced costs, especially for chronic diseases. The Wipro AssureHealth platform leverages Microsoft’s cloud, mobility and analytics offerings to allow care providers to monitor patients regularly and precisely. This is done through hosted services and mobile apps that integrate medical devices, IT Infrastruc-

informationweek april 2013

ture and 24/7 customer support, to deliver highly scalable solutions. The fetal monitoring service delivers accurate recordings of maternal, fetal heart rate and uterine activity from the expectant mother to the physician over his/her mobile device, thereby enhancing the doctors ability to provide enhanced care to patients. The cardiac solution is based on AssureHealth software platform and delivers continuous wearable, ambulatory, non-obtrusive ECG data. It is designed to assist cardiologists to monitor and manage patients with angina, myocardial infarction, post cardiac procedures

like stent, pacemaker and bypass as well as cardiac failures, from anywhere, through their smartphone or tablets. T K Padmanabha, CTO, Wipro Infotech, India and Middle East Business of Wipro, said, “Mobility-assisted medical technology will be pivotal in increasing convenience for physicians and the patients. Through Wipro AssureHealth platform and our current choice of Microsoft platform stack, we help healthcare providers to not only improve their customer satisfaction but also generate new revenue streams.” — InformationWeek News Network

www.informationweek.in

Cloud Computing

Cisco launches cloud-based remote education platform for Indian classrooms Creating a milestone in the Indian education market, Cisco recently announced the Cisco Education Enabled Development (CEED 2700) solution. This collaborative, cloud-based video interaction solution will enable efficient delivery of education and skills development courses across the country, facilitating inclusive growth and empowering rural India. Codenamed ‘Dwara’ (after the Sanskrit word for portal to signify a doorway to a new future), the product is the first of Cisco’s ‘Internet of Everything’ solutions from India. This solution will enable vast rural populations to access expert teachers and master trainers Aravind Sitaraman, President, Inclusive Growth, Cisco, said, “CEED is Cisco’s first step towards bringing inclusive growth to rural areas using the latest technology at extremely affordable prices. It has the potential to revolutionize learning and skills

development in the country and help the nation leapfrog several generations to realize its dream of becoming a developed nation by 2050. We are very proud to have developed this product from our site in India and simultaneously realize our vision to bring cost of technology in education down to a very affordable USD 1 per child per month.” ‘CEED’ is a comprehensive integrated and open learning platform designed to utilize Cisco Collaboration suite to deliver cloud-driven live and hosted video and other content. With the enablement of remote teaching and learning, every rural school can now offer the same level of expert teaching that is available only to children in cities. Similarly, the solution brings the skills of master trainers to youth in remote areas. The students can also ask real-time questions. — InformationWeek News Network

S o f t wa r e

VMware ups R&D focus in India VMware recently announced multi-year investment of USD 120 million that includes a long-term lease for a new 420,000 square foot building in South Bangalore, currently under construction. VMware’s India-based R&D and support operations are second in size and scale only to those at the company’s headquarters located in Palo Alto, California, U.S. Existing facilities in Bangalore will be consolidated into the new state-ofthe-art premises, which will seat 2,700 employees when ready next year. The campus will accommodate new and ongoing product R&D, as well as a

large staff supporting VMware’s global operations and India’s sales teams. VMware’s R&D operations in India make a significant contribution to the company’s portfolio of virtualization and cloud computing products, designed to help VMware customers navigate the journey to a new era of IT. Developers in Bangalore and Pune contribute important components of VMware’s key technologies — softwaredefined data center, hybrid cloud and end-user computing. Announcing plans for the new campus, VMware CEO Pat Gelsinger said, “India’s world-class IT expertise,

impressive talent pool and industrial development make this country crucially important to VMware’s global growth strategy.” VMware established a presence in India in 2005 and today serves about 3,000 customers, employs some 2,000 staff and works with 100 partners. Over the last eight years, offices have been opened in New Delhi, Mumbai, Bangalore, Chennai, Kolkata, Pune, Hyderabad and Colombo in Sri Lanka, with R&D centers in Bangalore and Pune. — InformationWeek News Network

april 2013 i n f o r m at i o n w e e k 13

News Mobile

Maharashtra Government teams up with Microsoft to create apps for addressing social issues Microsoft recently kicked off Windows AppFest in collaboration with the Government of Maharashtra to build apps for social good. The initiative will encourage app developers to ideate and create solutions that address social and civic issues. These apps will help civil authorities seek alternative methods of interacting with citizens. The top three apps will be selected for a presentation at a conference hosted by Asian Development Bank. “App marketplaces are now proving to be viable platforms to host e-governance and socially relevant apps. Such apps can provide citizen-centric services in a secure manner, while ensuring increased transparency, reliability and efficiency in services. Cloud computing also enables e-governance

solutions to be much more scalable and accessible. Microsoft, with its various initiatives including the Windows AppFest for social good in Pune, provides a good platform for app builders to ideate and create solutions to address social and civic issues,” said Rajesh Aggarwal, Secretary IT, Government of Maharashtra. Sanket Akerkar, MD, Microsoft Corporation India said, “As the world gravitates towards a plethora of new devices and form factors, two things are going to be the key — apps and the cloud to power those apps. The collective capability of the developer population in India is going to play a key role in fueling this movement across the world.” — InformationWeek News Network

Cloud Computing

Global public cloud services market to total USD 131 billion in 2013 The public cloud services market is forecast to grow 18.5 percent in 2013 to total USD 131 billion worldwide, up from USD 111 billion in 2012, according to Gartner. Infrastructure as a service (IaaS), including cloud compute, storage and print services, continued as the fastest-growing segment of the market, growing 42.4 percent in 2012 to USD 6.1 billion and expected to grow 47.3 percent in 2013 to USD 9 billion. Cloud advertising continues to be the largest segment of the cloud services market, comprising 48 percent of the total market in 2012. Gartner predicts that from 2013 through 2016, USD 677 billion will be spent on cloud services world-

informationweek april 2013

wide, USD 310 billion of which will be spent on cloud advertising. Although there is wide variation between cloud services market subsegments, strong demand is anticipated for all types of cloud services offerings. The cloud business process services segment (BPaaS) is the second-largest market segment after cloud advertis-

ing, comprising 28 percent of the total market in 2012, followed by cloud application services (software as a service [SaaS]) at 14.7 percent, cloud system infrastructure services (IaaS) at 5.5 percent, cloud management and security services at 2.8 percent, and cloud application infrastructure services (platform as a service [PaaS]) at 1 percent. North America is the largest region in the cloud services market, accounting for 59 percent of all new spending on cloud services from 2013 through 2016. Western Europe remains the secondlargest region and will account for 24 percent of all new spending during the same time period — InformationWeek News Network

www.informationweek.in

News Analysis

Did Yahoo’s mayer slap social in the face? Yahoo CEO Marissa Mayer’s edict that all Yahoo employees must work in the office doesn’t please social business technology fans. But Yahoo insists this is about much more than social By Debra Donston-Miller

ocial business apps are designed to enable workplaces to collaborate no matter where employees are located, including their homes. So, is Yahoo CEO Marissa Mayer’s recent edict that all Yahoo employees must work in the office a slap in the face of social business? Or is it a sign that social business — and social media in general — has ironically made human beings less social, with Yahoo among the first of many companies that will take coursecorrecting action? Starting in June, any Yahoo employee who is currently working from home will have to work full time in a Yahoo office. The Yahoo memo touched off a firestorm of response. And that’s not surprising, since Mayer’s new rule seems to fly in the face of pretty much every major new technology category — and evolution — that has emerged in the last several years. Cloud. Mobile. Social. Each of these technologies, and all of them taken together, has enabled employees in the 21st century workplace to work more flexibly and, theoretically, more effectively. These technologies have removed time and geography boundaries. But Yahoo seems to imply that unless people are in the same physical workspace, they cannot be truly effective. So, one might extrapolate, social business software can be truly effective only if there is also some literal faceto-face, elbow-to-elbow interaction occurring. Although Yahoo’s new stance toward working from home is not directly an indictment of social media, it certainly doesn’t stand as a ringing endorsement. It’s also among some signs of social media backlash that we have been seeing lately. For example, journalist and author Julia Angwin

informationweek april 2013

recently wrote an article explaining why she had decided to unfriend everyone that she was friends with on Facebook. The reasons, she wrote, have a lot to do with Facebook’s inability to provide adequate privacy protection, as well as a lack of “contextual integrity”. Angwin explains contextual integrity in her post as a fancy way of saying that when she shares information with a certain group or friend on Facebook, she is often surprised by where the data ends up. Not knowing where data will end up or how it will be interpreted is an issue with any form of electronic communica-

full time. With IM, PDFs, my smartphone, high-speed wireless and, yes, social media, I could do pretty much anything at home that I could do in the office. I could also do it just as fast, if not faster, and I didn’t lose hours each day in my car. On the downside, I sometimes felt disenfranchised, and I know that I missed important information that was relayed as my colleagues who were in the office passed each other in the halls. I think that social business technology — if implemented with specific goals in mind and when managed effectively — has improved worker productivity.

Mayer’s new rule seems to fly in the face of pretty much every major new technology evolution — cloud, mobile and social — that has emerged in the last several years tion, but it’s perhaps magnified with social because of the speed and breadth of communication. Which brings us back to the benefits of face-to-face interaction. When you can see a person’s facial expressions and hear the subtle changes in voice that add context to a message, there’s less chance that you will misunderstand that person. And, if there is a misunderstanding, it’s far easier to correct it if you and the person are in the same room. I’ve been on both sides of the workplace equation. In the old days, I went to the office every day. My commute was an hour (on a good day) each way. I started working from home a day or so a week when my older daughter was born. That was 20 years ago, and I communicated by dial-up e-mail and fax machine. It was brutal, and, no, I wasn’t more productive. Toward the end of my tenure at my last staff position, I worked from home

Most companies list as the No. 1 benefit of social business software the ability for geographically dispersed workers to effectively collaborate and communicate. I think that Mayer will come to rescind, or at least soften, her directive. I can only imagine the frustration and resentment that Yahoo employees must be feeling, not to mention the distraction. This is quite the opposite of what Mayer was setting out to achieve as “one Yahoo!” Yahoo recently released a statement in the wake of all the brouhaha around its no-work-from-home policy, with a spokesperson saying, “This isn’t a broad industry view on working from home — this is about what is right for Yahoo, right now.” Indeed, Yahoo (and Mayer) is in a make-it-or-break-it situation, and desperate times call for desperate measures, which this action reeks of. Source: InformationWeek USA

www.informationweek.in

Infographic

HOW INDIA INC IS EMBRACING ENTERPRISE MOBILITY •

Enterprise Mobility is one of the top priorities for IT investments for CIOs in FY 2013-14 50 percent CIOs consider mobility indispensable and find it very relevant for customer facing roles and consumer applications

Indian •

Source: Zinnov

By 2017, 25 percent of enterprises will have an

• India's rapidly evolving enterprise mobility market to touch USD 1 billion by mid-2015

enterprise app store

• Of the 750 digital start ups in India, around 23.6% are in the mobility space indicating a healthy entrepreneurial trend in this segment

for managing

corporate-sanctioned

apps on PCs and mobile devices

• Companies are now looking at enterprise mobility for functions like ERP, CRM, SCM, sales force

Source: Gartner

automation, unified communications and billing;

a move over traditional e-mail and social networking Source: ‘The Enterprise Mobility Study Indian Market Analysis’ by Zinnov

The United States and India (at nearly 70 percent) lead other countries in the percentage of knowledge workers who use mobile devices Source: BYOD: A Global Perspective, survey by Cisco

INDIAN WORKERS DEMANDING BYOD While a large number of employees (85 percent) in India are provided with a portable device from their employer, a growing number (81 percent, compared to 77 percent last year) are bringing their own device to work to help them complete their tasks

81 percent of Generation workforce is bringing their own devices to the workplace to be more efficient

78 percent claim to be happier in

their role when they are allowed to use a

device of their choice

Millennials are increasingly merging their “work lives” and “personal lives” with 81 percent of the respondents working from home, 71 percent on holidays, and

57 percent while on the road

Source: VMware commissioned study: ‘New Way of Life Study 2013’

ENTERPRISES IN INDIA STILL REMAIN WARY OF BYOD •

56 percent of IT professionals in India says that the risk of BYOD outweighs the benefits policies that prohibit BYOD India stood first among its global counterparts in prohibiting BYOD, with nearly half (46%) of Indian enterprises successfully deploying a BYOD policy to prohibit the use of personal mobile devices for work to mitigate the risk to the enterprise

• Nearly half of the companies in India have security •

Source: ISACA

april 2013 i n f o r m at i o n w e e k 17

Cover Story

interesting use cases of enterprise mobility in Indian enterprises

From healthcare organizations, insurance firms to cement manufacturing companies and retail establishments, Indian companies across verticals are accruing significant business benefits by adopting enterprise mobility. InformationWeek takes a detailed look at 11 enterprises that are leading the way in showing how mobile platforms can be used innovatively to increase employee productivity, enhance customer service and bring in process efficiencies By Amrita Premrajan

recent report released by NASSCOM in association with Deloitte highlights that Indian enterprises are very optimistic about the benefits of mobility and are including it as one of the priorities in their IT budget. Last year, we observed a clear enterprise mobility trend amongst enterprises where many businesses started off with mobile-enabling some of their

business applications on the employee smart devices. These mobile-enabled apps talk back to the core business apps over GPRS or 3G, the effect of which was reflected on the top line, consequently leading to revenue generation. We take a look at 11 Indian companies across verticals, which have leveraged mobile platforms innovatively to reap concrete business benefits:

Mobile-based customer service app: LG Electronics

has been doing for the last 1-2 years. Based anufacturing mobile phones being a on this information, the sales manager key area of business for LG Electronics, educates the trade partner and helps him the company understands the business plan the next cycle of products to stock for benefits of adopting mobility within the a particular timeline,” explains Daya Prakash, enterprise. The company has thus mobileCIO, LG Electronics. enabled several enterprise apps to empower The application has also accelerated employees on the move. Apart from mobilethe whole process of replenishing the trade enabling certain basic workflow apps for the partner’s inventory in a timely manner. employees across different teams, LG has Traditionally, once the purchasing decision mobile-enabled apps for its on-field sales was made by the trade partner, the area sales team, assisting them to do their jobs in an manager had to travel back to the office, effective and fast manner. Daya Prakash access the ERP, punch in the order and then For example, the company has rolled CIO, LG Electronics figure out whether the inventory exists in out a mobile sales management app for its stock or not. However, with this mobile app, sales force, which enables them to guide the the area sales manager can instantly check the availability trade partners of their regions on the product models that of a particular stock on-site, as soon as the trade partner are high in demand and are fast moving in that particular places his order. territory. This helps the trade partners purchase the LG has also introduced a mobile-based customer right stock. The app enables the sales force to view any service app to make customer service faster and much transaction pertaining to sales, inventory management and more efficient. Traditionally, whenever an LG customer basic accounting. had a problem with a particular LG product, he/she would “We do not want our trade partners to buy inventories call up the LG call center and file a complaint. Once the that will not sell in that area as this will be a losing complaint was filed, the company’s service engineer visited proposition for both LG as well as the trade partner. Today, the customer and examined the product. After figuring out using the mobile app an area sales manager visiting a trade the fault in the parts, he came back to the authorized service partner can see what kind of sales a particular partner

informationweek april 2013

www.informationweek.in

center to check whether the part was available or not. In case, the part was not available, another 2-3 days were taken to procure that part. Today, using the customer service app, customer service engineers can check the availability of a particular part anytime, anywhere. In case the stock for a particular stock is unavailable, the engineer also has the visibility to check the availability of alternate parts, which can get the things working till the originally required parts arrive. This app brings down the whole repair turnaround time manifolds and plays a major role in enhancing customer satisfaction. Another interesting use case of enterprise mobility at LG is how the sales officials present at LG showrooms, known

as Store Sales Executives (SSEs), are using the mobile-based SSE Management app to send SMSes at the end of each day about what products are being sold in that particular territory. “The SSE app talks back to our ERP and the CRM app and helps us get information on which models are moving fast. It not only helps us monitor product sales, but also gives us visibility into the level of inventory available with the trade partners,” informs Prakash. The app was primarily introduced with an intention to gauge which products are more popular in which territories, and to enable area sales managers to devise an effective business strategy for a particular territory, based on actual data on the products that sell in that area, rather than going by assumption.

Mobile-enabled claims app: ICICI Lombard

have also included a feature of locating CICI Lombard, one of the largest general the nearest cashless network hospital insurance companies in India, has been as well as the nearest ICICI Lombard at the forefront of adopting emerging office. This has been made possible technologies to maintain its competitive with our GPS technology feature, which edge. By utilizing the mobile platform to we have incorporated in the app,” adds enhance customer experience and increase Eswaranatarajan. employee productivity, the firm has achieved Presently the app is available on the yet another technology milestone. The firm Android platform and will be soon be has innovatively used mobile technology to available for the rest of the platforms i.e. iOS, simplify the process of insurance claim. Windows 8 and BlackBerry. Eswaranatarajan For example, traditionally, for claiming tells us that since the launch of ‘Insure’, motor insurance, customers had to follow Eswaranatarajan N approximately 7,600 customers have a lengthy and cumbersome process of Chief – Operation and Technology, downloaded the app from the Android taking their damaged vehicle to the garage, ICICI Lombard market. calling the toll free number of the insurance The firm has also developed another in-house app company, and sharing the policy details. Then, they had to called ‘FastTrack’ for on-field claim surveyors. Earlier, to arrange the forms and documents required to support the lodge a customer’s claim, an ICICI Lombard’s on-field claim. surveyor had to first visit the site, click images of the To shorten the otherwise lengthy procedure, the damaged vehicle via digital camera and at the end of the company launched an in-house developed Mobile Claims day visit the nearest ICICI Lombard branch office to sort App called ‘Insure’ for the customers and transformed the and upload images and enter data into the claim system. way in which claims were traditionally intimated. “Our This process generally took 2-3 days and there were Insure app empowers customers to intimate a claim of instances of human error(s) while lodging a claim manually. their vehicle through their mobile phones. Customers Today, using the FastTrack app built for an Android can click picture(s) of the damaged parts and send it to tablet, on-field surveyors can take images, fill in the us through this app. The app also allows the customer to necessary data and immediately sync information to record and upload incident description in his/her voice,” central server to process claim. says Eswaranatarajan N, Chief – Operation and Technology, “The entire cycle is now possible on a real-time basis. ICICI Lombard. This ensures that customers collect This has further reduced the time taken for lodging the necessary evidence in terms of images and audio record claims by two days, as data is now synced immediately and transmit it instantaneously to the claims office, thus to the central server. Earlier, surveyors used to attend 4-5 ensuring faster claim process. cases in a day. But, now with the introduction of the mobile The Insure application not only helps the customer to app, each surveyor completes 7-8 cases in a day. Also, intimate a claim seamlessly but also allows them to view overall there has been a 35 percent increase in resource the nearest cashless garage network of ICICI Lombard efficiency,” adds Eswaranatarajan. in time when he/she experiences a car breakdown. “We

april 2013 i n f o r m at i o n w e e k 19

Cover Story Mobile Quality Checklist app: Bharti Infratel

Quality Checklist app that contained all the harti Infratel, India’s leading telecom tower requisite checklist criteria needed to do the infrastructure provider, is another company quality check of towers. This app was then that is using mobility innovatively within its loaded on to the GPRS-enabled Nokia or organization. The company is credited with Android handsets with inbuilt camera that pioneering the concept of passive tower was issued to the quality team. Currently, infrastructure sharing by telecom operators — about 600 employees use this app. a model that allows various telecom operators “With Mobile Quality Checklist App, the to share the same non-electronic telecom quality check personnel can now review two tower infrastructure, enabling them to save a sites within the same time, which he/she significant amount on CAPEX and OPEX. used to take previously to evaluate one site. One of the biggest business needs of Not only this, the time to taken to submit the Bharti Infratel was ensuring timely quality Prashant Veer Singh checklist back to the concerned system has checks of the tower infrastructure. In a CIO, Bharti Infratel reduced from one day to almost instantly,” traditional environment, a member from says Prashant Veer Singh, CIO, Bharti Infratel. the quality team would go to the site armed Introduction of the app has also resulted in significant with various items — physical checklist for quality check savings. “The implementation of the app has enabled us of towers; cameras to collect images of site condition and to reduce the OPEX by 60 percent and CAPEX by almost 90 equipment placement as per client specifications; and percent. This is because we are no longer required to equip laptop and data card to relay all the collected data to the them with laptops, cameras, data card, etc., which costed concerned teams for review. The process of providing each around ` 1 lakh in totality. Instead, we now provide them and every member of the on-field quality team with these with Nokia/Android phones that fall in the range of items was an added cost. ` 10,000,” Singh adds. To resolve this issue, Bharti Infratel developed a Mobile

ERP integrated with Google maps : Madras Cements

the device with extensive drill down facilities, he flagship company of Ramco Group while our field force uses GPS enabled Android in India and one of the largest cement devices, which are GPRS/EDGE/3G enabled manufacturers in India, Madras Cements for accessing the ERP. Immediate availability Limited (MCL) is yet another company that has of data and reports has increased their leveraged the mobile platform innovatively by productivity manifold and reduced the cycle mobile-enabling ERP and integrating it with time.” Google Maps. The company wanted to mobileThe on-field sales team now uses their enable its existing ERP to enable its widely mobile devices armed with ERP integrated scattered workforce in rural areas to access with Google maps to easily view information business reports from anywhere. on the go. The team can locate their cement Traditionally, at MCL reporting via the ERP warehouses and key customers on Google was done using Microsoft Excel sheets, which Maps vis-à-vis critical operation information, were quite complex and time-consuming. To Varadarajan N Senior GM - IT, Madras Cements competitor distribution networks in their area, resolve this issue, MCL integrated Google Maps and the best and worst performing dealers. with the Ramco ERP system and superimposed This in turn empowers them to devise effective supply chain the ERP data onto the Google maps, which resulted in a rich strategies and enhance customer service. data visualization tool that illustrated ERP data at various With this solution, MCL was able to reduce penalties, levels of detail. Today, ERP integrated with Google Maps is losses and damages arising during the wagon clearance used by both the senior employees and field force on their process by up to 70 percent, and improve consignment mobile devices. clearance time by up to 40 percent. In addition, post Varadarajan N, Senior GM - IT, says, “Our CXO community integrating Google Maps with ERP, the company has uses iPhones and iPads to access the ERP integrated with successfully captured 20-30 percent market share. Google Maps for rendering geospatial data and analytics on

informationweek april 2013

www.informationweek.in

Mobile-enabled dealer management system: TVS Motor

supply chain executives to keep a track of the ne of India’s leading two wheeler location of the consignments, which in turn has manufacturers, TVS Motor Company, has reduced production stoppages. In addition, the mobile-enabled various enterprise apps for company has enabled workflows on mobile different teams. For instance, for the sales team, devices, which gives managers the capability to it has mobile-enabled ERP, CRM and BI. This access office apps like leave, travel, CAPEX and empowers the sales team to have authentic give approval from anytime, anywhere. information at their fingertips, enabling them TG Dhandapani, Group CIO, TVS Motor to have an effective discussion with dealers. Company, says, “With mobile-enablement of The company has also mobile-enabled the enterprise apps, managers now have latest dealer management system, which enables information for effective decision making, dealers to actually review the dashboards which has improved the quality of decisions. before attending the office. This arms them with TG Dhandapani While office app improves hygiene, ERP and BI much needed data that contributes greatly to Group CIO, TVS Motor Company apps help in controlling cost and reduce loss, the discussion with the company’s sales team. and strategic apps like CRM and PLM help in Similarly, for supply chain executives, the understanding and exploiting the business opportunities.” company has mobile-enabled the SCM system. This enables

Mobile-enabled customer on-boarding: ICICI Bank

raditionally, at ICICI Bank the document-centric customer on-boarding process like account opening or availing other services offered by the bank was done on paper by the agent. The agent then transferred the document to the back-office from where the actual process of delivering the required service to the customer began. In order to bridge the gap between service delivery timelines and customer expectation, ICICI Bank started looking at mobile technologies. The bank decided to arm about 5,000 of its mobile equipped on-field staff with ZapIn, a mobile capture enterprise app developed by Newgen Software.

This app enabled the agent on move to feed in all customer-related information — be it filled in app forms or verification documents — through the app instantaneously from the client location and submit it immediately to the back office through the GPRS/3G network, thus speeding up the entire customer on-boarding process. Pramod Kumar, Head - Center of Excellence for New Products and Solutions, Newgen Software informs us that ICICI Bank was awarded the Asian Leadership Award 2012 for the ‘Best use of Mobile Technology in Financial Services’ in the BFSI Award segment.

Mobile-enabled business apps: Essar

ssar Group has been one of the pioneers for BYOD in the Indian industry. The group is cashing in on the increasing trend of smartphone equipped workforce by mobileenabling some of their business applications on the employee smart devices. Jayantha Prabhu, CTO, Essar Group tells us that apart from mobile-enabling official e-mails for managerial employees, the company has mobile-enabled Microsoft Lync Collaboration Solution and PolycomRealpresence for video conferencing, which is integrated to corporate bridge for the senior management employees

Jayantha Prabhu CTO, Essar Group

and sales teams. The group has also mobile-enabled business apps for sales team of its two retail outlets, The Mobile Store and Hypermart. “We have now enabled the JDA Sales Team app for BlackBerry. The sales teams today are able to take the consoles for this business app right on their BlackBerry devices, look into the orders, understand the sales communications and do all the sales-linked operations on the field. They can also take critical business decisions while on the move. One of the initiatives at Essar is now to enable this on the

april 2013 i n f o r m at i o n w e e k 21

Cover Story iPad as well,” Prabhu says. Essar has also used mobility to address a business need felt by the sales team and senior management to access certain specific corporate videos during business meetings with clients and management level training and leadership videos respectively. “We deployed Drona mobile solution from Deltecs, which enables us to push various required videos to the mobile devices of sales team and senior management,” says Prabhu. In fact, Essar has tied up with Bizpunditz, a company providing a digital library of video clips of 3-7 minutes, for pushing leadership development

and corporate training videos to the mobile phones of senior management employees using this technology. It has also taken another initiative to cut call roaming charges for the senior management employees, who travel extensively. About 6-8 months back, Essar implemented the Blackberry Mobile Voice System (MVS) and integrated it with Corporate PBX Avaya solution. This enables widely travelling senior management employees to make and receive calls from anywhere using Wi-Fi and route it through the organization’s phone system with a single number, enabling the group to save on roaming costs.

Remote fetal monitoring system: Manipal Hospital

can review the reports directly on their mobile y leveraging the mobile platform for fetal devices. monitoring, Manipal Hospital, has set an “All our gynecology consultants have fetal example of how mobility can transform the monitoring solution enabled on their smart delivery of healthcare services. Fetal monitoring devices. With wireless fetal monitoring, doctors is a critical process that needs to be undertaken can now view all the requisite parameters, like regularly by expectant mothers to enable their recordings of maternal and fetal heart rate and consultant gynecologist to monitor the baby’s uterine activity from the expectant mother heart rate using ultrasound and ECG. with their smart devices and take the right As is the standard practice in most decisions without jeopardizing baby or the hospitals across India, Manipal Hospital was mother,” informs Dr. H Sudarshan Ballal, Medical also conducting the fetal monitoring in the Director, Manipal Hospital. traditional process where a medical staff DR. H Sudarshan Ballal Dr. Ballal tells us that apart from this, constantly monitored the fetal heart rate by Medical Director, Manipal Hospital Manipal Hospital also has a Picture Archival standing near the fetal monitor and then Communication System (PACS), which is a this report was relayed to the concerned computer network system for the storage, retrieval and gynecologist for review. display of radiology images, which can be accessed using In order to decrease the time lag between fetal smart mobile devices. “The PACS system enables the doctors monitoring and the consequent review by the doctors, and radiologist to actually look at X-rays from any location Manipal Hospital recently implemented a remote fetal using their laptops and smart devices,” he adds. monitoring system using which the concerned gynecologist

Accessing desktops on tablets: Thermax

hermax is a Pune-based company that provides a range of engineering solutions to the energy and environment sectors. Last year, in August the company implemented desktop virtualization and by October rolled it out to about 750 users who initially started accessing the XenDesktop through traditional thin clients, desktops or laptops. Thermax made most of the nonengineering apps available through Citrix XenDesktop. This includes Thermax’s two ERP apps — Oracle ERP and Baan ERP from Infor Global Solutions, taxation software, Project Lifecycle Management app, HRMS and

informationweek april 2013

Anil Nadkarni CIO, Thermax

attendance management system. Leveraging on desktop virtualization technology, the company encouraged employees to bring their own tablets to access their virtual desktops and work on various non-engineering apps from anywhere, anytime. This in turn led to improved and timely decision making. Anil Nadkarni, CIO, Thermax, says, “Today, there are about 20 tablet users within the company who are using Citrix receiver to access their desktops on their own tablets. I also use my personal iPad to connect to XenDesktop.” The company is now encouraging the

www.informationweek.in

BYOD trend within the organization. “With the success of this project, we are seriously contemplating not to give desktops or laptops to our employees from now on. They can bring their own computers and tablets to work. I am less worried

about the security issues now because at the end of the day my data is protected, as it is only the image which gets transmitted on to the network and the device,” Nadkarni adds.

Collaboration on the move: Hero MotoCorp

(Lotus Notes) on a variety of phones to our ero MotoCorp, one of the world’s largest employees — and we are the first one in India two wheeler manufacturer is another who provided this on Nokia phones,” says company that has used mobile technology Sethi. to its advantage. In 2012, Vijay Sethi, CIO, Talking about the benefits this has Hero MotoCorp did a formal mobile maturity brought to the company Sethi says, “The assessment and used the assessment results result is that employees do not have to wait to refine the company’s mobile strategy and for approvals/decisions when their seniors its roadmap. The study enabled Sethi to sense are not in office or are travelling. Time delays the emerging needs amongst the employees are weeded out of the system, and both to mobile-enable certain specific business employees and business heads have chanced apps, which were essential for smooth upon a win-win.” functioning of the business operations. This Vijay Sethi Apart from this, Sethi also leveraged included e-mails, apps for leave approvals, CIO, Hero MotoCorp a video conferencing solution for senior material gate pass approvals, approvals for management employees to aid collaboration vendor master creation, purchase order and quicker decision-making even while on the move. approvals, etc. “We leveraged a third-party video conferencing Apart from this, he also understood that the senior solution to enable laptop, tablet users and some of the management needed dashboarding and decision-making latest smartphone users to perform multi-party video capabilities on mobiles along with video conferencing conferencing with each other. The system is compliant with abilities on their tablets and smartphones to ensure fast and all legacy video conferencing tools already used across the efficient decision-making. enterprise.” Once this need was identified, Hero MotoCorp started In addition to this, Sethi also spearheaded a project that extending various such workflow apps and Lotus-notes has enabled reporting of business-critical data through based apps on the mobile devices of employees. “We dashboards for the ‘C’ level employees to drill and dig into. are one of the first organizations to provide e-mails

Mobile-enabled inventory management: Future Group

uture Group, India’s biggest retailer and owner of numerous successful brands, such as Pantaloons, Big Bazaar, Central and HomeTown, has demonstrated how mobile technology can be used effectively for inventory management. The retailer wanted to improve the inventory management process by enabling central visibility into the inventory at the store level and the front end for the sales and stock audit teams to review, while on the move within the store. To achieve this, the group created a mobile app, which was integrated with the back-end ERP system for inventory, price and stock checks. The group also set up a secure Wi-Fi store infrastructure that consisted of Cisco access points at the store and a back-end Cisco

wireless controller. This app is now utilized by the stock audit team for physical verification and counting and is used by the sales team to look at real-time information on the sales within the store. Today, the Group has improved the efficiency of its stores. For example, employees have quick access to information related to stocks and sales, which in turn has helped in immediately resolving price and EAN discrepancies. After introducing the app, the group has registered 20 percent increase in inventory availability and management, 10 percent reduction in travel costs and 5 percent reduction in new employee training costs.

april 2013 i n f o r m at i o n w e e k 23

Cover Story

f you think tablets like the iPad are strictly consumer devices, don’t just think again. Think opposite. The unique form factor of the tablet — bigger than a smartphone but smaller than a laptop — has made it the device of choice for many businesses and tablets today are increasingly finding its way for accessing enterprise applications. According to a recent Ernst and Young Global Information Security survey, mobile computing is on the rise in India, with 75 percent of Indian respondents planning, evaluating or actually using tablet computers.

Showcasing flats virtually The large screen size of a tablet

informationweek april 2013

coupled with high-end technology features has led Indian CIOs to innovatively think of some novel applications for the tablet. For example, at Godrej Properties, one of the leading real estate firms in the country, sales agents will no longer carry hard copies of brochures of the flats for showing off flats to prospective clients. Sales agents simply carry iPads packed with enough information to impress a client. “All our sales brochures are on the iPad. Our sales professionals even have the option of showcasing to a customer how his flat will look like with specific type of furniture incorporated in the flat, or how a particular color will change the look of the flat,” says Shailesh Joshi, Head-IT, Godrej Industries.

Flexibility is the key factor here, and a presentation on a tablet with customizable options ensures that a client is impressed. The form factor of the tablet makes it suitable and attractive for professionals who can use the large screen size of the tablet to showcase potential features of a product or service they are offering. Godrej Properties also uses iPads for ensuring customer satisfaction. The company’s customer executives who are responsible for maintaining the required level of service quality of apartments use iPads to capture issues related to any apartment. The whole documentation and customer signoff is done on the iPad. A copy is also e-mailed to the customer for reference. The flexibility of the iPad has

www.informationweek.in

impressed Shailesh Joshi so much that he is now contemplating using iPads in retail stores owned by the group. “We are conceptualizing an initiative, wherein a customer can instantly know more details about a product for which he wants more information by using our iPad mounted on a wall inside our store. All he has to do is scan the barcode, and instantly details about the product will be made available to him on the iPad. For example, for a given food item, apart from details on the nutritional value of the product, one could also provide possible recipes related to the food product,” says Joshi. Godrej has also brought its CRM and BI capability on the iPad. This has helped the top management in taking real-time decisions on the go. “Getting the CRM onto the iPad is important due to our business needs, as the senior management is mostly on the move,” says Joshi. Godrej is not the only conglomerate looking at the transformative power of tablets. The Mahindra & Mahindra Group’s real estate arm, Mahindra Life Spaces, is using tablets for showing sample flats to prospective customers. “Our sales professionals can give virtual walkthroughs of flats on iPads. They also use the iPad to show customers flats in other regions,” says Ashok Asawale, VP-IT (Systech, Real Estate and Two Wheelers Sector), Mahindra & Mahindra. The power of a tablet in showing the right updated information equipped with videos or photographs is a powerful selling proposition, as customers are able to visually relate to what the sales professional is proposing.

Godrej Properties’ presentation of flat on tablet for prospective customers

Tablets as control devices

If the real estate sector is using iPads for virtual showcasing of their flats, sectors like hospitality which bank on impressive services for enhancing customer satisfaction are innovating in a bigger way. A case in point is Leela Palaces, Hotels and Resorts, which has introduced in-room iPads for taking customer service to a new level. The premier hospitality chain has made in-room iPads a standard feature in premium rooms. A guest can use the iPad as a console to change lighting in the room, see who has arrived at the door, and even open the door using the iPad. A guest can also use the iPad to see the daily menu, listen to a song, watch a movie or even connect it to the TV and use the iPad as a control device for accessing the Internet on the TV. “We wanted to create a competitive

We are conceptualizing an initiative, wherein a customer can access details about any product in our retail store using the iPad mounted on a wall Shailesh Joshi

Head-IT, Godrej Industries

edge in the industry by using the iPad innovatively. Our customers love this service,” says Ravish Jhala, Corporate Head-IT, The Leela Palaces. This service which was first launched in Delhi, was a huge hit among customers. Buoyed by the success, today, Ravish Jhala is looking at deploying the iPad Mini in Chennai property. “The back-end is completely ready and we are waiting for the delivery of the iPad Mini to start this initiative in Chennai. With this deployment, we will become the first hotel in India to use iPad Mini,” says Jhala. Going forward, Jhala wants to give guests the ability to use their own iPads for controlling features in their rooms through a mobile app made available to guests free of charge. The large screen size of the tablet is an ideal device for sales professionals and engineers who are always on the field, and need to deal with multiple forms of data. For example, Wind World India, a producer of clean energy, uses tablets to control various aspects of its turbine operations. “Our workforce uses mobile dashboards on tablets to control various aspects related to our turbines, which are more than 5,000 in number. Using a robust analytics

april 2013 i n f o r m at i o n w e e k 25

Cover Story dashboard, our engineers are able to monitor, tweak and perform routine maintenance on turbines on the go, resulting in efficiencies of up to 98-99 percent through granular visibility and control into turbine operation. Additionally, supported by analytics at the backend, our workforce can call up data on individual turbines with their maintenance histories, on a daily ‘as needed ’ basis,” states Kishore Banerjee, head – IT & MIS at Wind World India. Similarly, at ICICI Securities, the sales team has been using tablets for about eight months now. Currently, the organization has 250 active users of tablet and this number is expected to double in the next six months. The number of tablets in use in the organization has seen a rise also because of the organization-sponsored sales contests, wherein tablets are offered as prizes to top performers. “The use of tablets has given us many benefits such as accessing and updating the central CRM on the move, accessing financial planning tools (available as part of the tablet) for demonstrating to customers how they could plan their finances

By introducing in-room iPads, we wanted to create a competitive edge in the industry. Our customers love this service Ravish Jhala

Corporate Head-IT, The Leela Palaces

effectively, showcasing customer demos/presentations, and employee self-learning. The employees no longer need to carry bulky physical documentation and brochures they had to carry earlier,” says Joydeep Dutta, CTO, ICICI Securities. Moreover, their mobility exercise is at no additional cost because the employees buy these at their own expense. “The application development cost was a one-time cost incurred by the company, which was about ` 25 lakh. For Internet connectivity, the company provides SIM cards with a monthly usage limit over which the employee has to pay. Besides these, all others costs related to hosting and operating the application are almost nil as the

application uses the same server infrastructure as the main CRM application,” says Dutta.

Enhancing customer satisfaction

Tablets are proving to be an effective tool for improving processes. Consider the case of India First Life Insurance, which rolled out tablet devices for its employees as part of the company’s Magic Board mobility initiative. The initiative currently covers 1,000 users from its sales force and has 4 modules namely customer module, employee module, distributor module, and corporate module. Of this, only the customer module has gone live for now and the others are in the process. The initiative has helped the

Company

Tablet Usage

Godrej Properties

The real estate firm is using tablets to showcase flats to prospective clients. Using tablets, sales professionals can show a customer how his flat will look like with specific type of furniture incorporated, or how a particular color will change the look of the flat.

Leela Palaces, Hotels and Resorts

The hospitality chain has introduced in-room iPads in premium rooms, which guests can use to watch a movie, change lighting in the room, access the daily menu and access the Internet on the TV.

Wind World India

The company’s workforce is using mobile dashboards on tablets to control various aspects of operations of its more than 5,000 turbines. Using tablets, the company’s engineers are able to monitor, tweak and perform routine maintenance on turbines on the go, resulting in efficiencies of up to 98-99 percent.

ICICI Securities

The firm’s sales team is using tablets to update the central CRM on the move, access financial planning tools (available as part of the tablet) for demonstrating to customers how they could plan their finances effectively, showcasing customer demos/ presentation, and employee self-learning.

Krishidhan Seeds

Using tablets, the agricultural biotech company has enabled its 300-plus technically trained and qualified specialists to be on the ground and provide real-time and instant solutions to the farmers.

informationweek april 2013

www.informationweek.in

insurance company implement a standardized process, improve productivity of the sales person, and deliver policies across-the-counter in as less as 60 minutes. The insurance company is in fact looking to further shorten this time duration to a few seconds. “Typically, an application pack for insurance policy includes filledup application form along with supporting documents. Applications submitted through Magic Board ensure that only complete application pack is submitted for issuance. This saves time and effort of field sales force in fulfilling requirements raised by back office in case incomplete application is submitted, thus improving his/her productivity,” says Vinayak Khadye, Head - Project Management & IT Excellence, India First Life Insurance. Another case in point is Krishidhan Seeds, an Indian agricultural biotech company, which has rolled out 3G-enabled Android 2.3 mobile device tablets for its sales and marketing field force. Through this initiative, the company has enabled 300-plus technically trained and qualified agriculture specialists to be on the ground and provide real-time and instant solutions to the farmers. The 3G device with its unique features and high-quality camera, enables the employees to capture photographs, video footage and voice data from the field and send them to Krishidhan experts located in their R&D offices at Jalna and Pune and seek their support in providing solution on the spot to the farmers.

Erratic Connectivity

Most of the CIOs did have to overcome some challenges while making tablets prevalent in their organizations. Erratic connectivity speed has been one of the most common challenges in many organizations. The application needs an active Internet connection to access and update the central CRM server. But, most CIOs agreed the connection speed differed in non-metros when compared to the metros, and was also inconsistent in different areas of the city. “Since this could have been a

Using tablets, employees can access financial planning tools on the move for demonstrating to customers how they could plan their finances effectively Joydeep Dutta

CTO, ICICI Securities

major bottleneck in the successful implementation of the application, we created an offline mode that operated when the user was not connected to the Internet from his device. The data synching would be initiated when a stable Internet connection was available,” says Dutta of ICICI Securities. Khadye of India First Life Insurance agreed network connectivity is critical in case the online application form is to be filled up in customer’s presence within short time. “However, network connectivity is not uniformly available even in the metros. In order to overcome this challenge, system was required to operate even in the offline mode.” Data leakage and pilferage has been one of the other major challenges. At ICICI Securities, there has been a concern about the misuse of the data in case of the sales person leaves the organization and moves to the competition. “We needed to ensure that the application was secure and data could not be copied or re-distributed. To overcome this challenge, the underlying database/ media files were encapsulated into the executable so that files could not be accessed through directory browsing. Moreover, to prevent unauthorized use, the application was secured by authenticating employees using the same active directory of the office network. Therefore, employees who have resigned would not be able to access the application even if the executable was removed,” Dutta says. The third challenge at ICICI Securities was managing various versions of the Android operating system. As the tablet device was procured by employees, the company needed to ensure the application would support almost all resolutions

and screen sizes of 7 inches and higher. Given that tablet devices are expensive, Khadye of India First Life Insurance mentions that device security is equally important and it is necessary to track them so that they can be recovered in case of loss or theft. In the future, he plans to implement the mobility initiative in all the modules (stated above) and integrate them with the company’s mobile device management (MDM) system to ensure data and device security.

Road Ahead

In the days to come, tablets will be used vigorously by the customer-facing staff of many organizations. But, it is still a long time before the tablets will replace the traditional PC or laptop — especially since the tablet is essentially a consumption device. The back-end functions which are more data intensive will still require a PC-type device. “For creative work, a keyboard and mouse is still required and the tablet will remain only as an additional device that an employee needs to carry,” opines Dutta. He also indicates a possibility of the tablet and the PC converging in the future. Hybrid devices or convertibles will be in vogue. They are already in the market but are currently very expensive. But, price points will come down with increase in sales volumes. The bottomline — like their global counterparts, Indians CIOs have already swallowed the tablet in. Its scope and scale is something that still needs to be figured out for it to reach a critical mass and be sustainable. u Ayushman Baruah

ayushman.baruah@ubm.com Srikanth RP srikanth.rp@ubm.com

april 2013 i n f o r m at i o n w e e k 27

Cover Story

ndian enterprises are increasingly showing an inclination to embrace mobility to improve employee productivity and enhance customer experience. Considering the numerous business benefits mobility offers, enterprise mobility is undoubtedly emerging as one of the top IT priorities and key investment areas for Indian CIOs. The fact is substantiated by Accenture 2013 CIO Mobility Report, which says that 50 percent of the CIOs surveyed in the study tagged mobility as one of their top two focus areas with almost 77 percent of the Indian CIOs planning to focus their enterprise efforts on improving field and customer service delivery with instant data access, capture and processing. At the beginning of the last year, we had observed that many Indian enterprises had started their enterprise mobility journey by mobile-enabling basic enterprise apps like official e-mail, calendar, and messenger to

informationweek april 2013

certain day-to-day workflow apps like leave management system, expense notification system, time sheet management systems and others. A year hence, we observe that apart from mobile-enabling basic enterprise apps, many Indian enterprises are now at various stages of the implementation curve of mobile enabling various line of business applications like CRM, various modules of ERP, HRMS and certain specific industry-specific applications, which can potentially bring in concrete business benefits to the company. A recent report by NASSCOM in association with Deloitte highlights the key business benefits that are motivating the enterprises to mobileenable such enterprise apps. The report states that automation of mobile workforce through enterprise mobility leads to substantial reduction in lead times for key work streams and optimization of line-of-business processes, such as sales forces, field service, manufacturing, operations and logistics. Mobile-enabling enterprise

apps also enables decision makers to take informed decisions on the move through up-to-date performance indicators on the dashboards of their mobile devices, reports the study.

Enterprise Apps being mobile-enabled

Apart from the basic enterprise apps like e-mails, calendar and messaging, many Indian enterprises have already mobile-enabled basic workflow applications that involve multiple levels of approvals from various intraenterprise departments. These workflow applications like employee self-service, HR applications like leave application, raising travel requests, expense submission and others form the first set of business applications that Indian enterprises have mobileenabled. The next set of enterprise apps that Indian enterprises are fast mobileenabling are the ones for the on-field sales force, which needs to make critical business decisions while on the move.

www.informationweek.in

R Venkateswaran, CTO, Persistent Systems says, “The ROI of automating sales processes is very visible on the top line and drives quick adoption. Automation and enabling of revenue generating business services like sales, customer service/cross-selling, and app-based marketing are the top areas driving the growth of enterprise mobility in many companies across different sectors.” Resonating the same thought, Naveen Chopra, Director, Vodafone Business Services, says, “We currently see heavy traction in mobilization of applications that touch sales, service and field force, ranging from sales force application, CRM, credit and collections, and inventory management, which gives enterprises quantified business benefits.” In this context, many industry verticals have started adopting mobile sales force automation (SFA) solution to bring in efficiencies within their distinct business processes. Avishek Mukhopadhyay, Senior Consultant, Digital Business Practice, Mindtree, gives us an example of how large FMCG organizations are adopting mobile SFA to drive efficiency. He informs that using Mobile SFA, sales force can take orders from a remote kirana shop and communicate the data directly to servers housed within an FMCG organization. “This SFA software utilizes the geo-location capabilities and the past transaction data of a store to create a daily optimized route plan for the sales force. This mobile solution also allows field sales force to locate the next customer to be serviced, look up the past service data for reference and also invoice the customers at their premises,” he says.

Currently, there is heavy traction in mobilization of apps that touch sales, service and field force, as it gives enterprises quantified business benefits Naveen Chopra

Director, Vodafone Business Services

Vendors developing industry-specific apps

Considering the heightened interest of Indian CIOs in mobile-enabling enterprise apps, vendors are pursuing this opportunity and developing mobile apps to meet the business needs of specific verticals. For example, in the BFSI vertical, mobile devices are primarily used to speed up customer acquisition and customer servicing life cycles. In this context, Newgen Software has developed an interesting application, ZapIn, a mobile capture enterprise app for the BFSI sector. The app enables executives on the move to go to the location, acquire and feed customer-related information through the app on the mobile device right at the moment and submit it to the back office through the GPRS/3G network, thus speeding up the entire customer on-boarding process. “When it comes to bank-related functions (account opening, credit card opening, applying for loans) and insurance organizations in context of customer on-boarding, most of these processes are document centric, wherein the customer is asked to fill the application form and give supporting documents. These documents are collected by the agent and sent to the back office, where they start working on it. With ZapIn, our intention was

Automation and enabling of revenue generating business services like sales and customer service are the top areas driving the growth of enterprise mobility R Venkateswaran CTO, Persistent Systems

to cut down the turnaround time of movement of documents from field to the place where it would be serviced using the smart device of the agent,” says Pramod Kumar, Head -Center of Excellence for New Products and Solutions, Newgen Software. The insurance vertical is using ZapIn not only for customer on-boarding, but also for initiating claims right from the field. Traditionally, if a customer wanted to initiate a motor insurance claim, the surveyor had to go to the exact location where the accident took place, take photographs, collect the data and come back to the office to upload all the data in the concerned application. The process for claims started only after all the details were uploaded in the application. “With ZapIn, the surveyor can initiate the claim from the field itself, thus bringing down the turnaround time involved for claims initiation,” he explains. Similarly, startup MphRx, which was established in 2011, has come up with specific mobile applications to meet the business needs of the healthcare industry. The company has come up with cloud-based and mobile-based solutions for physicians and radiologists, which can be used for storing, retrieving and sharing patient health records on browser-based and mobile device apps. In 2011, Max Healthcare became one of the first in the healthcare vertical to enable one of MphRx’s solutions MphRx Connect on the BlackBerry devices of physicians. This enabled physicians to take a look at the complete medical chart including medical images on the BlackBerry device and also share it with outside physicians and radiologists for aiding further consultations.

april 2013 i n f o r m at i o n w e e k 29

Cover Story Neeraj Gill, Managing Director, India and SAARC, Polycom, emphasizing on the role mobile apps can play for the healthcare sector says, “Mobile apps are a big phenomenon in the healthcare space and are expected to revolutionize the industry. Many healthcare services across the globe, do not require the patient to visit a healthcare facility, which can be time consuming and costly for the patient, as well as the service provider. Instead, a mobile phone application is used for many services such as setting up an appointment, monitoring intake of medicines at a specified schedule, automatic generation of alerts to the physician and patient when specific parameters go out of range, information on hygiene and basic healthcare issues, data collection, etc.” Unlike the healthcare sector, a capital-intensive industry, such as manufacturing has a different business need — the companies in the vertical need to ensure proper functioning of physical assets like equipment, which form the backbone of the business. In this industry vertical, enterprise asset management is extremely important to keep the business up and running. Hence, there is a need for mobile enterprise asset management application for this vertical. “A set of employees in the enterprise asset management scenario are typically involved in the repair, maintenance and overhaul of the equipment. In case a heavy equipment goes off, the employee can take a picture and submit it to the enterprise asset management application then and there using a smartphone, generating the work order request. After this, the workflow takes over and the equipment will get checked and

Enterprise asset management app enables employees in the manufacturing industry to generate a work order request using a smartphone Ranjan Tayal, Senior VP- Business Consulting,

Ramco Systems repaired,” says Ranjan Tayal, Senior Vice President - Business Consulting, Ramco Systems. Such an application actually ensures that the equipment is rectified within minimum possible time and consequently brings down the potential loss due to the downtime of the equipment. Similarly, C-level employees within an enterprise have a different business need. They need to have an anytime, anywhere access to business data so as to take critical business decisions without any delay. Chandrakant Deshmukh, Head – Technology Engineering and Consulting, Mastek, tells about a solution that Mastek had implemented for one of its customers to meet the specific business needs of the C-level executives of the company. “We implemented a BI solution for one of our customers, which was built to be projected on an executive dashboard for the ‘C’ level employees to view and aid in critical decisionmaking processes. The solution was fully configurable to handle a range of KPIs, analyze various views and insights, fully customizable to allow various data modeling scenarios and gain business insights from just a touch of the relevant business areas on the smart device,” adds Deskmukh. These examples clearly indicate that every industry vertical has some

Mobile applications are a big phenomenon in the healthcare space and are expected to revolutionize the industry Neeraj Gill

Managing Director, India and SAARC, Polycom

informationweek april 2013

specific business functions, which can be optimized and enhanced to derive business benefits, if the involved enterprise applications are mobileenabled. Foreseeing the wave of enterprise mobility, in the last few years, we not only saw established enterprise application vendors like SAP, Oracle and Ramco, extending their enterprise apps on to the mobile device, but also many technology solution providers like Mindtree, Symphony Teleca, Mastek, MphRx and Newgen coming out with niche enterprise mobility offerings for specific industry verticals. Apart from such technology vendors, technology solution providers like IBM are also coming out with mobile application platforms for developers. Such platforms enable developers to write applications just once and run them on any operating system (Android, iOS, etc.). This is tackling the challenge faced by the enterprise development teams that often don’t have the time or resources to build enterprise apps for different platforms. IBM had acquired the company Worklight, early last year to enable creation of such rich, cross-platform apps without the use of code translation, proprietary interpreters or unpopular scripting languages, while reducing the time to market and cost and complexity of development.

Vendors targeting lucrative MDM market One of the key enablers of enterprise mobility within the organizations is the fact that most employees own smart mobile computing devices — phones or tablets. Majority of the organizations are leveraging this to their advantage

www.informationweek.in

by allowing the employees to bring their own devices, which might be of varied operating systems ranging from Android to iOS — and provisioning certain specific enterprise application on each employee’s device based on their work role-related requirements. However, this trend is posing multifold challenges to the IT departments of the companies. The IT departments not only have to ensure the management of a large number of mobile devices of various form factors and operating systems, but also have to make sure that only those enterprises apps are provisioned to employees that they are authorized to access. In addition, they have to ensure the security of the widely accessed valuable corporate data. To reap the benefits of BYOD, while ensuring security of their sensitive business data, enterprises are increasingly contemplating Mobile Device Management (MDM) solutions. Traditionally, MDM has been the preserve of specialist vendors. However, considering the emerging demand for robust MDM solutions, telecom players, mobile device manufacturers and virtualization technology vendors also decided to have a piece of the pie and ventured into this space. For example, last year Vodafone India entered the MDM space, with an offering called Secure Device Manager application. Available on a pay-per-use model, the application enables CIOs to remotely manage security policies device settings, certificates, applications and operating system of various employee devices. Also, in case when an employee loses his/her mobile device, the IT head can immediately lock it over the air or wipe it to factory settings. This offering is handset and operating system agnostic and manages mobile devices loaded with any network operator’s SIM card. Similarly, Bharti Airtel ventured into the MDM space with its Dynamic Mobile Exchange Solution beginning of this year. In addition to remote device management and control, the solution allows enterprise IT to segregate official data and personal data of the employees in the employee mobile device into two different containers and

also allows the enterprise IT to launch its own corporate app store. Last year, mobile manufacturer, BlackBerry, too came out with its MDM solution called BlackBerry Mobile Fusion (BBMF), which is capable of managing not just the Blackberry platform but also iOS and Android devices, from a unified, central web-based console. The company’s another offering in this space, BlackBerry Balance technology, enables IT heads to secure information on personal devices by partitioning personal and corporate data, and enabling remote wipe off of only the corporate container of the mobile device of the employee, if the device gets stolen or an employee leaves the organization. Recently, another handset vendor,

space by launching Horizon Suite, which is a comprehensive platform that includes desktop virtualization solution coupled with VMWare’s technologies developed ground-up to support a mobile workforce. The solution is said to connect end users to their data, applications and desktops on any device without sacrificing IT security and control.

Way Forward

Last year has been a great enterprise mobility learning curve for many enterprises with quite a lot of them evaluating their specific enterprise mobility needs. Many of them also went a step ahead and mobile-enabled certain specific enterprise applications for specific teams to enable them to

Considering the demand for robust MDM solutions, telecom players, mobile device manufacturers and virtualization technology vendors have also ventured into this space Samsung, also announced its enterprise mobility solution called KNOX, which offers such a container solution that separates business and personal use of mobile device, at the application layer, which is enforced by Security Enhanced (SE) Android and file system level encryption. At the launch, Samsung said that KNOX will be commercially available in select Samsung GALAXY devices from Q2 2013 onwards. Major virtualization technology solution provider, Citrix, is another company that has ventured into the enterprise mobility space. Last year, Citrix started leveraging desktop virtualization to enable enterprises to deliver enterprise apps in a secure fashion on the smart devices of the employees. Early this year, it entered the MDM space by acquiring Zenprise, an MDM solution provider, following which the solution was rechristened as XenMobile MDM. Earlier this year, another virtualization technology solution provider, VMware, also entered the

improve their productivity. A variety of enterprise app solution providers are coming up with unique enterprise mobility solutions for specific industry verticals and many Indian enterprises have already started evaluating them. For enterprises, which are just beginning to take first few steps towards enterprise mobility, now is a ripe time to look at the use cases in their industry vertical, understand their enterprise-specific mobile app needs and start implementing these solutions. Also, with a slew of MDM solutions from a variety of vendors now available in the market, it is actually a great time for the enterprises to analyze how to securely align the company’s enterprise mobility needs with a robust BYOD strategy and the kind of MDM solution that is best suited for the specific needs for the organization.

u Amrita Premrajan

amrita.premrajan@ubm.com

april 2013 i n f o r m at i o n w e e k 31

BYOD

Is BYOD hype or reality? Debated by IT specialists, researchers and vendors alike, BYOD has emerged as one of the widely discussed trends within the industry. InformationWeek spoke to 10 eminent CIOs, who share their perspective on the popular trend By Jasmine Kohli Parminder Singh

CTO & Sr. VP, BPTP Limited

Today, the CIOs are confronted with the question — should I be the administrator of the device, or allow the device to be connected to the network and be used by the employee? That’s the major challenge that confronts the CIOs, as one does not want to assume the ownership of the device. The policy issue around BYOD is not a concern but what does a CIO do when an employee gets an iPhone and connects to the enterprise network and starts leaking data, compromising the security and firewall in place? That is where the conflict is which jeopardizes the entire system. Many organizations are opening to the BYOD concept. The major workforce today belongs to Gen Y and wants to embrace smarter technologies to conduct work. In order to provide our employees with the culturally conducive and age appropriate work environment, BYOD has to be dealt with, despite the CIO’s choice.”

Anoop Handa CIO, Fullerton India

BYOD for financial services is not picking up primarily due to security reasons. The question that confronts the CIOs is who owns the device. If the company owns the device, who is accountable for device safekeeping — what if the device gets lost? Accountability questions are still unanswered and that puts pressure not only on security, but on the hidden cost perspective as well. Handheld devices and mobility is for those apps which require Internet browsing like CRM and is more suited to apps that are already on cloud and do not need transactional capabilities. Hence, combination of security, accountability, and implementation methodology are the major concerns with respect to BYOD. Another key challenge is of demarcation between the official and personal space.”

informationweek april 2013

Sunil Soni

AGM-CISO, Punjab National Bank

Security and compliance are the foremost challenges with respect to BYOD. For instance, a lot of sensitive data and confidential corporate information gets compromised in case a device containing business data gets lost or stolen. The challenge of safeguarding business-critical information is a major concern limiting the adoption of BYOD in Indian enterprises today. Hence, confidentiality of information and user data is the chief reason for BYOD not being deployed in full swing.”

Sudehndu Bali CIO, Lodha Group

Primary issue with BYOD adoption is the availability of a variety of handsets and devices and absence of global standards, which we can securely follow at the moment. The diverse range of devices and more standards being available make it more confusing as the IT department is unable to follow all the standards. Bringing a personal device into the office domain means enterprise data gets plugged onto the personal device. Here the question of sensitivity of data and blurred line between personal and business information arises. With every employee choosing his or her own device in absence of defined standard, it poses difficulty for the IT department in managing enterprise data. Earlier it was simple; everyone had a BlackBerry for business use and we had a BB server and things were taken care of. However, today iOS and Android with 4-5 versions and many more are available in the market. With the personal choice of employees, we cannot mandate anyone to buy a specific mobile. Hence, the challenge of different standards is a major restricting feature of BYOD adoption for CIOs.”

www.informationweek.in

Meenakshi Agarwal Vice President -IT, MIAL

I believe we have not fully grasped the implications with respect to security and policy, when we actually execute a BYOD strategy. So far what has happened is we haven’t fully understood what the BYOD security risks are and what needs to be controlled at what layers/levels. There are challenges at the compliance front too. The cost is one aspect but the cost has to be seen in relation to benefit that may be there. As far as CIOs are concerned, the benefits may be restricted to the senior management and the risk that we may be incurring. Risk assessment is necessary before implementing BYOD.”

Anil Nadkarni CIO, Thermax

The primary challenge faced by the CIOs with respect to BYOD is the issue of standardization of operating systems and apps. Other major challenge is on the security front, with virus and malware coming into the enterprise network. However, the trend of BYOD is here to stay and CIOs cannot shy away from it — they will have to adopt the trend within their enterprises today or tomorrow. BYOD empowers the employees to stay connected and work on the move. It is imperative for CIOs to set up infrastructure to support BYOD to reap the immense benefits it offers.”

Jitendra Singh CIO, HIL Limited

Security is the chief reason that prevents enterprises to implement BYOD, as in today’s competitive environment companies cannot take the onus of data leakage. The IT team is equally jittery as one cannot provision for separate devices and operating systems such as Symbian, iOS, and for very device, IT needs to ensure some kind of security. The IT department also needs to know the details of the device for every single individual, which is a humongous exercise for an organization. Every company for any business strategy believes in standardization, and BYOD in all respect defies that.”

Alpana Doshi CIO, RIL

There is no challenge for BYOD not being a policy. It is just that it needs time with the existing infrastructure in place. To set up infrastructure to support BYOD, all the partners need to come up with required enhanced security, as many times the issue may be completely unknown. The uptake of BYOD requires a more matured outlook from everybody. Just like any industry trend adoption takes a little time in implementation, BYOD too will take some time to be prevalent across the board. BYOD is here to stay and needs better governance, better device management and security policy.”

Sunil Varkey

Global Head, IRMC, Wipro Technologies

Enterprises considering BYOD implementation should first question the objective of encouraging the trend. BYOD brings huge challenges from the security standpoint, as the IT department has to keep a track of devices and ensure that systems are up-to-date at any point of time. Also, with external threats being high and malware and botnets in existence, employees bringing their own device adds to the threat of data loss and leakage. When an employee brings his device, can a CIO say that we will install a data encryption software and data leakage prevention software to know if any data is moving out? Employee will simply object to that because it is his personal device and a common device for business and personal information. Also, what if the mobile device gets lost or an employee leaves the organization? Will the IT team be able to go to the person and scrutinize what data rests with him? These are the blurred areas in BYOD because of which it is not prevalent across the board yet.”

T G Dhandapani CIO, TVS Motor

BYOD brings significant security concern and hence more cost to the organization. CYOD (choose your own device) on selected platform may be more acceptable to the organization.”

april 2013 i n f o r m at i o n w e e k 33

Case Study

f any organization needs to show ROI for its BYOD strategy, Intel’s immense success in deploying a comprehensive BYOD strategy is a superb case in point. In 2010, Intel implemented a global consumerization program across offices in 65 countries — encompassing a broader range of devices and applications. Today, this initiative covers 23,500 devices. This includes smartphones (90 percent), tablets (9 percent) and PCs (1 percent ). This translates into a 38 percent increase from 2011. Explaining the benefits of the global initiative, Srinivas Tadigadapa, DirectorEnterprise Sales, Intel South Asia, says, “As a result of the program, employees report they are saving an average of 57 minutes daily. This saving equates to an annual productivity gain of about 5 million hours from BYOD in 2012 alone.” To drive increased productivity, Intel IT is focused on developing mobile business applications. In 2012, Intel added 16 mobile applications to the 25 it already supported. Applications such as instant messaging capabilities and a speed dialer for one-click access to Intel conference calls help employees collaborate and save time while onthe-go. Other applications currently in use help employees register for an Intel event, access internal wikis, collaborate through social media tools, and approve purchasing requests. No IT project is complete without challenges. Intel too had its fair share of challenges. Many Intel employees use multiple devices throughout their workday, which posed a number of challenges in rolling out the consumerization program. “We learned that there can be

informationweek april 2013

just as many HR and legal hurdles as technology challenges with BYOD. There needs to be a change of mindset where the business partners with IT, and doesn’t just use IT as a technology supplier,” explains Tadigadapa. To secure the corporate information on each person’s device while providing flexibility, Intel’s IT team has rightly recognized that that there cannot be a one-size-all model. “We have delivered a program that gives employees flexibility for the devices they use and where they use them. This provides productivity, while reducing risk. This strategy is based on a granular trust model, which adjusts access to information based on the device, the user’s privileges, their location and the information they want to access,” states Tadigadapa. To enable seamless user experiences, Intel IT built an enterprise private cloud to support emerging technologies capable of detecting and providing services based upon an employee’s device. The cloud enables a computing services model that gives employees the ability to use a variety of devices to securely access information. The team is currently conducting pilots of several time-saving services. For example, an instant conferencing application reduces the number of steps necessary to initiate or join audio, video, or data conferences from mobile devices. The system determines how to best engage each participant based on location, time zone, user preferences, and device type. Another example is that of a business travel locator application. This tool provides location-based services to help employees at unfamiliar campuses find available conference rooms, printers, colleagues’ desks and restrooms, and other locations.

“With BYOD, there needs to be a change of mindset where the business partners with IT, and doesn’t just use IT as a technology supplier”

Srinivas Tadigadapa Director-Enterprise Sales, Intel South Asia

Intel is also moving forward in its goal of providing ubiquitous computing. “As part of our efforts to shift the value of the PC from a compute device to a complete mobile office environment, we are moving from traditional desk phones to softphones with softwarebased telephony using voice over IP technology. This change will enable our employees to take their phone service with them wherever they go, further enhancing productivity,” states Tadigadapa. u Srikanth RP srikanth.rp@ubm.com

www.informationweek.in

Case Study

oinciding with the launch of the BlackBerry 10 platform last month was a development that could very well be a major step forward for the mobile payments ecosystem in India. PVR cinemas released its NFC-enabled app for the BlackBerry 10 platform, and in doing so unveiled India’s first commercial deployment of an NFC payment solution. According to Jitender Verma, CIO, PVR Cinemas, the journey for this app started around mid-December 2012 when PVR entered the market for developing an app for the BlackBerry 10 platform. An effort was made to identify and include a USP that could be promoted by the brand. The need was to go beyond merely replicating the app and its features on the new platform. To this end, various options were considered, taking into account the new features of the BB10 platform that could be leveraged. Ideas thrown around included screen sharing — a new BB10 feature, augmented reality and applications of Near Field Communications (NFC) technology.

Bringing an NFC payment system to India

Discussions for NFC were first started around including a tap-to-watch feature for trailers at PVR. However, finally it was decided to add NFC as a payment wallet functionality in the app, thereby making it the first NFC app to be commercially deployed for the Indian market. The idea proposed revolved around a closed loop system using tap-to-

informationweek april 2013

pay functionality for transactions made at PVR Cinemas. This requires the customers to merely tap their device with the NFC receiver/POS at PVR to make cashless payments for food, beverages and tickets —a small revolution in itself. Verma informs that while NFC as a payment option has been discussed in India for the past four years, no NFC capable handsets have been available in the market to materialize this vision. Meanwhile globally, NFC has grown in popularity in the EU and Japan. Further, while carriers in India have been trying to get their own mobile wallet products (Airtel Money, m-Paisa etc) off the ground, PVR has envisaged a solution that was home-grown, carrier-independent, universally usable and more importantly, NFC based. This was as such, seen as an opportunity by PVR to launch their own closed loop, pre-paid, NFC wallet system, he says. The NFC-enabled version of PVR’s app is going to be exclusive for the BlackBerry 10 platform till May this year, after which it will be migrated to iOS, Android and other platforms, to target a mass audience, he says. Since the application has been specifically developed for BB10, it won’t work with even the old BlackBerry Bold handsets having NFC chips — these too will be brought on-board post May.

How PVR’s NFC wallet works

The NFC payment solution is made of several distinct components, starting with the mobile application developed in-house by PVR. The second is the NFC wallet module, which resides within the application. The third is the NFC

“We are looking at the NFC payments solution as the core of a loyalty program for our consumers. Your mobile device itself becomes your loyalty card with no additional plastic required”

Jitender Verma CIO, PVR Cinemas

point-of-sales (POS) terminal/software where the tap-to-pay transaction is made. The fourth is the end-toend ‘E-money’ cloud backend from NEC which manages the wallet and customer information. The parties involved in developing the NFC module were NEC and BlackBerry. BlackBerry helped NEC code APIs which were needed to interact with the secure elements of

www.informationweek.in

The NFC solution is set to be rolled out to other platforms post May, starting with iOS. PVR expects increased traction as the functionality works across platforms and more NFC handsets show up in the market

Inside PVR Cinema’s NFC wallet

the handset’s NFC chip — the part that stores the customer identity. This unique identity is securely generated by coupling the BlackBerry device’s unique identifier, the ‘BB pin’, to the mobile number to which the application has been downloaded, and encrypting the result. According to Amit Bhatia, Head Retail Solutions, NEC, PVR’s NEC app was just the right step toward bringing NFC to India. The NFC wallet is a module within the main app and is maintained by NEC. “The encrypted identities are stored on NEC cloud servers in Japan. This backend will also support future expansion planned for other platforms,” says Bhatia. PVR has a monthly retainer based arrangement with NEC for further development and support of this solution. Bhatia informs that PVR’s original app had to be modified close to 70 percent to accommodate the NFC module. Registration of customers for the services is done from within the app, basis your BB pin and mobile number, which the handset itself provides. You are also asked to generate a selfassigned pin, which may be needed later to authenticate large transactions, building in scalability when additional

security is needed. Post this, the application contacts NEC’s e-money server and your wallet gets registered with zero balance. The important thing to note here is that the NFC wallet is a prepaid service, i.e. the E-money system does not hold customer credit card data. Post registration, your wallet, initially having zero balance, needs to be topped up. This top-up is done through the existing mobile payment system in the app. The credit card data entered here is processed at ICICI’s payment gateway server in India and the balance is then reflected in the NFC wallet.

NFC on the ground

The NFC payment solution has already been deployed at 15 of PVR’s prime locations and the service is live. The project required NFC readers to be installed at POS terminals, and integration with existing Vista POS software. All this was accomplished in close to three and a half weeks. “It has been a learning experience for us from on-boarding this new technology, to setting up the back-end and seeing the final solution take shape at the hands of NEC and BlackBerry,” says Verma. Processing the payment at NEC’s

servers requires several parameters to be met, coming from the POS machine, the NFC reader and the handset. All entities have an independent role in this system and payments cannot be processed by any device on its own. Being closed loop, it can only be used at PVR Cinemas. While the app has been downloaded many times, given that the Z10 handsets — the only BB10 handset currently available — have just started coming into the market, PVR is yet to see this technology being used actively. However, Verma seems optimistic. He plans to extend the scope of this system to cover other kinds of transactions as well. Verma is looking at making this the core of a loyalty program for PVR customers, differentiating themselves from the competition. The difference he points out is that your mobile device becomes your loyalty card and no additional plastic is required. He expects much greater traction when the NFC wallet functionality is extended to other platforms starting with iOS, ushering in a new phase for mobility in the country. u Varun Haran varun.haran@ubm.com

april 2013 i n f o r m at i o n w e e k 37

Interview

â&#x20AC;&#x2DC;Mobility poised to play a significant role in healthcareâ&#x20AC;&#x2122;

An mHealth Evangelist, and Founder & CEO, HealthCursor Consulting Group Dr. Ruchi Dass, has been involved in specific healthcare IT, e-learning and ICT projects for the public/private sector in India. In an interview with Jasmine Kohli of InformationWeek, she discusses how mobile technology is propelling innovation in healthcare 38

informationweek april 2013

According to you, how is mobile phone penetration transforming healthcare landscape in India? While the government is building more and more hospitals, the gap between the patient-doctor ratio is huge. For the next 20 years, the infrastructure will not be able to match the growing population of India. Hence, the next step is to create a model where one hospital supplies its service to 10 -15 nearby villages through the use of technology. Technology facilitates remote patient monitoring, enables safe data collection and dissemination, while reducing service costs. To give a data point, every citizen in a rural area has to travel a distance of 20 kilometers to avail healthcare services. The need is to decrease the travel time, reduce the cost and make healthcare service more affordable and convenient. For this, the government started disseminating information and awareness through mobile phones. It also started educating rural citizens about the various free campaigns being conducted in their district. Also, today the mobile phones worth only ` 5,000-6,000 have smartphone capabilities. One can run apps that tell us if a person has got flu or not. This has empowered the rural population too. Please give an example of how technology is improving the quality of healthcare services in rural areas. I truly believe that the future of healthcare is tied to efficient use of technology in healthcare. For example, there are a host of companies that use technologies to maintain patient records and transfer those records to tertiary and secondary hospitals to help patients get best aid in their villages. Take the case of a rural person suffering from a heart ailment, which is non-curable without a surgical intervention. If the person is informed about the treat-

ment, the doctor and, the hospital or clinic can proceed with the treatment. This is possible provided he is diagnosed on time and a doctor is referred to him. There are a few companies that collect data of these patients through electronic records and refer the patient to the local physician, or center where the ailment can be provided. These services are on cloud and are available for the doctors who can review the data and can suggest the cure. Mobile technology is propelling innovation in healthcare. What is your perspective? Mobile technology is definitely creating innovations in healthcare and is poised to play a significant role in healthcare. Take the example of Doctor SMS, a service launched by the Kerala State government. The idea behind this service was to disseminate information regarding free polio drops and government campaigns. If a person needs a doctor, say for example a heart specialist, then one just needs to send a message to a particular designated number in a stipulated syntax, which is pin code, state, specialty, and where you live. The individual receives the SMS with all the government empaneled clinics or hospitals where the treatment is provided fee of cost or at a subsidized rate. The person also receives any information regarding government camps. Could you brief us about your mediphone initiative? If a person is at home and does not have access to the doctor, but wants a prescription say for a baby who is ailing and weeping the whole night, then he can avail the mediphone service. With this service, one can call 54444, and get connected to a panel of doctors. The panel will ask you questions, which comes from the 25 years of experience of this mediphone software. They will, for example ask, if the baby has

www.informationweek.in

headache, nausea, and yellowness. One can then provide further information and have the problem diagnosed. This decreases the doctor’s time to give a prescription. Also, often when one goes to a clinic, a doctor might miss a question due to human error. However, through mediphone service, this is eliminated and one gets proper advice and medication. After the problem has been diagnosed, one receives the SMS at the end of the call, which is the prescription and the same is also e-mailed to the patient. This is as good as a doctor’s prescription and then the patient could pass-on the SMS to the pharmacist and ask for a home delivery. This is very effective for lower middle class and for upper rural class as one gets a prescription for just ` 55, which would have otherwise cost no less than ` 250. Can you tell us about the challenges with portable devices and what hampers the uptake? Policy is the primary concern; at the policy level use of such devices, data handling, medical data analysis and portability is not yet defined. As the protocols are not defined, some of the portable devices create a lot of security threats, which could lead to mismanagement of data, and false reporting of data and treatment. Challenge for policy not being defined is the lack of evidence — people do experiments in silos and no one puts them into central records for the government to see what works or what fails. Thus, many innovations die out due to lack of visibility, funds, support and no business models. Secondly, if we connect a medical device to Bluetooth then the data that we receive is mostly noise. The effort to separate that noise from usable data is a challenging task, so somebody has to look into the framework of the infrastructure. Right from the policy level to statutory level, to standard protocol and operating procedures, the entire system is very complex. Hence, need for standardization is required. Also, doctor to patient ratio is another challenge. Doctor-patient ratio

varies significantly from area to area — in urban area it would be somewhere around 1:8 and in rural areas, it is very steep. Imagine a situation where a doctor transfers data from Glucometer to a Big Data center, but the doctor has no time to look at that data, then what will one do of that portable device? We need to create an education pool or hub from where this education can be pooled back to the patient when he sends the data. Please shed some light on the role of analytics in mHealthcare? Business Intelligence plays a crucial role in mHealthcare. For example, with BI we can determine the need for a certain product in a certain area, and also get to know which areas are averse to a certain product. Then we can plan our policies, programmes, campaigns and bring the reconfiguration to the process. To give a data point, Narayana Hrudayalaya Institute of Cardiac Sciences in Bangalore uses some of the advanced analytical tools on daily basis to analyze which department performed well in terms of margins, and which department had more influx of patients, and there is a gain and return policy in place. For example, if you want to make 25 percent margin on your daily services and you have achieved that, then whatever you earn you try and subsidize the cost of treatment so that more number of people can afford it. Narayana Hrudayalaya Institute of Cardiac Sciences does this on a daily basis, thus providing services at an affordable price. Also, pharmaceutical companies use a pill reminder service, which provides complete details about patient data — which disease the patient is suffering from, which doctor treated him, which drug was he prescribed and in which area. Then with a histogram mapping of the whole country, it helps them know which company’s drugs do well in which part of the country. It helps pharmaceutical companies understand the whole supply chain management.

I truly believe that the future of healthcare is tied to efficient use of technology in healthcare

u Jasmine Kohli jasmine.kohli@ubm.com

april 2013 i n f o r m at i o n w e e k 39

Interview

How Wikipedia plans to use mobile phones for empowering knowledge seekers One of the world’s largest sources of information on the Internet, Wikipedia, has pioneered a unique initiative called Wikipedia Zero to deliver Wikipedia for free to mobile users in developing countries. InformationWeek’s Srikanth RP, spoke to Kul Takanao Wadhwa, the Head of Mobile for the Wikimedia Foundation, to understand the impact that Wikipedia Zero can have on a society that is thirsty for knowledge

hile mobile phones have transformed the way people access the Internet, a significant proportion of the population in developing countries is still outside the ambit as they are not able to afford data charges. This is a strange paradox in an emerging world where cellphones have become cheaper. So, while the device to access the Internet has become cheaper, the cost of accessing information is still not considered affordable. Wikimedia Foundation, the non-profit organization that operates Wikipedia, has pioneered a unique initiative called Wikipedia Zero. In this initiative, Wikipedia partners with mobile operators to give their mobile users free of charge access to Wikipedia — undoubtedly one of the world’s largest sources of information containing more than 25 million volunteer-authored articles in over 285 languages. InformationWeek’s Srikanth RP, spoke to Kul Takanao Wadhwa, the Head of Mobile for the Wikimedia Foundation, to understand the impact that Wikipedia Zero can have on a society that is thirsty for knowledge. While India has been one of Wikipedia’s highest priority regions, Wadhwa

informationweek april 2013

says that India is one of the toughest markets because getting mobile operators in the country to commit to its initiative has not been easy. Some edited excerpts: What is the current challenge for information access for people in the developing world, and how do you think an initiative like Wikipedia Zero can help? Barriers are the biggest challenge to accessing information for people in the developing world, which we divide into two main categories: cost and delivery. Our Wikipedia Zero initiative primarily focuses on the former by eliminating the cost barrier so people are not denied access because they cannot afford data. In some cases, the cost is extremely high because it could be over 10 percent of someone’s monthly income. We are also tackling the delivery issue by making free knowledge available in the way people can receive it and use it. That means making Wikipedia accessible on any mobile device, even those that aren’t data enabled, and making sure that the content is more readily available in local languages.

Can you give us a status update on the Wikipedia Zero partnerships with mobile operators? Have any Indian telecom operators pledged support? We have currently signed on four global partners that give us access to over 400 million mobile subscribers. And with those partners we have currently launched with their affiliates in 12 countries, with many more to go. At the moment, we have not launched with any Indian telecom operators but we are currently in discussions with a couple of them. We hope to get our first commitment soon. You have also announced that you will be delivering Wikipedia via text? Can you give us more details on this initiative? In many developing countries, mobile data usage is still much lower than in the developed world. There are a variety of reasons for this including lower smartphone penetration and poor network infrastructure. However, even people with smartphones do not use data because it is either too expensive or the value of the service is still not there or misunderstood. Furthermore, most people, even if they have a data enabled phone are still

www.informationweek.in

accustomed to receiving information via text message. Statistics show that in many developing countries more than 80 percent of people with mobile phones still do not use data, regardless of whether their device supports it or not. Therefore, to reach the majority of people, we need to have a text-based solution. In regards to how the article will be delivered, this will start as a USSD/SMS hybrid product. In the USSD session, through numbered prompts, the user will drill down into the Wikipedia subject to get her/his desired article section, which is sent via SMS. At the moment we plan to concatenate three SMS messages at a time (that means each reply will include three SMSes together) so we can deliver a larger part of the Wikipedia article at once. Just so you now, it’s not a finished product. We are making some initial usability assumptions about what appears to work for most users across the widest range of mobile phones. We will refine and improve the process over time. We also plan to develop SMS only solution as well. What do you envisage will be the long term impact of initiatives like Wikipedia Zero on society? The betterment of society starts with an educated populace and Wikipedia Zero is only a starting point for that. Getting more people, and hopefully everyone, to access free knowledge has the potential to empower individuals from all parts of the society. We are still in a world of haves versus have nots (and in some ways this division is getting worse). So this helps to level the playing field where access to information isn’t what’s separating one person’s potential from another’s. At the very least, I hope it starts a dialogue about what other initiatives like this are needed to improve the society as a whole. While information access is the primary goal, what kind of sectors do you believe can be transformed using such initiatives? For example, apart from education,

do you believe this concept can be used by governments or the private sector to disseminate information on specific sectors like say, healthcare? Absolutely. I believe many information services in education, healthcare, disaster relief, etc., should be made easily accessible and freely available. We should identify core services that fundamentally improve and stabilize our entire society, and can be considered to be just as important as having access to food, utilities and other basic needs. Any specific plans for India — considering the fact that India is one of the fastest growing telecom markets? India has been one of our highest priority regions and we’re spending a lot of our efforts trying to launch with one or more partners in the country. However, it’s probably been our toughest market because getting mobile operators in the country to commit to our program hasn’t been easy. We obviously would like everyone on the planet to have access to free knowledge and that includes every single person in India. This is especially important to me on a very personal level because my father is from India and education is the primary reason he was able to get out of poverty and become successful. As a result of his efforts, I’m in the position I am now, to be able to do the work I’m doing. Right now people in Malaysia, Saudi Arabia, Uganda, and many other countries have access to free knowledge on mobile and I do not want Indians to be left out. Just a couple of months ago, a group of high school students in South Africa successfully lobbied their mobile operator for free access to Wikipedia, which I mentioned in a recent blog post (http://kng.ht/XtOvwQ). Nothing is more powerful than grassroots efforts like this and hopefully Indians will demand free access from their mobile providers as well. When it comes from the people then it’s no longer a program, it’s a movement, and that’s when things really change for the better.

Wikipedia Zero initiative primarily focuses on eliminating the cost barrier so that people are not denied access because they cannot afford data

u Srikanth RP srikanth.rp@ubm.com

april 2013 i n f o r m at i o n w e e k 41

Interview

Mumbaikars can use free Android App to book autorickshaw in real time by June Please tell us about appycab? It is a first of its kind application, which can help commuters hire an auto nearest to their current location. This application today works on Android smartphones; we will soon launch an iOS and a universal app. The application shows you four autos in real time on your mobile screen within 2 kms of your current location. You can even hire an auto by selecting any other location in Gurgaon. We expect to roll out the appycab app in Delhi and Mumbai by June. What led you to develop this app? Two years back, my Executive MBA class in Gurgaon went on till very late. I was wondering if I would get an auto/ bus ride back home. Fortunately, one of my friends had the phone number of an auto driver whose services he availed every day, and he simply called the autorickshaw for me. Eureka! An idea struck my mind and the very next minute, I called up my business partner Pawan and shared this experience with him. It was then we both decided to do something about this problem faced by many people.

We thought that technology could easily help us overcome this issue, and together we came up with the idea for this app. There are no other apps that I am aware of, which can help you hire autos off the road in real time. Please explain with an example how can the commuters connect with the auto drivers? So let’s say you are at your home in DLF Phase-I and you want to go to Sector 14. You pick up your smartphone, click on the ‘appycab’ icon and you are presented with four autos that are within one kilometer radius of your house. You simply click to call the auto driver to pick you up at your house. It’s that simple. How comfortable are the auto drivers with this app? Could you share some experience with the commuters and auto drivers? The app is easy to use and today we have 100-plus autos and 500-plus users of the application in Gurgaon. Some of the commuters have commended us on this initiative,

The hugely popular app is being used by more than 500 users in Gurgaon, and is set to be launched in Mumbai by June this year. Vishal Sharma, Founder & Evangelist, appycab, tells us the idea behind launching this app

informationweek april 2013

with many users congratulating us on the innovative concept. Please tell us about Pink Auto? By when can we expect them to be on Gurgaon roads? Pink Autos are already on Gurgaon roads and will be on appycab, post Holi. We are working with the local administration to introduce all the Pink Autos (women only) through ‘appycab’. With this unique service, women would be able to hire whenever and wherever they need a Pink Auto. I think, it is critical to focus on the need of ensuring security and convenience for women commuters. In these unsure times, it is important that the state administration and entrepreneurs come together to work towards a more women friendly city. u Jasmine Kohli jasmine.kohli@ubm.com

www.informationweek.in

Opinion

Is your smartphone watching your every move?

ou will be surprised to find out that your own smart device is watching you more than you had ever thought. Worse, the apps on them are actually selling your personal information to the highest bidder. Still worse, if you are part of the BYOD program at your organization, your company data may be under corporate espionage — watch out enterprises! Let’s look at what can be done to prevent such privacy intrusion issues and what does the law say. Over 45 percent of American adults have a smartphone. As of December 2012, smartphone users now outnumber traditional mobile phone users. A 2012 study found that 62 percent of smartphone users do not password protect their phone and that one-third of all identity theft happens among smartphone users (33 percent). Not just identity theft but a lot of data gets stolen and shared/sold from their smartphone and tablets. It is pretty safe to assume that in today’s mobile technology world, anything you do on your smartphone and any information you store is at risk of being stolen or sniffed or snooped on if you don’t take proper precautions. Service providers (like Airtel, Vodafone, Reliance, etc.) collect all sorts of data for various reasons including data retention act, government laws, for their own investigations, and for analytics and their own benefits. Some of the info they collect is: phone numbers you call and receive calls from, and the duration of the call; phone numbers you send texts to and receive texts from; your location; and how often you check your e-mail or access the Internet via your smartphone. In addition to the data collected by your service provider, you need

informationweek april 2013

to be aware of some of the other information that people are trying to snoop, sniff and collect while constantly intruding into your privacy. Some of the data that is taken/shared/ collected includes: l Contacts, call log, text messages, e-mails including content l Any photos and videos you take on your phone and sometimes GeoTag the same l Login information including passwords l Your tasks and calendar entries l All your financial data that you might have saved on your smart device l Your location, age, gender and other such personal info l If you are using this device in the enterprise, all the companyrelated information that you might have stored on the device.

Who needs your data?

A lot of people are interested in the data you store on your smart device. Criminals, advertisers, government and those involved in corporate espionage to name a few are interested in many of the details mentioned above and for different reasons. Cyber criminals are interested in that data as they want to steal your money; commit identity theft; or use the personal info to harass you or even stalk you. They might do so by gaining access to your phone if it is lost or stolen or via spreading malware, which basically finds a way to enter and reside on your phone and after that it works for that cyber criminal providing all the critical information to him, even though the phone is in use with you. They also snoop via public Wi-Fi networks when you connect to them at airports or cafes. Many use GeoTagging (a process

wherein smart devices use their built-in GPS capability to embed your exact location into the file of photos you take using the smartphone’s camera) to find out where you are and base criminal activities or stalking based on that. The website ‘I Can Stalk You’ demonstrates the dangers of GeoTagging by showing the location of people who took photos and posted them to Twitter. Advertisers pretty much need a lot of similar info for a totally different reason but in the end basically to steal your money legally. They will not snoop this information via malware or public Wi-Fi but they have their own ways. The more information they collect about you, the better for them to sell the type of product and services you are most likely to buy. Today, they mainly use “apps” that are installed on the device to collect such info. Basically advertisers pay app developers to embed their code into the app. This code not only makes the ad appear when you use the app, but also collects a lot of data from the smart device and transmits back to the advertiser or to the ad network. Many a times such information is sold to the highest bidder. These ad networks then show ads that contain content based on the data collected such way. WSJ investigated 101 apps (in Dec 2010) and found that 56 apps shared phone’s unique ID, 47 shared location and 5 shared user’s age, gender and other personal details. Of course, government also snoops into your phones collecting a lot of info, which will be very valuable to investigating and law enforcement officers. This data can be used against the user in a court of law. Also belonging to the same class are the corporate espionage spies who snoop into your smart devices and get a lot of confidential

www.informationweek.in

information of your company, like blueprints, clients info, or patented info and sell it to your competitors for quite a huge sum. Another major “info collector” is your enterprise. In the name of security, enterprises install a profile or a client on your device so that they can enable the BYOD policy. Since they put a client on your device, which constantly talks to a server in the enterprise, the enterprise can pretty much know everything about you. No wonder 75 percent of surveyed employees said they hated their employer putting a client on their device and more than 85 percent were apprehensive of employers trying to know much more about employees than they should.

Privacy Issues

People today are spending more time using their smart devices and the apps that run on them than browsing the mobile web. There are thousands of apps (infact close to a billion in both iOS app store and Android play store) available for your smartphone and anyone can create an app today. The market place is filled with numerous free to very low-priced choices and an app can collect all sorts of info and pass on to the app-maker and/ or advertisers.This info can then be shared and sold. Apps can also be infected with malware. Even an app as seemingly harmless as a flashlight can be collecting your contacts and your location. Researches led by Hong and Computer Science Professor Norman Sadeh, who analyzed the top 100 Android mobile apps of the past year, found most users were surprised to find the Pandora radio app accessing their contact lists, Brightest Flashlight sharing their device ID, and Horoscope using their location information. A study by the mobile security company Lookout in July 2012 found that some ads from advertising networks may change the smartphone settings and take contact information without your permission. Their research showed 19,200 apps used such malicious ad networks out of 384,000

analyzed. A number of apps get a lot of information from your smartphone even though they don’t need all of it. Wall Street Journal’s “What they know” series talked about how most applications don’t need your location but still track it. A case in point, Angry Birds shared sensitive user information with eight entities — four companies that target mobile ads, two mobile ad networks, an app analytics site, and an ad optimization and rewards company.

How can you safeguard your info and privacy? l

First and foremost, enable a strong passcode. Over 62 percent of smartphone users do not use password to protect their phone. Don’t be part of that 62 percent. Be very cautious in connecting to a public Wi-Fi. “Free Starbucks Wi-Fi” is not from Starbucks. Disable photo GeoTagging on your phone. If you do, don’t share that photo on social networking sites. Before downloading any app, do a little research on the apps and if possible on their privacy policies. I am guessing very soon there will be privacy ratings on these apps based on which one can make decisions. When you download and install an app, if it asks for access to any data, which you feel is not required for its normal functioning, may be you need to uninstall the app. On Android, the install screen will give the details about what data it will access. On iPhone & iPad, apps don’t have an install screen, but one can see what apps want to access your location by going to Settings > General > Location Services. Install security software on your smart device such as anti-virus, anti-spyware, anti-malware available from many vendors today. If you are part of the BYOD program at work, request your employer (IT) whether they can implement security solutions without installing a client or a

profile on your device and without altering the behavior and apps. l Understand the capability of how to remote wipe-out your device in case you happen to lose it.

Laws

Very recently, the attorney general of California released guidelines on mobile privacy for mobile-based applications to assist app developers, OS developers, mobile carriers and others in managing user privacy. Other than California guidelines (not a law yet) unfortunately, laws have not kept pace with changing technology. The first iPhone was released in 2007, and since then there has been an explosion of mobile devices, apps and technology. There are lot of older laws, which mainly pertained to computers and electronic era; whether they apply to mobile era is something that needs to be checked. Some of the existing laws, which might be applied to privacy issues with respect to mobile devices are Electronic Communications Privacy Act (ECPA), The Computer Fraud and Abuse Act, Children’s Online Privacy Protection Act (COPPA), and various such rules, which were drafted mainly for the then computer era and need modifications to cover new mobile technologies. This article originally appeared in i7 Network’s blog.

u Manjunath M Gowda is the CEO of i7 Networks

april 2013 i n f o r m at i o n w e e k 45

Feature

4 steps to build a BYOD business case Use these strategies to gather the support you’ll need for a successful bringyour-own-device program By Michele Pelino

he rise of the anytime, anywhere information workplace is in full swing. Results from Forrester’s Q2 2012 Forrsights Workforce Employee Survey show that more than two-thirds of North American and European information workers (i.e., workers who use a computer for work an hour or more per day) personally choose the smartphones or tablets they use for work, and 46 percent of information workers personally choose work laptops that are not on the company-approved device list. To address this increasingly complex mobile device landscape, more than half of companies Forrester surveyed across these regions are deploying bring-your-own-device (BYOD) programs to support devices including smartphones, tablets, laptops or desktops.

informationweek april 2013

Successfully planning for and implementing a BYOD program is no small task. Identifying the comprehensive impacts of a BYOD program requires infrastructure and operations (I&O) executives to get input from line-of-business decision-makers, create a shared vision for BYOD program support throughout the organization, and develop a compelling business case for expanding support in the future. In recent research, Forrester offers the following guidance for developing a business case to justify a BYOD program to support your workforce computing strategy.

Build Relationships Outside IT

At the heart of any successful BYOD program you’ll find cross-functional collaboration across

many IT and business groups in the organization. The I&O team should take the lead in BYOD program development. However, it is important for I&O executives to collaborate with security and governance, sourcing and vendor management, application development, and enterprise architecture professionals to determine the correct strategy and tool set. It’s also critical to include line-of-business executives, as well as human resources, legal and finance professionals, to develop corporate BYOD program policies and procedures.

Create A Shared, Multi-Year Vision

Proactively working with decision-makers and executives to identify the potential ROI and impacts on corporate

www.informationweek.in

business processes enables the I&O team to create a consistent, shared vision of the overall goals and desired outcomes of implementing a BYOD program. What’s more, a shared vision of the crossorganizational effects of the BYOD program ensures that line-of-business decision-makers and stakeholders understand what investments they must make to support the program. Forrester maintains that this comprehensive BYOD vision should identify four key elements: l What the company’s overall goals are; l When the BYOD program will impact various business units; l Which business processes must be modified; and l How long it will take to achieve the agreed-upon BYOD program benefits.

Develop A Compelling Business Justification

Your BYOD business case must include insight into the financial investments, personnel requirements and other resources necessary to deploy and maintain the program. Key cost categories include:

Network infrastructure costs and wireless service investments. Each new device represents a potential new connection to your network, which can significantly impact the company’s wireless guest access strategy. Key infrastructure costs include servers, network infrastructure and licensing fees. Mobile device hardware and mobile device management solutions and subscriptions. I&O pros must determine which mobile devices and platforms they will support in their BYOD program, whether the firm will provide a stipend, and what level of access they will provide to corporate applications and data. Investments in mobile device management and security solutions may also be required to address the expanded variety of mobile devices supported in

the BYOD program. Applications, software and security investments. Anticipate additional application management and security costs, including client access licenses (CALs), which may be required for employees to access corporate software (e.g., Microsoft Office) and mobile applications. Investing in a mobile application management solution or a mobile middleware platform may be necessary, so don’t overlook

Improved line-of-business process efficiencies. BYOD programs enable employees to spend more time completing their daily activities and provide a more flexible work environment that lets employees shift the time and place where work is completed. Each line-of-business benefit is aligned with specific tasks or business processes that workers in particular roles (e.g., sales, field service, customer service, marketing) complete as part of their routine

It’s important for I&O executives to collaborate with security and governance, vendor management, app development, and enterprise architecture professionals to determine the correct BYOD strategy maintenance fees associated with these solutions. It is even more important to identify and capture a comprehensive set of expected benefits from deploying BYOD programs. Key benefits to evaluate include: Enhanced productivity. The leading benefit firms achieve with a BYOD program is increased worker productivity. Productivity efficiencies occur when employees use mobile devices to communicate and collaborate more frequently, from any location, at any time, using any device. The size of your worker productivity gain depends on how willing employees are to use their personal devices for work, as well as on the breadth and depth of adoption of the BYOD program throughout the firm. Increased revenue. Providing sales representatives with access to mobile contacts, directories and sales-order applications on their personally owned devices means they have more time to spend with customers. Thus, each sales rep can manage more accounts, which increases the amount of potential revenue per sales rep.

activities. Examples include: improved ability to manage and distribute field service personnel, expanded productivity time outside the office for repair technicians who can access critical information and repair orders through their mobile devices, and reduced time to complete processes that historically were paper-intensive.

Anticipate And Factor BYOD Participation Into ROI Calculations

It takes a new mindset and some time for employees to become comfortable with a BYOD program. I&O execs must ensure that the adoption curve takes into consideration the types of roles within the organization (e.g., senior executives, marketing, field service, customer service, etc.) who will participate in the BYOD program, as well as the rate of adoption among each of these roles. If employees are confused about the program parameters and availability, or feel that the management and security overhead is too intrusive, there will be negative impacts on adoption timelines and ROI results.

Source: InformationWeek USA

april 2013 i n f o r m at i o n w e e k 47

Feature

Does mobile antivirus software really protect smartphones? Bad news: Many mobile antivirus apps are useless. Here’s what mobile device management and mobile application management experts say you should focus on instead By Michael Endler

ven a cursory glance at recent technology headlines reveals no shortage of malware threats, with the mobile space — and especially the Android OS — drawing particular attention. BYOD policies have positioned these risks as significant enterprise concerns. Much has been written about mobile device management (MDM) and mobile application management (MAM) tools, and how these products can insulate businesses against data theft. Even so, because MAM/MDM is a nascent industry, it’s natural to wonder whether antivirus is a crucial part of the puzzle, and whether standalone antivirus tools provide legitimate

informationweek april 2013

protection. Recent tests conducted by AV-Comparatives, AV-TEST, and PC Security Labs found that many products failed to protect against malicious programs, but a few standouts achieved virtually perfect detection rates. Case closed? Not exactly. Savid Technologies CEO Mike Davis said in an interview that many mobile antivirus applications are mired in signature-based tracking, the antiquated method PC vendors used a decade ago, rather than behavioral analysis, a more modern approach that looks at the actions a program attempts to execute, not predefined identifiers in the code. Mobile antivirus products that rely on

signatures can be adept at spotting known threats — but if a device downloads a new virus, the security breach might go undetected until damage is already done. Davis said vendors are not necessarily to blame because mobile operating systems aren’t designed to accommodate behavior-based malware tracking. “There is no root administrative user,” he stated, “so the AV doesn’t have the full control” it needs for such analysis to occur. Gartner Research VP Peter Firstbrook cautioned in an interview that even if behavior-based, or heuristic, scans were ubiquitous on smartphones and tablets, such methods “haven’t stemmed the tide” of viruses on PCs and thus wouldn’t

www.informationweek.in

render mobile devices unassailable. Behavioral analysis often falters, he said, because “the behavior of a bad application or a good application is a matter of opinion,” meaning that a program might be useful when it executes its intended function but malicious if it starts exporting information to an unauthorized third party. To illustrate, he mentioned instant message programs that use keystroke monitors to let users know when their chat counterparts are typing. Such programs exemplify “legitimate APIs and system calls” that can go awry, he explained. Because of this difficulty, Firstbrook said the selection of a mobile operating system outranks security software when it comes to fending off malware. He said iOS is safer than Android, for example, because “somebody approves every app that it runs,” turning the platform into “essentially a closed system” that is more difficult for hackers to penetrate. He asserted the key iOS security challenges for enterprises involve password protection, encryption, remote wiping, and other MDM/ MAM concerns, as stolen data results primarily from lost devices, not viruses. For Android-based devices, Firstbrook stated that the situation is somewhat different because more users procure apps from illegitimate markets. Indeed, a recent Arxan study found that nearly every popular app on Android has been hacked, illustrating how crucial it is that users use sanctioned sources such as Google Play. The study also found most iOS apps have been hacked, but this fact is somewhat mitigated because iPhone and iPad users are less prone to unofficial markets. Even the legitimate app markets might not be sufficient, however, according to Jon Clay, Senior Manager of core technology marketing for security vendor Trend Micro. He stated in an interview that criminals rely primarily on third-party app stores to propagate their schemes but that “quite a few malicious apps” have still infiltrated Google Play. He noted that Google Bouncer is a good step for the

Android ecosystem but that it hasn’t expurgated threats entirely.

Mobile Antivirus Has A Place Notwithstanding platform differences and root access restrictions, Clay stated that mobile antivirus programs have a place: “If you cannot detect malicious software, there’s potential for abuse or attack,” he said. Still, enterprises need more than partial solutions. Aside from shifting their attention to MDM/MAM proper, how do security vendors cope? Backend approaches, which are distinct from an app’s on-device processes, are a popular option. Sean Sullivan, a security advisor with F-Secure Labs, said in an e-mail that his company’s products apply limited “heuristics on the client side” but that “full-fledged” behavioral analysis, though something his team would “really love,” would require companies “to root/jailbreak the [device].” As a result, F-Secure uses emulation and automation on the back end to analyze potential new threats. A similar approach is to assess the reputation of app sources, a tactic that Trend Micro — among other companies, such as Symantec--has developed. This technique — which Clay characterized as “dynamic,” with heuristic-like qualities — can consider not only an app’s maliciousness but also its effects on battery life, bandwidth, and other variables. He said his team seeks to collaborate with app vendors by giving them access to reputation-based data and by vetting every app, an approach that he said allows companies to avoid “burdening the end user.” It also provides a potential safety net for exploits that developers inadvertently leave open, applications developed in-house, and apps that were initially released in legitimate form only to be republished “in malicious form.” Tim Wyatt, Lead Security Engineer for Lookout, similarly advocated an approach that does “most of the heavy lifting on the backend.” In an interview, he stated that Lookout has built a mobile threat network of over

25 million registered devices that, according to the company’s website, is “constantly analyzing threat data worldwide to identify and proactively block new mobile threats as soon as they emerge. He asserted that the “benefits from discovering telemetry of other users in our network are much bigger than [mere] detection.” In short, many antivirus apps provide little protection but some security vendors manage to buck the trend, mostly by compensating for the root access limitation. Nevertheless, Wyatt asserted that there are “no one-size-fits-all solutions” and that businesses must adopt comprehensive strategies that fit their needs. When it comes to such strategies, Mike Davis endorsed MDM/MAM tech that blacklists malicious programs and otherwise manages what can be installed on workplace devices. He said the long-term solution, however, involves separating work data from personal data — a capability that vendors such as RIM, with BlackBerry Balance, and AT&T, with Toggle, have begun to offer. Nonetheless, MDM and MAM products might not complete the equation either. Davis also said workers need training. The best way to avoid problems is to not install questionable applications, he remarked, but some users knowingly download dangerous apps from unofficial marketplaces because they mistakenly believe benefits justify the risk. Cisco representatives have similarly looked outside applicationbased protection, arguing that security measures be implemented into networks themselves. Jack Danahy, director of IBM’s Institute for Advanced Security, meanwhile, suggests a more low-tech consideration: that security might be simpler if users confine themselves to the apps they actually need for productivity, rather than trying to include — and protect — every function imaginable. Source: InformationWeek USA

april 2013 i n f o r m at i o n w e e k 49

Case Study

BSE slashes operational costs by adopting Linux Asia’s oldest stock exchange has saved huge costs by deploying SUSE Linux for powering a majority of its applications By Srikanth RP

or an institution that is Asia’s oldest stock exchange, technology plays a pivotal role. With more than 30 million trades being executed on a monthly basis, and transactions running into billions — at no moment, can the BSE afford any performance issues related to its IT infrastructure. “We need our IT infrastructure to be extremely dynamic in nature. Almost every day, there are requests for enhancements in existing IT applications. This is extremely challenging, as every change has to be done or released by keeping in mind the impact on integrated IT systems,” says Kersi Tavadia, CIO, BSE. In an always-on environment, there was no room for any complacency, as the team had to ensure that every change made was accurate. To improve performance and simplify management, the firm was considering deployment of Linux in its infrastructure. The exchange also wanted to standardize on Linux distribution, and leverage virtualization as a way of reducing hardware and operational costs.

Key Benefits BSE has been able to consolidate 24 servers into 7 virtual host servers

It has reduced 50 percent of its cost involved in maintaining and deploying its IT infrastructure l It has been able to save 17 subscriptions of SUSE Linux Enterprise Server l

informationweek april 2013

Accordingly, the BSE decided to deploy SUSE Linux Enterprise Servers. By leveraging Xen virtualization in SUSE Linux Enterprise Server combined with Virtual Machine Driver Pack, the BSE was able to reduce its hardware infrastructure and operational costs. By leveraging the in-built Xen virtualization technology of SUSE Linux Enterprise Server, BSE has been able to consolidate 24 servers into 7 virtual host servers. This has resulted into savings on 17 servers and 7 virtualization licenses. By leveraging SUSE Linux Enterprise server’s unlimited virtualization policy, BSE has also been able to save 17 subscriptions of SUSE Linux Enterprise Server. BSE was also able to virtualize both SUSE and Windows using Xen. BSE was already using SUSE in its data warehousing solution and by choosing SUSE for its OS and virtualization requirements, it was able to standardize on a single Linux distribution. By providing a stable, virus-resistant platform for BSE’s core business systems, the deployment of Linux has offered BSE better availability and reliability as compared to what it was using previously for business. Satisfied by the performance of the applications on an open source platform, BSE has started deploying some of the core applications on SUSE Linux. “Applications like ERP, EMS, database, corporate e-mail, ECM, LAMP, FTP, etc., are deployed on SUSE Linux Enterprise Server in a mix of physical and virtual servers,” states Kersi. With the deployment of SUSE Linux, BSE has ensured a virus-free environment. In addition to better stability, BSE estimates that it has

“Today, we have deployed core apps like ERP, EMS, database, corporate e-mail, ECM, and LAMP on SUSE Linux Enterprise Server in a mix of physical and virtual servers”

Kersi Tavadia CIO, BSE

reduced 50 percent of its cost involved in maintaining and deploying its IT infrastructure. Boosted by the benefits gained by deploying open source, BSE is now thinking of leveraging the benefits of an open source Office Productivity Suite. Kersi is also optimistic on the overall benefits of open source. He says, “With constant updates available and the promise of an enthusiastic community, our tryst with open source has been pleasant.” u Srikanth RP srikanth.rp@ubm.com

www.informationweek.in

Interview

BM’s dominance in filing patents is well known and recorded. For the record, IBM has led in patents granted by the US Patent and Trademark Office for the past 20 consecutive years. Last year, it received more than 6,000 US patents said to be the largest number granted to any applicant. While clients always had the opportunity to work directly with members of IBM’s team of 250,000 scientists, researchers, engineers, developers and technologists, a personalized R&D service is a first. IBM recently took a giant step in this direction by launching the IBM Customer Experience Lab. The most unique aspect of this initiative is the fact that IBM scientists and business consultants will co-create with clients to deliver systems that learn and personalize the experiences of each individual customer, identify patterns, preferences and create context from Big Data, and drive economics. ‘Personalize’ is the keyword here. InformationWeek’s Srikanth RP spoke to Jeby Cherian, Vice President and Managing Partner, Global

Business Services, IBM India & South Asia, who shared with us the origin and objective behind launching this lab, and the advantages for customers in the converged world of social, cloud and mobile. Some edited excerpts: In your view, what is the biggest challenge for CXOs today? To stay ahead of the pack, C-Suite leaders know that they must reinvent their business. CEOs are experts at transforming their company through product innovation — but now a new model for innovation is emerging. As the proliferation of mobile and smart devices continues to change the way people consume, disseminate and share information, business leaders are recognizing that the data generated from these applications can help them transform their organizations and how they interact with their customers. CEOs and C-Suite leaders are reassessing how to serve their customers not as a mass audience, but as individuals with personalized needs. In a recent IBM study of 1,700 CEOs, nearly three-

quarters of CEOs believe technology will be the biggest external force impacting their organizations over the next three years. Recognizing this shift in the business landscape, we are focused on helping clients reshape their front office — the business functions and processes, such as sales, marketing and customer service that connect, transact and engage with customers. How will the new Customer Experience lab help C-Suite leaders? In the new age of Big Data and analytics, organizations are reassessing how to move from addressing mass audiences to personalized relationships. Blending technical innovation with business consulting, the lab will address priorities of C-Suite leaders in the era of Big Data. The Lab will provide CEOs, CMOs, CFOs, and other C-Suite executive direct access to hundreds of dedicated researchers, supported by thousands of domain experts and the deep cross-industry

IBM offers R&D as a service by launching Customer Experience Lab Big Blue will provide C-suite executives direct access to a virtual team of 100 researchers, supported by industry and domain expertise of thousands of IBM business consultants. Jeby Cherian, VP and Managing Partner, Global Business Services, IBM India & South Asia, shares with us the origin and objective behind launching this lab april 2013 i n f o r m at i o n w e e k 51

Interview expertise of IBM’s business consultants, to help deliver more compelling systems of engagement. This will enable C-suite leaders to address the opportunities of the digital front office. This is vital as front office transformation of sales, marketing or customer service functions will be the most important wave of business change since the advent of Enterprise Resource Planning in the 1990s. Why is this lab unique? The lab is unique for a number of reasons. First, social, mobile, analytics, cloud, and digital technologies are rapidly converging. Against this context, we are uniquely positioned to help clients apply innovation in these areas for competitive innovation. Second, the lab is providing clients direct access to IBM’s world-class researchers, and at an unprecedented scale. These researchers — with vast experience in innovation ranging from Watson, social business, smarter commerce, to mobile business, cloud, and more — will be thoroughly immersed in providing solutions. Third, the lab is capitalizing on a process, virtually unique to IBM, called Innovation Discovery, in which IBM researchers, business consultants, and the client, through extensive interaction and discussion, co-create solutions. The result will be something unprecedented in the consulting industry: a rich, highly innovative blend of deep research and practical business insight, yielding targeted, powerful solutions. This mixture of focus, access, and cooperation makes the lab a nonpareil. This unique lab provides IBM and its clients with an innovation process, assets, and platform where leaders will have the exclusive ability to work directly with IBM experts on analyzing key business challenges and jointly creating solutions that embed and integrate mobile, social analytics, and cloud technologies. What types of business innovations will be developed at the lab? The lab will focus on co-creating

informationweek april 2013

innovations for the C-Suite in three major areas: customer insight, customer engagement and employee engagement. We will apply advanced capabilities such as machine learning and visual analytics to predict differences in individual customer behavior across multiple channels. We will understand and use deep customer engagement techniques to drive insights and continuously deliver value by personalizing engagement, versus transactional experiences. For employee engagement, we will look at embedding semantic, collaborative, and multimedia technologies to foster employee engagement and insight – in person and online. What kind of solutions will be created at this lab? The potential is unlimited and only constrained by imagination. It isn’t possible to predict all the kinds of solutions that will be created, as they’ll depend to a large extent on the needs of our clients, and in a rapidly evolving market like front office, these needs could change dramatically in even a short time. IBM Research is developing technology assets and capabilities that can help deliver front office capabilities as a service from a cloud, design novel products to match customer preferences, and leverage math and psychological theories of personality to improve marketing effectiveness. The lab brings together skills across disciplines, including service science, industries research, mathematics and business optimization, social, mobile, smarter commerce, data mining, cloud computing, security and privacy, cognitive computing and systems management. Where will the lab be located? The IBM Customer Experience Lab will be headquartered at the Thomas J. Watson Research Center in Yorktown Heights, N.Y., supported by researchers at IBM’s 12 global labs including India, Africa, Brazil, California, China, Israel, Japan, Switzerland, and Texas.

As the proliferation of mobile and smart devices continues to change the way people consume, disseminate and share information, business leaders are recognizing that the data generated from these applications can help them transform their organizations and how they interact with their customers

u Srikanth RP srikanth.rp@ubm.com

www.informationweek.in

Interview

How InMobi tamed the Big Data elephant

t InMobi, data processing, analysis and visualization of data happens at a scale that is extremely complex and challenging. Its network reaches more than 580 million customers in over 165 countries, through more than 100 billion monthly ad impressions. The firm receives close to 4 billion events per day and each event contains close to 200 primary dimensions along which data can be aggregated. In a detailed discussion with Srikanth RP from InformationWeek, Gaurav Agarwal, who leads the Data Analytics system at InMobi, shares his perspective on how his firm handles this massive scale of analysis of data, and the lessons learnt from building the analytics system. Please give us a brief overview of your firm and the importance of analyzing data? InMobi is the largest independent mobile ad network and a global leader in the mobile technology space. Today, the worldâ&#x20AC;&#x2122;s largest brands, agencies, developers, and publishers are creating immediate business value by using our platforms to deliver highly compelling value propositions to the target consumer. Our network reaches more than 580 million customers in over 165 countries, through more than 100 billion monthly ad impressions. The use of data analytics in our business is pervasive. We extensively use data analytics to continuously monitor business health, analyze market trends, explore new business opportunities, spot and resolve inefficiencies and business bottlenecks, and optimize campaigns and inventory performance. We also use programmatic data analysis to detect fraudulent activities, perform inventory forecasting, and create prediction and optimization models. All of these areas are extremely important for the smooth functioning

of our network. With such wide usage of analytics, it has become critical for us to keep investing and innovating in this space to create solutions that can handle our complex needs. Please describe the scale of data being handled and the complexity? InMobi has multiple sources of generating data, but most of the complexity arises from handling data from the core Ad Network business. During the life cycle of serving an ad creative, we capture many different types of events, the prominent ones being Ad Request and Ad Impression events, User Click events, User Ad Interaction events, Conversion/ Acquisition events, and Monetization events. Diving a little bit into the scale of things â&#x20AC;&#x201D; we receive close to 4 billion events per day, totaling to about 4 terabytes in space. These events are composed of different but interrelated streams and arrive on different servers with a shift in time-phase (a few days in some cases). The events corresponding to a common originating request need to be brought together for performing a complete analysis on an event trail, and the process of stitching these events together at this scale presents some very interesting challenges. Each of these events contain close to 200 primary dimensions along which data could be aggregated, more than 100 measures, and more than 300 derived (or metadata) dimensions. This is a lot of data to handle by any traditional data management systems. But, it is not just the size or number of records that is creating the complexities; the richness in the dimensionality of the data, widely varying analytics time-horizon, and the analytics granularity makes the problem much more complex. This data is being used for a wide array of very different, and sometimes technically competing

Gaurav Agarwal, who leads the Data Analytics system at InMobi, shares his perspective on how InMobi handles Big Data, and the lessons learnt from building the analytics system

april 2013 i n f o r m at i o n w e e k 53

Interview purposes. Different teams use this data for creating analytical dashboards to track health in real time, deriving a core set of strategies by analyzing months (and sometimes years) of data, managing and optimizing campaigns by continually analyzing and adjusting the targeting based on hourly data insights over a period of a few days, and for solving day-to-day operational problems by searching and inspecting individual records. Lastly, I want to touch upon operational complexities in handling large-scale data and keeping the infrastructure and tools in a healthy state. We have close to a hundred ad servers in the system, and a fair number of click and conversion tracking servers. These machines are distributed in different data centers across the world and it is not uncommon for individual machines to occasionally get delayed while transferring the data. Such behavior presents additional challenges in maintaining ordered and timely movement of data due to the geographically distributed nature of our deployments. What are the unique needs with respect to analytics for your

firm? We have a lot of different teams that analyze the data for different goals. On one end of the spectrum, we have the leadership teams that want to get a highly condensed view of key business metrics and trends. We then have analysts that analyze long- and shortterm trends in the business to decide the core set of strategies. Going further, there are large number of field teams that are responsible for optimizing the advertiser campaigns and driving ad traffic on publisher properties. Lastly, there are operational support teams that work with field teams to debug and solve customer problems by going to individual event levels. Then, there are programmatic consumers of these analytics â&#x20AC;&#x201D; these consumers are themselves programs that use analytics as an embedded step to perform a specific task. Examples of these are inventory forecasting, fraudulent events detection, ad relevance models, prediction models, user models, and supply-

informationweek april 2013

demand marketplace models. All of these require analytics at varying levels of dimensionality, granularity, time-horizon, freshness, and latency. This makes the set of requirements fairly rich and a tricky one to deal with. What are the challenges and lessons learnt in building the analytics system? We evolved our technology stack from a very simple, non-distributed one to our present state that uses a conglomeration of multiple open source and self-developed distributed technologies. One of the important things we did was to keep our current scale and complexities at the forefront, but at the same time keep in mind the growth in scale and complexities while designing the solutions. Until about late 2009, when the scale of our business was still a few million events per day, we had a rather simple rsync/Perl-based data transfer and aggregations, which we loaded into traditional database systems to handle the analytical needs. Sometime during the middle of 2010, we realized that the state of our technical stack was proving to be insufficient at handling the immense growth we were experiencing in the mobile industry. We were fast approaching an order of magnitude increase in the data size. So we started investing into maintaining our own bare-metal grid of machines and making use of open source distributed technologies like Hadoop and Pig for crunching the data. We developed our own log-transfer service, called Narada, to move data across different data centers, and employed Hadoop/Pig to create aggregated data views and load them in databases for the downstream analytics. However, by early 2011, due to the huge amount of dynamicity in our business and expansion in the mobile advertising landscape, like new conversion based pricing models, newer and richer creative types, and an explosion in the mobile devices and app landscape, the existing database-based analytical tools began to stretch at their seams. There was a burning need for solutions that could accommodate the ever-

changing business data models and still be backward compatible, handle more and more additional dimensionality in data, and be able to address a complete range of ad hoc queries as opposed to pre-canned dashboards or pre-computed limited dimension data views. We experimented with a lot of open source technologies (the prominent one being Hive, contributed by Facebook), and a few commercial ones as well, to solve the ad hoc analytics aspect with limited degree of success. We found that the available solutions were able to solve only a subset of our needs and a lot of expertise and time was needed to adapt those technologies for our needs. To make things harder, these deficiencies were not evident upfront, but a lot of time and experimentation effort was invested just to surface them. One of the important learning was that at the immense scale and complexities we operate at, using off-the-shelf technologies was not enough. The technologies have to be created or adapted keeping in mind the complexities of the problems particular to the business. Our solutions make use of many open source technologies underneath, but the systems themselves are custom built or adapted to address our needs. Finally, I want to stress on the issue of data discrepancies that comes with multiple analytics tools, each of which try to handle different and competing needs. At this scale, it is not uncommon for analytics systems to differ very slightly in their results as they have very different code bases, different policies and mechanisms to handle exceptions in normal data flows, and were developed by different teams at different times. If not carefully synchronized, the difference in the metrics reported brings in a lot of confusion and reduces the effectiveness. What does the current analytics/ Big Data solution enable your firm to do? What is the competitive advantage? One of the biggest problems we faced in the analytics space was how to provide relevant insights to our sales force in a self-serve manner. One way to approach this problem would be to

www.informationweek.in

have a group of analysts who understand the business model, team up with engineering teams and create report templates that can be consumed by the rest of the organization. We do have a system in place that works on these principles and provides low-latency analytic dashboards and customer reporting system. These kinds of systems are very well-suited for problems where the data models are well-understood and where the changes to the model are less frequent. However, such a model is often unable to capture the ad hoc analytical needs for the entire organization. Frequently, a number of requirements are missed out, the business evolves leaving the analytics lagging behind, or the scenario being analyzed may not be general enough to be extracted into a widely available reporting template. For such needs, users may request engineering teams to write custom scripts to perform the analysis. However, since creating such scripts is non-trivial and tedious work, and the process of communication between

and analytics that they need, which has transformed the company to be completely data-driven. To enable real-time analytics, we have developed a system called Flash on top of HBase, which aggregates the metrics on streaming data and provides a view of key metrics like impressions, clicks, and revenue over a selected set of dimensions at a very high freshness. This is extremely helpful to monitor the impact of any changes or abnormal activities in the system and enables us to immediately respond to it. For instance, effects of a new release in one of the prediction models can be immediately monitored and validated, or a campaign manager can verify the correctness of the targeting parameters immediately after taking the campaign live. We have also developed multiple platform components in order to reduce the operational complexities, to enable seamless and intervention free functioning of our analytics stack. The Ivory system is a data-feed management layer that takes care of automatically schedul-

the barrier for experimentation in business as we can quickly make changes, analyze their impact and take decisions accordingly. We have streamlined our scheduled processes and cut down tremendously on operational complexity and manual effort we wasted in orchestrating the data and processes, and increased the robustness and data reliability as a result. The real-time analytics have given us the ability to monitor unusual changes in the network within seconds and immediately react to it as opposed to conventional delay of hours. And finally, our ad hoc query system has given us the ability to perform arbitrarily complex analytics on entire data sets. Earlier, many useful analytics that were just not possible due to the technical limitation of conventional (and even specialized) database systems, can now be performed with ease on our Hadoop-based distributed platform. It is much easier and faster to adapt to new businesses needs and other dynamics; new changes like dimensions,

Real-time analytics has given InMobi the ability to monitor unusual changes in the network within seconds and immediately react to it as opposed to conventional delay of hours the field teams and engineering itself is iterative and time consuming, it took an average of two days for a single request to get resolved. This was a huge waste of time and resources for both the field teams and the engineers; the utility of analytics itself was drastically reduced due to the delays. Additionally, it was not feasible to scale this process as the business expanded. To address the ad hoc and deep analytical needs, we have developed a querying system called Yoda that provides an intuitive querying interface and executes the requests on Hadoop using custom map-reduce tasks. This makes the system completely self-serve and the field teams can now get answers to their queries in minutes without any need of depending on other teams. A very important aspect is that there are hardly any users within the company who do not have access to the data

ing jobs based on data availability. It takes into account late data arrivals across geographies and auto reruns of dependent processes. The Conduit system was developed to provide a robust and quick streaming data transfer service. These systems have proven to be tremendously effective in maintaining very high robustness and data accuracy, and free up the critical engineering resources to focus on other tasks. Post deployment of the solution, what can InMobi do today what it could not do earlier? Over time, we have benefited from Big Data analytics stack in multiple ways â&#x20AC;&#x201D; be it increased efficiency, reduced operational complexity, better resource utilization, better adaptability to change in business, or the ability to answer queries that were earlier difficult to address. These systems have also brought down

measures, and even entirely new data sources, can be incorporated in a few days to a couple of weeks (depending on the complexity) by very few engineers. This is a huge advantage when compared with tight schema-based systems, where such changes would need a major multi-month rework effort. Our current systems also provide an added advantage of using system resources much more efficiently because the â&#x20AC;&#x2DC;best practicesâ&#x20AC;&#x2122; of querying data have been baked into the analytics platform itself. Overall, our investment and innovations in the Big Data space have helped us focus completely on expanding our business through efficient analytics, and not get inundated with massive amounts of data. With the right set of analytic tools, our data is proving to be one of the most valuable assets. u Srikanth RP srikanth.rp@ubm.com

april 2013 i n f o r m at i o n w e e k 55

Interview

‘Interoperability among video endpoints and service providers is critical’ Interoperability among video endpoints and service providers is extremely critical, as customers today expect the process of conducting video meetings from the device and service provider of their choice to be as easy as making a telephone call, says Alan Benway, ED, AT&T Business Solutions. In an interview, he discusses major challenges for network-to-network interoperability According to you, how will the telepresence market fare in 2013? We expect to see continued growth, as customers contemplate more pervasive video collaboration deployments as a way to improve productivity, do business in new ways and reduce travel costs. Video collaboration has become mission-critical for many organizations and its use will continue to grow significantly. Today, B2B VC is a challenge due to interoperability and policy barriers. What is your perspective? Please update us on the initiatives AT&T is taking to address this challenge. Interoperability among video endpoints and service providers is critical for the growth of video collaboration. Today, customers want to conduct video meetings from the device and service provider of their choice with virtually the same ease they have when making a telephone call. With interprovider agreements like the ones we’ve signed with Tata Communications, T-Systems, BT and

informationweek april 2013

Orange, we are expanding the network of accessible locations and increasing the value of telepresence investment of our customers by significantly expanding the locations they can access, while also stimulating the growth of telepresence. This enables end-to-end calling across service providers over class of service (CoS) private MPLS networks. The AT&T Business Exchange already provides access to more than 130 companies and over 4,000 on-net endpoints with expanded connectivity to a range of additional endpoints via Internet guest access and virtual meeting room capabilities. Could you tell us about the major challenges for networkto-network interoperability? Many customers use complex CPE infrastructure on premise to manage the security and call process to make video calls over the Internet to other organizations. While this does enable B2B calling, it is complex and the experience can be inconsistent since there is no CoS across the Internet. We have worked with other service

providers to provide an alternative to this approach. We have interconnected our network with other service providers that have video calling services to enable our customers to use video collaboration over private MPLS CoS network connections. This approach provides a consistent user experience with greater simplicity requiring less CPE, and delivers the performance and security benefits of private MPLS VPN networks. The challenge with this approach is that it requires investments by the service providers to negotiate bilateral agreements, establish interconnects, put in place operational interfaces and provision customers ahead of time. Any plans to partner with other telecom providers? We are not announcing any future interprovider agreements currently. However, we are interested in expanding our customer’s universe of endpoints and remain actively engaged in conversations with other providers to do so. u Jasmine Kohli jasmine.kohli@ubm.com

www.informationweek.in

Feature

Web Threats That Could Harm Your Business

Easily overlooked vulnerabilities can put your data and business at risk By Robert Lemos

QL injections accounted for about 7 percent of web attacks in 2011 and looked to be petering out, according to security services vendor Trustwave. Then last year those exploits jumped to 26 percent of web attacks, hitting companies that could have easily protected themselves. The Trustwave data proves what hackers have known for years: Even though application vulnerabilities are well known and can be fixed or blocked, many companies don’t implement secure coding practices and regularly test their applications to find them. Companies that overlook such basic web security practices have no chance against more advanced attacks, says Chris Pogue, Trustwave’s director of incident response and forensics. Input validation, where user input — such as a search query — is limited to simple strings, is an easy way to protect against SQL injection, but developers frequently fail to do that, Pogue says. “It’s one of the things that’s taught in college, and if it has made it into the university system, then it’s not bleeding-edge technology,” he says. The web presents a variety of security threats for unwary businesses, from well-known SQL injection and cross-site scripting attacks to more esoteric threats posed by web scraping and HTML5’s many features. What follows are 10 web threats we think are particularly worrisome, either because they’re becoming more popular with attackers or because security pros and

developers tend to overlook them.

Bigger, Subtler DDoS Attacks

When IT specialists think about distributed denial-of-service attacks, they envision the most basic kind: floods of packets overwhelming a victim’s network so that valid requests can’t get through. But improvements in defenses have forced attackers to change the way they attack. Packet floods have become larger, maxing out at 100 Gbps. In a six-month campaign against U.S. banks, for which a group of alleged Muslim hacktivists claimed credit, the volume of attack traffic has regularly surpassed 30 Gbps — throughput rarely seen five years ago. Attackers also have targeted other parts of the infrastructure. Corporate domain name service servers are a favorite target, according to domain registrar VeriSign. When attackers take DNS servers down, customers can no longer access a company’s service. “It doesn’t matter how much data center capacity a company has, the requests will never reach their data centers,” says Sean Leach, VP of technology for VeriSign’s network intelligence and availability group. Massive DDoS attacks often mask “low-and-slow” attacks, which use specially crafted requests to cause web applications or appliances handling specific services, such as Secure Sockets Layer communications, to quickly consume processing and

memory resources. These applicationlayer attacks now account for about a quarter of all attacks. “If the mega-DDoS attacks are the cavemen getting bigger clubs, [low-and-slow] attacks are like the caveman evolving, getting smarter,” says Matthew Prince, CEO of Internet security company CloudFlare. Attackers look for URLs on a target site and then make calls to the back-end database that powers the site. Frequent calls to those web pages quickly consume a modest site’s resources, says John Summers, VP of security products at Akamai Technologies. “The targeting is much better this year than in 2011,” Summers says. Attackers “are doing their homework, doing reconnaissance.” It’s no longer enough for companies to use an appliance to block bad traffic as it enters their networks because the router will still be overwhelmed in a low-and-slow attack. These attacks can also get through a cloud DDoS mitigation service. Instead, companies should go with a hybrid approach, using web application firewalls, network security appliances and content distribution networks to create a layered defense that screens out unwanted traffic at the earliest possible point.

Old Browsers, Vulnerable Plug-Ins

Cyber attacks that account for millions of dollars a year in bank account fraud are fueled by browser vulnerabilities and, more frequently,

april 2013 i n f o r m at i o n w e e k 57

Feature attacks (for which a patch hasn’t been the browser plug-ins that handle released) should use anti-malware Oracle’s Java and Adobe’s Flash and software such as ValidEdge (recently Reader. Exploit kits bring together acquired by McAfee) and Invincea, a dozen or so attacks on various which runs downloaded files in a vulnerable components and can sandbox. quickly compromise a company’s systems if the patches aren’t up to date. A recent version of the popular Good Sites Hosting Blackhole exploit kit, for example, Bad Content 3 contained attacks for 16 vulnerabilities, Attackers are targeting wellincluding seven targeting the Java known, legitimate websites to take browser plug-in, five targeting the advantage of users’ trust in those sites. Adobe PDF Reader plug-in and two For example, in the VOHO watering targeting Flash, according to antihole attack last year, attackers infected malware firm Sophos. The Sweet legitimate financial and tech industry Orange exploit kit contains Java, PDF, websites in Massachusetts and Internet Explorer and Firefox exploits, Washington, D.C., commonly accessed according to the creator’s statements by their intended victims, says security that security firm Webroot discovered. vendor RSA. “These exploit kits are really good at Such tactics are difficult to explain identifying which vulnerabilities are to employees, and technical defenses unpatched in the browsers that people aren’t always enough, says Dan are running,” says Grayson Milbourne, Ingevaldson, CTO at Easy Solutions, a Webroot’s senior threat researcher. fraud protection company. “You can’t Companies should pay attention stop it by asking users to browse wellto Oracle’s Java plug-in in particular. known websites, because the fact that Cybercriminals are focusing on Java the site is legitimate doesn’t matter,” because it’s widely deployed but he says. poorly patched, says Michael Sutton, A more insidious attack, VP of research at Zscaler, a security-asmalvertising, is the insertion of a-service provider. malicious content into an ad network. Only 4 percent of systems at The malicious ad may crop up only companies using Zscaler’s security occasionally in the network’s rotation, service have the Java plug-in installed, making the attack difficult to detect. but almost 80 percent of those Java It’s a serious issue, says Robert plugins are out of date, according to the provider’s “Low And Slow” Attacks Re-Emerge data for the last quarter 30% of 2012. Adobe’s Flash and Reader plug-ins are 27% more ubiquitous but better patched, Sutton says. “Companies haven’t 21% grasped the problem of 19% 19% 18% how Java plug-ins have been abused,” he says. Patching is the most obvious way to protect against this vulnerability. A number of patch management products, such as Qualys for large companies and Secunia for small and midsize 2Q 3Q 4Q 1Q 2Q 3Q businesses, are available. 2011 2012 Companies that want to Data: Prolexic’s Quarterly Denial-Of-Service Attack reports, 2Q 2011 to 4Q 2012 protect against zero-day

informationweek april 2013

Hoblit, senior director of product management for Symantec. “When you’re serving malvertising to your end users, you’re going to get blacklisted and you’ll lose revenue,” he says. Again, a layered defense will help stop both watering hole and malvertising attacks. Security proxies that clean Web traffic and attempt to catch malicious executables work well, but they should be paired with antimalware protection on employees’ computers to catch the execution of known threats.

Mobile Apps And The Unsecured Web

The bring-your-owndevice movement has led to a surge in consumer-owned devices inside corporate firewalls. But mobile apps are notoriously poorly programmed, putting business data at risk, says Zscaler’s Sutton. There’s been a lot of talk about the increasing amount of mobile malware published online, but few security experts are issuing warnings about how programming mistakes turn legitimate mobile apps into dangerous threats. Nearly 60 percent of mobile apps Zscaler has studied are grabbing unique hardware in — formation from devices and passing it over web interfaces, Sutton says. Worse, about 10 percent of the applications aren’t transmitting users’ credentials securely, he says. Part of the problem is that Google’s and Apple’s 25% app stores aren’t as secure as they should be. Mobile app security should be better than in the PC world because these app stores act as gatekeepers, “but they’re clearly not catching these issues,” Sutton says. Furthermore, the Web services that power many mobile apps are poorly programmed. Because users don’t like to type 4Q passwords to use services from their mobile devices, mobile apps often use

www.informationweek.in

session tokens that don’t expire. Attackers can sniff traffic at Wi- Fi hotspots and pick out these tokens, letting them access their victims’ accounts. “The guy who sniffed that traffic … can be you for a year,” says Dan Kuykendall, CTO at NT Objectives, a web application security provider. Sound security programming is the best way to defeat these sorts of manin-the-middle attacks, but it’s not being applied to mobile apps, Kuykendall says. “We’re seeing a lot of web security 1999 problems — wide open stuff,” he says. A new generation of developers isn’t putting the necessary defenses in place to stop malicious hacking, and “we know that’s a very bad assumption to make,” he says. Companies do find it difficult to limit the applications loaded onto an employee-owned phone. But they can limit the data that workers put on their devices or in the cloud and limit the devices to a corporate DMZ.

Failing To Clean Up Bad Input

Since 2010, SQL injection has held the top spot on the Open Web Application Security Project’s list of top 10 security vulnerabilities. Dynamic websites that pass search queries or other application inputs to a back-end database server are vulnerable to SQL injection. But the simple fix, as mentioned earlier, is to check all user-provided input to make sure it’s valid. Companies often focus on their main website when fixing SQL flaws and forget to lock down other connected sites, such as remote collaboration systems and contractor time-tracking systems. Attackers can use those other sites to infect employees’ systems and gain access to the internal network without the need to circumvent security measures on the victim company’s main site, says Jeremiah Grossman, CTO at Web application security firm WhiteHat. To minimize SQL injection flaws, pick a software development framework and commit to it, Grossman says. As long as the developers stick

to programming in that framework and keep its patches up to date, they’ll create secure code, Grossman says.

The Hazards Of Certificates

Two years ago, a series of hacks against certificate authorities — the companies that determine who’s trusted online — gave attackers the tools they needed to issue fraudulent SSL certificates that could disguise a malicious website as a legitimate, wellknown company’s site. The attacks, against Comodo, DigiNotar and other certificate authorities, underscored the danger of relying too much on a single security technology. These attacks also highlighted the blind trust that companies were putting in certificates. In addition to letting attackers create authentic-

JAVA, FLASH, READER — OH MY!

of users are vulnerable because Java plug-ins aren’t updated regularly

users are vulnerable 19% ofbecause Adobe Reader plug-ins aren’t updated

10%

a centralized and well-secured repository where they can track certificate use and revoke certs when they’re found to be compromised.

of users are vulnerable because Flash plug-ins aren’t updated Data: Zscaler’s State Of The Web report, 4Q 2012

looking malicious sites and services, fraudulent and stolen certificates also let them sign malicious code to make that code appear legitimate. Browser makers generally decide which certificates to trust, but businesses do have control over their own encryption keys and certificates. Poor certificate management can lead to expensive incidents. The average large company is expected to lose USD 35 million in the next two years from certificate-related incidents, according to a Ponemon Institute study funded by Venafi, a certificate management provider. Venafi often finds companies storing certificates in the open on developer systems. Instead, they should create

The Cross-Site Scripting Problem

Attacks exploiting crosssite scripting flaws let the attacker run scripts as if they came from a vulnerable website. They don’t give the attacker access to the vulnerable website but instead target the users that go to that site. An attacker going after a banking site with a cross-site scripting vulnerability could run a script for a login box on the bank’s page and steal users’ credentials. “XSS exploits the trust that a browser has for a website,” WhiteHat’s Grossman says. More than 70 percent of the applications checked by code-security firm Veracode contain cross-site scripting flaws. The vulnerability is the top issue affecting commercial open source and internally developed software, Veracode says. Automated code-checking tools, such as those from Hewlett-Packard’s Fortify, Veracode and WhiteHat, can detect cross-site scripting issues. Companies should modify their development processes to check code for defects before it’s put into production. This approach will catch common coding mistakes and trains developers to avoid them in the future.

The Insecure ‘Internet Of Things’

Routers and printers, videoconferencing systems, door locks and other devices are now networked via Internet protocols and even have embedded web servers. In many cases, the software on these devices is an older version of an open source library that’s difficult, if not impossible, to update. Welcome to the Internet of things. An Internet-enabled device is “a great stealth back door into an enterprise for an attacker,” says Zscaler’s Sutton. “It has everything you need to get in.” Most companies don’t bother securing their Internet-accessible

april 2013 i n f o r m at i o n w e e k 59

Feature printers and video conferencing systems, for instance, so attackers find those vulnerable systems and take them over. Once a device is owned by the attacker, it serves as a bridge into the company’s network. A recent Internet scan by vulnerability management firm Rapid7 found 40 million to 50 million accessible devices using one of three libraries for the Universal Plug and Play protocol, which are known to contain vulnerabilities. End users, businesses and ISPs should identify and disable any Internet-exposed UPnP endpoints in their environments, says HD Moore, Rapid7’s Chief Security Officer. “UPnP is pervasive. It’s enabled by default on many home gateways, nearly all network printers and devices ranging from IP cameras to network storage servers,” he says. Hunting down vulnerable network devices needs to be easier, Zscaler’s Sutton says. General purpose tools designed to scan PCs and servers usually don’t give reliable information about embedded devices, but there are tools that will identify vulnerable devices, such as Rapid7’s ScanNow and open source tools such as Nmap.

Getting In The Front Door

Not all attacks are aimed at breaching a company’s defenses. Automated web bots scrape from Web pages information that can give a competitor better intelligence on your business. For example, if you have an online store, a competitor could collect data on your pricing from publicly available information on your site, says Marc Gaffan, co-founder of web security firm Incapsula. “Are they breaching your site? No, but they are harming your business,” he says. More than 30 percent of web traffic to the average site is this sort of unwanted, potentially businesssapping traffic, Gaffan says. Web application firewall services such as Incapsula and CloudFlare let businesses identify which traffic is connected to good searchindexing bots and which are bad market intelligence services or even fake

informationweek april 2013

Google bots. Such services block the requests, preventing information from going to competitors.

New Technology, Same Problems

Stanford graduate student and computer security researcher Feross Aboukhadijeh recently showed how an HTML5 feature could let an attacker pull off a convincing phishing attack. Using HTML5’s ability to trigger

In this case, rather than sending you to bankofamerica.com, the attacker throws up a full-screen page that makes it appear you’re on the real Bank of America site. A careful inspection could tip off users to the fact that parts of the screen, such as the menu bar, don’t match their normal desktop, but most people won’t look that closely. “Links are the bread and butter of the web,” Aboukhadijeh wrote on his

Training developers in secure practices, especially with new platforms such as HTML5, is a critical first step to preventing security problems fullscreen mode, Aboukhadijeh created a large database of simulated pages that could fool users into thinking they had gone to a bank’s website when, in fact, they were on an attacker’s site. Using Firefox on Mac OS X to click on a link that appears to go to Bank of America’s consumer banking site? No problem. With Aboukhadijeh’s attack that link is on an attacker-controlled page, and your click is intercepted. Since some browsers don’t notify users that they’re entering full-screen mode, attackers can throw up a fullscreen disguise for any site and then use the fake site to obtain victims’ login credentials.

REAL RISKS Trustwave’s analysis of attacks at its clients, which typically include restaurants and retailers.

61%

of client-side attacks exploit vulnerabilities in the Adobe Reader plug-in

generated by the 70% are Blackhole exploit kit attacks on Web servers 73% ofinvolved either SQL injection or remote-file inclusion Data: Trustwave’s 2013 Global Security report

site. “People click links all day long — people are pretty trained to think that clicking a link on the web is safe. Savvy users may check the link’s destination in the status bar before clicking. However, in this case, it won’t do them any good.” That’s because the attacker can make the fake site appear to go to the real site, say, bofa.com. The automated security tools that could eliminate HTML5 security issues aren’t available yet, says NT Objectives’ Kuykendall. “People are outpacing their security tools, which is going to leave them exposed,” he says. Training developers in secure practices, especially with new platforms such as HTML5, is a critical first step to preventing security problems. In addition, having developers check one another’s code can cut down on vulnerabilities. As with any collection of threats, businesses will find themselves with different exposures. An online business may have SQL injection and HTML5 issues, while a firm with a lot of telecommuters may have mobile issues, including exposed devices with embedded vulnerabilities. Rather than attempt to minimize the dangers from every threat, companies should focus on the subset of vulnerabilities where they’re most exposed. Source: InformationWeek USA

www.informationweek.in

Opinion

Swadeshi Andolan – An open letter to Som Mittal, President, NASSCOM

Sanjay Mehta

NASSCOM needs to revisit the Swadeshi commerce model if growth of the “Made in India” brand is to be achieved, believes tech entrepreneur Sanjay Mehta

hat must NASSCOM do to remain relevant to the new breed of emerging Indian IT companies? Technology entrepreneur, Sanjay Mehta, believes it is time NASSCOM brought about a paradigm shift in focus towards Swadeshi ‘IP’ products. Becoming a cradle and not just a catalyst must be NASSCOM’s future role, he opines, in an open letter to NASSCOM’s president His views are reproduced below verbatim:

user base of over 20K. I am also part of an Angel Investment network with a few portfolio companies along with being a speaker in various technology forums on topics such as Big Data, analytics, entrepreneurships and digital marketing and product business in India market scenarios among others. I am reaching out to you sir, to bring to your immediate attention on the need to build a climate where software intellectual property is developed, nurtured and enabled for success in India and across the globe.

Respected Mr. Mittal,

Re-imagining NASSCOM

The pride of being a NASSCOM member can never be overstated, and thus my membership in this organization, is one of my most prized. Thank you for the honor. Since its inception, NASSCOM has been the designated torchbearer for the Indian IT industry. NASSCOM, I believe is stagnating because of obsolete vision statement — “To be an effective and engaging global trade organization, complemented by the pillars of trust and credibility.” Indian IT has already proven its mettle, and long passed-by this vision statement. NASSCOM can no longer gloat over the achievements of its members: each of whom are a success case story and have become members after attaining a fair level of success. I am sure you will completely agree that there’s much more to the Indian IT industry than my 1,350 NASSCOM colleague companies. By profession, I am a technology entrepreneur, having founded welladmired and regarded, purely Indian ‘Swadeshi’ product companies in my career. My current role requires me to connect with enterprise Indian CIO community at large and in my past avatar, I was managing an Indian SMB

Let’s first check if NASSCOM has defined or understood the product IP company’s problem statement well enough to answer it. Does the existing NASSCOM team has the drive and bandwidth to solve that problem statement? Allow my dissent as I state that we, the NASSCOM members, now represent a bourgeoisie or an exclusive club. We have chosen to ignore the rest of our compatriots who could potentially be better than us in building global IT products. These compatriots are our fellow Indian IT businesses, and they will realize their potential, despite our blind-eye. And once having their potential they too shall become fellow blue-bloods. Indian IT services, IT enabled business process services, among others have made great strides and have become the story of our nation’s growth over the last two decades. Thanks to NASSCOM for its all round enabling efforts over the years since its formation. While this is greatly appreciated and highly regarded by me, there is also a feeling within me, and many others who have survived with difficulty, that we have achieved much lesser compared with peers in other countries, and overall produced very

april 2013 i n f o r m at i o n w e e k 61

Opinion little intellectual property as a nation over the same period. Fortunately, Indians are a talented bunch, a fact proved by so many international product brands having development centers in India. But this great talent pool barely gets converted into scalable global product business brands owned by Swadeshi Company. We, as ‘Swadeshi’ Indian origin product companies, have far more challenges than skilled labor arbitrage offering companies, which make up the biggest chunk of NASSCOM members. Office bearers in NASSCOM have very little or no clue of the ground realities and the requirements of IP product engineering companies, hence the lack of focus. The programs or services designed has not much adoption with Swadeshi focused IT product community nor its CIO technology buyers.

Building the ‘Made in India’ brand

Till now, only point solutions have come from NASSCOM, which don’t solve growth pangs, aspiration of next generation of innovative Swadeshi companies or the Indian CIO technology buyer’s problems. The responsibility for such national or international level growth, policies with framework mobilization towards Swadeshi product IP-focused companies, ultimately rests with a NASSCOM leadership team. NASSCOM generally succeeds in whatever it tries, so maybe we did not try, or bother to try hard enough? Critically, NASSCOM will have to figure out how to manage multiple distinct businesses like BPO, IT, gaming, product IP etc. NASSCOM should focus equally on giving Swadeshi product companies the tools they need to grow nationally and overseas. It’s now time to start asking questions, and retrospect. Unless we do so, Indian IT might soon accept John Milton’s “Paradise Lost”, as its anthem. Sir, it is time to give value to the “Made in India” badge. NASSCOM was born in the country of Mahatma Gandhi. Gandhiji envisioned a nation where development would begin with the last, poorest, most excluded person. Shouldn’t we, at NASS-

informationweek april 2013

Reactions from the web Christopher W says I agree with Sanjay. NASSCOM needs to refocus more on products and take in its fold the small players. At present NASSCOM appears a platform only for the big companies with no interest in building software industry where IP rules.

Kartik Patel says NASSCOM has not done its due for product companies as well as for small players, as it has always been a big boys club. Reforms and movements are needed for: ecosystem at technical level, ecosystems for commercialization, IP protection, and financial facilitation.

Kuchanna says What is Indian contribution to IP in the IT sector needs to be analyzed and assessed? One can’t bask in the reflected glory of foreign exchange earnings forever! Does India want to leave its imprint on the advancement of the sector through its own original contributions is the question. If yes is the answer to that question, how will NASSCOM help to realize it? It should introspect and chalk out a focused and clearly understood action plan of its own; governments can’t be expected to be proactive in the face of trade bodies’ lethargy and inaction. Dear NASSCOM, please revisit your vision and mission statements to begin with!

RVKS says NASSCOM is a closed club, catering to the interests of a few people/organization, controlling it. This is in true Indian fashion where a closed coterie controls any organization.

Vishnu Gupta says I completely agree with the requirement of brand “Made in India”. NASSCOM cannot only be for elite class organizations.

www.informationweek.in

COM consider the smallest of Indian IT companies as deserving protagonists, for a truer analogy? If NASSCOM fails to accept responsibility, or rejects this as a course of its destiny, I believe Indian ‘Swadeshi’ may have to soon become the true face of Indian IT. So what stops NASSCOM from rising to the challenge and manage all these expectations? Please introspect. The victory of NASSCOM in past looks more like defeat as it has ignored the local country focus/ requirements over global exports.

of Swadeshi products nationally and internationally and market them for others to follow.

Time to set newer goals

Sir, In the NASSCOM annual report 2012-13, the message from the Chairman N Chandrasekaran reads, and I quote “The vibrant start-up ecosystem in the country is creating innovative products and solutions that are targeted at the global and Indian market; enterprise and SMB user. NASSCOM is creating a focused program to support

long way and massively boost industry confidence. Sir, it is important for NASSCOM to advocate or even get a mandate for pushing technology buyers in India, CIOs, enterprises, SMBs, government and consumers to look at procuringSwadeshi products first. Sir, you will appreciate that discontent is the root of success, this is why I desire it. I am thankful for being the member of NASSCOM and what it is today, and hopeful for NASSCOM to act on the behalf of Swadeshi companies for future

Recalibrating priorities

NASSCOM needs to negotiate with conflicting groups, ideologies and viewpoints within the industry. Sir, NASSCOM needs to draw out Swadeshi emerging product companies from its silence. Luxuries today will be imperatives tomorrow, so it’s time for NASSCOM leadership to step up. IT consumers in India and the world over are migrating in droves to mobile devices, social media and cloud, so does NASSCOM have a current and future strategy for its members or industry as a whole? For me, the most critical thing in the Indian ecosystem right now is the lack of good local product engineering courses, policies for loans, grants and COE for IP building. Will we see quality software scalable products for enterprise or consumers being written for the global market from India or for that matter, for the Indian market? It’s imperative to initiate policies that address the Swadeshi product IP vacuum in the country. The policy framework within NASSCOM has to encourage the right kind of minds into NASSCOM’s Swadeshi product community. Nothing would please Swadeshi companies more than being able to hire more product programmers and inundate the market with good IP products in the mobile, social media or software space. Start with a comprehensive listing of Swadeshi product companies irrespective of whether they are members of NASSCOM or not. Subsequently, hone the skills of these Swadeshi companies under the guidance of successful IP product leaders through a defined process. Help them go global with right access to markets. Create success stories

It’s now time to start asking questions, and retrospect. Unless we do so, Indian IT might soon accept John Milton’s “Paradise Lost”, as its anthem these start ups and encourage greater entrepreneurship in the country.” We look forward to these first steps hopefully in this year itself from NASSCOM — programs which are long term, large enough and well thought through for Swadeshi companies. Opening the avenues to increase our flock, in terms of shapes and sizes, is my suggestion. Becoming a cradle and not just a catalyst must be NASSCOM’s future role. It is time to open the doors, welcome younger Swadeshi product businesses and encourage new Indian aspirants. It is time to provide a better, wholesome industry platform for Indian IT product companies. It’s now time to set newer goals, and higher aims. NASSCOM as a body has a potential to touch billions of lives every day. The Swadeshi commerce consumption model has a credible provenance in Indian history. It has been used before to help local businesses grow. NASSCOM needs to revisit that Swadeshi commerce model if growth of the “Made in India” brand is to be achieved. Youth and seasoned professionals today are increasingly inclined towards taking up technology entrepreneurship more and more. Support from NASSCOM if given now, will take them down the growth path faster; take our country a

of this country. Let’s help make the Swadeshi IP product brand story successful and welcomed all over. India is yet an unfinished story. Trust you will read my note personally. Regards, Sanjay Mehta Technology Entrepreneur and CEO, MAIA Intelligence P.S. Most of the influential change-leaders in the industry, establish thought leadership using social media. Being President of NASSCOM and the voice of IT Industry, I would sincerely urge you to get active on social media and connect, listen and communicate directly with young India. Opinions expressed in this letter are the author’s own. u Sanjay Mehta is Technology Entrepreneur and CEO, MAIA Intelligence

Incidentally, after Sanjay Mehta’s article appeared on the InformationWeek (India) website, NASSCOM announced that it will incubate 10,000 startups and create fivefold increase in startup employment. For more details, see the ‘News’ section.

april 2013 i n f o r m at i o n w e e k 63

Opinion

Reimagining NASSCOM’s role in Indian IT to nurture innovation

uring the early years of IT industry in India, NASSCOM played a key role when the world, especially the West, was looking for a cost arbitrage and struggling with shortage of skilled IT professionals. It played the role of an enabler in convincing the world that India is the right destination and successfully lobbied with the government to provide the right infrastructure. It was instrumental in shaping the perception that we are not a land of snake charmers but a country of people with right skills that the IT industry needed. There is no doubt that NASSCOM helped the Indian IT/BPO services industry achieve phenomenal growth and established itself as an organization coveted with a vision for Indian IT industry. However, even during the early years, there were some very strong feelings on how it executed the vision, when someone in the industry took objection to its nurturing the tactical interests of only the large IT players and ignoring the interests of the cottage IT industry. Unfortunately, all along NASSCOM remained an organization with an activism limited to serving the needs of its elite members and failed to serve the broader interests of the Indian IT industry as a whole.

A frozen vision in changing times

For the past few years, NASSCOM’s role is being questioned again, with many asking if its vision for Indian IT industry is frozen in time. The IT/BPO services industry has been self-sustaining and we have few companies that became industry bell-weathers and global MNCs envied by the competition, and even Wallstreet. Many of my peers in the industry, small to mid-size IT/ BPO companies, software product companies and startups, let me call

informationweek april 2013

these constituents as ‘Indian cottage IT industry’ for ease of better grouping and their relative size to larger IT players, have never seen and felt NASSCOM playing any active role in crossing the chasm from leveraging cost arbitrage and making a leap to nurturing value creation. The cottage IT industry is huge and employs more than twice the number of employees of large IT companies and produced more than 80 percent of the innovation or ‘Swadeshi IP’ among the Indian IT industry. The industry did this on its own without any support from NASSCOM or the government. All the promises made by the governments to support the Indian cottage IT industry remained on paper with neither NASSCOM pushing for it, nor the government having a vision to execute the same. The cost arbitrage is tactical for the developed countries looking to outsource and can always shift in a blink to countries that offer a better cost arbitrage. We clearly failed to translate the cost arbitrage to a sustainable value creation model. The advantage we had of a country with cheap IT labor is clearly fading. This is due to the short-sighted vision of NASSCOM and government policies.

NASSCOM should recognize that democratization of opportunity, big or small, results in true innovation. A case in point, 80 percent of the innovation in the US comes from startups and small companies. Companies such as Google, Microsoft or Apple have produced much better products when they were small compared to what they do now. This fact illustrates that value creation happens more at startups and small companies and the same is true with Swadeshi IP industry. The time has come for NASSCOM and Indian government to realize that our Swadeshi IP has tremendous value lying untapped. There is a need for certain activism on part of NASSCOM to influence the policy making to encourage and create a Swadeshi brand of IP that crosses our borders. NASSCOM has proven to be very effective in the past as an arbiter of Indian IT/BPO service industry and it is not too late for it to play the role of a torchbearer of Swadesh IP industry and prove to the world that we are much more than a pool of cheap IT/BPO labor by advocating larger interests of Indian IT industry rather than trying to re-enact a self-fulfilling prophesy.

Swadeshi IP at the forefront of innovation There are many Indian software product companies, which had started early along with Indian IT industry. These companies have done very well in the Indian market but have not been able to grow to their potential even if their products were competitive. They could not extend beyond our borders compared to their peers in the American market even though they have a much larger customer base and better products. We didn’t capitalize on this great opportunity because of poor perception of ourselves and the bias NASSCOM had towards Swadeshi IP.

u Pavan Peechara, is Director of Udyog Software

www.informationweek.in

Opinion

uncommon habits towards successful project management

The success and failure of a project is not just project management but things outside its preview as well. Here are 10 uncommon habits that I have tried to articulate from my experience: #1 Diversity – Many a time you will be tempted or pressurized to put the best people in your team. However, all star performers in the team will create conflict zones as they will have views and opinions of their own. The diversified team of resources is the best productive team you usually encounter. #2 Stakeholders & Sponsor – Stakeholder management is extremely important and if you manage it well, you will have all the support and buy in for your project. If ignored, it may cause failure even though the project is managed properly. Likewise, sponsor should be identified and made responsible for sponsoring early. #3 Change Management - Successful project management is not just time, quality, scope, cost and resources management, but it is also managing the change it is trying to bring and handling the politics of change. Never underestimate the fallout and environmental impact of a change, which you intend to bring. #4 Networking - Never ignore a lunch with your team. People can connect well when they share lunch boxes. Thus, any networking opportunity with your team should not be missed. #5 Innovation - Sometimes unknown ways of dealing an issue give wonderful results. For example, I faced a challenge with a customer who was reluctant to pay for his change requests as it would create audit issues. I gave him an offer that I will do it for free if he can find out changes in policies outside his control, where I can accommodate costs. The

customer agreed to go ahead with this approach. Sometimes, small innovations can cut short lengthy discussions. #6 Negotiations - You have to keep negotiating things not just with your team and customers but with everyone in the ecosystem. For this read the contract, not just once but several times. I had a customer with whom my organization signed a lifetime warranty for an app for which it was contracted to develop. Fortunately, I knew the remaining clauses to argue that this will only be possible when the app is not changed by anyone else, and to implement this, the customer must remain locked in to my organization. And the rest was history. #7 Center of Gravity (COG) - If you are not the center of gravity for your team, there is someone who is. You must identify your team’s COG. If it is negative or destructive, work out an action plan to deal with it early. For example, if you see your COG has an aspiration to replace you, give him the most challenging part of the project so that all energies are diverted towards making it happen. #8 Appreciate Threats - Most threats are an opportunity. A risk of losing control in your outsourcing project could be opportunity for developing an effective knowledge management system in your organization. I faced a situation when we were told by our customer that he was not ready for the deployment of the app when we were almost ready. This would have meant huge overhead for us. We discussed how we can use existing resources in reengineering some more legacy systems in T&M mode for the same customer. This would mean increased revenue and utilization, which went very well. By the time we were ready, the infrastructure was ready for deployment. #9 Not everything is Black and White

Have you ever landed in a situation where you were expected to do things which are outside the preview of contract or written rules? I am not advocating violating ethics, policies and procedures but the contract should not be referred every now and then, but should be used as guidelines. My experience in dealing with some of the largest deals tells me that flexibility to accommodate and create a win-win situation pays a lot and sometimes beyond the expected benefits. #10 Useful Weakness - I read a story of a porter in India who was responsible for filling water in his master’s drum from the well every morning. His bucket, in which he used to carry water to the drum, had leaks. He used the weakness of his bucket to provide an additional service of watering the garden by choosing the correct route to the drum. Sometimes what you consider as weakness is your strength. I encountered this in my first project when a team member, who was not so technically sound, could articulate his issues very nicely over e-mail. I had a requirement for a technical writer in my team where he fitted in very well.

u DD Mishra is Founder & Managing Consultant, CIO Specialist

april 2013 i n f o r m at i o n w e e k 65

CIO Profile Career Track

How long at the current company? I have been with Fullerton since August 2008. Initially I joined Fullerton Securities & Wealth Advisors, as a part of the founder leadership team to set up the green-field capital markets and wealth management company in India. In 2011, I moved to Fullerton India Credit Company. Currently, as CIO, and part of executive leadership team, my responsibilities include providing strategic leadership and managing the overall IT function for multiple business verticals. Most important career influencer: I do not any have any particular hero/role model, however I have been fortunate enough to get an opportunity to work for large, global companies across geographies. And each of these experiences have contributed in shaping my career; I have been influenced by different people, who have helped me develop values and shaped me both personally and professionally. And the learning continues! Decision I wish I could do over: Each decision, whether right or wrong gives you an opportunity to learn and develop. I remember a quote from Henry Ford “Failure is simply the opportunity to begin again, this time more intelligently.”

anoop handa CIO, Fullerton India l

Vision

The next big thing for my industry will be… Data analytics and cloud-based services will be the next big thing for my industry. Data Analytics will help business understand customer behaviours/preferences, enable cross-sell/upsell opportunities, aid new innovative product offering and will enhance the risk management function through predictive analysis. Cloud-based deployment of IT infrastructure and business solutions will provide immense flexibility, cost savings, agility and aid smarter use of IT. Advice for future CIOs: In the current economic environment, the role of an IT leader/ CIO has grown significantly. And people aspiring to be the future CIOs need to have comprehensive qualities — effective communication skills; capabilities to be both strategic as well as hands-on; and enhance their abilities to influence their teams, peers and stakeholders. Dos l Continue to create value for their organization through effective use of technology. l Keep a close tab on key developments in technology and filter few for adoption that are fit-for-purpose. l Develop communication, program management, financial management and business skills. Don’ts l Don’t assume that technology skills alone can take you to the board rooms. l Don’t fail on delivery and commitments.

informationweek april 2013

Don’t lose fire in the belly and an ambition to keep growing.

On The Job

Top three initiatives l Use of cloud for effective provisioning of IT infrastructure. l Implementation of appropriate business solutions to improve processes and enhance agility. l IT cost management. How I measure IT effectiveness IT effectiveness is best measured through customer satisfaction and business acknowledgement of the value delivered by IT. There’s no better evidence than a happy, satisfied customer. Alignment of IT initiatives with business priorities and utilizing feedback from end users into IT service delivery is an ever-evolving metric to measure IT effectiveness.

Personal

Leisure activities: Spending quality time with family and friends, watching movies, and traveling. Best book read recently: ‘Go M.A.D.’ (Go Make A Difference) Unknown talents (singing, painting etc): Wish I had some. If I weren’t a CIO, I’d be… Owner of a fine-dining restaurant; who knows this could well be a reality even subsequent to being a CIO! u As told to Jasmine Kohli

www.informationweek.in

Analyst Angle

Mobility and real-time dashboards will make BI more pervasive in 2013

Daniel Yuen

Mobile use is now the most significant consumer technology when it comes to improving BI adoption

http://www.on the web 5 mobile BI tips for SMBs Read article at:

he success of business intelligence (BI) and analytics implementation in an organization is always measured by the level of user acceptance, how pervasive BI is in the organization and how well the solution improves decision making. Mobile use may now be the most significant consumer technology when it comes to improving BI adoption. Although mobility enables BI to attract users and reach new constituencies in an organization, ease of use and an engaging experience are the critical success factors for determining implementation success. A broadened information base always generates more insight for better decision making. In the operational environment, a dashboard for lines of business, with multiple data sources from relevant systems, will enhance the situational awareness of decision makers and lead to better operational decision making. Every business is looking to make better use of the data they have. Here are top three predictions for BI and analytics covering trends that will help organizations to become more competitive in 2013 and beyond. 1) By 2015, over 50 percent of mobile BI users will rely exclusively on mobile devices for insight delivery, and will grow BI users by 20 percent. Top managers in many organizations are enthusiastically adopting mobile BI. It is often their first direct interaction with the organization’s BI tools. Early encouraging results show that there is enough traction to gradually replace the spreadsheets, presentations and mail used as sources for business insights.

However, the real force fostering this adoption is not mobility itself. The enthusiasm mainly derives from the ease of use, engaging user experience, convenience and fast access to relevant and timely business information — the same attributes we expect from any consumer-grade application delivering news or sports scores on a tablet or smartphone. It is a major breakthrough and a perfect example of the consumerization of IT — from feature bloat to streamlined mobile apps; from “nice to have” information to relevant key performance indicators (KPIs) that fit inside devices’ small screens; from yesterday’s or last month’s data to current business status.

2) By 2016, 70 percent of leading BI vendors will have incorporated natural-language and spokenword capabilities. BI/analytics vendors continue to be slow in providing languageand voice-enabled applications. In their rush to port their applications to mobile and tablet devices, BI vendors have tended to focus only on adapting their traditional BI point-and-click and drag-and-drop user interfaces to touch-based interfaces. In doing so, they have vastly, and surprisingly, ignored the opportunity to provide users with an ability to issue spoken queries or receive spoken responses. The general mobile market, however, is rapidly developing and promoting personal virtual assistants. These products are generally designed to simplify the operation of applications on the smartphone, or connect to the unstructured data.

april 2013 i n f o r m at i o n w e e k 67

Analyst Angle

3) By 2016, more than half of real-time business dashboards will provide a panoramic view that provides information from multiple sources. Most real-time dashboards that are used to monitor business operations provide only a narrow keyhole view of situations. The visibility that they offer is limited to one application system or a single operational activity. For example, they may display one or a few KPIs from a system that processes mortgage applications, or they may show metrics based on the volume of customer and prospect activity on the companyâ&#x20AC;&#x2122;s website, but not both. However, the situation awareness of decision makers is much enhanced when different kinds of related event data from multiple sources are mashed up and incorporated into the dashboard, to provide a panoramic view of multiple aspects of the operation. Secondary sources of event data can include other application systems, other departments within the company, business partners, news feeds, industry data feeds, weather feeds, traffic feeds, social applications and other sources. People can make better decisions

informationweek april 2013

and anticipate problems sooner if they are aware of relevant events that occur outside the scope of their local application or operation. For example, a keyhole real-time dashboard might inform a product manager that sales orders were 40 percent below normal in the morning. In contrast, a panoramic dashboard could supplement that KPI by showing other relevant facts, such as a notification that the corporate website had experienced an outage, or a competitor had dropped its prices.

Understand the trends to differentiate

BI and analytics leaders are looking for ways to improve the pervasiveness of BI. Gartner predicts that the use of mobile devices and apps will improve BI delivery; the adoption of spoken-word capabilities will greatly simplify the operation of application on mobile; multiple data sources in business dashboards will improve situational awareness. Businesses can take advantage of these trends to help differentiate their business and become more competitive.

Although mobility enables BI to attract users and reach new constituencies in an organization, ease of use and an engaging experience are the critical success factors for determining implementation success

u Daniel Yuen is Research Director for BI, analytics and performance management at Gartner

www.informationweek.in

Global CIO

5 I

Chris Murphy

If IT doesn’t deliver everything a business wants, it’s not all IT’s fault

LOGS Chris Murphy blogs at InformationWeek. Check out his blogs at:

ways business still fails the IT organization

’ve received a lot of responses to my recent column, “6 Ways IT Still Fails The Business.” The most common response was along these lines: “Agree, but the problem is a two-way street.” That is, business unit leaders share the blame when IT teams can’t deliver everything a company wants. Based partly on reader’s feedback, I offer some of the ways business leaders fail their IT organizations.

Treat IT as irrelevant to customers: IT’s still a

Don’t even try to get marketing working with IT: Marketing must “stop

back-office function at too many companies. Those companies fail to see IT as critical to serving customers and to creating new, tech-enabled products. Mock the Internet-linked fridge all you want, but companies that aren’t exploring ways to use the Internet of Things, mobile apps and cloud services with their offerings will miss out.

throwing darts at the wall and have analytics-based marketing campaigns” and improve project discipline, writes one reader. He laments that “marketing will request 50 projects with a few weeks to months of lead time, and then when IT does not deliver, [IT] is not flexible enough or quick enough.” Prediction for 2013: more frustration. Marketing, you see, doesn’t think it has a technology problem, and if it does, it doesn’t see the IT organization as the fix.

Have no plan, or don’t share it with IT:

At InformationWeek, we’ve bristled at the concept of business-IT “alignment” — either business units and IT have the same business goals or they’re sunk. “Maybe it is time (actually, has been

for a long time) that ‘IT’ is no longer positioned as being separate from the ‘business,’” a reader says. “What an organization needs is a clear priority on what it wants to accomplish, and to organize its resources to do it.” Obsession with org charts works against teamwork, the reader says: “Cross-chart teaming of resources is needed to actually do something.”

Treat data security as IT’s problem: One reader says

Not hiring, or keeping, great IT people:

that IT is doing well in embracing cloud apps but poorly in enabling mobile devices: “IT’s responsibility is not to give their users every single toy and fun new feature that is released. IT’s responsibility is to maintain data security and integrity. Things like mobile devices, cloud services, remote access, BYOD all are security risks.” Some financial services companies do treat security and compliance as their own functions, ensuring security isn’t just an after-the-fact problem dumped on IT. Regardless, IT can’t use security as an excuse for dismissing productivity drivers, such as tablets, as mere toys.

One reader lamented that his organization can’t keep talented young people because they get fed up with the bureaucracy and leave. The best IT jobs will be those that let IT pros look outward and build technology that matters to customers. Leaders in IT or any part of the business should ask reader Terry Bennett’s question: “Is it possible that the root cause is that too often we in IT have focused either on the technology itself or on internal operations, rather than on the overall business and the end customer?” u Chris Murphy is Editor of

InformationWeek. Write to Chris at cjmurphy@techweb.com

april 2013 i n f o r m at i o n w e e k 69

Down to Business

Yahoo flap misses the bigger point

Rob Preston

New CEO Marissa Mayer wants all company employees to work in the office. This isn’t about exercising control; it’s about setting a tone for change

LOGS Rob Preston blogs at InformationWeek. Check out his blogs at:

informationweek april 2013

ahoo CEO Marissa Mayer is under fire for doing the unthinkable: She’s requiring company employees to actually work at the workplace. That’s right. In an era when just about everyone but coal miners and longshoremen thinks telecommuting is their birthright, Mayer is ordering all of Yahoo’s 11,500 employees to show up at the office every day, starting in June. The rationale: Employees become more creative and innovative when they work together face to face rather than over e-mail, IM, video chats, wikis and other virtual means. “Some of the best decisions and insights come from hallway and cafeteria discussions, meeting new people and impromptu team meetings,” Yahoo HR director Jackie Reses wrote in a memo to employees. “Speed and quality are often sacrificed when we work from home. We need to be one Yahoo, and that starts with physically being together.” Besides collaboration, there’s another “c” word in play here: culture. It can be tough to build and maintain a strong, cohesive one when a good number of employees rarely make their way to campus. Perhaps Mayer, a former Google executive on the job at Yahoo for only seven months, found the collegial energy lacking during her early tours of the company’s offices. Or maybe she just decided to shake up the status quo. Clearly, the old way of doing things wasn’t paying rich dividends for the Internet company, given its stagnant revenue and earnings. By requiring all employees to work in the office, Mayer is making a statement: We’re all in this together. If Yahoo doesn’t have your full attention, seek employment elsewhere. While critics complain that Mayer is being less than hospitable to working parents, especially mothers (Mayer herself gave birth to her first child last fall), she didn’t take the job to break glass ceilings or champion work-life balance. Her job is to turn Yahoo around,

and she’s taking her best shot. This isn’t about exercising control; it’s about setting a tone for change. This situation reminds me of my own experience with new corporate management a bunch of years ago. The CEO of our new parent company observed at the time that our offices felt more like a stodgy bank than a vibrant media company, so he ordered a wholesale remodeling, to an open floor plan. No more rat’s nest of offices, but a wide open environment where everyone could see and collaborate with everyone else with relative ease. I didn’t like the idea. I told our business unit CEO at the time that it wouldn’t work: not enough privacy, not enough space for our supplies, too much intermingling of church and state disciplines, too many blasted distractions. And I was dead wrong (and later admitted as much to our CEO). Yeah, the open office can be loud and distracting at times. But that’s part of the beauty. There’s a new energy about the place. We grab people for ad hoc conversations, when before we would have huddled over our computers in solitude. We get to know people we used to just nod at in the hallway. We needed a shake-up, and most of us couldn’t see that at the time. We do in hindsight. Give Marissa Mayer a little slack. Mayer has more insight into what Yahoo needs than the work-at-home true believers. Telecommuting policies might serve PricewaterhouseCoopers and Aetna and myriad other companies (including my own) quite well, but they might not work for Yahoo at this point in its transformation. As the company said in a statement on Tuesday, amid the backlash: “This isn’t a broad industry view on working from home — this is about what is right for Yahoo, right now.” u Rob Preston is VP and Editor-in-Chief of InformationWeek. You can write to Rob at rpreston@techweb.com.