S p i n e
cioandleader.com
A Question of Answers
Best of Breed
Viewpoint
Need for MultiLayered Protection Pg14
5 Conditions of the Social Successful Enterprise Pg 18
The Perfect Storm Pg 72
Volume 01 Issue 10 October 2012 150
10 T r a c k t e c h n o lo g y
B u i ld b usi n ess
Shape self
Don’t Let IT Hijack the CMd | Concerns for a Global Surveillance Project | Service Providers and PCI Compliance
thetrailblazers IT leaders at Essar lend the power of technology to its group companies for evolving into bestin-class businesses that can compete with global champions Page 28
Volume 01 | Issue 10
C N Ram Group CIO, Essar Group
A 9.9 Media Publication
Jayantha Prabhu Group CTO, Essar Group
CTO_Forum_251012 Size:213x283(bleed) 210x280 (Trim) 200x270 (Type)
Now with
‘Server Class’ Drives
` 4,99,000 for 36TB* * Taxes extra.
Network Storage for Business NVR for IP Surveillance - up to 48 cameras
- Built on world-class EMC® storage technology - Advanced storage, security, and content sharing that is easy and affordable - PC, Mac® and Linux®; 4TB to 36TB in a single array - Certified for Vmware®, Windows® Server, Citrix® XenServer - Protect and share your data from anywhere with Iomega Personal Cloud - Server class drives for higher reliabilty and performance - Video Surveillance ready - connects upto 48 cameras.
StorCenter ix2 2TB/4TB/6TB RAID 1, JBOD 1 x GbE Starts at ` 18,000/-
StorCenter ix4 4TB/8TB/12TB RAID 1, JBOD 2 x GbE Starts at ` 45,000/-
StorCenter Px4-300d 0TB/2TB/4TB/8TB/12TB RAID 0, 1, 5, 10 5+1 Hot Spare, 2 x GbE, USB 3.0, Starts at ` 59,000/-
StorCenter Px6 0TB/2TB/6TB/12TB/18TB RAID 0, 1, 5, 6, 10 5+1 Hot Spare, 2 x GbE, USB 3.0 Starts at ` 69,000/-
StorCenter Px4-300r 0TB/4TB/8TB/12TB RAID 5, 10, JBOD 2 x GbE, Starts at ` 1,49,000/-
editorial yashvendra singh | yashvendra.singh@9dot9.in
Revisiting the US Elections
Some parallels between the US presidential elections and deploying IT in an enterprise.
I
t was the year 2003. Howard Dean was running for the 2004 US Democratic primary candidacy. Open to experimentation, Dean decided to use Internet for his campaign. His team maximised the use of blogs and online forums for the electoral drive. In the process, little did Dean realise that he was creating history. Not only was Internet being used for the fist time in the presidential campaign, the results were astounding. By raking in over $15 million online, Dean set a new record of raising most funds by a single Democrat by the third quarter of
the presidential race. Dean’s campaign proved to be a PoC for Barack Obama, who during his bid for the US Presidency in 2008, perfected what Dean initiated. By combining SaaS and social networking Obama practically set up a selffunding and self-perpetuating fund-raising machine. In February 2008 alone, Obama had raised $55 million with more than 80 percent coming from online, and without hosting a single fundraiser! This was arguably one of the crowing moments for technology. While it may seem
editors pick 28
The Trailblazers
IT leaders at Essar lend the power of technology to its group companies so that they can compete with global champions
implausible, we can draw some parallels between the US presidential elections and deploying IT in an enterprise. For one, technology, which is an important tool for the success of any mission, is always in flux. An enterprise technology decision-maker should dominate the available technology and integrate it into his enterprise. The fact that today’s technology can enable what was unthinkable five years ago, lends amazing powers at a technology leader’s disposal – something that Obama’s campaign team realised and utilised. The second, and more important, point is the fact that technology alone cannot ensure success of an endeavour. An analysis of Obama’s campaign reveals that his success did not rely only on technology. It was backed by a message that reverberated with the audience. Similarly, the job of a tech leader doesn’t end with the deployment
of a cutting edge technology. The technology implementation not only needs to connect with the IT infrastructure but also with the end users. The technology leader, therefore, has to sync his implementation and the message together. This is exactly what the Essar Group’s technology leader duo of C N Ram and Jayantha Prabhu have displayed in their quest for transforming the multinational conglomerate. Our cover story discusses how the two, leading from the front, have delivered value for their enterprise by leveraging IT while at the same time gained the confidence of their team, rewarded them and stimulated their productivity.
October 2012
1
october 2012 28
Cover Story
RegulArs
28 | The Trailblazers
October 2012
best of breeD
vIewPoInt
5 Conditions of the Social Successful Enterprise Pg 18
The Perfect Storm Pg 72
T r a c k T e c h n o lo g y
Volume 01 | Issue 10
2
Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Anuradha Das Mathur for Nine Dot Nine Interactive Pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301
a QuestIon of answers
Need for MultiLayered Protection Pg14
Volume 01 Issue 10 October 2012 150
10 Don’t Let It HIjack tHe cMD | concerns for a GLobaL surveILLance Project | servIce ProvIDers anD PcI coMPLIance
Please Recycle This Magazine And Remove Inserts Before Recycling
s p i n e
cioandleader.com
IT leaders at Essar lend the power of technology to its group companies so that they can compete with global champions
01 | Editorial 06 | Enterprise Roundup 72 | viewpoint B u i ld B usi n ess
shape self
thetrailblazers IT leaders at Essar lend the power of technology to its group companies for evolving into bestin-class businesses that can compete with global champions Page 28
C N Ram Group CIO, Essar Group
A 9.9 Media Publication
Jayantha Prabhu Group CTO, Essar Group
Cover Design by: shokeen saifi imaging by: Peterson PJ photos by: Jiten Gandhi & zafar
Special leadership section Page 36A to 51
my story
38 | Leadership is About Making an Impact Sandeep
Phanasgaonkar, CTO, Reliance Capital, says leadership has the ability to make a positive impact on xx customers
45 | ME & MY MENTEE working in tandem Understanding each others' qualities is the way forward for a mentor and his mentee
37 | Top Down Making open source work Vishwajeet Singh,
49 | opinion Think before you speak Here are 11 of
48 | The best advice I ever got “Enjoy the journey” It
41 | Leading edge Developing global leaders Companies
CIO, Epitome Travel shares his experience of using open source to the core to save costs
the biggest mistakes speakers make — and how to avoid them
is important to enjoy the journey rather than keep thinking about reaching the destination
must cultivate leaders for global markets. Dispelling five myths about globalisation is a good place to start
51 | SHELF LIFE switch: how to change things when change is hard The book addresses change and the process associated with it
October 2012
3
www.cioandleader.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Consulting Editor: Atanu Kumar Das Assistant Editor: Varun Aggarwal & Akhilesh Shukla DEsign Sr. Creative Director: Jayan K Narayanan Sr. Art Director: Anil VK Associate Art Directors: Atul Deshmukh & Anil T Sr. Visualisers: Manav Sachdev & Shokeen Saifi Visualiser: NV Baiju Sr. Designers: Raj Kishore Verma, Shigil Narayanan Suneesh K & Haridas Balan Designers: Charu Dwivedi, Peterson PJ & Midhun Mohan MARCOM Associate Art Director: Prasanth Ramakrishnan Designer: Rahul Babu STUDIO Chief Photographer: Subhojit Paul Sr. Photographer: Jiten Gandhi
14 A Question of Answers
14 | need for a multi-layered protection Natalya Kaspersky, CEO, Infowatch, talks about how enterprises need to manage new age threats
60 | tech for governance: service providers and PCI compliance Know about what you need from third parties advertisers’ index
18 | Best of breed: 5 conditions of a social successful enterprise The secret to a successful social platform is to establish the conditions for a collaborative culture
4
53 | Next Horizons: CIO Solves CEO Queries on cloud Top CIOs discuss about cloud implementations and attempt to solve CEO queries
October 2012
Microsoft FC Iomega IFC Check Point 5 HP – PSG 9 Symantec 11 Schneder 12, 13 EMC 17 Sanovi 21 Riverbed IBC IBM BC This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay NEXT100 ADVISORY PANEL Manish Pal, Deputy Vice President, Information Security Group (ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan Berjes Eric Shroff, Senior Manager – IT, Tata Services Sharat M Airani, Chief – IT (Systems & Security), Forbes Marshall Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group Sales & Marketing National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) Senior Sales Manager (North): Aveek Bhose (+91 98998 86986) Product Manager - CSO Forum and Strategic Sales: Seema Menon (+91 97403 94000) Brand Manager: Jigyasa Kishore (+91 98107 70298) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 For any customer queries and assistance please contact help@9dot9.in This issue of CIO&Leader includes 12 pages of CSO Forum free with the magazine
Gov e
nt me rn Ra i
ays lw
Energ y&
Stoc k
han Exc ges
Ba
Tel
ies ilit Ut
om ec
s nk
IT / e S IT
Enterprise
IT Spending in India to Reach $71.5 Billion Next Year Pg 08
image by photos.com
Round-up
story Inside
Mobile Sales in India to Reach 251 Million Units in 2013 Samsung Nokia top two vendors
Mobile device sales in India are forecast to reach 251 million units in 2013, an increase of 13.5 percent over 2012 sales of 221 million units, according to Gartner, Inc. The mobile handset market is expected to show steady growth through 2016 when end user sales will surpass 326 million units. “The Indian mobile phone market is very competitive with more than 150 device manufacturers selling devices to consumers. Most of these manufacturers remain focused on the low-cost feature phone market which still constitutes over 91 percent of overall mobile phone sales, offering a huge market to com-
6
October 2012
pete in,” said Anshul Gupta, principal research analyst at Gartner.“The increase in share of smartphone device sales, declining sales to first time buyers and the continuous focus of global manufacturers on the low cost feature phone market, has put many of the 150 plus local and Chinese device manufacturers under survival mode. Many of them are already struggling to maintain share in the growing market,” Gupta said. Some of these local and Chinese manufacturers are building capabilities, distribution and brand to compete with the big global players as they are preparing to compete at a larger level.
Data Briefing
4.5mn Jobs will be created in APAC by the growth of data
Enterprise Round-up
They J K Said it Shin The CEO of Samsung recently announced that a smaller version of the Samsung Galaxy S3 will be in the market soon and the unveiling of a small device “that had never been this big.”
image by photos.com
“There’s a lot of demand for a 4-inch screen device in Europe. Some call it an entry-level device, but we call it mini.” —J K Shin, CEO,
IT Spending in India to Reach $71.5 Billion Next Year At $47.8 billion, telecom is the largest segment
Samsung
IT spending in India is projected to total $71.5 billion in 2013, a 7.7 percent increase from the $66.4 billion forecasted for 2012, according to Gartner, Inc.. Speaking at the Gartner Symposium in Goa, Peter Sondergaard, senior vice president and global head of research at Gartner, said, “India, like other emerging markets, continues exercising strong momentum despite inflationary pressures and appreciation of local currencies, which are expected in rising economies.“ The telecommunications market is the largest IT segment in India with IT spending forecast to reach $47.8 billion in 2013 (see Table 1), followed by the IT services market with spending of $10.3 billion.The computing hardware market in India is projected to reach $9.5 billion in 2013, and software spending will total nearly $4.0 billion. Software will record the strongest revenue growth at 15 percent, IT services will grow at 12 percent. The telecom segment, which accounts for 67 percent of the Indian ICT market, is set to grow at 7 percent revenue growth in 2013. “Businesses are increasingly looking to IT to help support the challenges of enhancing customer support, supply chain management, optimizing business processes or helping drive innovation in the business,” Sondergaard said.
QUICK BYTE ON Cloud
The public cloud services market in India is forecast to grow 32.4 percent in 2012 to total $326.2 million, according to Gartner, Inc. Worldwide public cloud services revenue is on pace to total $111 billion this year —Source: Gartner
October 2012
7
image by photos.com
Enterprise Round-up
3 Growth Opportunities in Servers Through 2015 Spending on servers is
60% of overall data center hardware Three key server segments — hyperscale data centers, hosted virtual desktop (HVD) workloads and extreme low-energy (ELE) servers — will offer opportunities for growth through 2015, according to Gartner, Inc. Servers represent the control points of hardware infrastructure in data centers, where workloads and applications reside, and Gartner analysts estimate that end-user spending on servers accounts for about 60
percent of overall data center hardware. "The server market was worth $52.8 billion worldwide in 2011, and although it's mature, it will offer considerable growth opportunities in the coming years," said Kiyomi Yamada, principal research analyst at Gartner. "These opportunities will arise as demand for certain types of workloads increase and use of servers shifts to very large data centers, virtualisation and energy-efficient products."
Global Tracker
The Asia Pacific Business Process Outsourcing (BPO) market is forecast to
reach $9.5 billion in 2016, up from $5.9 billion in 2011. 8
October 2012
Source: gartner
BPO
"Currently, the server market is highly competitive, and despite its size, offers only small profit margins," said Jeffrey Hewitt, research vice president at Gartner. "The prevalence of standardized (x86) platforms also makes it hard for companies to differentiate their products. In response, server providers, aiming for higher profit margins, have been making more effort to create fabric-based infrastructure and converge around integrated systems. To succeed in the server market in the next few years, companies must innovate and respond quickly to shifts in demand. Opportunity 1: Increasing Demand for Hyperscale Data Centers Creates an Opportunity for Providers to Boost Server Shipments Companies such as Google, Amazon and Facebook have huge data centers that serve external customers. These data centers need large numbers of servers and are called hyperscale data centers. The hyperscale/ cloud data center segment already accounts for about 11 percent of server shipments and Gartner expects the segment to continue to experience strong growth, making it about 17 percent of the total x86 server market in unit terms by 2015. "The hyperscale data center market is a big one, but limited, with only a few dozen — albeit, large — potential customers," said Yamada. "This strong, concentrated buying power inevitably means intense competition and lower margins, as well as fluctuating demand. Order schedules are more likely to be unpredictable, aligning with these companies' infrastructure build-out phases, which depend on each company's business plan. In order to be successful in this opportunity, organizations must offer custom design, manufacturing, installation and support capabilities that specifically target the segment." Opportunity 2: Flexibility of HVDs Means More Enterprises Will Move Their Workloads, Gartner estimates that by 2015, virtualised physical servers deployed for HVD workloads will reach about 368,000 units and will account for 16.7 percent of virtualized physical servers for all workloads. HVD workloads are among the fastest-growing server workloads.
Enterprise Round-up
Illustration by photos.com
Students Raise Voice Against Internet Censorship FICCI offers unique platform for students
A Youth Debate on Internet Governance 2012 (You-DIG 2012) was kicked-off here with great excitement as students from 15 renowned colleges of Delhi debated the issue ‘Online anonymity should be done away with’. The debate was part of the India Internet Governance Conference (IIGC), organized by FICCI in association with the Ministry of Communications & IT and the Internet Society. The jury members comprised Rajeev Chandrasekhar, Member of Parliament, Rajya Sabha and Past President, FICCI; Richard Allan,
Director of Public Policy-EMEA, Facebook and Suhasini Haidar, Senior Editor, CNN-IBN. This initiative of FICCI saw students getting actively involved on the issue of Internet Governance. When it comes to internet governance, the voice and aspirations of the youth matter the most, as they form the majority who access the internet and are responsible for changing the use of this medium in due course of time. The Youth debate is part of the outreach and inclusivity effort by FICCI to amplify the voice of youth in a meaningful way, in the internet governance dialogue – including issues of online safety, security and freedom of speech. The house was divided on the issue of banning online anonymity. Those supporting the issue and advocating a ban stated that anonymity and accountability go hand-in-hand. Absolute power corrupts hence the fear of retribution is much-needed. Therefore, a norm needs to be established where all users are identified. Protagonists of the ban stated that there have been innumerable instances of cyber theft, breach of privacy and threat to security of not only individuals but to the country as well. Therefore, it is necessary that each person using the virtual platform must be identified and traced if there is an emergency situation. It is often seen that a society without an identity crashes out soon. But a large number of students felt that if online anonymity is banned then indirectly freedom of expression will also suffer. The Arab Spring was the result of an anonymous protest, if the initiators had been identified at the start of the revolution, then Arab Spring would have never been known to history. Anonymity gives an individual the power to express oneself and seek views and opinions from others.
Fact ticker
Google Will Shape Future of Financial Services Industry
Security remains paramount Despite the hype about “digital mega-firms” such as Apple, Facebook and Google wiping out mainstream banks, traditional banks will have the edge over their Internet-oriented rivals, according to Gartner. However, the new firms will play a considerable role in shaping the banking industry of the future. “The evolution of the Internet
10
October 2012
continues to raise questions about the continued viability of brick and mortar establishments in retailing and financial services,” said David Furlonger, vice president and Gartner fellow. “Increasingly, Internetoriented mega-firms are seen as the commercial enterprises of the future. However, as far as retail banking is concerned, it would be
like trying to hammer a square peg into a round hole, this just does not fit.” Furlonger said that the digital mega-firms have many things in their favour. They are masters of data management and analytics. To all intents and purposes they define agility, both from a technology and a business model point of view. They are extremely adept at extending their value chain analysis beyond the core offering, with an eye to identifying new opportunities for business and highlighting specific customer needs that they might address.
Green IT
B
y 2015, India's spending on green IT and sustainability initiatives will double from $35 billion in 2010 to $70 billion in 2015, according to Gartner. In 2012, green IT and sustainability spending in India will total $45 billion. In the Gartner report “Hype Cycle for Green IT and Sustainability in India, 2012,” analysts said green IT and sustainability are emerging as key concerns for businesses, investors and technologists across industries and policymakers in India. Though many technologies are available, government policies will eventually drive green IT and sustainability solutions adoption by Indian enterprises. “For the first time, a chapter on sustainable development and climate change was introduced in the government's annual Indian Economic Survey, 20112012. The survey has suggested making lower-carbon sustainable growth a central element of India's 12th five year plan, which commenced in April 2012,” said Ganesh Ramamoorthy, research director at Gartner.” This will set the tone for future policy initiatives and regulatory measures from the Indian government that will drive the implementation of some technologies — such as advanced metering infrastructure, carbon capture and sequestration.
DATA CENTER CORNER data center
High-Efficiency, High-Density Data Centers
Most data centers do not fully utilise power, cooling, and rack capacity. The primary symptom of this condition is the low average operating power density of data centers. Summary
The physical configuration of the IT equipment can have a dramatic effect on energy consumption. A poor configuration forces the cooling system to move much more air than the IT equipment requires
12
I
n a typical data center, less than half the electricity used actually makes it to the computer loads. More than half the electrical bill goes to the purchase of power consumed by the electrical power system, the cooling system, and lighting. The total electrical consumption therefore has two principal contributors — (1) the power consumed by the IT loads, and (2) the power consumed by the support equipments. Vendors of computer equipment are providing new solutions such as virtualisation that have the potential to reduce the total amount of IT equipment required to perform a specific function, which offers a means to reduce IT load power consumption. Unfortunately, at the same time, the trend of IT systems operating at higher densities with time-varying power draw are driving down the electrical efficiency of the data center power and cooling systems. While most users understand that inefficiencies of the power, cooling, and lighting equipment are
October 2012
wasteful, the other items that actually dominate the inefficiencies and are not well understood. Here are some of the primary reasons we should consider when we choose electrically-efficiency data centers.
Inefficiencies of the power equipment Equipment such as UPS, transformers, transfer switches, and wiring all consume some power (manifested as heat) while performing their function. While such equipment may have name-plate efficiency ratings that sound impressive — 90 percent or higher — these efficiency values are misleading and cannot be used to calculate the power wasted in real installations. When equipment is doubled for redundancy, or when the equipment is operated well below its rated power, efficiency falls dramatically. Furthermore, the heat generated by this “wasted” energy in power equipment must be cooled by the cooling system, which causes the air conditioning system to use even more electrical power.
data center corner
CUSTOM PUBLISHING
Total electrical consumption has two contributors — the power consumed by the IT loads, and the power consumed by the support equipments Inefficiencies of the cooling equipment Equipment such as air handlers, chillers, cooling towers, condensers, pumps, and dry coolers consume some power while performing their cooling function (that is, some of their input power is dispersed as heat instead of contributing to the mechanical work of cooling). In fact, the inefficiency (waste heat) of cooling equipment typically greatly exceeds the inefficiency (waste heat) of power equipment. When cooling equipment is doubled for redundancy or when the equipment is operated well below its rated power, efficiency falls dramatically. Therefore, an increase in the efficiency of the cooling equipment directly benefits overall system efficiency.
Power consumption of lighting Lighting consumes power and generates heat. The heat generated by lighting must be cooled by the cooling system, which causes the air conditioning system to consume correspondingly more electrical power, even if the outdoor temperature is cold. When lighting remains on when there are no personnel in the data center, or when unutilised areas of the data center are lit, useless electrical consumption results. Therefore, increases in the efficiency of the lighting, or controlling lighting to be present only when and where needed can help improve overall data center efficiency.
Over-sizing Over-sizing is one of the largest drivers of electrical waste, but is the most difficult for users to understand or assess. Over-sizing of power and cooling equipment occurs whenever the design value of the power and cooling system exceeds the IT load. This condition can occur from any combination of the following factors: • The IT load was overestimated and the power and cooling systems were sized for too large a load • The IT load is being deployed over time, but the power and cooling systems are sized for a future larger load • The cooling system design is poor, requiring oversizing of the cooling equipment in order to successfully cool the IT load
40 %
Power saving is possible in data center by using effective architecture
Inefficiencies due to configuration The physical configuration of the IT equipment can have a dramatic effect on the energy consumption of the cooling system. A poor configuration forces the cooling system to move much more air than the IT equipment actually requires. A poor configuration also causes the cooling system to generate cooler air than the IT equipment actually requires. Furthermore, physical configuration may force various cooling units into a conflict where one is dehumidifying while another is humidifying, a typically undiagnosed condition that dramatically reduces efficiency. The current trend of increasing power density in new and existing data centers greatly amplifies these inefficiencies. These configuration problems are present in virtually all operating data centers today and cause needless energy waste. Therefore, an architecture that optimises the physical configuration can dramatically reduce energy consumption. Conventional legacy data centers operate well below the efficiency that is possible using proven designs incorporating readily available power and cooling equipment. One key finding is that purchasing high-efficiency devices is not sufficient to ensure a high-efficiency data center. An architecture and strategy that uses such high-efficiency equipment in an efficient manner, and reduces over-sizing, is just as important as the efficient hardware itself. When high-efficiency equipment is combined with an effective architecture, savings of 40 percent of the total electrical power of the data center are possible when compared with conventional designs.
BROUGHT to YOU BY
October 2012
13
Data Leakages: Natalya Kaspersky, CEO, Infowatch stresses on the need to have a multi-layered protection
N ata lya K a s p e r s k y | A Q u e s t i o n o f a n s w e r s
natalya Kaspersky | CEO, Infowatch
Need for Multi-Layered Protection Natalya Kaspersky, CEO InfoWatch and co-founder of Kaspersky Lab, talks to Varun Aggarwal about how enterprises need to manage new age threats Data leakages are becoming increasingly common. Experts suggest that since most of these cases are highly targeted attacks, there is little firms can do about avoiding them. Your views. That’s a wrong approach. If you do not protect your confidential information at all you will be the first target of the malefactors and all your sensitive data will leak! That will inevitably bring reputational losses as well as huge damage to your business. Remember the June incident with Samsung and LG when some of their confidential technologies have been stolen and smuggled out of their manufacturing plants by employees of a subcontracted firm? It is likely that these pieces of top-secret information have got into the hands of rival TV
makers, wiping out any advantage Samsung and LG had hoped to gain through their R&D investment in OLED television technology!If you stop fighting you will be shot!Butif you care about defense you have a chance to survive. There are two major approaches to security of confidential data. The first one is drastic and promotes total security that means blocking all the channels of data transfer outside the company. It is highly efficient in terms of security but absolutely unacceptable if we talk about business processes. Another approach is a multi-layered concept of data protection which includes organisational measures, data classification, access rights management and data leakage prevention. Many companies do
not understand the key factor of the efficiency of DLP systems and think that DLP is low efficient software. It is only soif the company doesn’t know what information it possesses, what part of it is confidential and should be controlled. The problem is that almost 80 percent of all information in modern companies is unstructured data. That’s why efficient DLP systems should include a “pre-dlp” stage - categorisationof corporate data to define what exact information is sensitive and needs to be protected. It is done auto-manually and includes a big part of consulting. After that the DLP software is installed and starts monitoring corporate data. All together this gives quite a high result, about 90 percent of efficiency. Though nobody guarantees absolute security.
October 2012
15
A Q u e s t i o n o f a n s w e r s | Na t a l y a K a s p e r s k y
The recent case of identity theft of Mat Honanfrom from Wired.com has brought to fore some of the weaknesses in the cloud security. Since most of the cloud vendors dictate their security terms, what can enterprises do to secure their data in the cloud? Also, what should individuals do to protect their digital identities? As for the companies cloud services are still not widely used though the topic is already 12-years old. The main reason is the problem of IT security in the cloud. The thing is that when you give your data to the cloud services provider the latter operates and stores the data but it doesn’t want to take high responsibility for its safety. Provider can only include limited responsibility into the cloud agreement because otherwise it’ll quickly be out of business. So now when you put your data into the cloud you can mentally say “Goodbye” to it. That’s why few large enterprises use cloud services and SMB companies use them by force to save costs. So my advice to companies is either not to use cloud services at all or to put only non-sensitive data into the cloud which is not very convenient but secure. As for the home users I would advise people again not to put confidential data into the cloud. And unfortunately, if you still use the cloud than Mat Honan’s case shows us a necessity to make a backup copy of all important information and store it in inaccessible place which makes the cloud concept senseless. Companies are choosing to keep mum about their preparedness for a cyberattacks to avoid undue attention from the hackers. Do you think this is the right strategy to take? If you are talking too much about how you protect your company’s network, what security measures you undertake and what solu-
16
October 2012
“As for the companies, cloud services are still not widely used though the topic is already 12-years old. The main reason is the problem of IT security in the cloud” tions you use than your company becomes vulnerable to attacks. Such transparency may also lead to the reputational damage. On the other hand we see an obvious lack of experience in field of IT security and data protection. Therefore IT security experts share their experience at specialised IT security events which are many in the world or at numerous web resources where professional matters are discussed anonymously, without the risk of data leakage. Do you have any India specific details on data breaches? The topic is evidently kept silent and a rare Indian incident is discussed in the press. Still the problem of data breaches is more than relevant since there are lots of manufacturing companies in India and their industrial secrets and intellectual property need protection. Besides the national fea-
things I Believe in There is a lack of skilled manpower in the fields of data security and data protection Data breaches are more common in India because there are many manufacturing companies — the prime targets The average cost of breach in 2011 to a company was Rs 53.5 million
ture of Indian enterprises is a huge number of employees which means big volumes of personal data and thus higher risk of losses. Nobody knows how efficiently this data is protected. According to The Cost of a Data Breach Study among Indian organisations in 2011 by Ponemon Institute, the average total cost of a breach to an organisation was Rs 53.5 million, with malicious breaches by hackers or criminal insiders being the most expensive type at Rs 4,224 for one compromised record. What do these numbers say? Let’s take for example two Indian software development enterprises HCL and Infosys which develop custom software. If they face a data leak incident they put at risk not only their own internal information but also the confidential data of their numerous customers. In this case the two companies will suffer grave reputation damage with a high probability of lawsuits.
November 8 & 9, 2012 | Grand Hyatt, Mumbai EMC Forum 2012 is all set to be the biggest IT showcase of the year. It promises to be a storehouse of insightful sessions, cutting-edge technologies and viable inputs from global experts. You can expect to learn why cloud computing and virtualization are key to mastering the new IT realities, and how you can unlock the value in Big Data and transform your business, your IT and yourself.
SHOW HIGHLIGHTS
Special Performance by KK Musician & Performance Artist
EMC Transformers Awards
Keynote Address By David Lim, Author and Mountaineer
PA R T N E R S ELITE PARTNERS
GOLD PARTNER
SILVER PARTNER
PLATINUM PARTNERS
CLOUD SERVICE PROVIDER SPONSOR
To Register, Visit www.EMCForum.in
ASSOCIATE PARTNERS
Best of
Breed Features Inside
Don’t Let IT Hijack the CMS Pg 20
5 Conditions of the Social Successful Enterprise The secret to a successful social platform is to establish the conditions for a collaborative culture first
By Sonja ShepardÂ
E
nterprise social networking (ESN) is the manifest destiny of business communications; connecting a globally dispersed workforce. Yet few organisations make good on the promise of this collaborative technology. The business case for enterprise social networking is clear: Get the right people and the right information together at the right time, and you have a potent compound for innovation and problem-solving. Add today's globally dispersed workforce to the picture, and collabora-
18
October 2012
Illustration by photos..com
5 Ways to Minimise the Risk of Outsourcing Pg 22
social net works | Best of breed
tive technologies are all but inevitable. Yet six years after "Enterprise 2.0"was first coined, few organisations are living the ESN promise. Faced with ESN options like IM, micro blogs, Yammer, and status updates, many workers still favor plain old email and phone. File sharing takes place off the ESN radar, and knowledge remains siloed in discrete business applications. What happened to the ideal of frictionless collaboration? IT analysts think they have an answer: ESN rollouts fixate on networking at the expense of social. In doing so, organisations miss out on the true value of the technology — its power to connect and engage people. “Most companies approach enterprise social networks as a technology deployment and fail to understand that the new relationships created by enterprise social networks are the source for value creation,” said Charlene Li of Altimeter Group in her February 2012 report, Making the Business Case for Enterprise Social Networks. It’s all part of the new emphasis in IT on communications media over dataprocessing tools. Geoffrey Moore’s “systems of engagement” versus the “systems of record,” like CRM and supply chain management software. Engagement, unlike recordkeeping, can’t be implemented by executive fiat. These systems develop organically as the technology integrates into daily work practices. “Social business systems need to be implemented within a context, and that context is the processes that drive the business,” said Moore in his 2011 white paper A Sea Change in Enterprise IT . The secret to a successful social platform, say IT managers and analysts, is to establish the conditions for a collaborative culture first. Analysts and IT professionals offer a variety of takes on what those conditions are, but the common thread is a flexible and open organisation that allows social-networked business processes to emerge from the ground up. Only in this environment can ideas and information flow freely, stoking innovation and effective collaboration.
5 conditions for a thriving social enterprise 1. Lateral management — Command and control and other regimented, hierarchical approaches to management tend to preempt the productive interactions that collabora-
“Most firms approach social networks as a technology deployment and fail to understand that the new relationships created by networks are the source for value creation” tion technologies are designed to promote — dissent, brainstorming, crowdsourcing of ideas, off the cuff remarks, serendipitous encounters, etc. More fundamentally, a top down approach stifles the user's own exploration of how the social networking tools can help her do her job better. A social organisation needs managers who coordinate rather than direct workers, embracing emergent processes. Andreas Scherer, a consultant at Salto Partners and former executive at AOL and Netscape, sees a counterproductive project management paradigm in place today, in which senior managers conceive the project plan in isolation and impose it on the team. Yet, social networking technology demands and enables the active involvement of the team at all levels, from planning to execution. “One of the best ways to get a solid project plan is to actually bring people together and talk about the assumptions and the risks,” Scherer said. “The ESN captures all aspects of the project, including some of the contrarian opinions that otherwise would be swept under the carpet.” 2. Dynamic team structure — Enterprise social networking empowers a more dynamic, ad hoc formation of teams across the organisation. Workers identify the right talent to help with a project, be it the person in the next cubicle or a teleworker in another time zone. This dynamic, temporary and self-directed team formation helps organisations optimise their resources and respond more quickly to changing market forces. David Thomas tells the story, in The Executive’s Guide to Enterprise Social Media Strategy, of an Accenture director who was able to quickly marshal a team of experts and existing knowledge assets by putting a call out on the company's social network.
Respondents linked to the relevant community of practice saw the request and offered their time, expertise and/or prior work to help move the project forward. IDEO's The Tube functions as a marketplace for forming such teams. Team leaders announce and staff an upcoming project using social media tools, referring to designers’ profile pages to browse past work and identify coworkers with skills for a particular job. 3. Seamless integration of business technologies — The ideals of open communication and transparency apply to the data systems, too. To be effective, an ESN needs to bridge all of the organisation’s information and communication applications. CRM, CMS, search, file sharing and communications should all happen on an integrated and easily accessible platform. Symantec’s CRM and social platform operate as one, for example. In addition to integrating account and opportunity management, the company uses the technology for communication-dependent functions like pricing, contract approvals, and sharing leads. 4. Borderless engagement — “IT systems … have to engage at the edge in a way that they've never had to before,” said Moore. A successful ESN brings together a far-flung network that extends beyond the traditional boundaries of the company, to vendors, partners, outside experts and customers. To enable productive interaction among all these stakeholders, it’s important for business leaders to break down barriers wrought by both security practices and physical distance. IT executives can influence the success of the borderless enterprise by ensuring that the ESN works on mobile devices, by implementing security measures that bring
October 2012
19
B EST OF B REED | m a n a g e m e n t
jobs. Let users determine how everyone — even those on the the tools help them do their periphery — into the fold and jobs better. by resisting the temptation to Want users to invest time censor what can be said and sharing and recording their exchanged on the ESN. india has emerged as knowledge within the system? 5. Aligned incentives — Manthe fourth largest Create a culture that prizes agers can shape incentives to android market knowledge sharing and include promote the desired use of globally this virtue in performance the ESN. Too often, explains assessment. UX expert Greg Analyst Tamara Erickson, comNudelman has seen social panies install social networking enterprises use a peer-based technology in such a way that “helpfulness” index to evaluate employees the technology adds work for employees. based on their involvement in the network. The implication is that workers should do Want to make the most useful contributheir jobs and spend time sharing ideas. tions and experts the most visible? ImpleInstead, managers can position the sysment a simple, easy-to-use rating system tem so that it empowers and rewards users. for content and people. A voting function Want employees to get involved with the (thumbs up or down) and a trending feasystem? Integrate it with business proture broadcasting recent threads relevant cesses, so it offers direct value in their daily
4th
to the user's interest group are among IT consultant Joseph Lukan’s recommendations. “The tool needs to have the ability to consolidate opinions or thought.” BASF incentivised employees to use their social network by letting their daily practices shape the network. For example, senior managers didn’t define interest groups in advance, but let users build communities of interest as the need arose. ABI Research expects the enterprise social collaboration sector to grow from $1 billion in 2012 to $3.5 billion by 2016. Yet many organisations still need to connect the dots between the technology and the community it serves. — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
Don’t Let IT Hijack the CMS
To deliver value, CMS selection needs to be performed across multiple units and divisions
I
n today’s digital age, the ability to provide high-quality content immediately on a 24/7 basis can give companies a significant competitive advantage; especially from a marketing perspective. However, it is difficult for marketers with little or no information technology background to publish information quickly, if at all, when they don’t understand how to use their company’s content management system (CMS). Although IT clearly has a stake in the CMS platform, it’s a big mistake to let IT monopolize the selection process. To deliver real value to the organization, CMS selection needs to be performed across multiple units and divisions — and in many cases, marketing (not IT) should have the loudest voice about the CMS platform that is ultimately chosen.
Common issues in CMS selection The evolution of CMS technology has enabled marketing teams to play a more active role in the content management process. In the
20
October 2012
By John Fairley
past, marketing has relied on IT to publish content for them, but technological advances have fostered an online ecosystem where information is disseminated rapidly and in real-time, putting marketers in the driver’s seat of website management. Consequently, marketing teams and other non-IT personnel have a vested interest in choosing a CMS that allows them to quickly update or publish content. Marketers need a CMS that makes it easy to respond to industry news, share opportunities and other events in real-time — without having to depend on IT to mediate the content management process. IT departments, on the other hand, generally prefer a CMS platform that integrates smoothly with the corporate intranet and the rest of the company’s IT environment. As a result, IT departments elect to go with CMS solutions with an existing foothold in the company’s IT ecosphere, even though those CMS solutions significantly ramp up the pain cycle for the marketing team. Since IT and marketing teams have different goals, IT-driven CMS
m a n a g e m e n t | B EST OF B REED
selection processes almost always result in solutions that are familiar to IT, but don’t necessarily align with marketing’s workflows and messaging requirements. Initially, IT departments may chafe at relinquishing control over the company’s CMS platform. But by empowering marketing during the CMS selection process, information executives minimise marketing’s dependence on IT and create an agile information environment capable of delivering lightning fast messaging that characterizes growth-minded companies.
A better CMS selection process A well-executed CMS selection process takes into account the needs and desires of both marketing and IT, creating a content management environment that has been optimised for those who are responsible for publishing content as well as those who are responsible for providing technical support. Achieving a balanced selection process isn’t easy, but it begins with conversations about content management goals. Everyone who has a stake in the CMS (IT, marketing, finance, etc.) should have the opportunity to define usage scenarios and other requirements that need to be addressed by the organisation’s CMS platform. In an ideal world, the selection process would be highly collaborative and would generate consensus around required features and functions. But the competing interests of IT (familiarity, technical support) and marketing (ease of use) aren’t necessarily conducive for consensus building, especially when it comes to the granular features available in various CMS solutions. Using CMS goals as a baseline, a more practical alternative is to allow stakeholders to have greater influence over the features and functions that are relevant to their workflows and desired outcomes. This is where the divergence between IT and marketing becomes apparent because when it comes to features that allow users to quickly publish or update content, marketing should have the deciding vote, not IT.
If marketing is excluded from the decision process, CMS features that are critical to the successful execution of day-to-day or longterm marketing initiatives may be overlooked. For example, many advanced CMS capabilities can feed information directly to social networks and even manage and measure the effectiveness major ongoing marketing campaigns by tracking email open rates, providing campaign-specific analytics on landing page visits, scoring prospects based on their behaviour on a site, and monitoring website conversions across the organisation’s main and microsites. A robust CMS tool even offers information about the people who visited a particular site but took no action, thereby creating a list of prospects for the sales force to follow up on. It can also classify leads by geography and feed them directly into sales databases, assigning them to a specific representative in a given territory. It’s important to note that in some cases, IT doesn’t need to be involved in the CMS selection process at all. Depending on the situation and system requirements, it can be more affordable and practical for the marketing team to outsource content management to an externally hosted solution provider.
Achieving a balanced selection process isn’t easy, but it begins with talks on content
Smart marketing teams know that it’s impossible to separate good content from good content delivery mechanisms. Since many of today’s content management solutions are designed to help marketing teams and other stakeholders manage content directly, without the assistance or mediation of IT, it’s important for information executives to give marketing a greater role in CMS technology selection. Put simply, a CMS selection process that ignores marketing will handicap the organisation's marketing efforts. — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com.
image by photos.com
Maximising the value of content
B EST OF B REED | o u t s o u r c i n g
5 Ways to Minimise the Risk of Outsourcing It is time to rethink the decision-making process related to outsourcing along the following lines
By R Dorairaj
22
October 2012
Illustration by photos.com
I
n an ideal world, companies that effectively leverage the global delivery model stand to gain in several areas, ranging from cost advantages to access to talent to the ability to innovate rapidly. However, outsourcing to another entity in another country where the culture, legal framework, language and commercial contexts are very different from one’s own, tends to increase the perception of the risks. While distance makes the heart grow fonder, it does make the risks seem larger. Partner selection and how you engage with the partner are the two fundamental aspects of managing outsourcing risks. Traditionally, assessments of partner capability, size, financial stability, track record, references and perceived ease of working together were the criteria for choosing a partner; while in-house capabilities and confidence in the partner were prime factors in determining the model of outsourcing. The assumption was that if the partner was stable, then the risk would be the aggregate of the individual project risks and that these can be tackled in a tactical manner. While this model has its merits, it tends to distort the decision criteria, leading to an uneasy relationship that could become an
Structure your contracts that improves your costs yearon-year, but think of partner risks in terms of the partner's ability to recover from project crashes and deliver.
m o b i l i t y | B EST OF B REED
increasing burden for both parties. Therefore, I believe that the time has come to rethink the decision making process: Strategic position: What is the industry in which you operate? Are you in a crowded market place looking to eke out a few basis points of profit over competition, or are you in the rather nice position of being able to command premium pricing due to your differentiated offerings? The truth, usually, is somewhere in the middle. Based on your competitive position, choose your partner. If most of your business is commoditised and you are looking for some cost leadership, then go with a partner who can bring in efficiencies (over and above cost arbitrage). Structure your contracts in a manner that improves your costs year-on-year, in an aggressive manner, but think of partner risks in terms of the ability of the partner to recover from project or programme crashes and deliver. However, if your competitive position does not demand focus on costs as much as building for the future, then you can choose partner(s) with track records that showcase greater capability, rather than their capability to reduce costs. Your learning needs: Are you an organisa-
available to you for any issues, tion that needs to learn to conexplore if there are people on tinuously to retain market posithe ground empowered to take tion? Are you in a place where decisions. Try to gain an underyou are constantly under threat standing of the firm structure from competition’s innovation? will be the amount and see if the people who are How much of your IT needs spent on big data immediately above the partner to be in step with the business globally in the people in your engagement are in learning and innovating? year 2012 capable and empowered. Again, the answer these quesYour roadmap: Do you have tions not only determine your a technology roadmap laid out? partner selection, but also the Is your enterprise architecture extent to which you are willing in place? If so, look for partners who have to outsource and the commercial model of made a commitment to the technologies engagement. that are part of your roadmap and your Recoverability: How quickly can you enterprise architecture choice. If you have, recover from a bad choice of partner or for example, chosen J2EE as your basic techengagement? While legal protections nology, then there is little merit in choosing should exist, they can neither guarantee suca partner who has a larger number of people cessful execution nor can they ensure that and investments on the Microsoft Technolthings can be recovered without significant ogy Stack. impact on business. Evaluate your eventual dependence on the partner — and the costs —Ramesh Dorairaj is vice president of IT and of having critical internal knowledge outside product engineering services company at conyour organisation. Calibrate your engagesulting firmMindTree. ment model accordingly. Depth of partner — This article has been reprinted with permismanagement: While it is definitely an egosion from CIO Update. To see more articles boost to have the CEO or senior executives regarding IT management best practices, please of your partner company promising to be visit www.cioupdate.com.
$28bn
India Enterprise Mobility Survey The concept of enterprise mobility has evolved to become one of the most promising and powerful business technologies of this decade
M
obile devices such as smartphones can no longer be called items of personal luxury. Today, they have emerged as an office necessity on the back of strong enterprise mobility currents that have created unprecedented ripples in the business world. Over the past couple of
years, the concept of enterprise mobility has evolved to become one of the most promising and powerful business technologies of this decade. The immense popularity and high demand for wireless mobile devices such as tablets a nd smartphones has redefined enterprise mobility and made it necessary
for the success of any and all businesses. Well-planned and carefully implemented mobility within any organisation enhances enterprise effectiveness, efficiency and responsiveness manifold, as it helps provide the right data, in real time to the right person or place. Today, businesses across industries and
October 2012
23
B EST OF B REED | m o b i l i t y
of various sizes have embraced such mobility within their enterprises to reap rich dividends of cost and time savings. The invention of creative, helpful applications and intuitive software has only served to take this mobility renaissance deeper into the very heart of how business is conducted, with most business departments and verticals now creating mobile initiatives as part of their own growth and expansion strategy. It is proven beyond doubt that companies and businesses using such strategy-oriented enterprise mobility solutions, have seen numerous benefits ranging from lower TCO to better customer interaction, operational efficiency and brand image. However, such enterprise mobility models have also brought in their wake a new set of challenges and issues pertaining to IT security, compliance, management, maintenance and deployment. Primary among such concerns is the feasibility and safety of allowing employees to carry their own mobile devices, to and from office. Mirroring the growing international concern and debate over the consequences of Bring-Your-Own-Device (BYOD) movement, this survey attempts to find a way forward. It tries to answer hard questions such as should employees be allowed to get their own mobile devices to office? Should employee-owned devices be allowed on enterprise networks? And if so, should there be a cap on the office data, applications and services they are permitted to access? How should any company’s IT infrastructure support mobile applications? The results of the survey show that despite there being tough competition in the market, BlackBerry remains the preferred smartphone of CEOs and CIOs in India, as it scores well on security, application and cost. Another important find of the survey was that there has been a sea change in the way CXOs think about mobility. This paradigm shift is visible in the fact that many of these mid-sized enterprise leaders have already put in place a mobile management strategy and most others are planning to put one in action in the coming 12 months.
Smartphones working to carve a niche within office space Smartphones have carved a niche for themselves within office. Carrying your
24
October 2012
own smartphone to office is fast becoming an accepted norm with 32 percent of enterprises already having between a tenth and a quarter of their employees carrying one or the other kind of such smartphone to office. While in 23 percent of the companies this figure stood at less than a tenth and in another 23 percent it stood at more than a half, these figures show that smartphones are well on their way to carving a niche within offices, especially in mid-sized companies.
Indian employers sceptical about allowing personal smartphones into office While most mid-sized Indian enterprises are undergoing the mobility revolution, almost 62 percent of such companies are sceptical about the use of personal smartphones in office, and perceive them to be a potential security risk. This is in line with international concern over bringing your own smartphone to office. The survey found, a small open minded minority, of 27 percent, who were comfortable with the idea of smartphones invading their office space.
Mobile device management solutions catching on Keeping these security issues in mind, almost 51 percent of CIOs and business heads surveyed said they had a mobile device mangement (MDM) solution in place to manage multiple operating systems/ versions of employee owned smartphones.
Does your company plan to deploy Mobile Device Management solution to manage multiple smartphone platforms? If yes, within what time frame?
However, a close number, 47 percent had no such MDM solution or strategy yet. However, this is not to say these organisations are not working on one, or don’t feel the need for such a MDM solution.
Plans to implement Mobile Device Management solutions considered urgent Since Indian enterprises are not completely unaware of the threats and dangers posed by smartphones, 38 percent of the companies surveyed plan to deploy a MDM solution to manage multiple smartphone platforms within the next 12 months, while 21 percent have already put one in play. This means that almost 60 percent of the enterprises surveyed understand the need and urgency of implementing such MDM solutions. However, 31 percent are still undecided on their MDM deployment strategy.
Security, application management and cost top considerations while selecting a smartphone platform Choosing a business smartphone requires a bit of thinking, as not all smartphones can help you with your work related duties. Also, both as an employer and employee you would want to choose a device that helps boost your productivity, while reducing cost and time spent. Smartphones are all about multi-tasking and hence the smartphone you buy would need to double up as a small laptop at best. Not surprisingly
15% 38% 21%
Plan to deploy Mobile Device Management solution (%) Within 24 months Already has Not sure
Within 12 months
26%
m o b i l i t y | B EST OF B REED
then, 64 percent of the business leaders surveyed said that their top consideration while selecting a smartphone platform was security, while 53 percent said it was the applications it supported, and a close 51 percent said the deciding factor was cost. For another 51 percent, device management capabilities were an equally important consideration, while half the enterprises surveyed felt that the operating system of the smartphone mattered a lot too.
Based on the above findings, it was realised that among the various smartphone platforms available in the Indian market, BlackBerry was the best equipped to be brought into office. Seventy eight percent of our participants voted in favour of BlackBerry, while Android emerged as the second most preferred smartphone with 55 percent votes and iOS came third with 33 percent finding it the best smartphone option.
Participation specifics The survey received responses from CIOs from different industries, with most industries being fairly well-represented. The Manufacturing industry was the lead contributor, with 33 percent respondents belonging to the sector followed by other services (21 percent) and the Finance/ banking/insurance sector (19 percent). Business heads from companies of different sizes – from large to medium to small, participated in this survey. However, 66 percent of the responses have come from CIOs of mid-sized companies, with over 1,000 employees. The organisation size has been segmented according to the number of employees per enterprise for the purpose of this survey. While various senior business and department heads had been contacted and requested to participate in the survey, leaders and CIOs in decision making capacity on smartphone purchases for their respective companies were specific targeted for their in-depth and practical knowledge on the same. Thus, 41 percent of the survey respondents fall in that bracket, while a close 39 percent play the role of an ‘influencer’ in their company’s smartphone buying strategies.
image by photos.com
BlackBerry the best equipped & preferred Smartphone Platform
“38 per cent of the companies surveyed plan to deploy a MDM solution to manage multiple smartphone platforms within the next 12 months” Conclusion While strategically planned and executed mobility within an enterprise can offer numeorus dividends across the board, simply unleashing it on an enterprise can do the exact opposite, compromising your company’s security. To harness the full potentail of such mobility, enterprises need to invest time, money and skills in developing customized MDM solutions and strategies for their enterprises, so both the employers and their employees can then make the most of the advantages offered by mobile devices such as smartphones. While developing the mobility adoption strategy for their respective organisations, the key considerations of business and IT Heads are related to data security, management of disparate mobile end points, reliability, flexibility and scalability of these devices and solutions. Even though CIOs and business heads are waking up to the numerous advantages and challenges posed by the onslaught of smartphone technology into office space, more needs to be done in
terms of building support and safe infrastructure. While a cursory glance at the survey shows that Indian enterprises are as of now ill-equipped and lagging behind their international counterparts on ways and means to handle the resultant threats and risks of smartphones, a closer look reveals that Indian enterprises are slowly but surely catching up and realising the importance and urgency of putting in place customised and innovative MDM solutions. In the end, the survey proves that there are indications that mobile devices are only going to become indispensable to the way business is conducted and carried out. To manage the risk and dangers accompanying this slow but steady movement, Indian companies are taking proactive steps designed to monitor and manage the usage of such smartphones, and opting for the safest and most reliable of smartphones such as the BlackBerry, for use within the realm of office. — Supported by RIM
October 2012
25
C O V E R S T O R Y | t h e tr a i l b l a z ers
thetrailbla IT leaders at Essar lend the power of technology to its group companies for evolving into best-in-class businesses that can compete with global champions
by yashvendra singh design shokeen saifi imaging peterson pj photos jiten gandhi & zafar
28
October 2012
lazers by Atanu Kumar Das design by shokeen saifi imaging Peterson PJ
C O V E R S T O R Y | t h e tr a i l b l a z ers
essar: the technology-hungry multinational Leading from the front, C N Ram and Jayantha Prabhu, the Essar Group CIO and CTO respectively, have transformed the conglomerate into a tech-savvy entity where IT is integral to business
F
ew Indian companies have leveraged IT the way Essar Group, a $27 billion multinational conglomerate, has done it. For instance, Essar Steel, a part of the diversified business group, manufactures about 10 million tonnes of steel per annum with 5000 employees. Tata Steel, on the other hand, employs 25,000-35,000 workers to get a marginally higher output. The difference lies in the levels of automation in the two companies. Essar has maximised the use of IT to bring in high levels of automations, thereby reducing dependency on human capital. Similarly, another group company, Essar Oil, has harnessed the power of IT to bring in higher levels of efficiencies. By implementing solutions such as RFID, truck tracking etc, the company has been made a positive difference to an important process called the Truck Turnaround Time — the time taken a by a truck to come inside the refinery, refill, complete all formalities, and leave the premises. While earlier the trucks used to take a lot of time, they now enter and leave much faster.
30
October 2012
These are just two of the many instances of how IT is transforming business at Essar. The credit for this transformation of the Group into a technology-hungry corporate goes to the duo of C N Ram, the Group CIO and Jayantha Prabhu, the Group CTO. The two have exhibited true leadership qualities in their respective roles.
IT at the High Seat As Ram says, “IT is an integral part of Essar’s business. By deploying innovative IT solutions, we have been able to derive several tangible benefits from IT. By proving itself, IT has been able to command a seat at the high table. The CIOs of different verticals are today a part of Esaar’s execution committee board.” Ram himself is a part of the management committee. A true leader realises the importance of innovation to the growth of any business. In keeping with this line, Ram has established a process for adopting new and innovative technology. Says Prabhu, “There is a dedicated team that takes care of new technology and innovation. This cell is
t h e t r a i l b l a z e r s | C O V ER ST O R y
responsible to explore several new technologies that can be mapped later with business requirements after their thorough evaluation process. While this cell also work with several other SME teams within CTO office, collaboratively, as a team works handin-hand with top notch leading technology providers such as SAP, Microsoft, HP, Cisco, IBM, Juniper etc. A Technology Committee Meeting is held every fortnight with business CIOs and portrays new technology mapping with business requirements.” Detailed POC/DEMO results are also shared during this meeting. Appropriate business buy-in gets approved in this forum. Later, detailed business case, alignment with Essar Group Enterprise Architecture that directs the strategy and technology road map with return on investment (ROI) and total cost of ownership (TCO) is proposed to senior management for final approval, post which the rollout of such technologies takes place. The other important hallmarks of an enterprise technology leader are an emphasis on transparency and a collaborative approach. Ram and Jayantha have ensured that there is complete transparency while procuring any new technology. “It is evident that business CIOs/representatives should be involved when the technology is hunted and proposed to business at the primitive stage. This is essential so that the solution mapping gains complete clarity and achieves completeness to a larger extent. We arrange several such structured meetings/conferences/forums within the organisation. Adequate buy-in is required from business and that can be achieved only through due and appropriate connectivity with business CIOs/leaders time-totime,” says Prabhu. Another initiative that Ram has taken aids in providing IT solutions to solve business problems through project design and solutions from the CTO office. “We have defined business engagement from the CTO’s office with each Essar Group business vertical such as Steel, Oil, Power, Projects etc. During defined meetings, business problems are shared by business CIOs, which in turn are deliberated within CTO leadership team for solution mapping. While criticality is the factor raised by business, Prabhu decides the technology and proposes to business,” avers Ram. According to Prabhu, through his leadership, Ram has played a key role in shaping Essar’s IT strategy. “The success of IT in Essar is because of several reasons. Firstly, there is a lot of push from the top management. They are hungry for the latest technology. Secondly, the mentoring and freedom that we get from Ram is very useful. Ram is application-focused, which very few CIOs are. Whenever I get stuck somewhere and approach him, he immediately gets to know what is right and what is wrong,” he says. “Ram has also been instrumental in starting vendor
engagement. We have strong relationships with Polycom, SAP, IBM and other vendors. We do lot of beta testing for our vendors and are a reference customer to them. This has not only strengthened our rapport with the vendors but has also enabled us to get favourable licensing terms,” says Prabhu. Essar’s IT department is currently testing Avaya India’s ACE platform. The fact that Ram and Prabhu are team players is reflected in the fact that in the last three years, there has been zero attrition from the company’s IT department. “We take care of their personal and professional needs. It is not a boss-subordinate relationship. We showcase and give due credit to our team,” says Prabhu.
Technology Leadership Essar has taken major IT initiatives in the last six months. These initiatives have focused on emerging or new technologies along with a strong business rationale behind each initiative. Some of these initiatives include Virtualisation: Essar Group has taken a mammoth leap towards desktop virtualisation by adapting Citrix VDI technology. Currently the group has clocked 3000 desktops/laptops virtualised with an end target of 14,000 within a span of year. While the group is not new to server virtualisation technologies such as VMWare, HyperV etc, IBM AIX based virtualisation has been one of the unique starts up that host SAP production for its group HR module. This initiative is under implementation.
“There is a dedicated team that takes care of new technology. This cell is responsible for exploring several new technologies that can be mapped later with business.” —C N Ram the Group CIO, Essar Group
October 2012
31
Tech That Complements Business: Jayantha Prabhu, Group CTO, Essar, has deployed cutting edge IT that delivers strong business value
t h e t r a i l b l a z e r s | C O V ER ST O R y
“It is evident that business CIOs/ representatives should be involved when the technology is hunted and proposed to business at the primitive stage” —Jayantha Prabhu the Group CTO, Essar Group
The key drivers behind Virtualisation are to gain maximum efficiency, lesser turn around time to fulfill business requirements and save cost. Through various server virtualisation technologies, Essar has already realised energy saving of almost around 70 percent, reduced around 150+ standalone servers, reduced 25+ racks within its data centers and has also resulted into releasing critical floor space for further scalability and expansion. Cloud Technology: A step ahead of others, Essar plunged into public cloud with Microsoft Azure and Sucessfactor. The Group now plans to take the Azure journey through the second phase wherein it will take six to eight more applications to public cloud. The Group is an early adaptor of public cloud services. Cloud currently has resulted into Essar saving around 60 percent of its operating cost by migrating two of its applications over public cloud as against a dedicated infrastructure based out of its native Data Center. SAP Hana: Essar Group recently decided to implement SAP Hana—the latest in-memory computing technology being offered by SAP. Essar claims this to be the first of its kind deployment in India and very few across the globe. The Group intends to derive faster SAP responses through this technology thereby driving business operational with relative better speed and cut down earlier operative timeframes resulting into enhance business productivity Juniper Junos: Essar has associated itself with Juniper whereby it assures secured mobility over Junos client offered by Juniper. With secured mobility being the key driver behind this initiative, Essar has already started its implementation within the group. Sybase Afaria: This initiative fuels Essar Group distinct intention towards embracing bring your own device (BYOD) — a service that will allow its end users to carryout business operations over their personal devices. Afaria solution within its initial phase will encompass most of the mobility devices such as tablets,
smart phones and latpops for around 2000 selected end users. The group has promising plans to expand this spectrum to a major segment of its end-user base in the coming years. According to Prabhu, the IT department has ensured such seamless communication that “it is possible for the CEO, even when he is traveling in his jet, to get a high quality video and audio communication.”
The Road Ahead According to Ram, it took him and Prabhu three-four years to standard the technology at Essar. “There were multiple policies and processes. However, technology is now standardized, which has made the integration of IT easy,” he says. The last one year has seen a lot of new technologies being deployed by Essar. Over the next one year, the IT department intends to consolidate. “The next one year will see consolidation and maximisation of our existing assets. We will continue doing a lot of end user training. We are also convincing respective vertical CIOs to use business technology available you should use it. Given the global slowdown, Essar’s IT budgets for the next year would be pruned. However, the duo is happy with it. As Prabhu says, “We had a budget of Rs 400 crore last year, of which 40 percent was spent in opex and 60 percent in capex. Traditioanally, it is the reverse but we had several new implementations last year.” “The next year’s budget would be around Rs 150 crore. However, we don’t have an issue because we don’t have the typical 80:20 (80 percent budget for maintenance and only 20 percent for new implementations) ratio. This is because we don’t have to push for new deployments. The demand for new deployments comes from the top management. They travel a lot and whenever they face any challenge they come back to me and say that they want something to overcome the challenge. We, therefore, get funds as and when required,” sums up Prabhu.
October 2012
33
C O V E R S T O R Y | t h e tr a i l b l a z ers
“we want to make IT a way of life” In a conversation with CIO&Leader, C N Ram, Group CIO, Essar, talks about his challenges and plans for the multinational conglomerate What does being the Group CIO of a $27 billion conglomerate mean to you? Being the CIO of the Essar Group means a lot of things to me. I have the ability to condition the response of IT to a variety of businesses – oil, power projects, retail, telecom. Essar is a very diverse group with a variety of interests and expectations. My main role as the Group CIO is to mentor CIOs handling different business verticals and to also to set standards governance models for the company on how to align IT with business. I am involved at the strategic level and not too involved in the operations. Being the top technology decision maker for the Essar Group, what are the top priorities for you? The main priority for us is to bring about a standardisation of our IT infrastructure. Essar is a multi-national organization and it is very important to provide a seamless working experience for people working from anywhere. To facilitate such an experience, it is important to enable roaming on office just like you enable roaming on BlackBerry. We have, therefore, put a lot more focus in ensuring this. For instance, our top management, traveling on private jet, can reach anybody anywhere on earth. This call is free as you don’t pay anything extra to telcos. The idea is to try and get a predictable and available infrastructure. We are a communication-hungry organisation. We probably have the largest base of video conferencing equipment. We have 40 video conferencing rooms in this (Mumbai) office. The other priority is monitoring and monetizing of IT assets. Once you have the IT infrastructure deployed,
34
October 2012
internal vigilance is what is needed. Every two years, there is a huge refresh in technology and the challenge is to maximise asset life. We evaluate a lot of things before we plug into a technology but it helps that our finance people have their heads on their shoulders. We go in for a new technology only if by an incremental use of technology, there are much better returns and benefits. After taking over from the previous CIO, what changes have you brought in the IT department in Essar? During the earlier incumbent’s tenure, the development team was an extension of the CIO team. The problem with this arrangement was that the CIOs of different verticals would get bogged down with day-to-day issues of technology. When I took over, I made a clear differentiation between the CIO and the development teams. As a result, CIOs now focus on business and don’t have to bother about the routine drudgery of technology -- security, monitoring, and architecture. A Group CIO’s role is much more aligned to governance. If he has a good team, he can focus on the governance framework, while the respective vertical’s CIOs can work to align technology with their respective business verticals. They will become interpreters of technology into business. By disassociating CIOs from the development team, I have managed to create the environment for them. I also set up the office of CSO. It was time that we decided on the overall security posture that we need to take and what operational support was need to be taken.
Priority for Essar: The main priority for us is to bring about a standardisation of our IT infrastructure
C O V E R S T O R Y | t h e tr a i l b l a z ers
We want IT to become advisor for business. This will not happen overnight but we are slowly building this confidence.
I have also set up an in-house studio. We have started to record videos of top management and sending them across internally. It is lot more immediate with a lot more impact.
me. As against other CEOs who are not too clued into technology, we have to tell Mr Ruia not to go too fast on technology. He is very technology savvy and a lot of suggestions come from his side.
What major challenges have you encountered so far in your professional journey in Essar? There were not many challenges. The people are good and I inherited a good set up. I just had to refocus on some aspects. The bottomline is that we want to make IT a way of life in Essar. The one thing I had to focus on was not to deploy technology not for the sake of technology. It had to align with business to get true benefits. The second issue that I had to focus on was to measure quantifiable benefits of technology. For this, we have started to make a lot of videos for our in-house channel. This would help gauge how new technology implementations are benefiting people. Yet another issue is to ensure the security of our data, which is sacrosanct. With consumerisation of IT happening fast, employees expect access to all applications on their personal devices. If they don’t get it, they feel that the IT is not ready. I feel this is another area where we need to focus.
What major technology decisions have you taken in Essar? Last year, we entered into enterprise agreements with Microsoft and SAP. Going forward, we have decided to partner with vendors a lot more. We hold weekly and monthly meetings with CIOs on what we doing with these vendors. We have done a lot of work on cloud. Unlike other big corporates, we have a common IT layer for every company. This is a much more cost effective way of functioning and helps us negotiate with vendors better. We have derived a lot of value from the technology we have implemented, be it from SAP or cloud whereon we have put our HR Performance Management tool.
How is your relationship with your top management? I am a pat of the monthly management committee meetings. Mr Ruia drops in at lunch and discusses freely with
What are your future plans? People processes and technology make up IT. IT is a tool and business has to use it to become better. The real focus from our side would, therefore, be on how to migrate people on new technologies. The real achievement is when technology is internalized. We want IT to become advisor for business. This will not happen overnight but we are slowly building this confidence.
—John C. Maxwell
October 2012
36A
C&L SECTION
ecial section Sp ship r de lea
“Leadership is not about titles, positions or flowcharts. It is about one life influencing another.”
I nt r o d u ction
CIO&LEADER This special section
C&L SECTION
on leadership has been designed keeping in mind the evolving role of CIOs. The objective is to provide an eclectic mix of leadership articles and opinions from top consultants and gurus as well as create a platform for peer learning. Here is a brief description of each sub-section that will give you an idea of what to expect each month from CIO&Leader:
38 My Story
The article/interview will track the leadership journey of a CIO/CXO to the top. It will also provide insights into how top leaders think about leadership
37
top down
This feature focusses on how CIOs run IT organisations in their company as if they were CEOs. It will comment on whether IT should have a separate P&L, expectation management of different LoB heads, HR policies within IT, operational issues, etc. This section will provide insights into the challenges of putting a price on IT services, issues of changing user mindset, squeezing more value out of IT, justifying RoI on IT, attracting and retaining talent, and competing against external vendors
45
41
Leading edge An opinion piece on leadership penned by leadership gurus. Plus, an insightful article from a leading consulting firm
ME & MY MENTEE
Cross leveraging our strong traction in the IT Manager community, this section will have interviews/features about IT Managers and CIOs talking about their expectations, working styles and aspirations. In this section, a Mentor and a Mentee will identify each other’s strengths and weaknesses, opine on each other’s style of functioning, discuss the biggest lessons learnt from each other, talk about memorable projects and shared interests
51
SHELF LIFE
A one-page review of a book on leadership
36B
October 2012
48
The best advice I ever got Featuring a top CIO/Technology Company Head and the best guidance/ recommendation he received with respect to his personal or professional growth. The advice could relate to dealing with people, managing personal finance, and balancing work and life
Top Down
Vishwajeet Singh
CIO, Epitome Travel Solutions
Making Open Source Work
Vishwajeet Singh, CIO, Epitome Travel Solutions, shares his experience of using open source to save costs for the company Epitome Travel Solutions is a fairly new company which started in February 2011. We had decided then that we will not go to the market if we do not have a unique product of our own. We knew that there are so many travel companies in India, and if we wanted to succeed we have to do things in a different way. I was given the free hand in terms of coming up with IT solutions that will enable us go to the market and attract customers. I knew that I had to come up with solutions that will not only be easy to use but also have a large shelf life. After much deliberation, I had a long discussion with my IT team and we decided that we go for open source technology and not proprietary software. We knew that it was not going to be easy and we also didn't know how much time we will need to come up with a platform that will be customer-friendly. But once we started off, we were confident that we will be able to
come with a platform that will be not only unique but will have a different customer experience. In about a month, we were able to come up with an initial setup format and the best part was we were able to save more than 40 percent of what we would have spent if we would have used proprietary software. Since we were a new company, it was extremely important to understand the financial constraint and once I was able to achieve what I had promised to the management, they garnered more confidence in me and allowed me to deploy IT solutions according to my ways. Being the head of the IT department, one of the key things that was always in my mind is to make IT as a profit center for the organisation and come up with innovative ways of how by using IT in the right manner, we can reduce the costs of the company. Today, I have virtualised 100 percent of the data of the company and we are utilising 90 percent of the resources in the open source platform. I was also more concerned that since open source is a complex platform, I have to deploy solutions in a manner that can be used by IT professionals who are not so much equipped with open source knowledge. — As told to Atanu Kumar Das
October 2012
37
My Story Sandeep Phanasgaonkar
Leadership Is About Making Impact Sandeep Phanasgaonkar, CTO, Reliance Capital, in conversation with Abhishek Raval, says leadership has the ability to make a positive impact on customers Sandeep Phanasgaonkar is President & Chief Technology Officer for Reliance Capital. Sandeep has extensive experience in applying IT solutions to finance, banking, BPO and ITES.
38
How has your thought process changed from the early days of working as a project manager of the computerisation task force at SBI to now, as President, CTO of a conglomerate of five companies viz. Reliance Capital? After taking leadership positions, one starts realising about the profound impact of the decisions taken on employees, business, society, partner organisations and customers. The leadership effectiveness is measured on this impact and not just in terms of executing tasks. While not denying the importance of technical expertise, which is important but the bigger aspect is about the impact. From a personal standpoint, this was the bigger evolution that took place and I had to aquire skills in different areas. I also learnt the importance of convincing stakeholders at a very high level; taking my fellow peers in confidence; mentor them to have a larger vision; how to achieve objectives and devise precise plans and also convince them about the prospective benefits of the projects undertaken. For e.g. At SBI, I was asked to work on different systems like developing MIS; system to handle government related transactions or helping vendors to roll out a system. So it was more on the technology side. I had to make sure that the design, testing, deployment was managed
October 2012
well for an implementation to be successful. However the larger aspects about the cost, ROI were really not my priority at that time. I was working more on understanding the banking and finance domain. My focus was more on developing skills. As I became a leader, whether it was at Genpact or Reliance Capital, business impact replaced all other priorities. Now, I think more in terms of how can technology be used to drive efficiencies, how can people use technology more efficiently etc. Basically, masking employees from the underlying complexity of technology and allowing them to use it in a more intuitive manner. Obviously over a period of time people have adapted themselves to technology but at times they have to be trained. The final goal is to ascertain, how these drives business benefits. This is the change I have experienced. Business benefit is always on top of my mind. Take us through your leadership experience heading the IT transition after the GE Capital International Services was rechristined to Genpact due to the change in ownership control We were moving from a very large enterprise, centrally controlled GE environment to an independent company. The new entity wanted to be consistent with the old set up, to have the same environment, rules, governance, policies etc. The transition project was about creating a separate infrastructure for Genpact. As it would bring so
Sandeep Phanasgaonk ar | Interview
5points 1
After becomming a leader one realises about the impact of decisions taken
2
It is very important to convince stakeholders at a very high level
3
IT should be used in a manner that it is able to drive business benefits
4
Cloud, mobility, social media are evolving and people are adopting them fast
5
It is very important to work in close coordination to create a communication plan within the company
much change in the organisation, the whole change management chapter was a big aspect of this transition. In addition, communication plan and the ability to ensure problem resolution was structured well. The internal teams are specialised and skilled only in certain areas and activities. We needed a person with a core competence to lead the project of system transition. I got a lot of support from the then CEO, Pramod Bhasin. We hired an independent consul-
tant after doing a proper due diligence about the kind of profile we were looking for. We worked in close co-ordination to create a communication plan, doing town halls and ensuring the help desks are quickly closing customer calls. About the communication plan, it was done at different levels. The plan was adjusted in terms of objective information about specific systems, tasks, processes, specific can
do's and can't do's. It got executed very well and was crucial to the success of the transition project. How are you leading the change at Reliance Capital? We are in the process of rolling out Google apps and public cloud implementation. These initiatives are are under deployment but has already been rolled out to thousands of users.
October 2012
39
Interview | Sandeep Phanasgaonk ar
“In a public cloud setup, data is accessed on internet and not the firm’s WAN and thus people need to be more cautious than before. Google apps exposed the employees to a lot many options to improve productivity” This was a larger executive decision because Reliance Capital is a conglomerate of five companies and these technologies were rolled out to the users of these companies. The scope included moving from a purely email capability to a system that offered messaging and collaboration. We wanted to make sweeping use of gmail, google docs, videos, hangouts and so it was a larger set of capabilities that we wanted to use rather than just email. I had to present a case before the management for doing such a major transformation. They have to be apprised about the rationale for adopting public cloud; how to tackle the security issues; handling cost and productivity; the changes that the organisation will undergo. They ratified the proposal ensued by kickstarting the implementation. The technology was new demanding a dedicated security infrastructure. Employees were trained on these technologies. In a public cloud set-up, data is accessed on internet and not the company’s WAN was etched in their minds thus they have to be more cautious than before. Google apps exposed the employees to a lot many options to improve productivity and thus collaborate with other employees.
40
October 2012
As a leader how do you get buy-in from the top management? Buy in is important. While the business leaders have an understanding on how technology can benefit business, they are always in the hunt for immediate benefits from investments. However that's not the case every time, the projects have their own gestation periods after which they start bearing fruits. The CIO should have the ability to convince stakeholders that the technology being implemented will ultimately benefit the enterprise. They have to be informed about the RoI, how it contributes to the bottom line and top line and employee efficiency. Technology is changing very fast. The cloud, mobility, social media, internet technologies are evolving and people are adopting them very easily. The tech savvy customer segment is growing very rapidly. The educated lot, young customers are getting exposed to this technology and they are willing to do business on different technology platforms. These points do come up in my conversation with the top management. There is a healthy debate that happens before the strategy is frozen. The acceptance of the business leaders is paramount. We don't go into crude technical details but overall they have to be informed about the technology architecture, risks, risk mitigation, requirement for adoption, training and and how will the technology integrate with the systems, processes and people. How do you constantly keep sharpening your leadership skills. At Anil Dhirubhai Ambani Group (ADAG), we invite Harvard professors for doing seminars on various topics. The last seminar was addressed for a selective gathering of ADAG executives. I was also a participant. We were taught the art of negotiation. It was an interesting training experience. I also attended a Gartner CIO academy in London at Oxford. Gartner had a tie up with Oxford university. At Genpact, we had specially invited Ram Charan, the famous management guru for conducting a workshop. It was around that time, Genpact was becoming independent of GE. He mentored us on adopting a completely new form of thinking in serving non GE customers; what would be the change in what we delivered and how we measured ourselves. We were supposed to create a new culture to deal with a much more diverse customer clientele.
Leading edge Pankaj Ghemawat
Developing Global Leaders Companies must cultivate leaders for global markets. Dispelling five common myths about globalisation is a good place to start By Pankaj Ghemawat As firms reach across borders, globalleadership capacity is surfacing more and more often as a binding constraint. According to one survey of senior executives, 76 percent believe their organizations need to develop global-leadership capabilities, but only seven percent think they are currently doing so very effectively. And some 30 percent of US companies admit that they have failed to exploit fully their international business opportunities because of insufficient internationally competent personnel. Most of the prevailing ideas in business and academia about global leadership reflect efforts by leadership experts to adapt the insights of their field to the global arena. I come at this topic from the opposite
perspective, having focused for nearly two decades on studying globalisation and thinking through its implications for business and public policy. At the core of my work lies the reality that, while globalisation is indeed a powerful force, the extent of international integration varies widely across countries and companies and generally remains more limited than is commonly supposed. To be sure, rapid growth in emerging markets, combined with a long-term outlook of lower growth in most developed economies, is pushing companies to globalise faster. But metrics on the globalisation of markets indicate that only 10 to 25 percent of trade, capital, information, and people flows actually
cross national borders. And international flows are generally dampened significantly by geographic distance as well as crosscountry differences. US trade with Chile, for example, is only 6 percent of its likely extent if Chile were as close to the United States as Canada is. Furthermore, if two countries don’t share a common language, that alone slashes the trade volume between them by 30 percent. An appreciation of how distances and differences influence international ties helps explain some of the organisational and other stresses that established multinationals are encountering as they accelerate their expansion to emerging markets (for more, see “Parsing the growth advantage of
October 2012
41
illustration BY shokeen saifi
Le ading edge | Pank a j Ghemawat
emerging-market companies,” on mckinseyquarterly.com). Emerging Asia is farther away—and more different, along multiple dimensions—than more familiar markets in Europe and North America. Japanese multinationals face a distinctive set of cultural, political, and economic issues that complicate their efforts to expand abroad. Exaggerated notions of what globalization means—what I call “globaloney”—are also apparent in prevailing ideas about global leadership. Some training centers aim to develop “transcultural” leaders who can manage effectively anywhere in the world as soon as they step off the plane. Yet scholars of cross-cultural management suggest that objectives like this are unrealistic. While global leadership is still a nascent
42
October 2012
field, common conceptions of it already incorporate myths or half-truths that rest on misconceptions about globalisation. Correcting these myths should help the efforts of companies to increase their global-leadership capacity.
Myth#1 My company, at least, is global. When I present data on the limited extent of international interactions to executives in large multinational corporations, a typical reaction is that even if markets are not that integrated, their firm certainly is. Such claims, however, seldom hold up to scrutiny. Less than two percent of firms onFortune’s Global 500 list of the world’s largest companies, for example, derive more than 20
percent of their revenues from three distinct regions. Most firms also remain quite domestically rooted in other aspects of their business, such as where they do their production or R&D or where their shareholders live. BMW, for instance, derived 51 percent of its sales revenue from outside of Europe in 2011, but still maintained roughly 64 percent of its production and 73 percent of its workforce in Germany. An accurate read on the extent of globalization in one’s firm and industry is certainly a crucial requirement for global leadership. Also invaluable is an appreciation of the extent to which the people within your company are far from completely globalized. Consider just a few pertinent facts. Trust, which some have called the currency of leadership, declines sharply with distance. Research conducted in Western Europe suggests that people trust citizens of their own country twice as much as they trust people from neighboring countries and that they place even less trust in people farther away. Turning to information flows—also central to leadership—people get as much as 95 percent of their news from domestic sources, which devote most of their coverage to domestic stories. Similarly, 98 percent of telephone-calling minutes and 85 percent of Facebook friends are domestic. The persistent rootedness of both firms and employees has the surprising implication that global leaders should not seek to sever or hide their own roots to become global citizens. Rather, they should embrace “rooted cosmopolitanism” by nurturing their own roots and branching out beyond them to connect with counterparts elsewhere who, like themselves, are deeply rooted in distinct places and cultures. Indeed, studies of expatriate performance confirm that expats who identify strongly with both their home and host cultures perform better than those who identify only with one or with neither. This rooted-cosmopolitan approach also accords better with research showing that people can become “biculturals,” with a truly deep understanding of two cultures, but probably can’t entirely internalise three, which implies that four is out of the question. Facing such limitations, attempts to become global by breaking free from
Pank a j Ghemawat | Le ading edge
one’s roots seem more likely to lead to symmetric detachment—a lack of meaningful ties to any place—than to symmetric attachment everywhere.
Myth#2 Global leadership is developed through experience. Leadership scholars have argued that experience contributes some 80 percent to learning about global leadership. My own investigations of senior executives’ perceptions of globalisation, however, indicate that experience, while required, is not sufficient
lead far more global lives than most of the world’s population, often touching several continents in any given month. Ninety percent of the people on this planet will never venture beyond the borders of the countries where they were born. If experience alone is insufficient to develop accurate perspectives about globalization, what do executives need to learn off the job? A starting point is an accurate read on the magnitude and patterns of international interactions within their industries and companies. Rooted maps, described in my 2011 McKinsey Quarterly article, can
“CEOs tend to lead far more global lives than most of the world’s population” —Pankaj Ghemawat for the development of an accurate global mind-set. To illustrate, in a survey I asked readers of Harvard Business Review to estimate a set of basic values about the internationalisation of product, capital, information, and people flows. The respondents overestimated these values, on average, by a factor of three. And, more interesting from the standpoint of leadership development, the magnitude of the readers’ errors increased with their years of experience and the seniority of their titles. The CEOs in the sample overestimated the values by a factor of four! Why might experience correlate with less rather than more accurate perceptions about globalisation? One possibility is projection bias. Senior executives and CEOs tend to
help executives to visualise and interpret these patterns. Global leaders also need to understand the factors that shape international interactions in their businesses, by undertaking a structured examination of cross-country differences and their effects. That is what a survey of academic thought leaders recently concluded should be the focus of the globalization of business school curricula. Conceptual learning of this sort is a complement to—one might even say a precondition of, though certainly not a substitute for —experiential learning. When executives can fit their personal experiences into an accurate global perspective defined by conceptual frameworks and hard data, they can gain more from their typically limited time abroad and avoid costly mistakes.
Myth#3 Development is all about building standard global-leadership competencies. Many lists of global-leadership competencies have been developed in business and in academia, but these provide only a starting point for thinking through the right competency model to apply within a particular company. Customisation and focus are essential. In part, that’s because even though literally hundreds of competencies have been proposed, a lot of these lists have important gaps or fail to go far enough toward incorporating unique requirements for global leadership. That isn’t surprising, since the lists often grow out of research on domestic leadership. One large review of the literature summarises it in three core competencies (self-awareness, engagement in personal transformation, and inquisitiveness), seven mental characteristics (optimism, selfregulation, social-judgment skills, empathy, motivation to work in an international environment, cognitive skills, and acceptance of complexity and its contradictions), and three behavioral competencies (social skills, networking skills, and knowledge). To my mind, most of these would also be useful for domestic leadership. Only the motivational point seems distinctively international, although one or two more (such as acceptance of complexity and its contradictions) clearly seem more important in the international domain than domestically. Typical competency lists also tend to focus on cultural differences, missing other components critical to global leadership. Economic differences (such as the challenges of fast versus slow-growth markets) and administrative and political differences (including the extent of state intervention) are among the other factors that can cause leaders to stumble in unfamiliar contexts. Perhaps most important, standard lists of global-leadership competencies reinforce a one-size-fits-all view of global leadership that is inconsistent with the reality of globalisation and the mix of work global leaders do. A company may find it useful to recruit for and develop a small set of key competencies across all of its global leaders. Yet the diversity of roles that fall under the broad category of global leadership argues
October 2012
43
Le ading edge | Pank a j Ghemawat
“Operationally, an ideal training programme would therefore include a geographic dimension and prepare people for dealing with particular origin” —Pankaj Ghemawat for substantial customisation around that common base. At the corporate level, this implies developing a portfolio of competencies rather than an interchangeable set of global leaders who have all met a single set of requirements. Operationally, an ideal training programme would therefore include a geographic dimension and prepare people for dealing with particular origin–destination pairs. For example, a Japanese executive going to work in the United States would probably benefit from preparing for the higher level of individualism there. One preparing for China would in all likelihood benefit more from understanding that “uncertainty avoidance” is less pronounced there, so executives must be ready for faster-paced change and greater levels of experimentation. Customising training-anddevelopment efforts at the level of individual country pairs is likely to run up quickly against resource constraints. However, the fact that 50 to 60 percent of trade, foreign direct investment, telephone calls, and migration are intraregional suggests that, in many cases, customising at the regional level is sufficient. Firms will need a mix of regional and global leaders. Regional leadership is presumably less difficult and costly to develop than global leadership. Competencies can also be customised to the requirements of specific executives’ roles. The dimensions to consider include depth in particular markets versus breadth across markets, the frequency and duration of physical presence, and a focus on internal versus external interactions.
44
October 2012
Myth#4 Localisation is the key. Some firms, rather than trying to fulfill the requirements of one-size-fits-all lists of global-leadership competencies, have embraced the opposite extreme of localization. Significant localisation has taken place in the management teams of foreign subsidiaries. According to one study, the proportion of expatriates in senior-management roles in multinationals in the BRIC countries (Brazil, Russia, India, and China) and in the Middle East declined from 56 percent to 12 percent from the late 1990s to the late 2000s. Within this broad trend, some firms still rely too much on expatriates and need to localize more, but localisation can be—and, in some instances, clearly has been—taken too far. Giving up on expatriation implies giving up on building the diverse bench of global leaders that CEOs say they require. Persistent distance effects, particularly those associated with information flows, do confirm the general wisdom: global leaders need experience working for extended periods in foreign locations because living abroad creates permanent knowledge and ties that bind. Extreme localisation leaves no room for the development of leaders of this sort. Executives report that “it takes at least three months to become immersed in a geographical location and appreciate how the culture, politics, and history of a region affect business there.” This judgment accords with the finding that living abroad expands your mental horizons and increas-
es your creativity. However, merely traveling abroad doesn’t produce these benefits. Long stays abroad are costly: traditional expatriation typically costs three times an employee’s salary at home. Nonetheless, firms that really wish to prioritise globalleadership development will need to allocate the required resources. Better metrics to track the returns on such investments may help. One survey indicates that just 14 percent of companies have any mechanisms in place to track returns on international assignments. Most of these companies use metrics tracking only business generated from an assignment. Better career management could help capture and measure returns on investments in developing global leaders. Evidence indicates that in European and US multinationals, expatriates still take longer, on average, to ascend the corporate ladder than managers who continue to work within their home countries. That indicates a deficiency in this area, as well as an incentive problem. Rather than pure localisation, firms should embrace the practice of rotation, which provides the foreign work experience—not just travel—essential to the development of global leaders. And don’t make the mistake of viewing expatriation as being solely about sending people from headquarters to emerging markets. The same requirement for immersion outside of one’s home market also applies to the cultivation of global leaders recruited in emerging markets. For these executives, time spent in more established markets can, on the return home, reinforce both local- and global-leadership capacity. —The article is printed with prior permission from McKinsey Quarterly.
Pankaj Ghemawat an alumnus of McKinsey’s London office, is a professor of strategic management and the Anselmo Rubiralta Chair of Global Strategy at the IESE Business School, in Barcelona. He is also the author of World 3.0: Global Prosperity and How to Achieve It (Harvard Business Publishing, May 2011), the source of the approach to global-leadership development discussed in this article.
me & my Mentee
MENTOR
Shanmugham Suresh
Head – IT, Mahindra & Mahindra Financial Services
MENTEE
Khalid Abdul
IT Manager, Mahindra & Mahindra Financial Services
Working in Tandem
What do you look for in a mentee? Shanmugham The mentee should have respect for his peers, help others, be direct and clear in communication. He should be have awareness and use wisdom in thought, should have the ability to listen and apply himself. He should question proactively, be efficient and timely. The mentee should know the business properly and get involved with business peers in non-IT projects. He should push business and technology integration in all areas of interest and concentrate on core competencies of every individual to capitalise towards demand. What do you look up to in your mentor? Abdul The mentor should have the willingness to share experience, knowledge with subordinates and provide guidance, constructive feed backs so that subordinates will be in continuous process of learning and improving. The mentor should motivate others by settings examples and goes that extra mile and takes personal interest to understand subordinate and addresses his queries and needs. The mentor should always demonstrate passion and enthusiasm to achieve goal so that team is charged and motivated and exhibit positive attitudes towards crises-management and act as a role model. He should create an environment of healthy competition and respect everyone’s opinion. The mentor should give utmost importance to brain storming and debate before arriving to serious conclusion. The should be well communication, provide proper message
of failure and successes with rational reasoning to the team members. The mentor should initiate new ideas, always innovative in terms of challenging conventional methodologies. How do you identify and priorities areas where you think your mentee needs to focus on for further professional development? Shanmugham I concentrate on the mentee's personal and professional front. I work on ensuring that the mentee has the right resources to perform to his ability. I focus on strategy, avoid generic, obvious statements and focus on what is unusual, what has changed or will change, and how the services and processes approach links to business success. As a mentor what is important is to think beyond normal traditional solutions and services and would focus on technical aspects of architecture at the expense of every other deliverables. Do you think your mentor spends enough time with you? How do you think your mentor could contribute more towards your professional growth? Abdul Yes, he spends good amount of time with us. There are three key parameters by which mentor can contribute more towards professional growth --accountability, alignment and demand. The mentor should be responsible for following tasks: setting goals, clarifying expectations, defining roles and responsibili-
October 2012
45
me & my Mentee | Shanmugham Suresh & Khalid Abdul
Employees seek mentoring as a way to strengthen and develop themselves and look for success opportunities. Demand spurs reflective conversation and dialogue about mentoring adding to its value and visibility. How do you think your mentee can take on more responsibilities and take more/bigger decisions? Shanmugham When I think about Khalid, team monitoring and inimitable leadership are his best qualities. I allow him to be involved in core projects and he has shown excellent working capabilities. Being a collaborative business leader and inspiring IT manager while partnering closely with the business is vital, he has done his job to the core. He inspires all IT staffs to create a unique work setting that enables the professional growth. Currently, much of his vision, technology development and support is sourced in-house. Going forward it is likely to be changed with some of our utility support services for desktop, storage and networks being rigorously bench marked and possibly markettested to ensure they deliver value for money. As a result it will be vital that the service has robust bench marking and cost control measures in place to deliver value for money.
“When I think about Khalid, team monitoring and inimitable leadership are his best qualities” ties, monitoring progress and measuring results, gathering feedback alignment. When mentoring is aligned within the organisation culture, it is part of its DNA. A shared understanding of mentoring practice exists that fits naturally with the organisation values and practices. Communication is fundamental to achieving growth in one’s success. Its effects are far-reaching; it increases trust, strengthens relationships, and helps align organisations. It creates value, visibility and demand for mentoring. It is also the catalyst for developing mentoring readiness, generating learning opportunities, and providing mentoring support within an organisation.
46
October 2012
Does your mentor delegate enough tasks and responsibilities to you? How often do you take key decisions yourself? How would you like the situation to change (if at all)? Abdul My mentor delegates task and responsibilities; he develops team by delegation of critical task. He delegates larger projects to teams of people, giving them appropriate responsibility and clearly defining their authority for decision-making. He uses delegation as a mean of developing employee’s skills. He creates conducive environments that subordinates goes to him with solutions to problems they encounter, instead of simply asking for more instructions. Very often we take decisions, as we are responsible and linked with individual project, success of project is solely based on the decision we take. Situation can be changed by involving all stakes holder and taking their consent before acting. Are there any conflicts between you and your mentee? If so, how do you resolve them (you may also cite one or two instances)? If not, what do you think is the secret of your smooth working relationship? Shanmugham There have been healthy conflicts where we both have learned from each other. I believe that we can constantly keep on learning new things from each other and grow the bond that we have nurtured all these years. Punctuality and time management and two key things that I focus n and thins ensures that we adhere to the deadlines for every project that we work together.
Shanmugham Suresh & Khalid Abdul | me & my Mentee
positive and negative outcomes. However, if conflict is not handled effectively, the results can be damaging. Conflicting goals can quickly turn into personal dislike. Teamwork breaks down. Talent is wasted as people disengage from their work My mentor ensures that people and problems are kept separate while dealing with conflict. For example: One of critical project was about to roll out in pan India, before implementation, the team got in to argument of big bang approach or phase manner approach. This was a conflict example in which project implementation came to stand still. Then mentor decided to have a joint meeting and ask us to present the interest and he paid attention to the interest are being presented. Ultimately he set out the facts, explored all option together this is the way conflict resolved and we went through big bang approach roll out. What are the two or three key things you have learned from your mentee? Shanmugham Perseverance -- Strong will power. Effortless working. My mentee always believes that virtue lies in struggle not in earning the prize and I have come to learn that great works are performed not by strength but by perseverance. He also has a lot of self confidence which I admire. What are the two or three key things you have learned from your mentor? Abdul I have learned from my mentor to put 100 percent in work and the never give up attitude. Moreover, he has also made me realise the importance of being focused.
“The mentor should have the willingness to share experience and knowledge with subordinates� Please describe your working relationship with your mentor and how the two of you address key challenges together or resolve any conflicts of opinion. Abdul A mentor is a person with superior rank or authority and influence in his or her field who commits time, emotional support, and intellectual strength to encourage growth and development. Conflict in the workplace just seems to be a fact of life. The fact that conflict exists, however, is not necessarily a bad thing: As long as it is resolved effectively, it can lead to personal and professional growth. In many cases, effective conflict resolution can make the difference between
What are the challenges and constraints for a mentor/CIO to devote more time and effort for the development of their immediate juniors? Shanmugham Identifying and creating new philosophy and interaction with vendors locally and develop a longterm strategic relationship to create unique deliverables for rural India operations. Managing the solutions by providing a complete package, which includes hardware, software, networking application developments etc. Coordinating design approvals, setup for data centers, development infrastructure and execution and awareness-creation of web-related solutions including portals. What are your views on the need for a mentor for IT managers in realising their full potential? Abdul A mentor can listens to team, and help you to develop greater insight by thinking laterally and considering innovative ideas, IT requirements and yourself in a structured and integrated way. These insights can help one to innovate successfully, solve problems, improve business performance, and develop subordinate skills. —As told to Atanu Kumar Das
October 2012
47
The best advice I ever got
“Enjoy the Journey” I have always been a great fan of Steve Jobs and have followed many of his sayings.His pearls of wisdom have also helped me in achieving new heights in my professional career. But one advice that I always carry with me is “it is the journey and not the destination that matters.” I have worked for numerous multinational corporations that have had to deal with IT projects which were equally complex and challenging. By adhering to this advice, I have always enjoyed the period when I was heading any project which we didn't know how much time it will take to complete. I also believe that it is ultimately the people who matter and in one's personal or professional life, we have to deal with different types of people. Dealing with people is also a journey which we tend to forget and this doesn't let us enjoy those moments. We should always keep our mind open and learn from each and every individual that we meet and that is when the journey becomes enjoyable. In my professional career, I have had numerous projects which were not only big but challenging to the core because we had to integrate processes of a company that was truly global. There were numerous occasions where we faced obstacles but the joy was to be involved in a project that was so huge and complex to attain. I believed that this project will not only help me understand the complexities involved in integrating global offices, but will also enable me to understand different aspects of doing
48
October 2012
Max Gabriel
Senior VP and CTO, Pearson India integration seamlessly. I thoroughly enjoyed being involved in the project and each and every day of the project taught me new aspects of IT dynamics. I have been in India for the last one and a half years, and the challenge we are facing here is to identify the market where we can have the kind of growth that is going to sustain. It is very easy to fall for every market in the education space, because the education market in India is huge. But the real challenge is to identify the right area of growth. Moreover, we are also coming up with a lot of digital content and that needs to be done in a proper manner so that it reaches the right audience. I believe that in our professional lives, there comes lot of instances
where we are not sure what to do, but want for the right moment in terms of choosing the right areas of growth. If a person has the ability to enjoy the journey, he will not only be a wise man when it comes to such situations in the future, but will also understand what the positive and negatives that came out of a particular project. I am sure that in the future as well, I will abide by the saying of enjoying the journey first because we are not sure of the destination. We may have projects that succeed or fail, but the learning which we get from both the projects is equally important and it helps us a lot in all our future endevours. —As told to Atanu Kumar Das
OPINION David Lim
Think before you speak! Here are 11 of the biggest mistakes speakers make—and how to avoid them As a move away from my past topics on leadership and negotiation skills, this feature will focus on an oftenfeared and poorly managed skill—presentation skills. Do you want to be motivated to give a great presentation when asked to deliver one? Read on, and avoid these common mistakes that even experienced speakers make, and make your presentation dynamite.
1) LACK OF FOCUS In the rush of things, too many speakers feel they need to cram in as much information as possible in a presentation. The consequences? Lack of focus, or an information overload. For a typical 30-minute presentation, you should be focussed on making at the most three to four points. The rest of the time is spent reinforcing the points with relevant stories, pictures, videos and examples. Remember, that not everyone absorbs information the same way. Do you prefer your audience to be squinting at a text-dense PowerPoint slide, or listening to your message/point?
2) Distributing A Handout Alongwith Your Presentation Shoot yourself the next time you present more than a few lines of text on PowerPoint. If you MUST include bags of information, dense graphs et al—create a totally separate handout that supports your presentation. I see this mistake many times each year as speakers struggle to help an audience make sense of a dense spreadsheet slide when they should be zooming in on only the most relevant information.
3) BEING A TALKING HEAD, OR A ZOO TIGER Speakers often feel ‘safe’ anchored to a podium, when in
ABOUT THE AUTHOR David Lim, Founder, Everest Motivation Team, is a leadership and negotiation coach, best-selling author and twotime Mt Everest expedition leader. He can be reached at his blog http:// theasiannegotiator. wordpress.com, or david@ everestmotivation. com
fact, they could be enhancing their presentation by putting their whole body into the presentation, using their body language, gestures, postures and body ‘shapes’ to drive home their messages. Plan to step away from the podium and present on stage in a relaxed collegial manner. Depending on the height of the platform and podium, some speakers become ‘talking heads’ with only their heads or upper shoulders visible to an audience. The other extreme is that when they move away from the podium, they pace up and down the stage; or move aimlessly on the stage, fretting away nervous energy, very much like a caged tiger in a zoo. Stand still when making a key point, and move only if you need to—purposefully. Strong positions of influence are right-front or centre-front of the stage.
4) TELLING IRRELEVANT JOKES I once listened to a speaker sprinkle his message liberally with jokes and one-liners for 20 minutes. It only served to confuse me about the point of his message, as none of the humour was linked to the message. Learning point: Choose humour wisely, and ensure it enforces or supports a point you are making.
5) WEAK OPENERS AND CLOSERS When I was much younger, I loved to learn and demonstrate magic tricks. One of the key things about pulling off a great magic show applies to you as well if you are doing a spot of public speaking, and that is: 1) first, grab the audience’s attention, 2) add super-attention, 3) leave them wanting more. If your opening is weak, you will fail to sustain the audience’s interest. Open with a powerful story, quote or define what you hope to achieve in
October 2012
49
OPINION | D a v i d L i m
8) FAILING TO STAY IN THE REAL WORLD
image BY photos.com
Acknowledge noises, eg a beeper that goes off, a crash of breaking plates—in your auditorium. To rattle on without doing so makes the audience feel uncomfortable, as well as wondering why the speaker didn’t react to that awful noise from the back. With practice you can also learn how to use such external interference to your advantage and boost your presentation quality.
9) NOT BEING A MEMBER OF THE AUDIENCE At every stage of your presentation, consider what the audience is going through— are they engaged? Bored? Are they leaning forward slightly to hear your points, nodding every now and then? A great speaker learns how to tune into the audience and adjust his/ her speaking pace, volume, even content, segues and body language.
“Stand still when making a key point, and move only if you need to—purposefully. Strong positions of influence are right-front or centre-front of the stage” the presentation. These are less of a cliche than a tired joke. Finish or close with a story, metaphor that honours the content of your presentation, or call for action. This message will be ‘sticky’ with the audience.
6) TOO MANY POINTS It’s tempting to pack the presentation with lots of content to deliver ‘value’. The real test of value is what the audience remembers and wants to copy/do to help their condition in the next month or so. As such, focussing on just three to four points, supported by evidence, stories, case studies—is a much better option than covering too much ground and overwhelming your audience. It also allows you to shorten stories, drop supporting anecdotes if you are running out of time without sacrificing your key points ( see point below on RUSHING).
7) RUSHING If you have rehearsed your presentation, you will realise that some parts of your presentation need to be dropped in order to have quality ( vs quantity ). You choose which bits need to be left out. The key is pacing and rehearsing before the big event.
50
October 2012
10) WHEN IN DOUBT, LESS IS MORE When preparing for a speech of 30 minutes, always prepare for 25 minutes of content. You will invariably find you may want to repeat a statement or field a question from someone who can’t wait until the Q&A session. You will feel relaxed and professional in your delivery.
11) IT’S A PAIN Refrain your thoughts from telling you that your presentation is a chore or a pain. Take time to enjoy sharing your information and interacting with the audience. If you think of it as a pain, your emotions will show, and the audience won’t like it. Giving yourself permission to have a bit of fun and enjoyment makes you a better presenter. I guarantee it. DAVID LIM IS A LEADERSHIP AND NEGOTIATION COACH AND CAN BE FOUND ON HIS BLOG http:// theasiannegotiator.wordpress.com, OR subscribe to his free e-newsletter at david@everestmotivation.com
SHELF LIFE
“Elephant represents our emotions, our gut response. Emotions can overpower rational thought.” — chip heath and dan heath
Switch: How to Change Things When Change Is Hard The book addresses change and the process asssociated with it
As they say,
nothing is permanent except change. The only constant is change. It is always difficult to manage themselves, people and organisation when change occurs. If change is required for an individual or set of people, it is always difficult to manage the emotions. Similarly, making change work, can be major work. Switch: How to Change Things When Change is Hard, is the new book from Chip Heath and Dan Heath, the famous authors of “Made to Stick”. The book addresses change and process asssociated with it. The brothers have well researched the topic and read loads of books before writing Switch. They have pulled from studies form psychology, sociology and similar other fields to bring light making a successful changes. The book draws inspiration an analogy from “The Happiness Hypothesis” — a book written by Jonathan Haidt, a psychologist at University of Virginia. Haidt, in his critically acclaimed
book, equates the operation of the human mind to an elephant and rider. The Rider represents the rational and logical. Provide a rider a good argument and tell the rider what to do and he will do it. The Elephant represents our emotions, our gut response. Emotions can overpower rational thought. While relying entirely on rational behavior can over-analyse and over think things. As a result, sometimes it is common that hours of brainstorm does not lead to decision. For example a Rider might avoid a hamburger and chips, but there is very little the Rider can do if the Elephant really wants it. Chip and Dan, to complete their analogy, include the path both the rider and the elephant are traveling. There is a good chance for change, only if the rider directs the elephant on a well prepared path. The path could represent access to a new technology or office space design. Switch is dedicated to the change processes that manage emotional
ABOUT THE AUTHORs Chip Heath is the Thrive Foundation of Youth Professor of Organisational Behaviour in the Graduate School of Business at Stanford University. Whereas his brother, Dan Heath is a Senior Fellow at Duke University's Case center, which supports social entrepreneurs.
as well as rational behavior of decision making. With different examples and stories the book keep on reminding its readers that these two independent system always remain at work. The best part of Switch is that it translates theories to business settings i.e. the book states that: “business people think in two stages: You plan, and you execute. There is no “learning stage” or “practice stage” in the middle. From the business perspective practice looks like poor execution, but to create and sustain change, you’ve got to act more like a coach, less of a scorekeeper.” Switch clarifies the basic psychological struggles leading often to poor choices and makes its points using narrative. Switch is an first-class opening point to discuss change, be it a profession or an organisation. It stand well on learning to manage and infuse changes, into a particular situation. Change ain’t easy, so to speak, but Switch makes the process of change easy. —By Akhilesh Shukla
October 2012
51
NEXT
Illustration by photos.com
HORIZONS
Features Inside
CIO Solves CEO Queries on Cloud Top CIOs discuss their cloud implementations and in the process attempt to solve the queries that CEOs might have on cloud By Abhishek Rawal
Unlocking Big Data in Social Technolgies Pg 55 What to do With Your Firm’s Old iPhones Pg 56
C
IOs, CTOs are aware about what cloud is and it’s potential to generate positive results for the company however there is need to delve more on the teething questions, the business leaders have on what cloud can do to their company. Sunil Chandiramani, Partner and National Director-Advisory, Ernst & Young gives an anecdote about his meeting with a CEO accompanied by his team. He explained the CEO’s understanding of cloud computing with a kind of a satirical remark, “the only cloud I know about is what I
October 2012
53
NE X T HORI Z ONS | c l o u d
CIOs raising security issues is a valid concern. At Reliance Capital, The IT team is focusing heavily on training the employees to handle the tools with utmost prudence Google apps, which enables employees to find up there in the sky,” Chandiramani collaborate using Google docs, instant meswas moderating a panel discussion at the saging, and social media functionalities. Ernst &Young Strategic India Forum. The These tools can also be accessed on mobile, panelists include Sandeep Phanasgaonkar, which makes our implementation a success CTO- Reliance Capital; Manish Choksi, story,” says Phanasgaonkar. CIO- Asian Paints; Manoj Chugh, APAC From a cost angle, the company is still President - Strategic Accounts, EMC; Suprapaying the same amount. But it’s in a posikash Chaudhuri, Managing Director - Elect, tion to leverage more features for business SAP India and Eric Yu Qiang, President benefits. As the messaging & collaboration Huawei Enterprise India, Huawei. tool is still being rolled out, there are already Hence CIOs should speak in a crude 5000 users on the public cloud platform. sense with their C level colleagues on the More users will soon join after passing potential of cloud computing. Chandirathrough the requisite training process. mani, wearing the hat of a CEO asks proba“Our CRM tool is also on public cloud ble questions he would ask to his respective with about 1000 employees. A mix of full CIO. What is a cloud and why should I use time and other functions including call cenit? What are the benefits? In what situations ter agents making cold calls are using the should I use the cloud model and which CRM piece,” informs Phanasgaonkar. scenarios should not hook to the cloud? Is The adoption of Google apps elevates the connectivity and security a valid concern company’s public cloud acceptance model for the CIOs or are they raising these issues from just being email based to a whole host fearing for their job being taken away after of collaboration tools. the IT infrastructure will be controlled by CIOs raising security issues is a valid conthe CSPs? what happens to my data if the cern. At Reliance Capital, The IT team vendors go bankrupt or if I want to change is focusing heavily on training the employmy CSP? ees to handle the tools with utmost Let’s try and find out the answers to some prudence. The baseline is to make the of these questions by examining the cloud employees aware about the fact that they implementations of Reliance Capital and are accessing the company data Asian Paints. on the public cloud network. Sandeep PhanasgaEmployees should exercise onkar, President & CTO, Reliadequate restraint & cognisance ance Capital explains the while using the tools. Security company’s journey on the cloud has to be on top of their mind. model. Phanasgaonkar stressed computers, tablets More so, On-the-go availabilon the importance of using puband smartphones ity of Google apps raises the lic cloud. He also answers the users will be using importance of securitising CEO question on the benefits of android by 2016 the content-access-sessions of cloud, “We are an early adopter the employees. of public cloud. Reliance Capi“Public CSP in the SaaS space tal has invested on deploying
2.3bn
54
October 2012
do not provide adequate security features thus we have to screen the data moving and being exchanged on public cloud to have a more layered security approach. Reliance Capital has also added a DRM tool as a part of its information security policy,” said Phanasgaonkar Manish Choksi, CIO, Asian Paints throwing light on his cloud strategy believed in a more stratified manner of cloud adoption and dismisses the ‘Rip And Replace’ strategy where enterprise CIOs give way to cloud models by replacing certain in-house solutions. He prefers reducing the white spaces in the enterprise architecture where technology tools have a role but are still absent. This point answers the query on the scenarios in which cloud can be adopted. Implementing tools on cloud where they are needed but are currently absent can prove to be the right insertion points. For e.g. Asian Paints is currently undergoing a massive website redesign. Hitherto cloud was not used for managing the website however cloud computing has a role after the redesign because the company will be adding a bouquet of interactive and social media tools and functionalities, which will also require at the back end a scalable storage capacity. Asian Paints will host the website platform on cloud. Choksi finds a point of caution, “There is one rider however, the system integrator will have to actively connect with the cloud service provider.” The paint company is also moving the social media & analytics on cloud. “We would not like to burden our in-house team and there’s no point in boiling the ocean. Development & testing services can also be considered to be hosted on cloud. We are also thinking on deploying HR solns on cloud”, says Choksi. When asked about whether he is considering putting any core business applications on cloud, he replied in negative, “The vendors will have to mature to provide cloud models for core business applications.” he opines. On the query of what if the CSP goes bankrupt or the customer wants to change his provider? Choksi says transparency is the key. The vendors have to be transparent in their offerings. “Sales pitch is all about transparency.” he concludes.
o i l & G a s | NE X T HORI Z ONS
Role of IT in Boosting Oil Production? IT Leaders from Oil & Gas sector discuss how IT can help increase oil production in India By Abhishek Rawal
image by photos.com
T
he crux of IT delivering its capabilities to the best of it’s abilities in any organisation lies in how it’s able to engage with business. This business-IT engagement also ensures that technology is not only playing the conventional role of enabling business but also stepping forward to solve business challenges. Oil PSUs in India are constantly under pressure to increase oil production. India is running short of increasing the per capita energy consumption and IT can play a major role to achieve the set targets. M. Thyagaraj, CIO, ONGC quoting the planning commission report says, “India plans to increase the per capita energy consumption from 756 to 1000 kw/hr,” about 1 lac villages are still not electrified, which is a huge source of untapped demand; O&G contribute 30% to the overall energy consumption in the country. The success of the O&G sector to produce more will lead to growth in GDP. IT plays a fundamental role in sustaining the growth and meeting the supply required in the market. Sanjay Srivastava, Head IT, Exploration and Production Division, Reliance Industries (RIL), commented on the challenges faced and how RIL is striving to improve
productivity using IT solutions. These observations can prove to be critical pointers on ways to improve oil production by leveraging high end IT solutions. He gave an account on how technology is used at RIL in acquiring massive amount of data during drilling operations at offshore
oil fields. “The upstream operations are highly data intensive and capturing all the information is key,” says Srivastava. However there are no off the shelf IT solutions available in the market. Tons of data is generated during exploration and production (E&P), from
October 2012
55
NE X T HORI Z ONS | b i g d a t a
collaborative environment. reservoirs and further down in The data, when made available the operations life cycle. More to the relevant personnel will so, the data is both in strucenable them to take informed tured and unstructured form. decisions. Thus managing the data pool The LCD 3D monitors will worldwide decline becomes a challenge. further enhance better data in the shipment of In addition the sensors model visualisation capabilipersonal computers installed at the Oil rigs also ties of the equipments at the in q3 of 2012 provide valuable data inputs oil rigs. The Product Lifecycle on seismic activity and High Management (PLM) solutions Performance Computing (HPC) will also improve productivity. solutions are used to process All these developments will improve plant, this dynamic data. Srivastava opines that employee productivity and thus result in oil times are not too far away from the concept production boost. of ‘digital oil fields’ where advanced sensors The integration of operations/automation and meters will be used for deep sea oil solutions with IT can also play a decisive drilling, which will also give rise to a more
8%
role. Anurag Mehrotra, VP and HeadClient Relationship Group, Wipro says,” integration is not only important of point to point IT solutions but also between automation and IT solutions,” this will result in better visibility of relevant data points. The automation and IT platforms capture huge amount of data in upstream operations, refining and retail. The integration will better streamline production planning and scheduling. He also pointed that oil majors are no longer looking for siloed partners for ERP, storage and other IT solutions but partners with holistic expertise, who can successfully integrate point to point solutions with their process expertise.
Unlocking Big Data in Social Technologies Most of the news from Oracle's OpenWorld revolved around cloud services and a new social platform, but big data was the real story By Tony Kontzer
T
he display at EMC Corp.'s booth at Oracle OpenWorld show in San Francisco featured a famous quote uttered by a British entrepreneur in 2006: “Data is the new oil.” EThe quote was being bandied about to promote an ambitious global project called "The Human Face of Big Data," an effort commissioned by EMC, and sponsored by the likes of Cisco Systems and VMware, that aims to use crowdsourcing to get a handle on humanity's increasing need to generate and crunch data. For example, a widely distributed smartphone application collected data, between Sept. 25 and Oct. 2, that indicated that the reason people can't find a cab when it rains in Singapore is that drivers looking to avoid having their pay withheld for accidents simply pull over to wait out
56
October 2012
rainstorms. They don't pick up new fares. While such findings may not hold much value for the average IT executive, the implications of big data certainly do. And although the news from OpenWorld centered on Oracle's slew of new cloud services and a new platform that socially enables all of the company's applications, big data was clearly the dominant theme. Oracle CEO Larry Ellison's anticipated keynote address, which was entitled "The Oracle Cloud: Where Social is Built In," focused instead on how the company's venerable database and analytics technologies can crunch the big data inherent in social network streams. Ellison began his keynote touting Oracle's cloud — which now features new services such as planning and budgeting,
financial reporting, and data and insight -- as having the broadest set of applications in the industry. He then quickly introduced Oracle's new social platform, which he characterized as being far preferable to standalone social applications. But what he clearly wanted to demonstrate was the kind of insight that can be gleaned from social data when the right analytical tools are used. Specifically, he showed the packed hall how two products — Oracle's Exadata database and its Exalytics in-memory analytics appliance — were used to analyze nearly 5 billion Twitter posts to determine what celebrity would be the best spokesperson to promote a new Lexus sedan. Ellison made it clear that Twitter data, in particular, consists of much more than the
m o b i l i t y | NE X T HORI Z ONS
Illustration by photos.com
posts themselves — it includes timestamps, geotags, device types, and more, and the data is of both the structured and unstructured variety. In the end, Oracle ended up analysing 27 billion relationships, nearly a billion retweets and hashtags, 2.8 billion mentions and another 1.3 billion replies. And as Ellison pointed out, the conclusion itself — that gold-medal Olympic gymnast Gabby Douglas was the best fit to promote the new Lexus — wasn't nearly as significant as the process by which that conclusion was reached, which included drilling down into the data to find out whose posts most frequently mentioned cars, for instance. “This was a very simple question that required an enormous amount of data processing to get the data," Ellison said. "This is something we would have had to guess at before.” — This article was first published in CIO Insight. For more stories please visit www.cioinsight. com.
What to Do With Your Firm’s Old iPhones iPhone 4 resales were up nearly 883 percent in the month leading up to the iPhone 5’s introduction
A
pple is expected to sell quite a few iPhone 5 handsets this year. Investment firm Jefferies has calculated that 170 million global smartphone subscribers will come out of their contracts in the second half of 2012, and 450 million more will do so in 2013. Contracts aside, Topeka Capital analyst Brian White expects the iPhone 5 to drive the "biggest upgrade in consumer electronics history," while Jefferies analyst Peter Misek has told investors to expect the "biggest handset launch in history.
Add in a Samsung Galaxy S III that made its way into the hands of more than 20 million users in 100 days, and there are, or will be, considerable numbers of unused phones cluttering office shelves and kitchen junk drawers. Recycling boxes are an option, but a number of sources offer cash, as consumers are discovering. Last year, following Apple's iPhone 4S announcement, iPhone sales surged on SellCell.com, constituting 50 percent of the phones the site helped to sell that day. Compared with last August, sales of smart-
phones, feature phones and tablets this year are up 725 percent, and in the last four months the average price being offered to sellers has increased from $77 to $84. In the month leading up to the iPhone 5's introduction, a SellCell spokesperson told eWEEK, total iPhone resales and trade-ins were up nearly 434 percent, compared with the weeks before the iPhone 4S's intro; iPhone 4 re-sales were up nearly 883 percent and overall trade-ins were up 492 percent. During Apple's Sept. 12 introduction of
October 2012
57
the iPhone 5, trade-ins on SellCell.com were up 50 percent from the daily average and visits for the day peaked at 4 p.m. ET, shortly after the event concluded. While it's tempting to think consumers are trading in devices made by Apple competitors, it's just the reverse. The site's latest September figures show Apple devices to account for 29 percent of trade-ins on the site, followed by Samsung (17 percent), HTC (15 percent) and BlackBerry (14 percent) devices. SellCell.com fancies itself the Kayak.com of the smartphone resell market. Users enter the name of the phone they'd like to sell, and the site gives back a comparison tool showing the companies willing to buy it. The morning before Apple's iPhone 5 announcement, offers for a 16GB black Apple iPhone 3GS, in good condition, ranged from $18 from an unrated company called Depstar to $107 from an unrated company called Side Street Technology that ships for free but doesn't offer free packaging. A company called BuyBack World, however, has a B+ rating from the Better Business Bureau, offers free packaging and
Illustration by photos.com
NE X T HORI Z ONS | s t o r a g e
shipment, and was willing to pay $101. uSell.com runs by a similar model, but gets more specific about the state of the phone, asking a few quick questions, such
as whether the screen is damaged and what accessories--such as the original box and charger--the seller has. As on SellCell.com, device conditions affect offers.
EMC Forum'12 to Discuss Big Data, cloud The event will help CIOs learn how new technologies can transform their IT and business
C
loud computing transforms IT, delivering the maximum possible IT efficiency. An automated private cloud is the first step – creating a dynamic pool of compute, network and storage. Private Clouds will become an infrastructure that is fully automated based on policies set in partnership with the business. Most enterprises will connect their private cloud to public clouds, creating a hybrid cloud, combining what each IT organization does best with what partners can do better – but keeping IT in control. According to an EMC –Zinnov study, the total cloud market in India, currently at $400 million, will reach a market value of $4.5 billion by 2015.
58
October 2012
Cloud makes it possible to store, manage and analyze all of the world’s information even as information continues to grow. New sources of data are creating new opportunities and putting new demands on IT. IT will need to manage Petabyte-scale data sets containing all types of data – structured data, unstructured data, data inside the firewall, data outside the firewall, data that must be retained for years and data that is only valuable if it is acted on in milliseconds. Data Science teams will be formed to collaboratively analyze information, delivering predictive analytics embedded in new business applications. Keeping these important trends in mind, EMC’s upcoming event, EMC Forum 2012 will be a 2-day program where CIOs and IT Deci-
s t o r a g e | NE X T HORI Z ONS
Rajesh Janey President - India and SAARC at EMC
sion Makers can create a vision for their future, by learning how cloud can transform their IT, and how Big Data can transform their business in a secure environment. Attendees can also hear some of India’s most influential IT thought leaders discuss the future as well as understanding what other organizations have achieved so far. EMC Forum is a unique opportunity for CIOs to connect and network with peers in India. IT decision makers would also get to hear local and international insights from high calibre keynote speakers and presenters, and case studies featuring the latest integrated solutions from EMC and its partners. A hand-picked selection of EMC partners will be exhibiting their products, and EMC will be showcasing solutions at its Demo Centre. Some of the topics that’ll be discussed at EMC Forum would include Applications and Databases; Backup, Recovery and Archiving; Big Data and Analytics; Cloud Computing; IT Transformation; Information Intelligence; Technology Directions and Innovation; Virtualisation; Storage and IT Management; Security and Compliance and Storage Platforms, FAST and Flash. Apart from the entire Indian EMC leadership team, the EMC Forum would witness motivational speaker David Lim and Mandar Marulkar, Associate Vice President –Head IT Infrastructure and CISO, KPIT Cummins Infosystems Ltd.
TECH FOR
GOVERNANCE
Illustration by photos.com
4mn Data Briefing
IT jobs to be created by 2015 globally to support big data
Concerns for a Global Surveillance Project Two different documents are circulating on the internet and both refer to CleanIT By Pierluigi Paganini
60
October 2012
I
S ec u r i t y | T E C H F O R G O V E R N A N C E
I just returned from the Cyber Threat Summit in Dublin,
one of the most interesting European events in cyber security that gave me the opportunity to share opinion notes with expert professionals of international security context. The event revealed an alarming scenario on the main cyber threats, no matter if it is cybercrime, hacktivism, cyber terrorism or cyber warfare, all those ambits share a worrying growth of cyber attacks that are influencing our digital lives and not only. One of the most debated arguments is the need to protect the digital identity that is daily menaced, highlighting the need to improve cyber counter measures to protect our privacy and at same time grant a sufficient level of security to network resources. Of course one of the most effective measures is the increasing of systems for the network monitoring, despite the resistance of internet users that claim their digital rights, many governments are implementing and deploying, in a more or less transparent, technologies for massive surveillances. Network appliances for massive analysis, systems for automated analysis of social networks and powerful systems for facial recognition are only few of the different solutions that many governments are deploying. I recently read a news regarding a project promoted by the European Commission to fight terrorism online that describe a wide-ranging surveillance. Apparently a leaked document, published by European digital rights group EDRi revealed the possible impact on civil liberties of a project named The CleanIT that was set up to improve the exacerbate the fight against cyber terrorism. The impact on internet users and their privacy is dramatic, let’s consider that Internet Service Providers should be held liable for their operate in terms of surveillance on possible use of internet made by terrorists. There are two documents circulating in the internet which refer CleanIT, the official one that reports only recommendations provided by the authors and the leaked one “Detailed Recommendations Document.” The “public” version of the document appears quite different from the document posted by EDRi, but the project leader of the official proposal, But Klassen, declared that the leaked version was created collecting observations expressed during a debate on the project. “The term ‘recommendations’ on the food for discussion document is misleading, we shouldn’t have used that term. These are just ideas that we are collecting. Everything everyone says at the meeting is written down,
but the public document contains the points that we have reached a consensus on.” One of the main concern is related to the recommendations to improve the monitoring of social media, platforms that are considerable great mines of information that could be aggregate to prepare "any kind" of analysis, just the misuse of the data collected by governments is one of the principal concern for the organisations that defend the rights of internet users. The proposed measures are very stringent, the document states that is illegal to divulge and propose “knowingly” references to terrorist contents. The proposals have with main objective the avoidance of anonymity access to web services, internet users have to be identified. “CleanIT wants binding engagements from internet companies to carry out surveillance, to block and to filter (albeit only at “end user” — meaning local network - level). It wants a network of trusted online informants and, contrary to everything that they have ever said, they also want new, stricter legislation from Member States.” The post of EDRi group reminds that the project is financed by DG Communications Networks of the European Commission that operates without coordination limiting in sensible way the users operations on internet. “CleanIT (terrorism), financed by DG Home Affairs of the European Commission is duplicating much of the work of the CEO Coalition (child protection), which is financed by DG Communications Networks of the European Commission. Both are, independently and without coordination, developing policies on issues such as reporting buttons and flagging of possibly illegal material. Both CleanIT and the CEO Coalition are duplicating each other's work on creating “voluntary” rules for notification and removal of possibly illegal content and are jointly duplicating the evidence-based policy work being done by DG Internal Market of the European Commission, which recently completed a consultation on this subject. Both have also been discussing upload
October 2012
5
POINTS
One of the most debated arguments is the need to protect the digital identity ISPs should be liable for their operations in terms of surveillance on use of internet CleanIT wants binding engagements from internet companies to carry out surveillance customers should also be held liable for “knowingly” sending a report companies should implement upload filters to monitor uploaded content
61
T E C H F O R G O V E R N A N C E | co m p l i ance
be based on the “output” of the proposed content regulafiltering, to monitor all content being put online by tion body, the “European Advisory Foundation” European citizens.” But Klassen refuted allegations by EDRi that the Blocking or “warning” systems should be impleproject has overstepped its mandate sustaining that mented by social media platforms – somehow it will be the team of CleanIT has to complete the final design both illegal to provide (undefined) “Internet services” to by next March. “terrorist persons” and legal to knowingly provide access will be the growth Other Key measures being proposed for the project are: to illegal content, while “warning” the end-user that they of public cloud are accessing illegal content Removal of any legislation preventing filtering/surmarket in 2012 veillance of employees' Internet connections The anonymity of individuals reporting (possibly) illegal content must be preserved... yet their IP address Law enforcement authorities should be able to have must be logged to permit them to be prosecuted if it is content removed “without following the more laboursuspected that they are reporting legal content deliberintensive and procedures for ‘notice and action’” ately and to permit reliable informants' reports to be processed “Knowingly” providing links to “terrorist content” (the draft does more quickly not refer to content which has been ruled to be illegal by a court, but undefined “terrorist content” in general) will be an offence Companies should implement upload filters to monitor uploaded “just like” the terrorist content to make sure that content that is removed – or content that is similar to what is removed – is not re-uploaded ISPs to be held liable for not making “reasonable” efforts to use technological surveillance to identify “terrorist” use of the Internet It proposes that content should not be removed in all cases but “blocked” (i.e. make inaccessible by the hosting provider – not Companies providing end-user filtering systems and their custom“blocked” in the access provider sense) and, in other cases, left ers should be liable for failing to report “illegal” activity identified available online but with the domain name removed. by the filter Despite governments today use systems for network monitoring Customers should also be held liable for “knowingly” sending a with the aim of preventing criminal activities, particularly in comreport of content which is not illegal bating terrorism, the project as shown in the leaked document rep Governments should use the helpfulness of ISPs as a criterion for resents a serious threat to freedom of thought and undermines the awarding public contracts fundamental principles underlying the genesis of Internet. The proposal on blocking lists contradict each other, on the one hand providing comprehensive details for each piece of illegal content and judicial references, but then saying that the owner can —This article is printed with prior permission from infosecisland.com. For more appeal (although if there was already a judicial ruling, the legal features and opinions on information security and risk management, please process would already have been at an end) and that filtering such refer to Infosec Island.
20%
Service Providers and PCI Compliance
Know more about what you need from your third parties when it comes to PCI compliance
T
here seems to be a lot of confusion regarding third parties that provide networking or hosting services and their obligations regarding PCI compliance. This confusion is not uncommon as merchants and their service providers have not necessarily been provided enough guidance
62
October 2012
to understand their obligations. I hope this post will clarify those obligations for all involved. If you learn nothing else from this post, if a third party is providing your organisation a service that has access to your cardholder data environment (CDE) or the third party could come into contact you’re your cardholder data (CHD), then that third party
must ensure that the service complies with all relevant PCI requirements. As a result, the third party needs to either allow you or your QSA to assess the services that they are providing or provide you with an Attestation Of Compliance (AOC) that documents that those services have been assessed and they are PCI compliant.
In the past, I have stated that third parties could also submit a letter signed by an officer of the third party stating that all of the services provided to their customer are PCI compliant. Now that v2.0 of the PCI DSS has a separate AOC and the PCI SAQs have the AOC built into the SAQ, there should be no reason to need such a letter or to ask for one. If a letter is what your third party is offering, it is better than nothing, but you should be pushing them hard for an AOC. If they are reluctant to get you an AOC, as part of your vendor management process, you should take that into account and probably begin looking for a new vendor that will provide an AOC for their services. The most common issue we run into with third parties is that their AOC or other representations of PCI compliance do not cover all of the services provided to the customer. In case after case, we see the AOC covering requirements 9 and 12 and nothing else even though the services provided may require compliance with some or all of PCI requirements 1, 2, 3, 4, 5, 6, 7, 8, 10 and 11. In a lot of cases, it is not that the third party does not want to comply with PCI; it is they are taking the lowest common denominator approach and only picked those services where all customers requiring PCI compliance are asking for an AOC. That way they have reduced their costs of a QSA to assess their environment. These third parties are accepting the fact that any customer that needs more services assessed will have to do it themselves. Related to this issue is the third party that offers their SSAE 16 Service Organisation Control (SOC) 1 report has proof of PCI compliance. While a SOC 1 report can cover a few PCI requirements, people must remember that the SOC 1 report is structured specifically for financial auditors to ensure that the controls at a third party are properly constructed to support financial reporting at the customers. As a result, a SOC 1 report is not going to be a substitute for an AOC that covers all services. There is an alternative to this and that is to have the third party go through a SSAE SOC 2 report that focuses on the security controls of the PCI in-scope services provided. We are hearing from third parties inquiring into the SOC 2 report, but cost and a lack of customers requesting such a
illustration by prameesh purushothaman
co m p l i ance | T E C H F O R G O V E R N A N C E
The problem with PaaS and SaaS vendors is that they only deal with your organisation through a Web-based interface report are driving why we do not see more SOC 2 reports available. Another common issue we encounter is the refusal of the third party to cooperate in assessing the services provided to ensure they are PCI compliant. There are still third parties that argue their services are not in-scope for PCI compliance even when it is painfully obvious that the third party’s personnel have access to their customer’s CDE and/or CHD. The most common third party relationship we encounter is the management of routers or other layer 3 devices. Where we encounter the most confusion in this relationship is in regards to the use of encryption to keep the network services organisation out of scope for PCI compliance. The key here is if the network services organisation manages the encryption of the network, then they are in-scope for PCI compliance. The reason is that the employees of the network services organisation have access to the encryption keys and therefore could decrypt the communications and gain access to CHD transmitted over the network. As a result, at a minimum, the network services organisation is responsible
for complying with some or all of requirements 1, 2, 4, 6, 7, 8, 9, 10 and 12. If you receive such services and are not getting an AOC that covers these requirements, then you should be doing more work on your own as well as asking the third party why they are not covering more of the necessary PCI requirements. The next most common service we encounter is the network services firm that is managing or monitoring an organisation’s firewalls, remote access or intrusion detection/prevention. Such services always put the third party in-scope for PCI compliance. Some or all of requirements 1, 2, 6, 7, 8, 9 and 12 will need to be assessed for compliance with the PCI DSS. The log capture and analysis requirements in requirement 10 may also be complied with if your organisation is not capturing and analysing the log data from these devices. Another group of third parties we encounter a lot are records retention vendors. Organisations like Iron Mountain have conducted their own PCI compliance project and readily hand out their AOC to customers. However, where we see issues is with
October 2012
63
T E C H F O R G O V E R N A N C E | sec u r i t y
such vendors that provide their own tape library for their customers to use for backup. We have encountered a number of third party’s doing the encryption at their library which puts them in-scope for PCI compliance, at a minimum, for requirements 3, 4, 6, 7, 8, 9, 10, 11 and 12. We encounter outsourcing the data center a lot with large organisations, but small and mid-sized organisations are also hopping on the data center outsourcing bandwagon. Where this puts the third party in-scope for PCI compliance is when the third party is responsible for maintaining the environment such as applying patches, managing servers or any other activities that would allow the third party’s personnel to potentially have access to CHD. In such situations, at a minimum, the third party is responsible for complying with some or all of requirements 2, 5, 6, 7, 8, 9, 10 and 12. Compliance with some or all of requirement 1 may be applicable if the third party is managing your firewalls or routers. Compliance with some or all of requirements 3 and 4 may also be applicable if the third party is responsible for managing encryption keys for encrypting CHD or encrypting communications. If your organisation is purchasing Infrastructure as a Service (IaaS), then the third
typically only covers only the party providing these services physical security requirements will typically be out of scope in requirement 9 and possifor PCI compliance except for bly some of requirements 11 requirements 9 and 12. There and 12 and nothing related to are some instances where IaaS the other requirements, even implementations may require IT spending forecast though the third party may have compliance with the PCI DSS in 2013, a 3.8 percent responsibilities for PCI compliif the third party is managing increase from 2012 ance outside of what is reprenetwork infrastructure that sented in their AOC. If this is comes into contact with CHD the case, there is little you or as is usually the case with priany QSA can do to properly vate cloud environments. For assess the environment to ensure it is truly Platform as a Service (PaaS) and Software PCI compliant. As a result, we have a lot of as a Service (SaaS), the third party will have organisations that try to develop compensatto provide PCI compliance for the services ing controls for these cloud implementathey are providing to your organisation. tions. These organisations very quickly and That is because with either of these service frustratingly find out that there are very few, offerings, the third party must have access if any, controls on their side of the equation to the CDE and will have the potential of that can get them to “above and beyond” the coming into contact with CHD. original requirement. The problem with the majority of PaaS I know there are a lot of other examples of and SaaS vendors is that they only deal with services being provided to merchants. But, your organisation through a Web-based hopefully these examples can assist you interface, i.e., everything is automated in clarifying what you need or do not need – contracts, support, etc. As a result, the from your third parties when it comes to contract is a “take it or leave it” situation PCI compliance. that does not usually cover everything needed for PCI compliance, there is no way —This article is printed with prior permission from to independently verify the representations infosecisland.com. For more features and opinions made by the third party as well as the fact on information security and risk management, that the AOC provided by the third party please refer to Infosec Island.
$3.7tn
Ten Musts for a Good Security Risk Equation Here are 10 qualities to assess the security risk programme that you are building By Stephen Marchewitz
F
or those of you that have taken steps to build a security risk management programme, sooner or later you will come to the point where you have to start quantifying risk in some meaningful way. This is important because the board and other
64
October 2012
executives of the company have seen the latest security stories in the news and the Fear, Uncertainty and Doubt that goes with them. They are examining and questioning how you are protecting them. So here are ten qualities to assess your choices against.
1
It should start with the simplest of equations and be easy to understand
This is important for a variety of reasons, but people can understand simple. Einstein’s ‘E=MC2’is the perfect example of this and it leads to his quote “Make things
sec u r i t y | T E C H F O R G O V E R N A N C E
When there is some form of enterprise risk management, security risk often falls to the bottom of the list (if it makes it there at all)
illustration by photos.com
greed take over depending on the moment, the environment, or the whim of the executives in charge. When there is some form of enterprise risk management, security risk often falls to the bottom of the list (if it makes it there at all). Therefore, the risk equation that you choose must be able to provide wisdom and guidance for the enterprise/executives to cross that chasm. And yet it must be flexible enough to be altered and incorporated into the most complex of enterprise risk theorems available today. This will allow you to make sure executives buy in to your process so that security risk taking is not dismissed.
4
Expand the discussion beyond audits
as simple as possible, but not simpler.” The complex calculations underneath and the years it took to figure that out, aren’t going to resonate with the population at large. In the same way, too complex of a starting point will be too great of a hill to overcome to get imbedded in the psyche of the organisation. Human nature shows that when it’s difficult to understand and explain, the mental challenge to get started is sufficiently great to bring any momentum to an unceremonious halt.
2
It should be elegant
Building off of high-level simplicity as a starting point, the equation also needs to be effective and constructive, i.e. elegant. An elegant equation would solve multiple
problems at once, especially problems not thought to be interrelated (which we’ll discuss in the items below). It should also produce consistent results, no matter who is using it or which way they confront it. This is especially important since not every risk can be measured properly and some variables, such as probabilities of loss.
3
It should bridge the gap between security risk and enterprise risk
One of the great challenges for security today is aligning with enterprise risk management. Many organisations don’t have risk officers or risk managers with which to work. Worse, risk-based decisions are rarely made, and the emotions of fear or
Audits are checklist focused. That is, there is a yes or no, right or wrong, in place or not in place checklist where you have to choose a binary answer. Auditors know controls. And while the ability to include controls from the various regulations is an important factor in a risk equation, executives are not interested in them on the whole unless they have to be (thus the audit). If you’re going to go between executive management, security, risk management, and audit, you’ll need to appease all, but stand for something. This will improve the ability of the organisation to communicate regarding their compliance and security issues, as ultimately an organisation’s upper management decides—based on the goals as a whole—how much risk to take
October 2012
65
T E C H F O R G O V E R N A N C E | sec u r i t y
on. This isn’t something for security professionals to hold the risk.
5
It should be able to help you politically and personally
2mn
IT jobs to be created in the united states by 2015 to support big data
This is a tall order for any calculation…help you politically and personally? How’s it going to do that? Well, for you to get your point across and improve your standing with other executives, you’re going to have to connect with them in their heads and hearts. Remember, people make decisions intellectually but they buy in to your ideas emotionally. If it is easy to understand from a 10,000-foot level, it can be used to lead the discussion with executives in a way that protects their pride when they don’t know something. When reporting on risk, if you start with the simple and move to the complex, they’ll be able to follow and ask good questions. Those questions will help them understand that ultimately risk decisions are up to them and that they need someone like you to give them the straight scoop. In the new era of big data, decisionable data will win the day for you and them, and they’ll be complimenting you for it!
6
Ideally, it would be cost effective
Initially, using or implementing a risk equation into your framework should not be more expensive than the security budget itself! Typically, fixing everything in security or adding in every control under the sun is not feasible, and this may be the case with many parts of a robust risk framework. As with anything in a company or household, the cheaper it is to get something done, the better chance you have of getting started. With risk equations in general, it ideally could be incorporated into another part of the budget with only an incremental increase. With compliance audits, penetration testing and risk assessment budgets what they are, the entry point for aligning security to risk would be in the same order of magnitude. Really, starting with a risk equation could be only marginally more expensive, or even free, depending on the time you have to dedicate to another endeavor. Ultimately, in order to
66
October 2012
be effective, any security or risk management programme is a process—it doesn’t end. Thus the spending doesn’t end, and when that happens, cost is even a bigger factor than normal.
7
It should be practical
By practical, we mean a risk equation should be doable for the majority of companies out there. It would be fantastic if it takes advantage of what you’re already doing. While most organisations aren’t practicing risk management in their security program, they are practicing security management. Regular assessments of vulnerabilities (through scans and pentests) and controls are commonplace. As an industry, we’ve gotten to know those two areas very well over the last five years. Starting with those two variables of a risk equation gives a security programme a huge jumpstart over tackling much greater challenges of complexity and cost, as opposed to starting with something like data classification, threat probabilities, or asset values. The downside is of course that these are important things to know for risk management, and in a perfect world you could have these to start. Since few live in a perfect world, starting from practical and moving to ideal is usually a better way to go.
8
It’s defensible
At some point you will be called to the stand to defend yourself and your decisions. From our experience with breaches, 7 out of 10 times when there is a breach, someone gets fired. So before that happens, it would be wise to get the story down of why or why not you did or didn’t do something. While there are many ways to talk yourself out of a bad situation, if you have a quantifiable means of backing up your decisions, it’s going to go a long way toward building your stature and standing. A risk equation, at it’s core, seeks to make risk measurable so it can be managed. That measurement aligns the activities of the security programme with the appropriate controls to meet the organization’s strategy and risk limits. In addition, because ISO and NIST and COSO are so well known (and well defended) if the equation or tax-
onomy is able to be built into some of the standards, it makes it that much easier to hold up to scrutiny.
9
It has a path to grow more specific/accurate as the risk management programme matures
To use an analogy, if you just have started cooking, you don’t start off trying to make Baked Alaska. You work your way into it, starting off with scrambled eggs or buttered noodles with an eye on being the Iron Chef. Thus you start with defining risk because you can’t optimise what you haven’t defined. From there, we work into the simple equation or part of the equation, which admitedly is not going to be truly accurate when you start. Then as the risk management program matures, the equation should allow you to trade some simplicity for increased accuracy and explanatory power. It’s this path that makes an equation so powerful. We always want to know where and why we’re taking educated guesses and how much it will cost (in time and effort) to get there. If we need to ramp up or down the level of effort, we’re able to.
10
It should be useful
Last but not least, it should be useful. This is, of course, the most important component of a risk equation. In some way, the equation or taxonomy or ordered categories should enhance an organisation’s ability to both assess risk and prevent future attacks or critical incidents. This latter one does tend to get diminished, in that they see the forest, but forget the trees. High level decisioning from strategic consultants often underestimates the burden on the poor security and IT folks that are left having to implement all of this when they have a hard enough time getting their job done as it is. There are only so many controls in a security programme. Most security professionals are well aware of the majority of them. With budgets as they are, one typically can’t do them all, so the risk equation must ultimately refine the security programme’s controls (i.e. what needs to be done by security professionals based off of risk. Therefore, it should assist in the allocation of capital to its highest and best use by measuring and estimating risk of loss.
m anage m ent | T E C H F O R G O V E R N A N C E
Ideal world and real world are often at a crossroads,thus the equation you choose.
Summary We at SecureState used this guideline when determining which equations or taxonomies we wanted to align with. After reviewing each one that we’ve come across, we’ve concluded that two are best suited for commercial organisations (one we created) depending on the internal funding and political circumstance they find themselves in: FAIR and iRisk. FAIR (Factor Analysis of Information Risk) is fort hose that are look-
ing to handle more than just security, and really are looking at risk from a top-down perspective. It’s very robust and comprehensive, and is best when funding and the temperature for security risk management are high or on the upswing. From a bottom up perspective, the iRisk equation for the security-risk focused organisations (or the security group) let’s you start from where you are with activities you are already doing. There’s less investment in both time, money and resources. The tradeoff is that many inputs one would typically see are additive, mean-
ing they’re not baked in from the beginning. They can be added in later (asset value and classification as an example). While there is a path from iRisk to FAIR, in essence each risk management philosophy is like it’s own religion. It depends on what your motivations are for buying into one or another, what you’re looking to get out of it, what downsides you’re willing to accept to gain the upside. —This article is printed with prior permission from infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
Agreements Kill Privacy, But Can They Create It Too? Firms should detail in their service agreements that they will keep user data confidential
By Hanni Fakhoury
W
illustration by photos.com
ith more people constantly connected to the Internet, technology companies are becoming massive repositories of sensitive and personal information. Our communications with family and friends now sit stored on servers belonging to Google or Facebook. Cell phone companies keep track of our location by recording every time we connect to a cell phone tower for up to two years. Unfortunately, the Fourth Amendment has not kept up with this technological reality. And a recent case decided by the Ninth Circuit Court of Appeals, United States v. Golden Valley Electric Association (PDF), highlights the increasing way constitutional rights are adjudicated when it comes to data stored by other companies: through the service agreement a user enters into with a company. First, some background. The Supreme Court long ago ruled that users lose their expectation of privacy when they
October 2012
67
T E C H F O R G O V E R N A N C E | m anage m ent
A 2010 case from the Sixth Circuit Court of Appeals highlights how a subscriber agreement that governs the relationship between a company and user can potentially become a black hole turn information over to third parties. The "third party doctrine" has been used by the government to justify warrantless acquisition of cell site tracking records, Twitter account information, and email. They've argued these records belong to the companies, so a user can't complain when the data is turned over to the government. Ultimately, this means that your constitutional rights are in the hands of the companies storing your data. Given the ever increasing demands of law enforcement, companies have little time or resources to fight for user privacy. That means companies have an enormous amount of power in determining your privacy rights. As we've documented in our "Who Has Your Back" campaign, many of the biggest and most popular tech companies have work to do in fighting for user privacy. A 2010 case from the Sixth Circuit Court of Appeals highlights how a subscriber agreement that governs the relationship between a company and user can potentially become a black hole where the Fourth Amendment goes to die. In United States v. Warshak, the Sixth Circuit became the first federal appellate court to rule that people had a reasonable expectation of privacy in their emails notwithstanding the fact that email typically passes through a third party, the email service provider. That meant law enforcement needed a search warrant to obtain the contents of emails. ButWarshak noted it was "unwilling to hold that a subscriber agreement will never be broad enough to snuff out a reasonable expectation of privacy." So although the email provider in the Warshak case didn't say anything
68
October 2012
about whether it would "audit, inspect, and monitor" emails, messages stored by a service provider that did say it would monitor email in a subscriber agreement wouldn't necessarily be protected by the Fourth Amendment. In short, the court said companies have the ability to strip you of your Fourth Amendment rights. As troubling as that seems, the flip side is that presumably faced with silence -- like theWarshak service provider -- or even an affirmative statement by a service provider that it will protect your privacy, a reasonable expectation of privacy could still exist. Or stated differently, a service provider can also give you Fourth Amendment protection if it promises to safeguard your privacy. The Ninth Circuit addresses this precise issue in Golden Valley. The case revolved around a small cooperative utility provider in Alaska, that received an administrative subpoenaissued by the DEA seeking customer records it believed were relevant to a criminal investigation. These records included things like the subscriber's name, telephone number, method of payment (including credit card numbers or checking account information), and service initiation and termination dates. The most important thing the government sought, however, was energy consumption records. By determining whether energy levels were elevated in specific houses, the agents believed they could pinpoint locations where marijuana was being grown. Addressing a very similar situation in 2001, the Supreme Court in Kyllo v. United States ruled that the police needed a search warrant to use a thermal imaging device to measure heat levels in a residence, since the
devices could reveal intimate details about the interior of a home. To get around Kyllo, the government sought to get the records from Golden Valley directly instead of planting a police officer in front of the houses, ultimately avoiding the need to get a search warrant. That's because the records belonged to Golden Valley, and therefore, the government argued, customers had no expectation of privacy in them. Golden Valley challenged the administrative subpoena, a rare act for a company to take, and raised the argument suggested by Warshak: that since it had a company policy of protecting user privacy, a search warrant was required to obtain this information. The Ninth Circuit, however, rejected Golden Valley's argument, finding that Golden Valley failed to show any explicit customer agreement promising to keep records confidential. At first blush it may seem that Golden Valley highlights a lose-lose situation for users created by the third party doctrine: providers can take away your Fourth Amendment rights in their service agreements, but in the rare instance when they make an effort to preserve your rights by promising to protect your privacy, it doesn't matter anyway because the "records" (created with your data and activity) aren't yours. But the Ninth Circuit really left a far more important privacy opening. It noted that in some circumstances, "a company’s guarantee to its customers that it will safeguard the privacy of their records might suffice to justify resisting an administrative subpoena." In the specific case before the court, Golden Valley's policy did not rise to a sufficient level of specificity. But going forward in the future, other companies storing sensitive, personal information need to take advantage of Golden Valley's suggestion that service agreements can be more than just a black hole. They should explicitly detail in their service agreements that they will keep user data confidential and that they will stand up for users' privacy by challenging government attempts to obtain data without a search warrant. —This article is printed with prior permission from infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
How can you establish leadership in aligning security to the business?
How can you effectively manage cybersecurity, mobile security and cloud security?
How can you make sure the technology supply chain is secure?
How to adapt Enterprise Security to the new realities ?
What are the best approaches to maintaining effective GRC initiatives?
FIND ALL YOUR ANSWERS AT THE
Join India's Leading Security practitioners in their quest to understand the security trends and challenges, and indeed, develop a road-map to secure your organisations
Date:
December 6 - 7, 2012
Venue: J aypee Greens Golf and Spa Resort, Greater Noida Event by
Presenting Sponsor
Register Now !
http://tinyurl.com/csosummit
Associate Sponsors
FOR ANY QUERIES, PLEASE CONTACT: Astha Nagrath Khanna , astha.nagrath@9dot9.in, Ph: 9902093002
Thought Leaders Monish Darda |
Monish Darda, Co-Founder & CTO, ICERTIS
On the Razor’s Edge: Applying the Cloud to the Enterprise Our transportation
management system has delivered up to 35 percent cost savings, running the planning engine on the cloud One of my favorite descriptions of cloud computing comes from Dr. Ramnath Chellappa of Emory University, who is widely attributed to have made the first known academic usage of cloud computing: “A computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits alone”, he described. Simply put, if you have the use case and the money, computing (and storage, and bandwidth) will cease to be a bottleneck; and that is what enterprises around the world are discovering. Problems that they knew could not be solved, because the capital investment required in computing power did not justify the returns; and problems that they looked to formulate and solve in fundamentally new ways, can now be solved, and with economic rationale!
Cloud in the Enterprise: Here is a great and a simple example of how cloud computing is being utilised: For long, enterprises have collected “click-streams”; data logged about visitors to their business web
70
October 2012
sites. This data, stored unused so far, has the potential to unlock user behavior patterns, allowing businesses to bring more efficiency and increase profits by recognizing and using these patterns to market and sell better. Due to the data sizes of these click-streams sometimes running into terabytes, analysis of this long term data till very recent time did not justify the investment required in computing resources. Cloud computing allows for such analysis to be economically feasible and viable - you can now potentially hire hundred 8-way servers for an hour, to run an analysis on this stowed away data and unlock its potential. Another great example of the cloud’s very real application to an enterprise problem: transportation systems in the enterprise have to plan their cargo, fleet or people for optimal utilisation and costs – this planning is compute intensive, and has traditionally been done infrequently, on restricted data sets to keep infrastructure investments within economic limits. Now, cloud
“The demand on ease and availability of data opens up a lot of questions — how do you regain control, secure data and protect yourself better”
computing makes possible more frequent planning runs that use all available data, delivering efficiencies previously just not possible. At Icertis for example, our transportation management system has delivered up to 35 percent cost savings, running the planning engine on the cloud, again with economic rationale.
Evolution of Information Sharing Why is it that many enterprises struggle when setting up and implementing a successful cloud strategy? And what are the drivers that can make cloud computing effective and rational? To understand this better, let us look at how information sharing has evolved, keeping in context the fact that the pace of evolution in recent years has been extremely fast. Business demands, including much closer relationships with partners, vendors and customers, as well as increased compliance and corporate responsibility are driving the need for exposing more information outside the enterprise than ever before. Business users, riding the storm
M o n i s h D a r d a | T h o u g h t L e a de r s
of smart hand-held devices, find that it is so easy to share their personal world with their friends, family and the entire world, and are demanding to know why this still cannot be done with their business information and with vendors, customers, prospects and potential prospects. Rather than the CIO driving technology strategy, the business is now trying to catalyze this change by learning from consumer experience and trying to bring it to the enterprise. That is why SalesForce is such a no-brainer for most organizations – a pay-as-you-go model with sales data easily accessible anywhere in the world on almost any device on the Internet; where all that is needed to subscribe is a credit card. This becomes a very compelling example of business driven computing at its best. No requisitions, no long approvals, no IT dependencies, no long procurement cycles – it is just there for you, and your customers!
The CIO dilemma The demand on ease and availability of data opens up a lot of questions – how do you regain control, secure data and protect yourself better against malicious users and inadvertent user errors? How does the IT organization come to terms with not maintaining their own servers, and not owning the networks that their data resides on? In many cases, they start by feeling threatened! Cloud is forcing companies to reassess the way they have approached the IT structure; an expected reaction that is inappropriate in today’s business condition. That is where most enterprises struggle today when it comes to adopting cloud computing appropriately, efficiently and safely. Having been witness to successful cloud implementations, I have a philosophy to suggest – Occam’s razor! And it fits right in. Wikipedia: Occam's razor (also written as Ockham's razor, Latin lex parsimoniae) is the law of parsimony, economy or succinctness
Occam’s razor or the law of parsimony, economy or succinctness- is a philosophical principle that seems built for the cloud! When it comes to enterprise cloud strategy, keeping things simple is the key. Let us explore some of the key ingredients of a successful cloud strategy based on the principles of parsimony, economy and succinctness.
Public Data Prospects Customers Partners
Cloud adoption – keeping it simple and doing it right Assess Cloud Security and Application Security separately: an application on the cloud has a much bigger attack surface because it is potentially accessible to a lot more people. Cloud data centers like Microsoft, Google and Amazon are some of the best protected data centers in the world – at a volume that even some of the largest enterprises in the world cannot match. So, simply put, getting your application’s security right is critical rather than convoluted discussions on what the cloud does to security. If the application is secured, chances are that overall security will be better than an on-premise application. Be aware that for certain applications and countries, compliance issues are still open. Keep things simple when it comes to security and focus on the basics. Start with Return on Investment (RoI): Any cloud investment discussion should start based on RoI. This discussion can be enlightening – up-front costs that might kill some projects in infancy can take flight in the cloud. Uncertainty about use and scale of an application is another great candidate to consider for the cloud – applications can start small, and stop at any time; there is no hardware baggage to carry. Work on the business use case, and reduce clutter – focus on what the business needs are, details are handled much more easily in the cloud. And return on investment is the simplest way to guarantee support for your projects. Be careful of migrations: Many organizations initiate their cloud
Private Data
Enterprise Information in the extended enterprise strategy with migrating existing applications to the cloud. This is fraught with pitfalls – be careful. Migrating legacy apps running on old hardware seldom provides the right RoI, unless software licenses are up for renewal. Also, many a time, the benefits of the cloud cannot be realized fully without carefully thinking through application architecture and deployment. The right mix of new applications combined with migrated applications can deliver good RoI. Select applications that are simple to move, and are minimally interdependent on onpremise resources. Think differently: Agile organizations are amenable to change, and the cloud is the catalyst for change. Use the catalyst to your advantage – select business processes and identify products that can help you leverage the cloud to your advantage. That is one reason we at Icertis chose ERP surround as the space to build our cloud suite of products – contract lifecycle management, partner relationship management and transportation are some areas that can simplify business processes and bring the extended enterprise together.
October 2012
71
VIEWPOINT Steve Duplessie | steve.duplessie@esg-global.com
recently due to a busy fall schedule, I was giving up and bringing the boat to the yard to be dealt with for the winter and readied for spring. I’m always bummed out when it’s time to end the season. Boating, like IT, is not a game of absolutes. Stuff happens. Sometimes both will beat you in the head with a baseball bat. I should have known that things weren’t going to go as smoothly as I’d like when I woke up and saw that the perfectly sunny day in front of me was going to have 20MPH+ winds and 3-4 foot seas. That’s boating talk for “get ready to get kicked in the head for two hours.” Alas, it was my window. First I had to clean out the boat and take valuable stuff off of it, like booze. I enlisted the help of a friend — a well qualified accomplice, Neil. Neil is a professional bartender. From Miami. Thus, comfortable with both booze and water. Neil and I went down to the dinghy dock, where I obnoxiously keep my “dinghy” (which is really a 17’ skiff that I use as my own water taxi) only to find said skiff was not there. Oh oh. I grabbed a passing harbormas-
72
October 2012
ter guy (87 years old at least) and asked if someone from their office may have moved my skiff. He said no, but that he thinks it might have floated across the harbor and landed on the beach of Chappaquidick (yes, that Chappaquidick, of Ted Kennedy fame). He took me to look. 50 yards away I saw my skiff neatly tied to a mooring. When I told the capt. that was my skiff, he said “Oh yeah, I found that floating and tied it there.” Why he didn’t recall that earlier is another matter. He is 87 after all. I untied said skiff and headed back to the dock to pick up Neil. Neil tied the skiff on to the big boat and we began removing all the evidence of a summer well spent and a liver poisoned. Minutes later, we were ready to head back and haul out the skiff for the season, only to exit the big boat and see the skiff floating 100 yards away - and moving at a good clip. Neil can fix a mean cocktail, but his knot tying is somewhat suspect. We then looked like morons chasing a little boat around the harbor in a big giant boat. That added 30 minutes of folly to the day.
illustration by photos.com
The Perfect Storm Boating and IT
About the author: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com
For reference purposes, the trip was approximately 20 miles. The boat I have has a “flybridge” meaning I sit way up top, high up, out of the way of everything with great visibility to drive. I specifically bought this type of boat because it has a ton of outdoor sunning area, but inside is like a condominium. It has a second “helm” inside (redundant system to drive) — which I specifically bought in case weather became an issue some day. Guess what? Weather became an issue. The winds were so strong and I was heading perpendicular to the waves so that for the length of the journey, I was pelted with eye burning wind whipped ocean. Now the funny part — I couldn’t figure out how to switch helm control to the nice, warm, dry interior control station. I had to sit and try not to die. It was touch and go for a bit. My 28,000 pound boat was being tossed around like it was a toy. I couldn’t see because I was constantly pelted with waves crashing on my head. The wind and current were pushing me way off course. In short, it sucked.
YOUR CLOUD PRIVATE, PUBLIC OR HYBRID. OPTIMIZED FOR PERFORMANCE. With Riverbed, you’ll get breakthrough performance –whether yours is a private, public or a hybrid cloud environment. You’ll have greater flexibility to implement your cloud strategy and business goals. And you’ll have resilience when you need it the most. You’ll have your cloud on your terms. Go to: riverbed.com/hybridcloud For any queries, please contact marketingindia@riverbed.com