Page 1

Technology for Growth and Governance

August | 07 | 2011 | Rs.50 Volume 06 | Issue 24




It is probable that a CIO is a born leader but it is certain that leadership traits can be inculcated into any CIO. What is needed is the burning desire to learn.| PAGE 28 THOUGHT LEADERS








USER DRIVEN A 9.9 Media Publication


Juniper’s revolutionary approach to network architecture is setting the stage for the next wave of innovation.

Game changing ideas are happening everyday. But in the connected world, those ideas often struggle to see the light of day, due to the enormous computational demand needed to make them real. Of course, this level of compute power is often held up by one thing: the network itself. Until now. The Juniper approach delivers unprecedented network performance. The type of performance that’s ready for new ideas and new development everywhere the network works. It’s time for a new network. To learn more, visit


Þ Inbound Response Management Priya Sharma, 1800 209 3062, 022 - 67083830,

editorial Pramath Raj sinha |

The Captain and the Coach A CIO must don the mantle of a coach to be an effective leader.


t a recent conference on executive coaching, where I had to deliver the keynote address, I asked the audience what they would like me to focus on. Surprisingly, the most overwhelming demand was for tips on how to convince the top management on the benefits of coaching. People still see coaching as airy-fairy or scary — especially in a corporate setting! And so it goes with CIOs and leadership. We at the CTO Forum have been evangelising

editor’s pick 28

leadership as a no-brainer theme for CIOs. It forms the basis of our relationship with you. Yet, every once in a while a skeptic will ask: should a CIO be a leader? For us, there is no discussion, nor is there a tradeoff. CIOs have to be both technology and people leaders. It is the mix of both that will make them the business leaders that their roles demand. As we focus on leadership attributes in our cover story, it is the people leadership aspect that I want to comment on. Increas-

Leadership Attributes of a CIO

To come across as a true leader, among other things, a CIO needs to be a good communicator, team player and relationship builder.

ingly, one of the most significant roles of CIOs as people leaders is that of a coach. While leadership of the technology function calls for the ‘playing captain’; leadership of the IT team demands a ‘non-playing coach’. This is also a chicken-n-egg problem. Where is the time to coach when there is so much to do? And, there is so much to do because there is no time to coach your next-in-line. My own take on this is to break the ‘what-comes-first’ conundrum by beginning to coach. Chances are, you think you are coaching when you really are advising or mentoring. There are copious definitions for each, but suffice it to say that coaching is different. As an adviser, you tell people what they should do. As a mentor, you serve as a sounding board but are biased in their favour. Coaching, by contrast, is always done in the context of

achieving better performance and outcomes, and the focus is on changing behaviours and attitudes. The differences may be subtle but the interventions are not. As a coach, you have to listen, give feedback, help the coachee figure out for herself how to address a behaviour problem and ensure improved results. These are not easy skills and capabilities to develop. No wonder our mailboxes are flooded with offers to attend coaching programmes leading to certifications. And, one of these days, it may be worthwhile getting one!

The Chief Technology Officer Forum

cto forum 07 august 2011



Cov e r D e s i g n by B i n e s h S r e e d h ar a n

Conte nts

28 Cover Story

28 | A CIO's Leadership Traits It is probable that a CIO


04 | I believe: Collaboration is User Driven Users will find tools and techniques to collaborate even if you don’t provide them any.

is a born leader but it is certain that leadership traits can be inculcated into any CIO. What is needed is the burning desire to learn.

By Jay Kerley

56 | View point: Summer Love and Software Licensing People may hate licensing but they still buy software. By Steve Duplessie

Please Recycle This Magazine And Remove Inserts Before Recycling


Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Silverpoint Press Pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706

cto forum 07 August 2011

The Chief Technology Officer Forum


48 | Tech for Governance Business Relevant Information Security By Rafal Los Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Senior Editor: Harichandan Arakali Assistant Editor: Varun Aggarwal DEsign Sr. Creative Director: Jayan K Narayanan Art Directors: Binesh Sreedharan & Anil VK Associate Art Director: PC Anoop Visualiser: Prasanth TR, Anil T Sr Designers: Joffy Jose, NV Baiju, Chander Dange & Sristi Maurya Designers: Suneesh K, Shigil N & Charu Dwivedi Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, CIO, Pidilite Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, CIO, Cairns Energy

14 A question of answers

14 | Tough To Get The Right People

Rajiv Kaul, CEO, CMS Infosystems talks about his strategies and how successful he’s been so far as a CEO.




01 | Editorial 08 | Enterprise Round-up

advertisers’ index

40 | next horizons: E-Commerce Drives B2B Innovation Mobile payments to grow at a much faster rate. By

44 | NO holds barred: Sophie V. Vandebroek, CTO, Xerox, talks about the lessons learnt from her experience at Xerox .


IFC 05 07 11 13 17 IBC BC

Sales & Marketing National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger (9818860797) GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 Editor: Anuradha Das Mathur For any customer queries and assistance please contact

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

Kristy J. Folkwein

The Chief Technology Officer Forum

cto forum 07 august 2011


I Believe

By Jay Kerley Corporate Vice President and CIO, Applied Materials Inc. The author has led Fortune 500 companies through massive change initiatives including worldwide consolidation of technology and support services.

Collaboration is User Driven Users will find tools and

techniques to collaborate even if you don’t provide them any.

STRATEGY Collaboration is the need of the hour. You need to have a strong vision and roadmap around collaboration otherwise your users would get there anyway. They’ll use external tools and capabilities like social networking and personal mail to drive collaboration and efficiency. As a CIO, you need to be a part of this collaboration otherwise


cto forum 07 August 2011

The Chief Technology Officer Forum

current challenge to build natural and easy interfaces for collaboration so that they come naturally to users.

you’ll have information management and security challenges which could be hard to overcome. The ability to collaborate electronically has been complex. Sending, forwarding and storing data in order to collaborate is extremely cumbersome and users need to collaborate in real time. You need to build natural and easy interfaces for collaboration so that they come naturally to users. The collaboration environment needs to be always-on with simple streamlined interface that is not over engineered and doesn’t put burden on the users. As a first step into our collaboration strategy, we recently went for virtual desktop infrastructure with the deployment of CAD software over thin clients. Not only does this environment increase the performance by over 60 percent, it also allows us to extend it to other countries and allow near real time collaboration. Previously, in order to do 3D design collaboration, we had to send file as large as 4-5GB and the other person would then have to spend time, downloading it, then work on it, and then send it back. This process would typically take several hours and even days. Now, multiple engineers across locations can work on the same file without having to download it and collaborate in real time. This has increased productivity by over 10 percent as now, we can work 24X7. Engineers can also work from home, giving them flexibility. While the project cost was high, we were able to benefit from it since we were able to cut cost by maintaining a single instance of data, reducing the need to store multiple copies of the these huge files in multiple locations, which also led to data integrity management costs. Also, with this project we consolidated our five global data centres into two that also led to significant cost savings.

Now, align your data centre architecture to your business needs in just seconds 5 4


1 3

2 Management 1 Cooling 3 Physical security End-to-end monitoring A single-seat view Rack-, row-, and and management for monitoring and room-based cooling software for greater surveillance options for greater efficiency and availability efficiency

4 Power Modular power distribution and paralleling capabilities on UPS for loads from 10 kW to 2 MW

Only APC by Schneider Electric InfraStruxure adapts quickly to your specific business needs Introducing Next Generation InfraStruxure

Whether you have just acquired a new company or must increase its ever-expanding customer or inventory database capacity, you’re most likely facing pressing demands on your company’s IT infrastructure. Your existing data centre infrastructure may not be able to handle these up-to-the-minute changes. That’s where APC by Schneider Electric™ steps in with its proven high-performance, scalable, data centre infrastructure. As the industry’s one-of-a-kind, truly modular, adaptable, and ‘on-demand’ data centre system, only InfraStruxure™ ensures that your data centre can adapt effectively, efficiently, and, perhaps most important, quickly, to business changes.

InfraStruxure data centres mean business

We say that InfraStruxure data centres mean business. But what does that mean to you? The answer is simple. A data centre means business when it is always available, 24/7/365, and performs at the highest level at all times, is able to grow at the breakneck speed of business, lets you add capacity without waiting on logistical delays (e.g., work orders), enables IT and facilities to keep pace with the business in a synchronized way, continues to achieve greater and greater energy efficiency — from planning through operations, is able to grow with the business itself, and supports — instead of hinders — business.

The triple promise of InfraStruxure deployment

InfraStruxure fulfils our triple promise of superior quality, which ensures highest availability; speed, which ensures easy and quick alignment of IT to business needs; and cost savings based on energy efficiency. What better way to ‘mean business’ than to enable quality, speed, and cost savings — simultaneously?

Classification of Data Centre Operations Technology (OT) Management Tools

> Executive summary

Contents 1 2 7 7 9 10

5 Rack systems Any-IT, vendor-compatible rack enclosures and accessories for high densities

The flexibility of the InfraStruxure architecture: Turn any room into a worldclass data centre. InfraStruxure

can be deployed on its own as a modular, scalable, customized solution that’s easy to design, build, and install for small and first-time data centre environments.

Extend the life of your data centre. Existing data centres can

add on InfraStruxure components to existing architecture and, for increased value, use our management software.

Scale up with step-and-repeat modular architecture for large data centres. Medium/large

environments can deploy InfraStruxure as a zoned, pay-as-you-grow, scalable architecture solution.

Discover which physical infrastructure management tools you need to operate your data centre… download White Paper #104 today! Visit Key Code 93839t Toll Free 1800 4254 877/272

©2011 Schneider Electric. All Rights Reserved. Schneider Electric, APC, and InfraStruxure are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. email: • 132 Fairgrounds Road, West Kingston, RI 02892 USA • 998-5037_IN

LETTERS CTOForum LinkedIn Group Join close to 700 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:



Techno logy for Growth and

Gover nance


July | 21 | 2011 Volum e 06 | | Rs.50 Issue 23





Shrika nt Kulka CIO, KPIT rni

Sr VP &


Own Riud at sk, Pace

Cummin s Infosyste ms



| HOW ’S

Top 5 Mistak on the es CIO BEST OF



’s Resum e





INTERNA L AUD IT? e 06 | Issue 23


A 9.9



n groups?mostPopular=&gid=2580450





Friend6 is Your and Your Fo e PAGE 35

An insigh network t into how po manage and private wer, cooling clo d inside , the da ud can best ta centr be e. |

Some of the hot discussions on the group are: The Cloud is all air and no substance Do you think cloud is going to die a quick death of SOA or is it going to make big headway into the enterprise? Is it old wine in a new bottle? What does it lack in making a convincing case?


What are the attributes of a good CTO? What are the prerequisites for a CTO role ?

I see the CTO's role as that of a technology leader bridging the gap between the commercial requirements of the enterprise and the technology support of those requirements. An effective CTO should be able to guide the efficient implementation of IT strategy of the business.

Its real and all about today and tomorrow. However, you have to bring it back to a realistic service that gives tangible benefits. There are a great deal of 'cowboy' stories and not many who really understand it.

—Ronald Kunneman, Director at Digitra

cto forum 07 August 2011

The Chief Technology Officer Forum content/%E2% 80%9C-futurelooks- promising %E2%80%9D

Striking the Right Balance

As the CFO encroaches upon the CIO’s turf, there is a need to strike a fine balance between their roles. “The CFO is the choice person of the management. He has close proximity to the CEO and the board of directors.” To read the full story go to:

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.


In a conversation with Yashvendra Singh, Abhilesh Guleria, Country Head- Multimedia Product Group and IT Platform Business, NEC India, reveals how NEC is making its presence felt in India.


RIChard WArd, Head of Technical, WIN Plc

Send your comments, compliments, complaints or questions about the magazine to

CTOF Connect J S Puri CIO, Fortis Healthcare

Tough Cabling makes Life @ Datacenter Easy!!

Even Knots, Twists and Turns do not affect the network connection speed

F2 Category 6 UTP Cables:

A Unique design from Schneider Electric ensures highest level of copper connectivity even in the most cluttered Network environments of Data Centers and ITeS Industry. It effectively maintains the data transfer speed by reducing return loses, thus helping network run smoothly.

CUSTOMER BENEFITS 1. Improvement in return loss, maximizing cable balance and minimizing echo to enhance overall channel performance 2. Provide superior headroom for most robust network & applications e.g. Gigabit Ethernet,broadbandvideo, 3D imaging and other multimedia applications 3. Minimize additional workload for cable installation, termination, and re-work 4. Longer product life and higher product reliability

PRODUCT FEATURES 1. F² Construction separator form virtual shielded compartments to ensure all four pairs of wires are being properly partitioned off and in good separation for optimum NEXT performance 2. The nonmetallic will not introduce additional electrical ground issue 3. 23 AWG conductors for improved Insertion Loss performance 4. Fully compliant to TIA/EIA 568B Category 6 and ISO/IEC 11801 Class E Standards 5. UL Listed CM Fire rated

Bend Insensitive

High Speed

Schneider Electric offers Actassi and range of Network Connectivity Solutions


DIGILINK | General Tel.: 0124 4222040 MTNL BSNL Toll Free: 1800 180 1707 | Airtel Toll Free: 18001030011

Tough Cabling




Windows 7 Will Be Running on 42 Percent of PCs Pg 10

illustration by Shigil N


India has highest market penetration for Gmail 27 percent of Google+ visitors are

from India.

Data released by comScore shows that the market penetration of Gmail in India stands at 62 percent, which is highest in the world. The second highest figures are from Brazil, where the figure stands at 41 percent. The corresponding figure for the US is 29 percent. ComScore’s vice-president for Industry Analysis, Andrew Lipsman, said, “Penetration is defined as the percentage of total home and work Internet users who engage in a particular behaviour. I am not surprised that India is the leader for Gmail penetration given the market’s general affinity for


cto forum 07 August 2011

The Chief Technology Officer Forum

Google-branded products and services.” Gmail’s success in India has also led to rise in the popularity of Google’s newly launched social networking site, Google+. According to comScore, 2.8 million or about 27 percent of Google+ visitors are from India. The maximum numbers of unique visitors are from USA, where the figure stands at 5.3 million. The statistics from comScore also reveals that 867,000 people in the UK visited Google+ during the first 21 days of public existence, putting the country in third place behind the US and India.

Data Briefing

48% Android’s global share in handset market.

E nte rpri se Round -up

They Sanjay Jha Said it Motorola CEO confirmed to Investor Conference that the company isn't opposed to WP7. He believes the mobile patent wars will settle down

illustration by anil T

“I think we’re completely open to the notion of Windows as a platform. Clearly, all of our focus today is on Android.” —Sanjay Jha, CEO, Motorola Mobility

LifeSize Introduces LifeSize Passport Connect Leverages both Logitech and LifeSize technology. STRATEGY LifeSize, a division of Logitech, today announced LifeSize Passport Connect, an HD video conferencing system optimised for cloud-based platforms with plug-and-play technology and a price that can enable broader deployments for telecommuters and remote offices. LifeSize Passport Connect is the first product that leverages both Logitech and LifeSize technology. Combining features and capabilities from LifeSize Passport, the industry’s leading price performance and interoperability endpoint, LifeSize Passport Connect includes a Logitech HD camera and delivers a video and audio experience that’s open and interoperable. Today, cloud-based platforms are poised to expand the video conferencing market from the SMB to the enterprise, changing the way businesses use HD video collaboration. LifeSize Passport Connect is specifically designed to provide a simple user experience when communicating through cloud-based platforms. Because the product also works with SIP-based IP PBX systems, customers can enjoy a plugand-play, high quality user experience.

Quick Byte on MOBILITY

Nokia India, the Gurgaon Traffic Police, the Millenium City Welfare Society, and Denave India have joined hands to launch a traffic management project called ‘3rdEYE’ in Gurgaon. The project is aimed to leverage technology as an enabler to curb traffic disruption in the satellite town. The Chief Technology Officer Forum

cto forum 07 august 2011


illustration by Shigil N

E nte rpri se Round -up

Windows 7 Will Be Running on 42 Percent of PCs Improvements in IT budgets are accelerating Windows 7 deployments.

Windows 7 will become the leading operating system (OS) worldwide in the PC installed base, running on 42 percent of PCs in use by the end of 2011, according to Gartner, Inc. Gartner's latest PC OS forecast shows 94 percent of new PCs will be shipped with Windows 7 in 2011. "Steady improvements in IT budgets in 2010 and 2011 are helping to accelerate the deployment of Windows 7 in enterprise markets in the U.S. and Asia/Pacific, where Windows 7 migrations started in large volume from 4Q10," said Annette Jump, research director at Gartner. "However, the economic uncertainties in Western Europe,

political instability in selected Middle East and Africa (MEA) countries and the economic slowdown in Japan after the earthquake and tsunami in March 2011 will likely lead to slightly late and slow deployment for Windows 7 across those regions." Gartner's forecast assumes that Windows 7 is likely to be the last version of Microsoft OS that gets deployed to everybody through big corporatewide migration. In the future, many organizations will also use alternative client computing architectures for standard PCs with Windows OS, and move toward virtualization and cloud computing in the next five years.

Global Tracker

Growth of E- Coupons

In June, 4.6 million Internet

home or work computer. 10

cto forum 07 August 2011

The Chief Technology Officer Forum



Source: comScore

users in India aged 15 and older accessed the Coupons category from a

"By the end of 2011, nearly 635 million new PCs worldwide are expected to be shipped with Windows 7. Many enterprises have been planning their deployment of Windows 7 for the last 12 to 18 months, and are now moving rapidly to Windows 7," Jump said. Shipments of Apple iMacs and Mac OS share on new PCs have seen increases in the last 12 months. Mac OS was shipped on 4 percent of new PCs worldwide in 2010 versus 3.3 percent in 2008. Mac OS is forecast to be on 4.5 percent of PCs in 2011, and grow to 5.2 percent of new PCs in 2015. Shipments will grow stronger in mature markets where consumers are buying into the Apple product ecosystem. "The adoption of Mac PCs and Mac OS is a result of Apple's ability to grow well above the market average in the last 12 to 24 months, thanks to its ease of use from the user interface (UI) point of view and ease of integration with other Apple devices, such as the iPhone, iPad, iPod touch and the existing Apple ecosystem of applications and programs," Jump said. The Mac OS share still varies greatly by region, as Apple has much stronger presence in North America and Western Europe. The fastest growth is expected to happen in selected emerging countries, where Apple and Mac OS are growing from a small base. Linux OS is expected to remain niche over the next five years with its share below 2 percent because of the remaining high costs of application migration from Windows to Linux. In the consumer market, Linux will be run on less than 1 percent of PCs, as Linux's success with mininotebooks was short-lived and few mininotebooks are preloaded with it today. Gartner does not expect Chrome OS, Android or webOS to get any significant market share on PCs in the next few years. Analysts believe that to get any consideration as an alternative for a traditional PC, lighter OSs will first need to get strong positions on emerging client devices such as Web books and media tablets. Even then, it is unlikely that they will have any impact on Microsoft and Windows OS's hold on positions on traditional professional PCs in the time frame of the current forecast. This is because of application compatibility issues and the high proportion of Windows-specific applications within many enterprises.

E nte rpri se Round -up

photo by

IBM Announces New Innovation Lab To help clients capitalise on new opportunities.

IBM has announced the creation of the Services Innovation Lab (SIL), a new global lab that will initially comprise about 200 technology experts handpicked from around the company. The lab will accelerate the expansion of real-time analytics and software automation in both IBM's technology services offerings and its global services delivery capabilities. The SIL will operate out of IBM Research’s Labs worldwide, including New York, California, China, Israel, India, Switzerland and Brazil.

The SIL significantly expands IBM's nearly 10-year-old services research program by bringing together services, research, software developers and industry experts from around the company to focus initially on the creation of services software applications for cloud computing, analytics and mobility. IBM invests more than $6 billion annually on research and development and employs about 3,000 researchers worldwide, with about a third of them focused on services and analytics. “Our singular focus is to help our clients capitalise on technologies that solve problems and create new possibilities,” said Mike Daniels, senior vice president and group executive, IBM Services. “Creation of the Services Innovation Lab demonstrates how we at IBM differentiate our capabilities vs. competition. We harness the best of what IBM research and development can deliver in science and engineering to help our clients be more innovative.” IBM researchers, developers and other technical experts who will participate in the SIL have an array of credentials, including development and client experience in computer science, software, security and compliance, data mining, storage, computer systems, user interaction and cognitive sciences. The central mission of these elite researchers and developers is to turn the intellectual property created during client engagements into software – thereby making it easier and faster to replicate a solution to thousands of engagements around the globe. “The Services Innovation Lab is creating a research environment that leverages advances in services science, analytics and cloud computing to create innovation that matters for our clients anywhere in the world, said Mahmoud Naghshineh, VP and Director, IBM Services Innovation Lab.

Fact ticker

Scientist of Indian origin designs Nano-batteries To help

in smartphones, notebooks and tablets. Researchers led by Pulickel M. Ajayan at Rice University, USA, have managed to package lithium ion batteries into a single nanowire. Pulickel M. Ajayan did his B. Tech in metallurgical engineering from Banaras Hindu University in 1985, India and Ph.D. from Northwestern University US in 1989. A nanometre is only one billionth


cto forum 07 August 2011

of a metre, if a source of power can be packed in such a small space, then mankind could have found the valuable power for new generations of nanoelectronics. The team’s experimental batteries are about 50 micrometres tall, as thick as a human hair and almost invisible when viewed edge-on. In a university statement, Arava

The Chief Technology Officer Forum

Leela Mohana Reddy, study coauthor and research scientist, said, “The idea here is to fabricate nanowire energy storage devices with ultrathin separation between the electrodes.” These batteries are scalable, as theoretically any nanowire energy storage device can be as long and as wide as the template allows. A r e a s o n a b l y g o o d c a p a city is being detected from nanowire devices. The researchers are finetuning the materials to increase their ability to repeatedly charge and discharge, which now drops off after about 20 cycles.

Peace Game


o most of us a video game would conjure the impression of adrenalin packed entertainment, where you blow up entire spaceships full of evil aliens, and battle all kinds of monsters. However, new age guru Deepak Chopra seems to dwell on some other kind of video game. His idea of a video game is of something that is so serene and peaceful that it will help people relieve stress and achieve inner harmony. With that lofty ambition in mind, he has spent the last three years, designing a video game called “Leela.” This game uses the ancient Hindu system of Chakras to teach gamers how to achieve a peaceful and focussed state of mind. THQ is the publisher of the game, which has been developed by Curious Pictures. Leela is set to make a debut in November and it is being marketed under the tag line – “A journey into the self.” You will need Microsoft's Kinect system for Xbox 360 or Nintendo's Wii console to have a soothing tryst with Leela. Incidently, the word Leela means “play” in Sanskrit. The game subsumes 43 interactive exercises that focus on the seven energy centres of the human body. Naturally, Deepak Chopra’s spiritual teachings and philosophies have a central role to play in the game.

ANALYTICS Drive more value.

Par for the course won’t differentiate you. With SAS Analytics, you can increase profits, reduce risk, predict trends and continuously improve the way you work. Decide with confidence. ®

Scan the QR code* with your mobile device to view a video or visit for a free Harvard Business Review report.

For more information please contact

*Requires reader app to be installed on your mobile device

SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. © 2011 SAS Institute Inc. All rights reserved. S75378US.0611

A Question of answers

R a j iv K au l

Growing Challenge: There is a lot of opportunity for growth but profitable growth is very difficult in India.

What were the key challenges that lay ahead when you joined CMS? IT industry is really difficult to work in India. When we joined, we had the downturn. I had customers who said, if we didn’t reduce the prices by 20 percent, they’ll go away. We weren’t even making 20 percent profit. But I decided to save jobs at that moment and took a hit to retain the customers. Now, that we’ve come of the downturn, salary and other expenses


cto forum 07 August 2011

The Chief Technology Officer Forum

(fuel, rentals etc) are growing much faster than what the customer is willing to pay you. So, we’re under pressure to manage margins. Inflation is the biggest issue we’re dealing with. There is a lot of opportunity for growth but profitable growth is very difficult in India. Secondly, if you want to work in a clean manner with the right ethics, right governance, it is extremely difficult to work in India. I don’t know how long that will take to get

fixed. That is the biggest challenge that any entrepreneur. Which is the loss making unit in CMS? For the last year, we made losses in the IT training business. When the downturn hit, we had a lot of centres paying high retail rentals and as there not many jobs, students went down but we continued to have high operation costs like advertising, real estate, employee salaries etc.

R a j iv K au l

A Question of answers

Rajiv Kaul | CMS Infosystems

Tough to get

The Right People

Rajiv Kaul, CEO, CMS Infosystems joined CMS two years ago to do a turnaround of the company. In a discussion with CTO Forum he talks about his strategies and how successful he’s been so far. To renegotiate rentals etc takes time. However, this year, it should be fine. What were the initial bricks put together to get the right talent? Challenge for any venture is getting the right people. I had started working on it, 3-4 months before the acquisition. Yet I wasn’t successful because of the downturn since people didn’t want to move to a new company and take risk. So, instead of

hiring senior people, I gave a set of parameters to the existing team and asked them to rate themselves on those parameters over the next two to three months. I told them whatever they’ve done in the past would not be taken into consideration. I also brought in a lot of young talent and set out these people to undertake some of the very important projects we needed to do. They had a lot of energy and passion and have been highly successful in the

last couple of years. We’ve also promoted them to senior positions. One of them is now heading the sales for our ATM business. He just had about an year’s experience before joining us two years back. Meanwhile, I kept looking for senior people. My first hiring need was that of a CIO because my systems were not in place. We needed someone who had experience in multiple verticals and we found Nitin Aurora who had worked in many different The Chief Technology Officer Forum

cto forum 07 august 2011


A Question of answers

R a j iv K au l

“The toughest job for me was how to take a 35 years old company with deep values and culture most of which is good but some of it needs to evolve.”

industries including cash management industry and insurance. Next we needed a HR head as we have 12000 white collar workers and 12000 blue collar workers who also had unions. So we needed someone to manage that. We similarly brought in someone with a varied industry experience. The toughest job for me was how to take a 35 years old company with deep values and culture most of which is good but some of it needs to evolve. Doing that change was one of the toughest challenge for me. Moreover, I had to be very careful in bringing in new senior people in the company as everyone has his own style of working, which could potentially upset the existing company culture. We had to be careful in preserving the existing culture by ensuring we’re not very disruptive with new ideas. How do you take people to the next level? How do you groom people? I spend a lot of time with people and make sure that these new senior people are grooming their subordinates. I personally go on both service calls as well as sales calls with our people. My people have more


cto forum 07 August 2011

access to me than my family. So we keep coaching people and engage with them proactively. We encourage people to take responsibilities and ensure that in case they fail we have ways to manage the situation. It is important to empower people to take responsibility. Let them report back on what they are doing but let them take their own decision and handle situation on their own. You need to allow good people to make mistakes and learn from them, instead of firing them for the first big mistake they make. How has the company turn around worked compared to what you expected it to be since the year 2009? The turnaround has been below my expectation and I don’t think it’ll ever cross my expectation because I believe in setting the bar very high. But on a realistic sense, we lost a lot of time during the downturn. The customers negotiated hard during the downturn and in order to retain the customer and their long kept relationship with us, we had to take a hit. But in some of our businesses like the cash management business, it went beyond our expectation because

The Chief Technology Officer Forum

things I Believe in It is important to empower people to take responsibility.  ou need to Y allow good people to make mistakes and learn from them. Input costs are growing much faster than what price the customer is willing to pay.

the overall sector has done well. However, in any business today, every sector and every industry is suffering from margin pressures because input costs are growing much faster than what price the customer is willing to pay. And when the downturn ended, customers didn’t do a renewal at a much higher price because corporate buying had a fear of what happened last year but my employee costs etc went up and it was really difficult to manage this issue. Overall from the complexity of what we are trying to manage, we did some good investments. We setup our own NOC, we’re getting some good customers, we are getting Indian customers to start migrating to a remotely managed service, we got in good talent. We are pretty comfortable where we are but there is still challenge in managing profitable growth. Don’t you find it challenging to compete against pure play managed services player in the market? Before we did any investment we hired IDC to do a survey among our customer to understand how we were doing. The first thing that we found from the study was that the customers found us dependable and trustworthy. They felt we were there whenever they needed us. Second parameter was how did they find our pricing and we saw that most of them found us offering value for money. Therefore we realised it was very important for us to maintain low cost. That’s why we make sure we spend money very cautiously instead of being flamboyant. Third was we had been there for long. Considering how many companies shut shops in last two decades in the IT industry, for the customers our brand that has stood over these years was very important. Now, we compete with Wipro, IBM, TCS, HP and HCL. We are not end to end market player. We are very focused domestic market player. So, people like us and trust us for that. Compared

A Question of answers

R a j iv K au l

to some of these companies, who have both infrastructure as well as application offering, we just have infrastructure offering. Our entire company culture is that of infrastructure management company and it is really difficult for me to get into application. So, if I get a good acquisition opportunity in the application management space, I’ll go ahead and do that. But changing the company culture is a risk that I don’t want to take. India is largely an infrastructure market but a lot of decisions these days are being made at the application layer. So, we are trying to be end to end in the infrastructure management space. So, a lot of time and investment is going into setting up a NOC. In the total outsourcing deals that are led by the application layer, we are partnering with several companies that are weak on the infrastructure side. There are enough companies focused only India and have only application offerings and nothing in infrastructure. There are many large companies that can do infrastructure but it is not profitable for them.

The services market in IT is highly fragmented. The only company dominating is IBM. There is enough space for growth for us in the market. How are you addressing the government business? We are not targeting government deals directly and have decided to allow our partners to frontface the deals. We are keeping out of state governments because it is a very volatile market with a lot of transparency issues. However, we are going with application partners for central government deals. Where do you see yourself going forward? In the next five years, I would like to see CMS as a large trust worthy institution established with corporate governance and ethics. In terms of growth, we expect to grow to the size of 2,000 crores in the next 2-3 years. We may go to the international market or look at an acquisition. We

are currently about 800 crore company. Internationally, we can go out for RIM but not all businesses. For all of our businesses we have an opportunity to move up on the value chain and also go horizontally on the value chain. For eg. Printing as we see today is a good business but ten years later it could be a very different business. So, we need to do things like document management etc to move up the value chain in printing business. I’m very bullish now to get into the public sector, which we neglected so far as it was very difficult to crack those deals. While some of our competitors outsource work, we don’t do that and that remains one of our USPs. We’ll continue to focus on large customers who have operations across the country and offer them good service in not just the metros but every location. We currently have about 500 customers. We’ll now consolidate our business and focus on our core areas of business.

Features Inside

Talking IT Transformation Pg 22

Best of


Is it Possible to Achieve a Return on ITIL? Pg 23

illustration by anil T

CIOs Should Earn More Money and Respect Pg 26

The 5 Key Reasons % Why IT Initiatives Fail

Data Briefing


telecomuters say they are more productive in their home office


cto forum 07 August 2011

People often jump into new projects without a clear understanding of what it is going to take leading to failure. By David Mainville


omeone on Twitter recently asked me, “What are the 5 main reasons IT Service Management projects fail." I really didn’t have to give it much thought. After 30 years practicing ITSM the reasons are pretty much top of mind. So I quickly rattled off the following: The Chief Technology Officer Forum

1.No plan 2.Unrealistic expectations 3.Skepticism 4.Poor requirements 5.Not doing the hard work The more I thought about it the more I realised that these items are not unique to ITSM at all. They

m a n ag e m e n t


Larger the enterprise the more unique requirements there will be. Skipping over these requirements will only lead to a poorly implemented process. can apply equally well to any endeavor, whether it’s implementing a new IT system, rolling out a business process, or something more personal, like embarking on an exercise program. People too often jump into new projects without a clear understanding of what it is going to take. When the project fails they point to external reasons such as “the tool doesn’t work” rather than looking inwards. Maybe this behavior is part of the “Human Condition”, however with a little focus on the following five points, your chances of completing any project successfully will rise dramatically (for argument's sake I'm going to focus on that which I know best: ITSM projects): 1. No plan - Would you build a house without a set of blueprints? So why is it that so many companies embark on an ITSM program without a detailed plan? A good ITSM plan should address issues such as awareness, organisational change, process development, tool selection and implementation, employee training and most importantly on-going process governance. The more detailed the plan the easier it will be to justify the effort involved.

newly designed process has to be implemented in a tool -- and don’t underestimate how long that takes. Once implemented you have to train the stakeholders and roll it out and then deal with the fallout from the people that have to actually use it, etc., etc. The larger the enterprise the more unique requirements there will be. Skipping over these requirements will only lead to a poorly implemented process. 3. Skepticism – How many times have you heard “we have tried that before, it will just fail again” when approaching management or colleagues about improving IT processes? You cannot underestimate the importance of getting people on board. Lack of support, regardless at what level in the organisation, will completely undermine the program. I’ve seen managers publically support a program while refusing to allow their staff to participate, and then complain because they were not “involved” in the design. One of the best ways to fight skepticism is not to over commit and to deliver on what you promise.

4. Poor requirements – There has been a recent trend towards trying to implement ITSM tools “out of the box.” The theory 2. Unrealistic expectations – I am still goes something like “the tool is based on shocked when I hear about companies ITIL, we use ITIL so, therewanting to implement 12 profore, we won’t have to change cesses in 12 months. There anything.” With perhaps the is a lot of work involved in exception of smaller IT organidesigning and implementing sations this couldn’t be further a process. You need to review from the truth. what’s in place and you need CIOs to move Let me ask you a question to get the new requirements more than half “Is your organisation out of from all the stakeholders. their institutions' the box?” Inputs, outputs, roles, Ask yourself the following responsibilities, activities, tasks, transactions to questions: How will the users metrics and policies all have to cloud by 2015 be defined? What are the be defined and agreed to. The


notification groups and rules? What are the workflow requirements? What are the escalation rules? What are the reporting requirements? These things are seldom “out of the box” and need to be documented and the ITSM tool tailored to accommodate. Bad requirements lead to a poor ITSM tool implementation. 5. Not doing the hard work – Designing a process is one thing, making sure people adopt it is another. I like to call it “walking the talk.” Take incident management, for example. For that process to be effective it starts with people actually entering good incident data. There has to be good categorisation of the incidents. Escalation needs to be followed. Incident aging needs to be tracked and followed up on. Metrics need to exist and corrective action needs to be taken. This is where the rubber meets the road, it is where the hard work lies, and no tool is going to do it for you. Governance of the process is every bit as important as having documented processes and an implemented ITSM Tool. While these are my top five reasons I am sure everyone has their own stories to share. What are some of the things that have impacted the success of your ITSM program? Get in touch. I would love to hear them. —David Mainville is CEO and co-founder of Consulting-Portal, an ITSM consulting and ITIL training company focused on helping Fortune 500 and mid-size companies assess, design and implement robust ITSM processes. — This article has been reprinted with permission from CIO Update. @ To see more articles regarding IT management best practices, please visit www.

The Chief Technology Officer Forum

cto forum 07 august 2011



T r a n s f o r m at io n

Talking IT Transformation

Policy-makers and users can operate their state government IT as a 21st century infrastructure. By Ken Oestreich


hink your enterprise is challenged as it struggles to move toward IT-as-aService and a shared IT services model?   It seems that state and local governments are also trailblasing as well. Recently I had the honor of spending a morning in EMC's Executive Briefing Center with various members of a state legislature - and members of their IT staff - looking to learn more about their investment in a Vblock, and how it could enable a shared services infrastructure that could save them millions of dollars while upping services to citizenry. This was not a technical crowd in the least. These were state representatives with constituencies who cared about things like better services and lower-cost government. But they wanted to know that they'd chosen the right horse, the right technology. But what was fascinating was nobody wanted to drill into the technology... or even really get educated about it.  Rather, they were simply acutely aware of the opportunity to save money while upping service.  They knew that government agency data centers were siloed. They realised how long it took to deliver new IT services.  They acknowledged how un-integrated inter-departmental state data was. But they all wanted to be part of the solution, to get the rest of the legislature to a point of appreciating the opportunity before them. The notes I took might sound familiar: Where do we start?  VDI sounds like a shoe-in. But after that, which departments, offices and data centers should become part of the shared-services model? [What workload migration and ROI model should they adopt?] If we do end up saving money, there's the risk that the savings


cto forum 07 August 2011

The Chief Technology Officer Forum

will be taken away from us - how do we ensure it's plowed-back into innovating and creating higher-level services? [How to meter IT costs? What higher-level services could be proposed to the lines-of-business? How to facilitate IT educating departmental management in what


I t s e r v ic e

users that they can in fact operate their state governnew opportunities are available?] ment IT as a 21st century infrastructure. Every office and department feels like they have a The other good news is that this state is not the first "special IT need" that only their own data center can to make this transition. A very good initial resource, for provide. Is that really true? [How to illustrate the verexample, is from the Center for Digital Government satility of a cloud environment? How to guarantee difrise in mobile - their paper on IT-as-a-Service for State and Local Govferentiated SLA's?] payments ernment which gives a number of very good examples With a shared infrastructure, how do we ensure that senof state governments taking the right steps for the right sitive information (e.g. the Highway Patrol department) worldwide in rationales.   There is also an excellent paper published is kept secure from prying eyes of other parts of IT... and 2011 by the US Department of the Interior and their IT indeed, other parts of the state government? [How to illusTransformation plan. trate multi-tenancy? security? auditability?] Stay tuned on more of what IT Transformation How can we ultimately simplify the government makes possible, and how to migrate to a service-based IT organisaexperience for citizens? e.g. Reduce paperwork for driver's licenstion.... ITaaS. ing? Work permitting? Unemployment applications?  [How to go about merging and analysing structured and semi-structured data from diverse sources?] While this was not the forum to solve the problems, by the end —The author is a technology marketer, an EE by training, enlightened a bit of the morning we were all happy to have the issues laid-out on the with an MBA. He's spent lots of time at early stage companies, as well as table for discussion.  And to have educated the policy-makers and Sun Microsystems, Cassatt and Egenera.


Is it Possible to Achieve a Return on ITIL? Yes, but you have to look at the right metrics and set a baseline. By Augusto Perazzo


here has been quite a few arguments in trying to prove or debunk that ITIL can produce any kind of ROI. The pragmatic answer is: Yes it can, but not as easy as ITIL guidance can hope for. Let’s step back and define what ITIL is. A simplistic view is that ITIL is a set of best practices that seek to improve the management and delivery of IT services. Like most best practices or processes guidance, it has been put together by drawing from the collective experience of practitioners and organisations that have tried to solve the IT efficiency problem in the past.

ITIL's first version was developed in the 1980s on behalf of the British government. Thus ITIL v3, released in the summer of 2007, is an attempt to integrate and systemise best practices that have been previously loosely applied to the IT service management (ITSM) domain within the last 25 or so years. When looking at improving IT service management there are then two main options: try to figure out an effective way in isolation or to leverage an existing framework such as ITIL (which has been adopted and tested by thousands of organisations worldwide). Chances are that ITIL will provide better odds to the challenge.

ITIL ROI ROI has the following components: Cost of investment (COI) and results of the investment. A positive ROI, which we seek, means that the results should be larger than the investment. Cost of implementing ITIL is the investment and the ITSM improvements we seek are the results. The challenge then becomes the quantification of ITIL costs and IT service improvements. ITIL costs are anything and everything you will spend in order to design and implement your custom ITIL solution, including any tools, internal resources and external help. The technical aspects of an ITIL implementation are relatively easier to The Chief Technology Officer Forum

cto forum 07 august 2011



i t s e r v ic e

illustration by PC Anoop

Most organisations do not have a clue about the true cost of their current ITSM practices. The assessment is easier because after an ITIL programme you should be better equipped to do so. estimate and carry on; organisation change management is where the devil works! Any process improvement program, which an ITIL implementation surely is, will carry a high and usually hidden cost for change management (efforts to bring people on board and provide them with the willingness, abilities and capabilities to succeed and to follow and leverage the ITIL based processes). Your ROI calculation must include a good chunk of change for that part of the investment. Most ITIL implementations fail because little attention is given to the devil’s playground.

IT service improvements To know how far you have traveled, you need information on both the departure point and the destination you have reached. Once you reach a destination, it is relatively easy to quantify where you are: How much time and thus FTEs and thus money your organisation spends on managing and delivering IT services. The problem is in baselining your departure point before you leave. Most organisations do not have a clue about the true cost of their current ITSM practices (or lack thereof). The assessment,


cto forum 07 August 2011

The Chief Technology Officer Forum

once you reach your destination, is easier because after an ITIL program you should be better equipped to do so. Because of this ITIL ROI conundrum, we usually recommend to clients that they embark on a process improvement program -- ITIL or other -- using an iterative and a long-term timeline. For example, improve your Incident management processes first so that you can start collecting meaningful data and measure the cost of incidents and its impact on productivity. Improve IT financial management early so that you can calculate the true cost of IT services and so on. Once you have basic IT performance information that can be baselined, move on to bigger investments. In sum, to determine ROI, you need to define what the cost to deliver IT services is today, what the cost of the investment to improve is and what the cost to deliver IT services will eventually be once you reach your destination. Most organisations with more mature policies around program funding will require a business case before approving the journey. Nonetheless do understand that this is only an estimate as you will not know for sure how much the investment will cost you and

how much the future cost of delivering IT services will be once you are done. Make sure you have several waypoints defined between your departure and final destination and leverage the lessons you learned from these small trips to calibrate the remainder of your journey. Comparing the estimated ROI for these waypoints to the actual ROI and the causes for discrepancy can provide much valuable information on how to go about the rest of the program and how to reset expectations. Augusto Perazzo is a Principal Consultant at PA Consulting Group. Augusto works closely with Business and IT executives to define strategies and operating models, optimise processes and empower people, leveraging the power of information technology to design and deliver better services and products. Augusto has an MBA degree from USC Marshall Business School and holds ITIL and PMP certifications.

— This article has been reprinted with permission from CIO Update. @ To see more articles regarding IT management best practices, please visit


te le worki ng

Telework Works

According to Staples, most teleworkers are happier, healthier and more productive than their office counterparts.

illustration by PC Anoop


eleworkers, defined as people who work from home at least one day a week, are finding their niche as technology and corporate attitudes continue to enable this growing trend. According to a recent survey from Staples Advantage, the business-to-business division of Staples, telecommuters say they feel and work better when working from home. In fact, 86 percent of telecommuters say they are more productive in their home office. As companies become more comfortable with virtural teams and advancements in technology like cloud, broadband availability, VPNs, smartphones, etc. make it easier and easier to be everywhere and no where at once, they are allowing a younger generation of employees to move out of the office and into more flexible work/life arraignments, said Ed Ludwigson, vice president and general manager for Staples Technology Solutions. It's also a good way for companies to expand capabilities and human capital without expanding (and paying for) more office space. This expands their ability to access talent; people who increasingly see no benefit in relocating to do a job and retaining existing staff who need more flexibility in their lives. According to the report telecommuters say they are: Happier and healthier - When asked to draw comparisons, telecommuters said their stress levels dropped 25 percent on average since working from home. Almost one in four, said they eat healthier when working from home. More loyal - Without the trek to the office (a 75-mile round-trip for many respondents) 76 percent of telecommuters are more willing to put in extra time on work and say they are more loyal to their company since telecommuting. Better balanced - More than 80 percent say they now maintain a better work-life balance.

According to Forrester, telecommuting is on the rise; expected to reach 63 million employees in the U.S. by 2016, according to a March 2009 report, U.S. Telecommuting Forecast, 2009 to 2016. The Chief Technology Officer Forum

cto forum 07 august 2011



te le worki ng

Technology Needs In addition to Internet connectivity and access to company networks, key considerations for telecommuters include: Communication tools - Telecommuters said they rely on email (96 percent), instant messaging (68 percent), videoconferencing (44 percent) and unified communications technologies (25 percent) to stay connected. Security - A proactive security strategy can help telecommuters prevent data loss, breaches and viruses, which can be spread to company networks. More than two-thirds of telecommuters said they didn't receive IT security training in preparation for home office work.

Fortunately, many are applying good judgment and security best practices: 95 percent say they install operating system updates right away and 84 percent don't store personal data on their machines. Data backup - Nearly one in three telecommuters say they never back up their data; leaving themselves and their companies vulnerable to data loss. It's important to educate telecommuters on how and when to back up their data. Data backups should be automated and tested to ensure functionality. — This article has been reprinted with permission from CIO Update. @ To see more articles regarding IT management best practices, please visit

CIOs Should Earn More Money and Respect CIO is among the top players on the senior executive team and should be accorded the appropriate R-E-S-P-C-T and a paycheck.

By Bill Gerneglia


illustration by anil T

ow many CIOs do you know that make as much as, say, their company’s COO or CFO. For that matter how many IT chiefs do you know who sit on their company’s board of directors. You can pretty much do the math on one hand. Now a few years ago when chief information’s officer’s responsibilities consisted almost entirely of running the IT shop efficiently, it was difficult -- ok, impossible -- to make the case that they belonged in the top managerial tier in terms of salary or deserved a prime seat at the executive room conference table. That was then. Today CIOs’ responsibilities have grown significantly. Today CIOs are in charge of managing vital outsourcing operations. We’re not talking here about supervising some offshore supplier that is performing basic processing


cto forum 07 August 2011

The Chief Technology Officer Forum



The outsourcing buck stops at the CIOs office, but now the dollars amounts at stake can run into the hundreds of millions of dollars. OK, he provides the CEO and, or the CFO and transaction tasks in Mumbai. Or runwith these same tools, but he’s got to be the ning a help desk in Bangalore. expert here. Today mission critical apps and critical In the top-down days of yesterday, the CIO core functions are being carried out by a ran his little fiefdom as a silo. Now, though, third party supplier offshore. collaboration is becoming increasingly comNow, you might argue that in farming out mon with the CIO at the center of the colIT infrastructure and the like the CIO’s job laborate efforts. become easier. Not so, the CIO must take The good CIO now not only needs to the lead in choosing the supplier, negotiatwork hand in glove with the CEO and ing the deal and supervising the work on CFO, but he must work closely with risk, an ongoing basis. The outsourcing buck compliance  and governance managers; stops at the CIOs office, but now the dollars the CSO as IT security becomes holistic; amounts at stake can run into the hundreds marketing as it gloms on to social media of millions of dollars. to reach out to new customers and the One other note here: The outsourced portbusiness unit heads and responsibility for folio that the CIO needs to oversee continBPO shifts. ues to grow with BPO recently being added Finally, today’s CIO has to be informed to the mix. Traditionally, BPO was initiated about everything from new security threats and managed by business heads and kept to legal concerns regarding to social media separate from IT. No longer. use to SEC rulings on data privacy. This is Not only is the CIO generally in charge in addition to tracking technology trends, of dealing with and supervising ITO, but vendor developments, new cost cutting now he is also in the driver’s seat when it trends and the usual bag of tricks. comes to multi-sourcing and using third This said, I respectfully submit that the party suppliers for cloud computing, vituCIO is currently one of the top three or four alization and the like. And if the cloud players on the senior executive team and vendor loses key corporate data, guess should be accorded the appropriate R-E-S-Pwho is going the be called into the princiC-T and a paycheck to match.  pal’s office. The CIO arguably has a better in-depth view of every Reactions from CIO phase of the corporate operaCommunity: tions than any other top execu1. Agree with your argument. tive  because IT is enterprise During the dot com era many wide. It touches everything, Employees CIOs actually did achieve payand the CIO has the tools, or share too much checks that placed them among should have, -- see analytics the top tier of their company's information in and BI – to A) grasp the big executive ranks - and they were picture and B) to act immedipublic forums seen as possible candidates ately on any change or trend for the CEO's chair. However, that needs addressing. when the bubble burst CIOs


saw their status and paychecks slip back several rungs. One can only hope that if the economic rebound lives up to its promise, CIOs will be able to take the lead and regain some of that lost status. 2. I've long maintained that only 3 execs see the whole firm: CEO, CFO and CIO. And while the CFO sees the vital--but sterile-flows of money, the CIO sees the flows of goods, ideas and processes (within and outside the firm) and so has the greatest opportunity for insight into possibilities. By the way, Financial Services already values IT and often the CIO or Head of IT/Operations is one of the executives in the Proxy. 3. I fully agree that CIOs play a far more critical role these days and deserve more respect + pay. One counter-point I came across recently is that CIOs (and other IT professionals) often tend to "dominate" their end-users with the detailed knowledge of the business processes gained during implementation of key IT systems. This is not appreciated by senior decision makers; Business Managers in the Indian eGovernance are actively seeking to limit this effect. While some of their steps (e.g., frequent job-transfers) may be seen as short-sighted/knee-jerk, this is something we (as IT professionals) need to reflect upon too.

—This article is printed with prior permission from For more features and opinions on information security and risk management, please refer to Infosec Island.

The Chief Technology Officer Forum

cto forum 07 august 2011



Leaders It is probable that a CIO is a born leader but it is certain that leadership traits can be inculcated into any CIO. What is needed is the burning desire to learn.

imaging by Binesh Sreedharan

The never-ending debate on whether leaders are born or made


can finally be laid to rest. At least in the context of the CIO. Technology leaders in the country have proved so. Take, Vijay Sethi, CIO of Hero MotoCorp, for instance. He confesses he was extremely shy and reticent in school and even till college -- attributes one wouldn’t associate with a born leader. Similarly, J S Puri, Advisor, Corporate Affairs, and former CTO, Fortis acknowledges that in his student years he was “aggressive and flamboyant but certainly not a leader material.” However, both of them emerged as true blue technology leaders in their careers. Sethi was to shoulder the responsibility of a project leader while just a Management Trainee, and became a Director when just 39 (people become directors when they are 45-50 years of age). Likewise, Puri started giving leadership lessons to management trainees when he was into his first job. While the debate may have been settled, there are several questions that need answers. What is it that separates hardcore technologists from technology leaders? What are the traits a CIO needs to possess that would make him a leader? How can one inculcate and hone leadership skills? Is there a leadership model that has an exact fit for a CIO? The following pages hold answers to all these questions.

cto forum 07 August 2011

The Chief Technology Officer Forum

INSIDE Leadership Attributes of a CIO Page 30

“A CIO Should be a Collaborator” Page 33

It's Hard Work Not Genetics Page 34

Leadership Reads Page 37

CIO Career Killer: Lack of Influence Page 38






The Chief Technology Officer Forum

cto forum 07 august 2011




Attributes To come across as a true leader, among other things, a CIO needs to be a good communicator, team player and relationship builder. By Yashvendra Singh

of a CIO The term leadership has been widely used. It

may have different meanings in different contexts. For a CIO, leadership entails successfully leading people to manage the IT processes within the organisation for delivering the desired business results. If one goes by this definition of a technology leader, then in India, according to industry experts, there would be just 15-20 percent CIOs that would make the cut. The other 80-85 percent may don the designation of CIOs but their roles and skill sets make them more of IT managers. These top 15-20 percent CIOs possess certain traits that differentiate them from the rest. While there are several such desirable traits, we will focus on those that make all the difference between him being just a ‘CIO’ and a ‘CIO and leader’.

“I made a promise to myself I should be doing a course every year even though it may not be related to my job.” Vijay Sethi

Chief Information Officer, Hero MotoCorp.


cto forum 07 August 2011

The Chief Technology Officer Forum



Honesty and Integrity

Team Building Leadership is also a way of calling ‘we’ not ‘I’ because no leader is successful as an individual. “A CIO is a leader only if he accords due importance to his team. He has to constantly motivate the team for learning. As a leader, he should be open to new ideas and suggestions and should be willing to tryout these suggestions. A CIO is a good leader if he keeps his team associated in the IT plans and their roll outs,” believes S C Mittal, Group CTO, IFFCO. Sunil Rawlani, who has spent close to a decade as CIO and EVP, Business Systems and Technology, at HDFC Standard Life Insurance, had adopted a novel approach for team building. He had started an initiative called ‘Coffee with Sunil’ wherein any team member could approach and interact with him. In addition, he had been a proponent of outdoor activities for employees for building a strong team.

Clear Communication When Puri first stepped into the shoes of a CIO at Far East Technologies, his first assumption was to start talking to the management on enterprise technology.

“If I am negotiating deals, I have to be absolutely transparent, practical and unbiased.” J S Puri

Advisor, Corporate Affairs & Former Chief Information Officer, Fortis.

“For the first couple of days, I kept talking about enterprise technology and what should be done in the organisation. However, when I got to the second and third level meetings, there was no response. It seemed as if I had hit a wall,” recalls Puri. “When I asked them what the problem was, they said ‘J S you are not getting across to us. We just don’t understand what you are saying’. This is exactly the problem.” “From that point onwards, I decided to talk like a non-IT guy. CIOs need to relate to people,” he says. When a CIO talks to his management, he assumes there is a level of knowledge floating around. However, in reality the management could be on a totally different plain. It is not imperative that they have a basic understanding of everything happening around them. A CIO, therefore, needs to be a great communicator and be able to send

his message across to the management, his team and the users within his organisation.

Acquiring Knowledge It is imperative for a CIO to stay abreast with the latest developments, more so as IT is an extremely dynamic sector. With technology changing at a rapid pace, a leader will have to keep pace with it. “There was a time a few years back when a CIO could say that he is the only person who knows technology in the company. Not anymore. Users today know more. Their exposure to technology is much more,” says Sethi. Sethi realised this early in his career. As he says, “I never stopped learning. I did my B. Tech, M.Tech and then went on to do my MBA. In my first job I made a promise to myself I should be doing a course every year even though it may not be related to my job profile.” The Chief Technology Officer Forum

cto forum 07 august 2011


Photos by Subhojit Paul

This is the starting point for a CIO aspiring for a leadership role. He needs to have honesty and integrity embedded in his character. “As a leader, people follow you. If you lack honesty and integrity, people will stop believing you. I can’t go and tell everyone that I am honest and have integrity. It should be reflected in my actions,” avers Vijay Sethi, CIO of Hero MotoCorp. “The best way to show that you are honest and have integrity is to be disciplined. Follow the rules happily, and set examples,” says J S Puri, Advisor – Corporate Affairs, and former CIO, Fortis. “If I am negotiating deals, I have to be absolutely transparent, practical and unbiased,” he says. “Strength in character can be seen in your everyday life. It is just the way you behave with people. If my friend asks for my ipad, I should give it to him the first thing in the morning rather than him reminding me again. This is strength in character.”



This resolve saw Sethi pursuing several unrelated courses ranging from a certificate course on supply chain certification from the US to one on ISO 9000. “The seven-eight courses that I undertook not only enhanced my knowledge base but also helped me in relating to the various departments within an organisation. I still spend time on the Internet and attend leadership sessions, which help in brushing my knowledge. My personal advice to kids is to study for the first 10 years of their career,” he opines.

Photo by Shamik

Building Relationships According to a research by Gartner and Korn/Ferry, by developing people around them, high performing CIOs increase their capability and capacity by developing people all around them. They purposely invest in horizontal relationships which form the

foundation to drive extraordinary results. Echoes, Mittal, “A CIO in a leadership role has to build relationships with users, his own team and with external partners. In today’s time, no person can work in isolation. By sitting in his glass tower without having any touch with reality won’t work.” As CIO of Motherson Sumi Group, Vandana Avantsa makes it a point to spend as much time as possible on the shop floor. “The shop floor is the place where one can strike a rapport with the users, and understand their problems. One can't get to know about issues sitting in the office cabin,” she says.   This thinking has helped Avantsa to come up with innovative solutions. It was during one of her visits to the shop floor that she noticed precious copper (used in wiring harness) being wasted. The result was the deployment of a home-grown soft-

“A CIO in a leadership role has to build relationships with users, his own team and with external partners.” S C Mittal

Group Chief Technology Officer, IFFCO.


cto forum 07 August 2011

The Chief Technology Officer Forum

ware solution that calculated the length of the copper wire. The software sent out an alert when the end of a coil was nearing, thereby enabling the worker to put another coil before it finished. This cost effective solution helped the company in saving 3-4 percent copper. 

Planning and Execution Above all, a leader should translate words into actions. He should not just preach but also practice. He has to be practical and realistic so that others take him seriously. Other hallmarks of a leader include total commitment, a positive attitude and a vision. High performing CIOs are able to detach themselves from IT and look at things more holistically. They realise they are a part of the business leadership team of company, and look at the bigger picture of IT as an enabling tool for the business to achieve its goals. However, it doesn’t mean that leadership skills can’t be imbibed. Puri and Sethi are just two of the shining examples of what the burning desire, to move away from the pack, from within can lead to. For Puri, it was in his first job at DCM Data Products that he “sorted himself out.” “I was aggressive and flamboyant but certainly not a leader material. However, immediately after joining, we had one month of transaction analysis, PAC, and achievement motivation. This helped me sort myself out. It was a trigger for me to look at myself in a new light. I eventually went on to conduct classes for others who joined DCM,” he says. The trigger for Sethi came in 1989, when he was nine months into his first job at TCS. As his boss left the organisation, the burden of managing the project fell on him. A self-confessed introvert and a shy person, Sethi made the most of the opportunity. The seeds of the desire to become a leader that were sown during his college days got a chance to germinate. This was the start of his journey to becoming a technology leader. For the 80-85 percent of the CIOs, the only thing stopping them to don the mantle of a leader is the lack of desire from within. The opportunity to prove their leadership mettle could come knocking but the lack of aspiration would let it paas.



Should be a Collaborator” Laxman K Badia believes the best leadership model that a CIO should adopt is that of a “collaborator.”

Laxman K Badiga has achieved what most CIOs aspire for. From being the CIO at Wipro, he recently took over as the COO (Chief Operating Officer) of Anthelio. The company is an independent provider of comprehensive healthcare information technology (IT) services and business process solutions for hospitals and other healthcare providers. According to Badiga, for a CIO to make this transition to a CXO, he would have to be a “collaborator.” “The best leadership model for a CIO to follow is that of a collaborator. He has to collaborate and network with the right people to make things happen. Externally, a CIO has to strike a rapport with technology vendors, while internally within his organisation, he has to convince the management and users on the benefits of deploying a new technology. He should, therefore, be a good communicator as well,” avers Badiga. Drawing a distinction between a leader and a technology leader, he says, “When it comes to leadership in technology, you need to draw a distinction between technology leaders and technologists. The major difference between the two is that the former keeps track of the trends happening in the industry, and he applies these trends to the benefit of his organisation. He may not be the best technologist but he has the ability

to understand industry trends.” On his part, Badiga, an M. Tech Graduate from IIT Kanpur, handled several profiles, in addition to that of a CIO, within Wipro that prepared him for the bigger role. “I was never a typical CIO. From a CIO, I became a COO within Wipro, and now I have joined another company as a COO,” he says.

In a career spanning over 29 years in Wipro, he initiated software services in Europe, large account management, and creation of vertical services. He also handled global resourcing for Wipro. “I spent 3-4 years in each of these positions in both technology and management,” avers Badiga. The Chief Technology Officer Forum

cto forum 07 august 2011





NOT genetics Harvey Koeppel, Executive Director, Centre for CIO Leadership talks about what it takes to be a technology leader By Yashvendra Singh


cto forum 07 August 2011

The Chief Technology Officer Forum


Do you feel people are born leaders or leadership traits can be inculcated over time? In my experience, some people may be born with an intuitive understanding of what it takes to be a leader although most have honed their skills over long periods of time and they have become familiar with the both successful and not so successful experiences along the way. Leadership is much more about hard work than about genetics. What are the critical issues associated with leadership in general and technology leadership in particular? Leaders, by definition, are agents of change. For most people, change is hard even if the change is desired and the outcome is positive – it requires venturing into the unknown and it means taking risks. Good leaders have a clear vision and have the skill to clearly articulate the vision to their stakeholders. Further, they must be able to inspire and motivate their constituencies to do the hard work to move their enterprise in ways that enable the vision. Leadership also requires taking and managing risks. It’s not about avoiding risks – it’s about managing them. If you are not taking risks you’re not making progress. It’s ok to make mistakes, just not the same ones. I always tell my team that “…it is fine to make mistakes, just make new ones. If you make a mistake, acknowledge it, fix it and move on. Don’t hide mistakes – wear them on you sleeve as merit badges that you are proud of – that will almost guaranty that you won’t make the same mistake again!” Technology leadership is particularly challenging, driven by a few key dynamics. Information Technology is one of the fastest moving industries and is somewhat uniquely characterised by the continued availability of increased performance and capabilities at lower cost. The pressure to continuously adapt to changing technologies to enable both process efficiencies (expense reduction) and competitive differentiation (revenue/earnings enhancement) is significant and non-stop. Continuous change is one of the few constants. Another significant dynamic that characterises IT leadership is the need to inspire, motivate and ultimately influence many constituents who are not

“It’s ok to make mistakes, just not the same ones. I always tell my team “… it is fine to make mistakes, just make new ones. If you make a mistake, admit it, fix it and move on.” Harvey Koeppel

Executive Director, Centre for CIO Leadership..

necessarily within their direct sphere of management, e.g. business unit staff, and often are not internal to their enterprise, e.g. supply chain partners. What does leadership mean in the context of a CIO? At the Center for CIO Leadership, we have created a Competency Model which describes the core competencies, skills and good practices that CIOs need to acquire and master to advance their profession. The key elements of the model include: Leadership (articulate, inspire, motivate, coach, develop) Relationship Management and Communication (build trust, credibility, listen, influence, communicate) Business Management (govern, measure, connect to business value creation) Business Strategy & Process (understand/articulate vision, have end-to-end view of business and customer value creation, mobilize resources, implement metrics) Innovation & Growth (promote new ideas, collaborate with stakeholders, link to business outcomes, develop culture) Risk Management & Compliance (understand, manage, communicate, develop culture)


Ultimately IT has to add value to the business. How can a CIO, therefore, exhibit leadership quality when it comes to business? CIOs need to start by leveraging their seat at the table to have a voice at the table. CIOs ultimately need to participate in the ideation and formulation of the business strategy, not just be handed the plan for implementation. They must be considered as true peers within the executive management team. Participation at this level does not just come with the title – it must be earned. It must start with CIOs being able to speak the language of the business and not expect their business colleagues to understand (or even care about) IT jargon. Conversations should not be about architecture or networks, data warehouses, etc., but must be about leveraging IT assets to drive revenue, increase earnings per share, customer satisfaction and retention, reducing time to market, etc. Then it is about delivering on commitments – say what you are going to do and do what you say and communicate results in business value terminology the c-suite peers can relate to. Of course, all of this presumes that day to day processes and operations are running smoothly and efficiently. How can he be a leader in the true sense to his subordinates in the IT department? CIOs need to understand the business vision and be able to clearly communicate that vision across the IT organisation. They need to establish the corresponding IT vision and programmes that support the business vision and demonstrate how major IT programs align with key business objectives and have material (hopefully positive) impact upon business outcomes. They need to implement appropriate programme governance structures that carefully balance the needs of their business with the practical considerations and realities of a fixed (and often diminishing) level of resources. Having the right bench strength to support the key IT programmes is critical. CIOs also need to ensure that their own delegation skills are sufficiently developed and empower their teams to handle much of the day to day responsibilities to ensure that they have the time to spend with their business partners, as needed.

The Chief Technology Officer Forum

cto forum 07 august 2011




IT staff training, education, coaching, mentoring and staff development must be a key priority. IT staff need to have an understanding of both the business and IT context within which they work, they must have knowledge of how the projects that they are working on fits into both the business and IT contexts, and they must have a clear view of how their careers can progress along with the growth of their enterprise. Can leadership qualities add value to a CIO’s personal life as well? If yes, how? Leadership skills are not specific to a profession, an industry and are definitely not exclusively applicable to one’s work life. The ability to listen, to understand needs, envision creative approaches and solutions to challenges and problems, add value to relationships, inspire and motivate others and manage risks are essential components of a healthy and vibrant personal life characterised by rich and meaningful relationships. A satisfying and enriching personal life can also be a significant contributor to a successful career. How can a CIO inculcate leadership qualities? There is a vast body of research and educational materials available to CIOs to assist in the identification, acquisition and devel-

“Having a mentor is an extremely valuable resource that can help guide CIOs through the many challenges that they face.” Harvey Koeppel

Executive Director, Centre for CIO Leadership.


cto forum 07 August 2011

The Chief Technology Officer Forum

opment of leadership qualities. The core mission of the Center for CIO Leadership directly addresses this need. Having a mentor or coach is another extremely valuable resource that can help guide CIOs through the many challenges that they face. Working with an executive team that understands the value of IT and is supportive of the IT agenda as a key enabler of business objectives is also an important aspect of the CIO’s ability to develop their leadership skills and to step into a true enterprise leadership role, well beyond the role of managing the IT cost center.

heritage and legacy guidelines, policies, processes and systems that support the enterprise, i.e. “…that’s the way we have done it for the past 75 years…”. Typically, older firms demand that an increased proportion of CIO agenda (budget, staff resources, time and attention) be allocated to maintaining and enhancing the legacy environment and a correspondingly smaller proportion of investment be made in innovation and new development. In many ways, CIOs more than any other executive, except perhaps for CEOs, need to be extremely flexible, adaptable, courageous and bold.

There are several leadership models. Is there one that has an exact fit for a CIO? We have found no one model that comprehensively addresses the needs of the CIO in this area. Key considerations for evaluating leadership models and different approaches include: the CIO’s background and current level of expertise, the culture of their enterprise and its view of how to most effectively leverage IT assets, the industry, geography, and the local and global economic outlook that the CIO is working within. Interestingly, we have identified the age of the CIO’s enterprise to be a major factor in determining how the CIO needs to lead and manage. Understandably, the older the enterprise the more investment there is in

How does the Centre for CIO Leadership help CIOs to transform into leaders? Toward this end, we maintain a virtual community of more than 2,500 CIO’s representing over 70 countries, 45 industries across public and private sectors and small, medium and large enterprises. We work with our community to facilitate dialog exclusively focused upon how to most effectively enable the journey. We start by asking lots of questions and listening to where CIOs see their major challenges and opportunities. We then enact both quantitative and qualitative research programmes throughout our global community, often in partnership with leading academics, research partners and other CIO organisations. Analysis of research findings result in the publication of whitepapers, case studies and drive the content of Centre-produced virtual roundtables, webinars, podcasts, panel discussions and in-person events designed to share insights and help CIOs to identify and implement pragmatic solutions to the everyday issues they face. Our website serves as a repository where CIOs can access more than 400 pieces of content to help them identify and develop the leadership skills that they need. We also sponsor a Mentor Programme to help CIOs to continue their conversations in a more personalised context. Additionally, we work with a global roster of leading academic partners to deliver executive education programmes focused upon the Center’s Competency Model and related themes. Recent examples include collaborations with Harvard Business School, MIT Sloan/CISR, and INSEAD.



There is nothing more relaxing than a good read. It is even more fulfilling when the book recharges your leadership skills.


CIOs need to boost critical thinking skills – whether pursuing IT projects, developing an atmosphere of success in your departments or uncovering new strategies for recruiting talent. Some of these tomes will help you hone in on your hard skills. Others titles hit on growth areas that have very little to do directly with IT – such as your ability to cultivate trust, innovate and ask good questions -- yet are crucial to your overall career and management growth.

What to Ask the Person in the Mirror:

The Innovator’s Manifesto: Deliberate Dis-

Critical Questions for Becoming a More Effective Leader and Reaching Your Potential

ruption for Transformational Growth—By Michael

—By Robert Steven Kaplan

Leadership is more about asking good questions than having all the answers. Examine how to deploy effective questioning to diagnose problems and dictate a winning course of direction.


Predicting which innovations will succeed too often involves pure luck. "Manifesto" delivers a gameplan that increases the level of true science and data within this process.

The Innovator’s DNA: Mastering the Five Skills of Disruptive Innovators —By Jeff Dyer, Hal Gregersen, and Clayton M

Contrary to popular belief, innovators aren’t always “born not made.” Discover how to tap into your inner game-changing genius.

The Trust Edge: How Tope Leaders Gain Faster Results, Deeper Relationships and a Stronger Bottomline (Available September 2011) —By David Horsager

Explore the eight pillars of trust that must be established to effectively lead.

Agile Analytics: A Value-Driven Approach to Business Intelligence and Data Warehousing—By Ken Collier

A how-to on bringing new agility to data warehousing, resulting in valuable business intelligence features and dramatically reduced project risk.

Service Intelligence: Improving Your Bottom Line with the Power of IT Service Management —By Sharon Taylor

This books IT service management techniques guide senior managers to manage service quality, anticipate vulnerabilities, improve reliability and link IT directly to business performance.

The Economics of Software Quality

Standout: The Groundbreaking New Strengths Assessment from the Leader of the Strengths Revolution (Available: September 2011)—By Marcus Buckingham, Thomas Nelson

Unleash the capability of your teams with a next-generation strengths assessment.

—By Capers Jones and Jitendra Subramanyam

This book reveals how to measure quality, pursue best practices and costjustify their usage. —This opinion was first published in CIO Insight. For more such stories please visit

The Chief Technology Officer Forum

cto forum 07 august 2011





Lack of Influence Your lack of influence may be killing your career and you don’t even know it. It is time to reposition yourself as an influential leader in your organisation. By Marc J. Schiller

What does a CIO need to be successful? We each have our own answers. Some may say that technical excellence and knowledge counts most, others might place the emphasis on business awareness, relationships or just hard-core ambition. Certainly, all of these are necessary to reach a certain level in an organisation. But to take the final step and be accepted as someone who is truly a member of the C-suite, you need one more thing: influence. Warning: Your lack of influence may be killing your career and you don’t even know it. Do the following scenarios feel like another day at the office to you? You have a $20 million IT budget, but you can’t get the CFO to approve your $150,000 data mining initiative.


cto forum 07 August 2011

The Chief Technology Officer Forum

“Our users simply don’t get it. This Your group has just implemented a $5 stuff we do is really difficult. They expect million ecommerce system, but you us to work miracles and yet they barely aren’t invited to the business planning get involved -- except of course to criticise meetings for how best to use the new and question our value. We try to set up system going forward. steering committees and user groups, but The finance group is considering a BI somehow IT ends up getting pushed to the tool that is not the organisation’s stanback of the queue. Is it any surprise that dard, and no one from your IT group they tell us we are out of touch was invited to the meeting with what they want? They with the vendor. never give us the time to really These scenarios aren’t fairy get in touch with them.” tales. They are real-life stories, Welcome to the world of and they are happening every most IT leaders today. A world day all across the world. expected CAGR where you feel challenged Most of the time, the CIOs for global to keep up with the dizzying or IT leaders who share these telemedicine changes in information techstories with me follow up with nology and how to best apply their explanation of the probmarket till 2015 it to your organisations’ needs, lem. It usually goes something all in an environment where like this.



your key stakeholders question your value every step of the way. So, what’s going on? Why are so many IT leaders struggling to “get aligned” with the business and to get a seat at the table? Why, at a time when information technology is transforming the world, are so many IT leaders afraid that their organisations are about to be downgraded and/or their jobs are about to be outsourced? The answer, as you may have guessed from the headline, is a problem which I've observed time and again: Many IT leaders lack the influence they need with their peers, stakeholders and bosses. Stop. Don’t just keep reading. Really stop and consider this point. Challenge yourself for just one moment to make sense of those words: “Many IT leaders lack the influence they need.” What does that mean? Does that perhaps apply to you too? Of course you don’t want to think that you have this problem. It’s not a nice feeling. It’s kind of like when the doctor first tells you that you have high blood pressure and you have to lose 15 pounds, cut out salt, and start taking medication. (Yes, I know from personal experience.) In the back of your mind you are thinking: “This can’t be right. I feel pretty good. Overall things are good. It’s just a few problem areas. After all, everyone I talk to tells me they have these problems.” Well, I’m here to tell you that it’s time to stop kidding yourself. It’s time to see the reality of your situation. And most importantly, it’s time to fix the situation. It’s time to change this reality for you and for other IT leaders like you. It’s time to start getting the respect that IT leaders deserve. Why is influence so important for IT leaders? Nobody would argue with the statement that the ability to influence others is a useful skill. Yet, few IT professionals realise that influence is the key to success for a CIO. Influence is what moves a CIO from a competent technical manager to an executive whose work and contributions are valued and who enjoys the respect of the senior leadership of the organisation. And why is that the case? Because influencing others is what IT leaders are paid to do. It’s one of the most essential elements

of the job. Senior executives are constantly making decisions about IT investments: How much budget should be allocated to IT? Which business unit or project should receive highest priority? Is it worth investing in an enterprisewide solution or is a point solution more cost-effective? Can we postpone the investment in infrastructure for one more year, when we expect the economy to be stronger? When these questions arise, senior executives need you, the CIO, to lead the discussion and to provide guidance. But you can only fill this role if you have influence. That is to say, when you speak, you need your colleagues to trust you, to believe that you understand them, their business and their strategic priorities and not just the technical

“With a project firmly rooted in the business, your role as CIO — to help ensure the right technologyrelated decisions are taken — becomes much more dependent on your ability to influence colleagues across the business.”


aspects of the decision. Simply put, without meaningful influence, you can’t do your job of directing the organisations’ investment in, and use of, technology. Multi-million dollar transformations, such as the implementation of electronic medical record systems for example, touch nearly every aspect of an organisation. In these cases the responsibility for the transformation can’t possibly reside with just the CIO. In fact, for such a transformation to be successful, it requires broad-based business ownership from the start. That’s why leading hospitals often choose the chief of hospital operations or the COO to head up these types of projects. Often, I hear IT leaders complain that they can’t get proper business involvement. What they don’t count on is what happens whey they really get it. In many ways the job becomes tougher than it would be if they don’t have the requisite influence already in place. The more involved business executives are in a project, the more influence the CIO needs. With a project firmly rooted in the business (as it should be), your role as CIO — to help ensure the right technologyrelated decisions are taken -- becomes much more dependent on your ability to effectively influence colleagues across the business. How do you build the influence necessary to succeed in your organisation, whether big or small? How do you create a new reality where the value and contribution of IT is understood and appreciated; where your ideas are listened to carefully? These are among the topics we'll explore as we continue this series on the influential CIO.

—About the Author Marc J. Schiller, author of The 11 Secrets of Highly Influential IT Leaders, is a speaker, IT strategist and analytics expert. Download your free book excerpt at —This opinion was first published in CIO Insight. For more such stories please visit

The Chief Technology Officer Forum

cto forum 07 august 2011




Features Inside

E-Commerce Drives B2B Innovation Pg 42

Illustration by shigil N


Mobile Payment Going Mainstream Exploding smart phone growth set to grow mobile payments at a much faster rate. 40

cto forum 07 August 2011

The Chief Technology Officer Forum

s companies race to take advantage of the mass adoption of smartphones and rapid development of new technologies to offer mobile payment services, executives believe the use of a mobile phone or device to make payments or conduct banking transactions will require four years to become widely accepted by consumers, according to a global survey of business executives by KPMG International, a global network of firms providing audit, tax, and advisory services. The KPMG survey, 2011 Mobile Payments Outlook, of nearly 1,000 executives in primarily the financial services, technology, telecommunications, and retail industries globally found that 83 percent of the respondents believe that mobile payments will be mainstream within four years, compared to only nine percent who see them as mainstream today. In fact, 46 percent believe mobile payments will be mainstream within two years. "We believe that exploding smartphone growth and myriad opportunities will grow mobile payments at a much faster rate than our respondents anticipate," said Gary


Matuszak, KPMG global chair of the Technology, Communication and Entertainment practice, in a statement. "A wide variety of payments is ready for adoption, as several key players already provide or are rolling out mobile payments, and interest among consumers in utilising mobile payments is growing, in line with the industry's readiness to deploy them." reputation can make the difference, and Most of the executives said that mobile any damage to a business' brand can payments are now or will be reasonably prove costly, even to the extent of being important in the future, with specialist a showstopper," said Sanjaya Krishna, online systems building on its leading posiKPMG U.S. Digital Services leader in the tion as a payment method, and m-banking TCE practice, in a statement. "As a result, and near field communication (NFC) gainleading businesses are adopting multiple ing significantly greater traction than today. approaches to alleviate customers' privacy Fifty-eight percent said they have a mobile and security concerns." payments strategy in place. "One surprising result of our survey is "While there is consensus about the the absence of divergent views across both significant value of this opportunity industries and geographies, which speaks among executives across geographies and to the consensus that mobile payment industries, the type and size of opportunity is regarded as an opportunity for playvaries between developed and developing ers across the value chain of commerce," countries depending on depth and reach Matuszak said. of the financial infrastructure in place. We believe that those firms willing to engage in cross-industry partnerships and [cooperRace to lead ation] are more likely to succeed and domiWith the mobile payments industry poised nate the market due to the complex set of to make a major leap in the coming years, business relationships required to deliver several players are expected to play signifimobile payments to a mass market," said cant roles, though two groups of financial Matuszak. institutions are the current front-runners, While the majority of the business leaders say respondents. surveyed believe consumers are currently Banks, which scored the highest in level concerned about security and privacy when of importance in the value chain, and using mobile devices, they believe other credit card companies will have the most factors are more compelling attributes important roles, according to business leadof a successful mobile payment strategy. ers globally. They placed telecommunicaSpecifically, 81 percent believe convenience tions companies third, ahead of specialist and accessibility are the highest attribute, online payment players (e.g., PayPal, Boku, followed by simplicity and ease of use, at Obopay), online service provider giants 73 percent, security, at 57 percent, and low (e.g., Google, Facebook, Amazon), retailers cost, at 43 percent. and technology companies. At the same time, busiAmong U.S. respondents, ness leaders, globally and in online service provider giants the U.S., view security as the placed third, followed by specialmain challenge to developing ist online payment players and mobile payments strategies. telecommunications compapeople believe Technology and adoption of the nies, which were rated of equal technology is a distant second, importance, retailers and techsecurity is key followed by privacy. nology companies. for successful "The business leaders mobile payment Mobile payment methods understand that when it comes to consumers choosing Each of these companies' sucstrategy a provider based on security, cess can be tied to the prospects


Respondents said that specialist online systems have the greatest prospect for success, followed by mobile banking, NFC, carrier billing and the “mobile wallet.”


for the five current payment methods which are battling for a share of the market. The KPMG survey respondents, globally and in the U.S., see specialist online systems leading the pack, due to the fact that this method already has significantly greater penetration than alternatives, and its penetration is expected to increase. Respondents said that specialist online systems have the greatest prospect for success, followed by mobile banking, NFC, carrier billing and the "mobile wallet." (See definitions below.) "While KPMG believes that these forms of mobile payment will all gain some traction, our view is that M-Wallet is one of the most exciting and promising payment opportunities. M-Wallet provides the momentum to move beyond payments to participate in the entire chain of mobile commerce, from consideration and brand awareness to purchase after-sales loyalty and care," said Tudor Aw, Technology Sector head, KPMG Europe, in a statement. M-wallet – Uses mobile device as a wallet with account and transaction information stored on the devices' SIM card. M-banking – Provides for direct access to bank services and information via the mobile device. NFC – A short-range (millimeters) wireless communication technology that enables exchange between devices, such as between a cell phone and a point of sale device at a checkout counter. Specialist online systems – Online payment processing systems such as Google checkout and PayPal. Carrier billing – Purchases are charged to the mobile phone bill.

—This article has been reprinted with permission from CIO Update. @ To see more articles regarding IT management best practices, please visit

The Chief Technology Officer Forum

cto forum 07 august 2011


N E X T H OR I Z O N s

E - comme rce

E-Commerce Drives B2B Innovation

If you want your organisation to use technology to drive business value, these four tips are for you. By Kristy J. Folkwein


cto forum 07 August 2011

The Chief Technology Officer Forum

Illustration by shigil N


s e-commerce becomes more of a business strategy than a productivity tool, CIOs are playing increasingly important roles in business growth and achieving a competitive advantage. Take the airline industry, for example, where CIOs have transformed business models, reduced costs and boosted convenience for travelers. Today, airline passengers are booking tickets, selecting seats and obtaining boarding passes online. When they get to the airport, passengers use electronic kiosks to check in. Airline CIOs have aligned incentives with desired behaviors by making the automated options more convenient than waiting for a person to provide assistance. Bypassing middlemen, such as travel agents, has also reduced costs. Even with recent tussles between airlines and online booking sites, travelers benefit from IT advancements. While many industries have been quick to utilise e-commerce, the chemical industry has lagged because of the required back-end investment in a sound business strategy and an integrated IT platform. My organisation invested in an SAP-based global IT platform more than 20 years ago, so when market forces required us to offer more choices, we were ready. We developed a Web-enabled business model in an industry with few online options. The result was the creation of the XIAMETER brand in 2002, designed to offer high-quality but standard silicone products online at market-based prices. The business model is highly efficient due to its Web-enabled order platform and streamlined services. In contrast, our traditional Dow Corning brand offers customised solutions, product innovation, technical support and new specialty products. My role includes ensuring that the online experience of our

XIAMETER customers matches expectations, and that the Webenabled brand operates effectively and efficiently. The business model utilises strict business rules -- a powerful factor in e-commerce -- to streamline the ordering process, consolidate orders and improve inventory management, which help keep operational costs low. There also are multiple self-service options, including access to product information and prices, online ordering, order tracking and order histories. Our global IT platform provides the backbone. The online brand requires a completely different internal culture and way of doing business. If the XIAMETER brand were to customise orders or offer technical support for product applications, as the Dow Corning brand does, cost savings would be limited since staff time would increase and complexity would grow throughout the supply chain. Today, more than 30 percent of Dow Corning’s business is conducted online, up from virtually zero before 2002. In my role as

E - comme rce

CIO, I’ve been able to support the brand’s success through strategic IT investments, an integrated enterprisewide business strategy, and an application interface that is convenient and easy to use. Having the internal mandate and discipline to enforce the brand’s strict business rules has ensured that efficiencies are realised. Based on customer research, we expanded the online brand in 2009 to offer more products, a new order-entry platform with greater selfservice functionality, and the option to buy directly from local distributors. The XIAMETER brand now appeals to three customer segments: those who are attracted by good prices;  those who like the convenience of 24/7 availability of information and ordering; and  those for whom security of supply is most important, since they can lock in longer-term contracts. The business model is considered innovative in the chemical industry since it is based on smart customer segmentation, provides a new channel to market, offers a new way to interact with customers, and ensures an easy-to-use, self-service format.

The takeaway No matter which industry you’re operating in, the lessons we learned during the course of this project will be relevant to you. CIOs are in a unique position to drive business success as never before. If you want to position your organisation to use technology to drive business value, these four tips are for you:


1 Be innovative and risk-taking in utilising IT strategies to find new ways to address customer needs. Due to advancements in Webenabled tools and services, CIOs have an unprecedented opportunity to drive corporate strategy. Success requires maintaining a broad, holistic view that utilises IT to empower innovation. 2 Make regular investments in the global IT infrastructure to stay ahead of customer requirements. Recognise that a new generation of consumers is comfortable with purchasing online, and these individuals are now embarking on careers in the business world. They’ll drive the adoption of B2B e-commerce. The same people are moving into purchasing departments, and they are comfortable with—and many prefer—to do things online. 3 Create and enforce clear IT policies throughout the organisation to prevent adoption and utilisation of renegade IT solutions that don’t support corporate IT strategy. 4 Tailor IT strategy based on customer research, audience segmentation and market needs. That kind of rigorous methodology and thinking will help shape your company’s future and positioning to meet customer needs along the value chain.

—Kristy J. Folkwein is vice president and CIO at Dow Corning. Send your feedback —This article has been reprinted with permission from CIO Update. @ http:// To see more articles regarding IT management best practices, please visit


S o p h i e V Va n d e b r o e k

Going Global:

Lessons for the CIO 44

cto forum 07 August 2011

The Chief Technology Officer Forum

S o p h i e V Va n d e b r o e k


Sophie V. Vandebroek, Chief Technology Officer, Xerox Corp. and President, Xerox Innovation Group in a conversation with Harichandan Arakali, discussed the lessons learnt from her experience at Xerox as the company transformed itself into a technology-services-led organisation. How important is the India market for you? India is a market that global companies can’t afford to ignore. I also see Indian corporations engaging with the rest of the world more ambitiously than ever before. It is a very exciting time and also a very challenging time for CIOs. Xerox’s own story over the last few years holds some lessons for Indian business and technology leaders. Xerox today is global, we are on every shore. The Xerox Research Centre India, inaugurated last year, is our latest addition to the global research centres. The Centre is also an excellent example of how Xerox transformed itself from a technologydriven to a services-led company. We are tapping global resources, serving global customers, and continue our unshakable commitment to research and development. Is it important to constantly transform yourself as a company? Yes, definitely. As the world changes around you, your company has to change. For example, over the last few years, Xerox has made significant changes in the legacy perceptions of our brand. Many companies talk about transformations. We’re doing it and it’s a lot of fun for us and a great opportunity for our clients: Two years ago, 25 percent of our revenue came from services. It’s now 50 percent. Two years ago, we were a $16 billion company. This year, we’ll top $23 billion in revenue. Today our core competency extends well beyond the document, to business services, giving us leadership

not only in document outsourcing but also business process and IT outsourcing. Our services-led transformation has helped millions of end-users.We process over 900 million health care claims each year. Our call centres handle 1.5 million phone calls each day. We process 11 million students loans annually. Almost 10 million employees and retirees are served by our Human Resource services business and transportation authorities in over 30 countries are now served by us; we process over 37 billion public transport fares each year. What is the most important lesson you’ve learnt around how research supports this transformation? Yes, you have to make sure that your investment areas are aligned with the future direction of your company. Let me share with you our four major innovation investment areas. Our first innovation focus area is in robust processes and platforms that allow us to implement agile business processes for our clients so they can reduce costs, be more productive and simplify ways of getting work done. Our services innovation automates processes that previously were done manually. We are creating business processes that can recognise, sort, edit and store all forms of information faster and more accurately. Our services are platform-based, becoming more and more cloud-enabled and they allow mobile workers to access the information they need no matter where they are (today we have mobile print). One example is in our eDiscovery business where our soft-

ware now allows automatic categorisation of millions of documents such that lawyers no longer manually need to go through each document. Secondly, we are investing in capabilities that allow us to harvest knowledge from information. Making sense of unstructured information has been a core competency of our researchers for many decades. Just look at your own communication streams (email, LinkedIn, Facebook, Twitter) to grasp the information explosion trend. One zetabyte of information will be created or shared in 2011 alone. This is a trend that is accelerating and will increase 40 fold in the next decade. Thirdly, we’re investing in advanced technologies that improve the efficiency, economics and relevancy of personalised business communications and printing applications. Our innovations extend from affordable ubiquitous colour printing, easy cross-media personalisation to individualised labels, packaging and personalised products. Lastly we are enabling the Sustainable Enterprise. Advanced technologies can minimise the environmental impact of business processes and document management. We are doing this in several ways. We are minimising the environmental footprint of enterprises by using advanced software to reduce the number of imaging and we are investing in solid ink technology which has 90 percent less waste than laser printing. We are also investing to significantly increase the life of the product components; and switching to a renewable resource base for toners and inks. The Chief Technology Officer Forum

DOSSIER Company: Xerox Corporation Established: 1906 Headquarters: Connecticut, US products: Printers, Copiers, Scanners, Projectors, Displays Employees: 136,500

cto forum 07 august 2011



S o p h i e V Va n d e b r o e k

“There is still a shortage of talent in engineering PhDs and high-end computer sciences in India.” What are your recommendations on how to quickly build competencies in these new areas? You need to create open innovation networks. These networks are relevant no matter what your company does. Open Innovation is at the core of how our research is conducted here in India. We bring together researchers in India with scientists and engineers from across Xerox and partner with leading academic institutions, research labs, and industry partners. An extensive fellowship and internship program complements these Open Innovation partnerships. Xerox research takes place around the globe; let me highlight some of the key competencies for our other four research centres, most of which work in close collaboration with the Xerox Research Centre India. Located in California is the Palo Alto Research Center, or PARC. A decade ago, PARC was incorporated as a wholly-owned company, which allows them to perform leading edge research for Xerox as well as other global clients. Researchers are leaders in enterprise computing, services sciences, renewable energy, work practice, and natural language processing linguistics and much more. Located in Rochester, New York, is the Xerox Research Center Webster. It houses our core competencies in workflow automation, digital imaging, and next generation printing systems. Just outside of Toronto is the Xerox Research Centre of Canada, where we focus on materials science and chemical engineering and where we make sure we


cto forum 07 August 2011

The Chief Technology Officer Forum

have state of the art toners, inks and materials in our digital systems. Nearly 20 years ago, we established the Xerox Research Centre Europe, located in the technology-rich Grenoble area of France, to create innovative document technology and drive the corporate transition in becoming a services-led technology business. This centre’s core competency includes work practice analysis, linguistics, machine learning, data mining and software engineering. In addition to the Xerox Centres, we collaborate closely with our joint venture partner Fuji-Xerox in Japan on several research, technology, product and go-tomarket programmes. Any other lessons you want to share? Success in each of your key investment areas is closely tied to being where your customers are. Our investment in the emerging markets is an outstanding example of that principle. It is all about being sensitive to local nuances, understanding what works and what shouldn’t be imposed, and hiring the best local people. Before inaugurating the research centre in India last year we didn’t have a research presence in the emerging world. Doing so is critical to truly understanding the wishes and worries of clients we serve within India and the emerging world and to create solutions to address these pain points and dreams. The India Research Centre's charter is to explore, develop and incubate innovative document solutions and services for our global customers, with a special focus on emerging markets.

Research activities are aimed at exploring and developing innovative document management solutions for emerging markets by bringing Xerox’s world-class expertise in imaging, smart document management, linguistics, and ethnography to address locally relevant problems. An equally important focus is on leveraging the latest technologies and paradigms such as cloud and web computing, human computation, social networks and computational economics to advance innovation in solutions and services delivery for Xerox’s global markets. The research lab in India mission is to fundamentally understand the market quickly and give Xerox the opportunity to innovate in the emerging market. We need to be agile in understanding the customers’ needs by partnering with the right people. So, the researchers and our partners here are our eyes and feet on the street. They are our link to the local customer. What are the key challenges in doing research in India? One issue is talent. There is still a shortage of talent in engineering PhDs and high-end computer sciences. Both academic institutions and the multinational companies in India want highly qualified people. A win-win here was to partner with the best minds in India. This gets back to my first lesson about creating strong open innovation partnerships. Today we have partnerships with leading technology schools: with the IITs in Kharagpur, Madras, and Bombay. We also have a partnership with IISc Banglore, and one with ISB business school.


securit y



Security is not disconnected with business  ecurity, when S done properly, can help an organisation reach market faster Implementing a full SSA programme can save the company money in the long run

Illustration BY Anil T

Measure the impact of what you are doing against business KPIs

Business Relevant

Information Security Only three things matter in a business, the top line, the bottom line, and measuring your impact against business KPIs. By Rafal LosÂ


cto forum 07 August 2011

The Chief Technology Officer Forum

It is important to measure the impact of the top line, the bottom line on business KPIs

securit y

Take off your "Security Hat" for a moment... and pretend you work as everyone else in your organisation.

I know, this isn't an easy ask, but just trust me on this a moment. When you're working for a business only two things matter... the top line and bottom line.  Translated into normal speak that means you need to contribute to the business in one of two ways: help the business make money (adding to the top line) help the business save money (managing the bottom line) If you're not working to one of those two goals, you're wasting company resources.  Nothing revolutionary here, right? Consider for a moment the security practitioner's mental process.

What we do... As security people we want to protect, defend, and implement things that make the world safer from those evil hackers. Right? But why? What are we protecting... and against what? More importantly... why? See, we've been talking about how to bring security and the business closer... but what we're realising through some extremely well-done coaching is that the point isn't to bring them together because... well, they're the same thing.  Security isn't somehow disconnected from the business... it's part of the business.  When we fail to see that, to acknowledge that, then we lose - and by we I mean the entire community, the organisation and you too.

The bottom line on the top line Contributing to the corporate profit (top line) is difficult. How can a group that's traditionally been the cost center, taking in money but never really making it, help the company earn more?  There are many innovative ways depending on whom you ask - but I like my story about how app security software testing can be used during M&A activity to negotiate a

more agreeable acquisition price - that helps contribute to the company top line. Security, when done properly, can also help an organisation reach market faster - and that always contributes to top-line profits.  I could keep going, but I'll invite others to share in the comments of this post how they help contribute to the top-line of a their organisation. No matter how you do it, this is one of the two ways to be truly part of the business... and not acting like a bolt-on.  This is what you should be working towards, as your primary motivator. Now, knowing this, look at the list of projects you've carved out for your security team for the year - and ask yourself... how do these projects align with business objectives, and contribute to the top-line of the business?  An interesting comment was made on a call today..."A retail store manager doesn't ask themselves how they should contribute to the top-line of the business, it would be silly..."  So I ask you - why don't we think this way?

The bottom line


 y early costs associated with 'fire drill' will go down drastically more coherent use of technology reduces 'shelfware' and wasted capital spend ...and on, and on, and on - you get the idea SO... in the long run, helping do things securely, that is right, is the smart thing to do, and it will save the company money, period. You can contribute to that - you just have to measure it.  Oh, right, this brings me to my next point...

Measure it or it didn't happen Too many security practitioners implement wonderful cost-saving measures, and programs that help the top-line ...but because they fail to measure these things appropriately it's as if they didn't happen. That's unfortunate!  Remember that the business has certain KPIs (Key Performance Indicators - which I've talked about before!) that it measures success or failure by. But how do you know what to measure against? Think about what the business cares about - then measure the impact of what you're doing against that. Look at your board-level directives, the things the company cares about beyond the simple "making a bigger profit" (because not every business cares about simply profits, trust me...) and find innovative ways to measure against those KPIs.  If you're a hospital, one of your goals may be to have a higher survival rate for your emergency room. How does your software security assurance programme contribute to that? I can think of at least a half-dozen ways right off the top of my head... can you?

The bottom line is a little less trick, but not necessarily less difficult to contribute to. If you can't help the company make The final, final word money, then help it save money.  Sounds So, in the end, it's about three things.  The rational, right? top line, the bottom line, and measuring your Here's the deal, even if it's difimpact against business KPIs. ficult to connect the dots, impleAsk a friend, find a mentor, or menting a full Software Security join the group dedicated to it... Assurance (SSA) programme doesn't matter how you get there, can save the company money in just get there.  Your business and organisations the long term.  How? your career depends on it. software built more securely —This article is printed with prior are looking permission from www.infosecisis more likely to be resilient in at building a For more features and other ways - more available social media opinions on information security and implementing security mearisk management, please refer to sures in development keeps policy Infosec Island. costs of re-work down


The Chief Technology Officer Forum

cto forum 07 august 2011



p r i va c y

Capitalising on Privacy Practices

Study indicates consumers will pay for privacy. By David Navetta

The experiment Many websites use machine-readable codes that tell a browser their privacy policies - such as whether a website sends cookies and with whom the website shares personal information gained from those cookies. Websites commonly use Platform for Privacy Preferences (P3P) compact policy “tokens” such as “NID” (no identified user information collected), which represent a standardised privacy expression defined in P3P specifications. The authors of the study used a modified version of Privacy Finder, a search engine that annotates a user’s Google orYahoo! search results with “privacy meter” icons. Privacy Finder generates these icons through an automated analysis of the P3P policies of the websites a user visits. These icons graphically represent how well a website’s privacy policy matches


cto forum 07 August 2011

The Chief Technology Officer Forum

Illustration BY Shigil N


onsumers are more likely to purchase products from online retailers who are protective of consumer privacy, according to researchers at Carnegie Mellon University. The study, entitled “The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study” found that the availability and accessibility of information regarding online retailers’ privacy practices can affect consumers’ decisions to purchase products online. Interestingly, in contrast to the commonly held view that consumers are unlikely to pay for privacy, the study indicates that “when privacy information is made more salient and accessible, some consumers are willing to pay a premium to purchase from privacy protective websites.” Businesses that address privacy into the design of their products and services are less likely to face consumer and regulatory backlash or incur the costs of remediation. Yet businesses may benefit in another way from protective and consumer-friendly privacy practices - the results of this recent study indicate that such practices may be leveraged as a selling point.

preferences specified by the user. The authors configured their search engine to calculate privacy warnings based on a website’s sharing of personal financial information, purchase information, or personally identifying information; a website’s refusal to allow a user to remove the user’s personal information from marketing lists; and a user’s inability to view her personal information on a website. Three groups of participants (two control groups and one test group) using the modified search engine were told to search for products online and purchase those products using their own credit cards. All participants were instructed to purchase both an eight-pack of Duracell AA batteries and the “Pocket Rocket Jr.,” a vibrating sex toy. Both products average about $15 including the cost of shipping and are widely available online. One control group did not see any privacy meter icons when they searched for the products to purchase. The other control group saw the icons, but was told that the icons merely indicated websites’ “handicap accessibility” - a charac-

p r i va c y


While displaying a privacy policy is a good first step toward transparteristic chosen as a control condition because it’s considered to be ency, 70 percent of people surveyed by the Annenberg Public Policy generally irrelevant to most online consumers. Center of the University of Pennsylvania disagreed with the statement The test group saw the icons and was told that the icons indicated that “privacy policies are easy to understand.” the degree of websites’ privacy protections. All participants in the Accordingly, if a merchant seeks to promote its online privacy study could access merchants’ privacy policies by clicking on privacy practices in order to boost sales, consumers must be able to identify policy links displayed on the websites they visited. and understand the merchant’s privacy practices for those practices The results of the study offer new insight into consumers’ valuto affect consumer behavior. Typically, however, online merchants ations of personal data and online behavior. Control group particidisplay only small links to their privacy policies at the bottom of pants generally purchased their products from the websites offering their websites. As such, privacy policies are often overthe lowest prices. looked by consumers. In contrast, test group participants - who saw the priRecently, the Federal Trade Commission and consumvacy meter icons and knew that the icons represented er advocacy groups have been advocating just-in-time the level of privacy protections utilised by the websites notice as a means of making information about privacy were more likely to make purchases from websites offercios are building practices more transparent and accessible to consuming medium or high levels of privacy, even if those sites ers. The results of the Carnegie Mellon study seem to charged higher prices for identical products. Processes confirm the benefits of this approach. The study indiAdditionally, participants demonstrated that they to capture cates that purchasing decisions may be affected when would spend an average of 59 to 62 cents more to buy confidential privacy practices are presented to consumers in a userthe same product from websites offering stronger prifriendly fashion when they are browsing online. vacy protections. data The study also suggests that businesses “may use technological means to showcase their privacy-friendly privaThe take away cy policies and thereby gain a competitive advantage” and “maximise How can businesses capitalise on these findings? The study suggests profits.” Specifically, “if the adoption of P3P increases, businesses that businesses that incorporate "privacy by design"  into their online protective of customer privacy may be able to attract consumers by business models help promote greater consumer awareness of and conposting their P3P policies and signaling good privacy practices.” trol over personal information, attracting privacy-conscious consumers. Developing and implementing a website privacy policy is one aspect —This article is printed with prior permission from of the “privacy by design” framework – how a business collects and For more features and opinions on information security and risk managehandles data online is more transparent with a privacy policy in place. ment, please refer to Infosec Island.


Security Management for Startups Business Threat Modeling (TM) is a practical way to assess the operational risk for a startup. By Danny Lieberman


e normally associate the term “small business” or SME (small to medium sized enterprise) with commercial operations that buy and sell, manufacture products or provide services – lawyers, plumbers, accountants, web developers etc…

However – there is an important class of small business operations that is often overlooked when it comes to information security and is the technology startup. A high tech startup is an SME by all definitions – usually less than 50 employees but it doesn’t buy and sell and neither does it provide professional services.

Unlike other small businesses, a high tech startup is almost purely focused on product research and development. Almost all startups have a very high percentage of software development. Even if the startup develops hardware – there is still a strong software development focus. Intuitively – one would say that a primary The Chief Technology Officer Forum

cto forum 07 august 2011


securit y

concern for a startup is IP (intellectual property) protection and that starts with protecting source code. Counter-intuitively this is not true. There are two basic reasons why source code leakage is not necessarily a major threat to a startup: 1) If the startup uses FOSS (free open source software), there is nothing to hide.  This is not strictly speaking correct – since the actual application developed using FOSS has immense value to the startup and may often involve proprietary closed  source code as well. 2) A more significant reason that source code leakage is of secondary importance is that a startup IP is invariably based on a combination of three components:    Domain expertise, implementation know-how and the implementation itself (the software source code).   The first two factors – domain expertise and  implementation know-how are crucial to successful execution. The question of how to protect IP still remains on the table but it now is reshaped into a more specific question of how best to prioritize security countermeasures to protect the startup’s domain expertise and  implementation know-how. Prioritization is of crucial importance here, since startups by definition do not generate revenue and have little money to spend on luxuries like data loss prevention (DLP ) technologies. Software Associates works exclusively with technology and medical device developers and I’d like to suggest a few simple guidelines for getting the most security for your money: The startup management needs to know how much their information security measures will cost and how it helps them run the business. Business Threat Modeling (TM) is a practical way for a manager to assess the operational risk for the startup in dollars and cents. The advantages of the business threat modeling methodology are: Threat modeling places the focus on asset management and Value at Risk reduction before acquisition of information and security technologies Threat modeling helps select  the right countermeasures often prioritizing monitoring before active data loss


cto forum 07 August 2011

The Chief Technology Officer Forum

prevention (for example) Threat modeling, when done right, quantifies risk in dollar terms. This is particularly important when reporting back to the investors on exposure to data loss of IP Threat modeling helps justify investments in security, compliance and risk management to the management board – simply because it puts everything into financial values – the value at risk and cost of the security portfolio. These are similar objectives to GRC (Governance, risk and compliance) systems. The problem with most GRC (governance, risk and compliance) and ERM (enterprise risk management) systems is that they don’t calculate risk, they make you work hard and they’re not that easy to use. I think that we can all agree that the last thing that a hi-tech startup needs is a system to manage GRC activities when they’re working to make the next investor milestone. Startup management needs a simple security management approach that they can deploy themselves, perhaps assisted with some professional consulting to help them get started and get a good feel for their exposure to security and compliance issues. How does a practical security management methodology like this work? Well – it works by using common language of threat modeling. You own assets – for example, expensive diamond frakelry stored at home. These assets have a dollar value. Your asset has vulnerabilities – since you live on the ground floor and your friendly

Illustration BY PC Anoop


Practical security management tactic works by using common language of threat modeling. German Shepherd knows where the bedroom is and will happily show anyone around the house. The key threat to the asset is that an attacker may break in through the ground floor windows. The countermeasures – are bars for the windows, an alarm system and training your dog to be a bit less friendly around strangers with ski-masks. Using countermeasure costs, asset value, threat probability of occurrence and damage levels, we calculate Value at Risk in financial terms, and propose an prioritized, cost – effective risk mitigation plan. That’s it – adopt a language with 4 words and you’re on a good start to practical security management for your high tech startup. —This article is printed with prior permission from For more features and opinions on information security and risk management, please refer to Infosec Island.

c e r t i f i c at i o n


I Am Certified You Are Secured How did the industry come to rely on certifications as the “de-facto” anything nowadays? By J. Oquendo


ustering up as much arrogance as I possibly could, I slowly inhaled in order to make my chest stick out, fixed my tie and uttered “I am certified, you are secured.” Knowing damn well I could not make good on that promise, it sounded good and for a second there with my who-knows-how-many certifications, I almost believed myself. Aside from lying to my client, I also lied to myself but its all good because the money is in the bank and I'm walking out the door. Being certified alludes to me having a clue and fully understanding all of the finer gears inside the machinery of the company I just performed security work on. Not only do I not need to prove that I can actually do anything productive, I can provide in-depth critical coverage of any subject or question I am asked. I know this all too well from many-a-nights of cramming security content down my throat while studying to make more money. Security? I don't care for it. I learned a long time ago that companies do not want security. They do not want assurance, they simply want a framework to ensure that they did no wrong. My goal is simplified ten-fold and my aim, ensure that someone on the C-level can cross their T's dot their I's and get on with their game of golf. Obviously golf is the only association to the word Ping many will ever come to know. Now many reading this are wondering how did it come to this. What is he saying, security heresy!!! The reality and fact of the matter is, industry made me what I am. In fact, recruiters and HR personnel without a cause made me this way. You see, a long time ago, I sought to defend networks from attacks. I spent many hours on end studying attacks, counter attacks and developed accurate and robust methodologies to prevent attackers from “owning” your asses, however, you wouldn't listen.

At the time I didn't have my CISSP or CISM or CISA or CCIE and the reality is, none of those certifications have anything to do with penetration testing. None has anything to do with deploying firewalls, none have much to do with anything as their either too broad or too narrow. I told you then and you wouldn't listen. You the business owners forced me into a corner like a dog and The Chief Technology Officer Forum

cto forum 07 august 2011


Illustration BY

I can't think of how many talented and uber smart security professionals I have met without the certifications.


c e r t i f i c at i o n

Nowadays, all one has to do is dig around for content related books, study to their heart's content, pass an exam, and slap on an “I'm Certified – You're Secured” label. exam to be called an “expert” or earn a certification. gave me a few options: CISSP, CISM. Only when I sought one of Nowadays, all one has to do is dig around for content related these options would I be able to effectively: 1) configure firewalls books, study to their heart's content, pass an exam, slap on an “I'm and SIEM 2) properly perform penetration testing 3) perform netCertified – You're Secured” label and businesses are content with work audits 4) perform network and security assessments. this. There is no value to this type of security, there never was and Forget the fact I had been successfully doing so for years without there will never be. For those still facepalming, reality is what it is. them, businesses doesn't need security, don't be fooled. Businesses I am unsure how many times I have met someone with enough need to imply they took the appropriate security measures. Cross those certifications to fill the backside of their business card. I am also Ts and dot those I's. unsure of those that I have met, that I was able to gauge they knew No longer would I have been able to deploy routers, firewalls and little about what they were talking about when it came to security. I IDS like I had been doing during the course of normal business am further unsure of those I have come across, how many forums I hours for years. I now need my CCIE to do so, forget the fact that I have seen them cross post for “wares” on passing another test. could configure, deploy and troubleshoot them – again I have been They aren't doing it to learn how to secure an infrastructure propdoing so for years – management needs to prove that I can do so. erly, they're doing it so they can retain their jobs in some instances. So why not hire a candidate who could read a book, memorise These are guys that are likely in some of those companies that were content, pass a test and call it a day? Wondering if the colors will recently compromised. You know, the Lockheeds, etc., where those wow and impress those coming into this conference room. I'm hip, companies outright buy every single available CISSP seat in DC. I'm in the game and did I forget to mention – I am certified? Not When I think about the flip side of this, I can't think of how only that, when you see my bill! How else do you think I got this many talented and uber smart security professionals I have met CLS55 AMG? without the certifications. These are those that are likely in “the So how did we get here? How did security come to this? While trenches” having worked in either a NOC, SOC or some other many read this initially performing the obvious facepalms, the realcapacity of IT. Systems administration, engineering and so on. ity is, this is where many companies have gone when it comes to Same holds true for individuals who hold those certs. I know of security. Who is to blame? Is it the certification vendors doing what many a CISSP who really have a clue [3] and likely got their certifibusinesses do – marketing and making money? cation because of marketability. Is it the human resources departments that throw certs like the In any event, back to the matter at hand, I am truly certified. I CISSP, CISM, CISA or CCIE into a position whenever the word ended up having to get certified to see what all the hooplah was security comes into play? Is it the individual who now has to pass about. It took me 12 years after the fact to even bother taking a cera test just to get a foot in the door? Where is the industry headed? tification exam, but that's irrelevant. I can now give you my clients Obviously certifications aren't the cure. While they may help, they piece of mind as I move on into HTML certification. aren't the cure. After all, I want to make sure their html code is in order. They're Imagine for a moment I was interviewing for a position at your sure lucky they chose me too. I am Certified – They are secure. Here company. Scratch that, I aimed high and walked away with a PhD. is my bill, here is your pie chart, see on the 18th hole. What experience do I actually have? Realistically speaking, by the time I finished up school for a PhD, technologies would have changed at least three times. So what are you getting out —NOTE: This rambling was not meant to attack anyof me as a business by hiring me? one holding any certification. I merely used the industry With zero experience in the field, never touched anystandards CISSP, CISA, CISM and CCIE for the purpose of thing enterprise outside of a rental car, honestly, what formulating an opinion. are you getting? This is not to knock anyone who earned This is not an attack on any individual however, if it touched organisations their PhD, any degree or any certification, this is merely a nerve, then it was likely you who it was targeted at. I do a “hello, what are you thinking” kind of question. not hold the CISSP [2], CISA or CISM and don't care for have ways to There are many talented individuals both certified and them. While I make mention of the CCIE, that is an altocollect sensitive not certified. How did the industry come to rely on certifigether different story, please re-read its use. info in the cations as the “de-facto” anything nowadays? Once upon —This article is printed with prior permission from www.infosea time, workers would apprentice in a shop, study hard For more features and opinions on information company for years to master a trade, perhaps take some form of security and risk management, please refer to Infosec Island.



cto forum 07 August 2011

The Chief Technology Officer Forum

ThoughtLeaders Seepij Gupta |

Seepij Gupta is a Senior Analyst with Forrester Research

Data Explosion Worries Corporates There is no single-point solution to managing data, it is a never-ending journey.

Let us have a look at some quick facts. There is almost 9 petabytes of data being generated everyday, which means that information on this planet almost doubles every 1000 days. Almost 85 percent of the data is unstructured. There are a trillion connected devices. There are fifty billion archive tags and each tag is going to have some information captured in real time. And all this is going to be stored on a server device or a storage device. This entails there will be a major fall out on storage. Today, with people being mobile, there are more information creators than ever before. This leads to duplication and creation of multiple formats of data and each user has different ways of storing data. This complicates things. Today, a pen drive can carry 64 GB of data. There is a problem in terms of storing, retrieving and archiving data. The key thing remains that information and data have two crucial aspects – their storage and security. In a survey we asked corporates, what was the business outlook for the next year? They said it was good, which meant that they were expanding. They also revealed that they would be spending more on storage.

There could, therefore, be a 5-10 percent increase in data, which would also put a burden on its security. The scenario in the storage industry today looks like a potter’s wheel wherein there are two forces at work. One force is spinning the wheel while the other is giving shape to the earth. There is an explosion in the information and devices which is motoring the wheel. Add to this our vendors – HP, IBM and Dell – who have put extra force and given a shape to the industry. In 2010, six vendors made 12 acquisitions and the entire industry is in a turmoil. Dell alone made three acquisitions. Netapp, and EMC too grew by means of inorganic growth. What does this explosion mean to businesses and to IT? It leads to to the traditional blame game between business and IT. The former says he is doing the job perfectly but it is the IT department that is not making the data available to him timely, which leads to poor prediction. Business wants to deploy Business Intelligence (BI) solutions. Their grievance of lack of information from BI still persists. It is a no brainer that businesses want dollars. However, there is a catch. They want to hold on to the

“IT purchases are still made in silos versus the real business users who will make use of the data.”

dollar but they want to spend provided they can take informed decision and calculated risks. but then the same blame game come up. So in the end there is a problem of a business user and a data professional. So who will take the first step? IT purchases are still made in silos versus the real business users who will make use of the data. This results in a viscous circle which is never ending. It starts with wrong data going and the manager eventually taking decisions on his instincts rather than through BI. Sadly, there is not a single solution to this. The last thing first. It is a journey. To be a part of this journey, you need to restrict. These are policies and procedures that a company follows. I was talking to a guy in a IT corporate who told me they had a policy of restricting the size of their email -- the incremental size of the email should not be more than this. As an effect the user would be deleting their mails on a regular basis. They would especially take care of deleting their junk mails. Corporates would have to adopt Filtering, Archiving, De-duplicating and Compressing technologies. They need to keep traveling on this journey. The Chief Technology Officer Forum

cto forum 07 august 2011


VIEWPOINT Steve Duplessie |

illustration by PC Anoop

Summer Love and Software Licensing People may hate licensing but they still buy software.

A while ago, VMware announced some new licensing information.  To be completely honest, I have no idea what those announcements were.  I do know that they were met with loathing, frothing vitriol.  People were all bummed out to say the least. Mark Bowker, ESG’s resident virtualisation god and all around mellow guy, is going to explain what they did calmly and rationally (how boring!) shortly, so I’m not even going to attempt it.  Instead, I have other thoughts. 1.All software companies are hated for the way they license.  Really, which companies are loved for their licensing EXCEPT those who give their stuff away free? 2.As a general rule, we hate successful companies because they are, well, successful.  They tend to be that way because they make money from us–via their licensing policies.  If they gave free stuff, we would love them. 3.This outcry is not unique to VMware.  Microsoft, Oracle, CA, etc. all face the exact same contempt.  Maybe because


cto forum 07 August 2011

VMware was “free” not too long ago and now makes billions, we’ve developed an over the top hatred for them. 4.This has been going on since time began. I still remember people HATING Veritas for its confusing licensing scheme in 1994.  Hated it.  Bought a zillion dollars worth of its stuff, but boy did they hate doing it! Now, it is conceivable that VMware has become evil, but I doubt it.  It is probably doing whatever it is doing for some entirely logical reason–and my guess is we will find this to be the case in short order once the lunacy dies down.  Or, we may find VMware screwed up, but it doesn’t matter.  If it did, it will either correct it or open the doors to customers going away– and while I’m not that smart, I know that VMware is–so I suspect that won’t happen. I love to make Larry Ellison/God jokes, but truth be told, I’m enormously envious and jealous of the awesome power he has amassed by selling a product for huge amounts of money that no one is happy paying

The Chief Technology Officer Forum

About the author: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www.

and yet everyone still buys. That’s power.  Let’s face it, if you could go elsewhere, you would.  But you can’t, so suck it up and deal. You can buy/borrow/steal other hypervisors.  But you won’t.  Unless VMware goes too far, which I’m pretty sure it hasn’t. It is going to make money.  Deal with it.  You will bitch and moan, but then you’ll send VMware a check.  Life will continue. Yesterday, Netflix sent me a notice that it was changing its licensing policy–again.  Six months ago, Netflix told me I should stop getting my three physical disks a month plan for $15 and change it to one physical disk plus unlimited online access for $12.  I said, “super!”  I still needed physical access because Netflix has yet to put some “new” disks online … like the Exorcist, or Jaws, or any of the Star Wars episodes my nine year old watches incessantly.  Now, Netflix has decided that if I want to keep getting any physical disks, I need to pay double.  Evil, yes.  Moral? No.  Am I going to dump Netflix? No frigging way.  I’m going to pay. Bastards. I’ll remain jealous.

Next-generation reputation-based technology The fastest, most effective endpoint protection anywhere Built for virtual environments

Symantec Endpoint Protection 12 TM

It takes just seconds for today’s polymorphic malware to mutate into millions of threats, but now it has met its match. Introducing Symantec Endpoint Protection 12—simply the fastest, most effective reputation-based protection ever created.* Improve the security of your information, devices, and employees. Download the Symantec Endpoint Protection 12 trialware at

* Sources: PassMark Software, “Enterprise Endpoint Protection Performance Benchmarks,” February 2011. AV-Test GmbH, “Remediation Testing Report” and “Real World Testing Report,” February 2011. Copyright © 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries.


It is probable that a CIO is a born leader but it is certain that leadership traits can be inculcated into any CIO. What is needed is the bu...

Read more
Read more
Similar to
Popular now
Just for you