Are You a Social-Business CIO? by ctof magazine

cTo forum

Technology for Growth and Governance

February | 07 | 2013 | 50 Volume 08 | Issue 12

â&#x20AC;&#x153;IT infrastructure is becoming unwieldyâ&#x20AC;? | A Govt Strategy for Data Disposal

Are You a SocialBusiness CIO? Our survey yields interesting insights into what CIOs think about social-businessenabling technologies Page 29

Volume 08 | Issue 12

Tech For Governance

Best of Breed

I Believe

Privacy Scares from the Ghosts Page 44

A Govt Strategy for Data Disposal Page 20

The Collision of Social, Mobile, Cloud and Analytics

A 9.9 Media Publication

Page 06

editorial yashvendra singh | yashvendra.singh@9dot9.in

Reinvent Business Social

media campaigns are giving a whole new meaning to doing business

n 2011, the Danish brewing company, Carlsberg, turned to YouTube to generate a buzz around its marketing campaign. The beer manufacturer packed a 150-seat movie hall with 148 menacing and scary-looking men. Right in the middle of the hall, two seats were left vacant. Those who dared to take the empty seats were rewarded by Carlsberg with a round of applause and chilled beer. The video jelled perfectly with Carlsberg’s image of

editor’s pick 29

a brand that admired bravery and rewarded men who displayed courage. Till February of 2013, the YouTube video has received 12.2 million views, and still counting. Closer home, Royal Enfield preceded the launch of its motorcycle, Thunderbird 500, with a social media marketing blitz across YouTube, Facebook and Twitter. The Chennai-based two wheeler manufacturer was successful in building up a big hype before the actual launch.

Are you a socialbusiness CIO? Our survey yields interesting insights into what CIOs think about social-businessenabling technologies

cto forum 07 february 2013

The Chief Technology Officer Forum

Such cases where social media was cleverly employed by corporates are not isolated. Social media is no longer a pilot project in progressive corporates. It doesn’t, therefore, come as a surprise that 80 percent of the Fortune 100 companies are leveraging at least one social media tool (Facebook, Twitter, Blogs, Youtube) to connect to their customers. Marketing campaigns powered by it are increasingly occupying a strategic position in an enterprise’s overall strategy. However, there are still scores of enterprises that are yet to realise its potential. There are others who, though understand its importance, fail to exploit it fully and properly. This is where your role, as that of a technology leader, comes into prominence. Enterprise technology decision makers convince employ-

ees in their corporates to develop a social enterprise mindset. During my interactions with CIOs, I have come across several of them who are creating appealing user experiences by amalgamating today’s social media tools with yesterday’s applications. Their efforts have resulted in improving their company’s sales. According to them, the key to this lies in knowing your audience and making content shareable and accessible. Do write to us about your experience with social media in your enterprise. As always, we will await for feedback.

february13 Conte nts

thectoforum.com

Columns

Cover Story

29 | Are you a socialbusiness CIO? Our survey

06 | I believe: the collision of social, mobile, cloud and analytics

yields interesting insights into what CIOs think about social-businessenabling technologies

By dave evans

48 | viewpoint: wine, religion, dinosaurs, and it By steve duplessie

S p i n e

cTo forum

Technology for Growth and Governance

cto forum 07 february 2013

The Chief Technology Officer Forum

Are You a SocialBusiness CIO? our survey yields interesting insights into what CIos think about social-businessenabling technologies page 29

Volume 08 | Issue 12

“IT InfrasTrucTure Is becomIng unwIeldy” | a govT sTraTegy for daTa dIsposal

Please Recycle This Magazine And Remove Inserts Before Recycling

Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Tara Art Printers Pvt Ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301

February | 07 | 2013 | 50 Volume 08 | Issue 12

TeCh For GoVernAnCe

BesT oF Breed

I BelIeVe

privacy scares from the ghosts Page 44

A Govt strategy for data disposal Page 20

The Collision of social, mobile, cloud and analytics Page 06

A 9.9 Media Publication

Cover design by: Shigil Narayanan illustration: Rethish kr

Features

20 | Best of breed: A government strategy for data disposal Today’s CIOs can collaborate with legal and records management team to cut costs

www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Consulting Editor: Atanu Kumar Das Assistant Editor: Varun Aggarwal & Akhilesh Shukla DEsign Sr. Creative Director: Jayan K Narayanan Sr. Art Director: Anil VK Associate Art Directors: Atul Deshmukh & Anil T Sr. Visualisers: Manav Sachdev & Shokeen Saifi Visualiser: NV Baiju Sr. Designers: Raj Kishore Verma, Shigil Narayanan & Haridas Balan Designers: Charu Dwivedi, Peterson PJ Midhun Mohan & Pradeep G Nain MARCOM Designer: Rahul Babu STUDIO Chief Photographer: Subhojit Paul Sr. Photographer: Jiten Gandhi

16 A Question of answers

16 |Kevin Eggleston, Senior VP and GM, Apac, Hitachi Data Systems, talks about

the company’s future plans

RegulArs

02 | Editorial 08 | letters 10 | Enterprise Round-up advertisers’ index

44 | tecH FOR GOVERNANCE: privacy scares from the ghosts All personal information needs to be identified and appropriately safeguarded

25 | next horizons: the five traits of the quantum it organisation These traits are not about technology

Datacard IFC IBM 1 Schneider 3 CTRLs 7 ESDS 9 Cisco 13, 37 Zenith 15 Patel India 19 Wipro Infotech 20-A SAS Institute 23 Falcon (Expo 2020 Dubai) IBC Microsoft BC

advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Sales & Marketing National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) Senior Sales Manager (North): Aveek Bhose (+91 98998 86986) Product Manager - CSO Forum and Strategic Sales: Seema Menon (+91 97403 94000) Brand Manager: Jigyasa Kishore (+91 98107 70298) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Office No. B201-B202, Arjun Centre B Wing, Station Road, Govandi (East), Mumbai-400088. Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5, NOIDA (U.P.) 201301 Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

The Chief Technology Officer Forum

cto forum 07 february 2013

I Believe

By dave evans, CTO, Operators Division, Symphony Teleca Corp the author is responsible for the development of the ground breaking m-Suite enterprise mobility solution combining sophisticated mobile enterprise application platform

The collision of Social, Mobile, Cloud and Analytics Social platforms provide a

missing dimension to enterprise solutions CIOs are today grappling with the next great evolution in computing, which is defined by the transformation of monolithic isolated silos of data and functionality into new enterprise platforms, that are built using a connected mesh of services, functionality and information.

cto forum 07 february 2013

The Chief Technology Officer Forum

current challenge how to extend the enterprise’s own business processes

Four key technology trends are driving this evolution faster and further ahead: Social, Cloud, Mobile (“SoCoMo”) and Analytics. Social Platforms: Social platforms provide a missing dimension to enterprise solutions. Previously, enterprise solutions knew only about ‘widgets’ and processes such as manufacturing and shipping. Now, with the addition of a social dimension, enterprises can tightly link their business processes with their customer behaviours. Cloud Computing :The commoditization of the computing stack by the cloud-computing paradigm has driven rapid innovation; from application development to service hosting. World-class, highly scalable and robust computing is now available to a much broader range of enterprises and applications: with Software as a Service (“SaaS”) applications growing to fill every niche. The prevailing architectural approach used is a platform approach, enabling functionality to be rapidly ‘plugged’ together to create new and innovative solutions. Mobile: Mobile data has exploded. The rapid adoption in the consumer space has changed the expectations of the business user and created challenges such as BYOD. But perhaps the greatest challenge, and opportunity lies in how to extend the enterprise’s own business processes so that they can benefit from their customers. Analytics: The use of SoCoMo technologies has resulted in an exponential increase in the complexity and cost of data analysis. Today’s enterprises demand insight and information. Big data technologies like Hadoop and Hana have increased enterprises’ ability to crunch large amounts of data in order to dynamically provide answers to the most difficult business questions.

10 10101 10100010 10101001101 10111010010000 10101000101111101 0 00101010101000101 11 0 0 1 0 1 0 1 0 1 0 10 11 01 1 0 1 00 010 00 10 01 00 10 01 10 11 10 01 11 01 10 10 10 00 10 00 10 01 00 01 11 1 01 01 00 01 10 01 00 00 01 10 10 10 10 1 11 01 10 01 11 01 11 00 11 01 00 01 01 00 10 1 01 01 10 01 01 01 11 00 10 0 01 01 01 0 10 10101 10100010 10101001101 10111010010000 10101000101111101 0 00101010101000101 11 0 0 10111001101010101 00 010 00 10 01 00 10 01 10 11 10 01 11 01 10 10 10 00 10 00 10 01 00 01 11 1 01 01 00 01 10 01 00 00 01 10 10 10 10 1 11 01 10 01 11 01 11 00 11 01 00 01 01 00 10 1 01 01 10 01 01 01 11 00 10 0 01 01 01 0

10 10101 10100010 10101001101 10111010010000 10101000101111101 0 00101010101000101 11 0 0 10111001101010101 00 010 00 10 01 00 10 01 10 11 10 01 11 01 10 10 10 00 10 00 10 01 00 01 11 1 01 01 00 01 10 01 00 00 01 10 10 10 10 1 11 01 10 01 11 01 11 00 11 01 00 01 01 00 10 1 01 01 10 01 01 01 11 00 10 0 01 01 01 0

Put the spring back in your business within minutes Our Zero Data Loss solution ensures that your business doesnâ&#x20AC;&#x2122;t lose even a single byte of data or precious minutes getting your service back on track in the event of a downtime.

Zero Data Loss

DR Solution

Data lost in transit during a downtime is irretrievable. Traditional Disaster Recovery services take at least 4 to 5 hours to initiate the recovery process, putting a great deal of data at risk. Which is why Zero Data Loss solution makes perfect business sense.

To know more about Zero Data Loss, Write to us: marketing@ctrls.in | Call us on: 040-42030583

Visit www.ctrls.in/mumbai-data-center

CtrlS Business Solutions DR On Demand | Cloud Services | Managed Services | Messaging Solutions

LETTERS CTOForum LinkedIn Group Join over 900 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at: www.linkedin.com/ groups?mostPopular=&gid=2580450

Some of the hot discussions on the group are: Virtual CTO/CIO A long term IT partner for your business growth

are CTOs more interested in satisfying the CFO & Board rather than the consumer?

CTO is aligned to the CFO and the Board in that order, the CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the Consumer? If he is not, then even he may be in hot water sooner or later.

This is a model that SMBs are slowly waking up to. While their IT head can chip away with his day-to-day activities, an external help (a part time CIO) can give their IT a proper direction and can review performance to ensure the company's objectives are met.

â&#x20AC;&#x201D;Balasubramanian S R, Business & IT Consultant

CTOF Connect

Paul Coby, Executive IT Director at John Lewis spoke about creating the shopping experience of the future for his customers

http://www.thectoforum.com/content/ understanding-customers-understandtechnology

Opinion The Build vs. Buy Problem

arun gupta, CIO, Cipla

The big question is what to outsource and what to keep in-house on your WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community. Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com

cto forum 07 february 2013

The Chief Technology Officer Forum

Rafal los Sr. Security Strategist at HP Software

While the question of when you should outsource depends heavily on talent, time, and priority, the question of what to outsource depends on 3 lightly overlapping questions. To read the full story go to: http://www.thectoforum. com/content/build-vs-buy-problem

FEATURE Inside

Enterprise

How to Pitch for a Data Governance Project Pg 12

illustration BY shigil narayanan

Round-up

Indian Insurers to Spend Rs 101 bn on IT in 2013 IT services to overtake

telecom as the largest spending area Indian insurers are about to go on a spending spree! Market research and advisory firm Gartner predicts that insurance firms in India will spend Rs 101 billion on IT products and services in 2013, an increase of more than nine percent over 2012 when they spent an approximate Rs 92.5 billion. The forecast includes spending by insurers on internal IT (including personnel), hardware, software, external IT services and telecommunications. Gartner’s findings auger well, particularly for IT services firms since insurers will spend an estimated Rs 30.6 billion on consuming their services in 2013. IT

cto forum 07 february 2013

The Chief Technology Officer Forum

services is achieving the highest growth rate amongst the top level IT spending segments — forecast to exceed 13 percent in 2013, with growth of 23.4 per cent forecast for business process outsourcing services. Consulting is also a high growth segment at over 18.2 per cent in 2013. Says Derry Finkeldey, principal analyst at Gartner, “We are continuing to see Indian insurers lead the charge to outsourcing and business process outsourcing. The Indian insurance industry is experiencing huge growth in transaction volumes, and Indian consumers are quite progressive in terms of seeking online and mobile services.”

94 $billion Data Briefing

the size of Indian electronics industry by 2015

E nte rpri se Round -up

They Shashi Said it Tharoor

photo BY PHOTOS.COM

Tharoor feels that Indian politicians have to embrace social media to reach out to their constituents

Security is No Place for Traditionalists IT security professionals need to evolve In IT, as in life, those who don’t evolve, simply perish. It is therefore crucial for IT professionals to constantly evolve themselves and attune their mindsets with the changing times. Gartner VP and distinguished analyst, Paul Proctor, who works with enterprises to help them build mature risk and security programs believes that IT security professionals need to evolve into risk management professionals not only to better align security programs with business needs but also to survive in the ‘game’. “The way I see it—all security officers fall into one of two camps: 70 percent are traditionalists and only 30 percent are true, risk management professionals. We can do better,” Proctor wrote in a recent blog post. According to him, traditional security professionals adhere to a certain philosophy which can be detrimental to their cause. Traditionalists believe that IT risk is a technical problem, handled by technical people, buried in IT and every problem is solved with a new technology. Also, they view themselves as heroes hired to protect the company at all cost. Proctor said that there are fundamental differences between how traditionalists view their roles and how true risk management professionals—currently in the minority—view their roles in the organisational scheme of things.

photo BY PHOTOS.COM

Quick Byte on Mobile Advertising

“Today, people get real-time info. This has both positive and negative impact. No leader of a democracy can either offend or discount social media.” —Shashi Tharoor, Minister of State, Human Resource Development

The mobile advertising revenue worldwide is expected to jump 19 percent year-overyear to $11.4 billion in 2013. The revenue is projected to reach $24.5 billion in 2016, with mobile advertising revenue creating new opportunities for app developers, ad networks, mobile platform providers, etc. The Chief Technology Officer Forum

cto forum 07 february 2013

photo BY photos.com

E nte rpri se Round -up

How to Pitch for a Data Governance Project Don’t build a

business case which makes it look like an IT-led data management plan

Are you an IT manager? Did the management just shoot down your data management project? Are you still scratching your head as to why it suffered such a fate? Well, according to Michele Goetz of Forrester Research, most IT managers in their attempt to build a business case for a data governance project tend to overlook one key aspect viz. the incentive for the business organisation. Goetz who serves enterprise architecture professionals at the global research firm says that the number one question she gets from her clients regarding their data strate-

gy and data governance is, “How do I create a business case?” Goetz says that the very question is the ‘kiss of death’ for any such project. In one of her recent blog postings she stresses that IT managers often make the mistake of projecting a data governance plan as an IT initiative. When in fact, a sound data strategy is one which not only puts the needs of the business first; it communicates business value in terms the executives understand. “You created an IT strategy that has placed emphasis on helping to optimise

Global Tracker

Growth of Semiconductors

Apple and Samsung consumed $45.3 billion of semiconductors in 2012

cto forum 07 february 2013

The Chief Technology Officer Forum

source: gartner

While the total semiconductor market decreased, together

IT data management efforts, lower total cost of ownership and reduce cost, and focused on technical requirements to develop the platform. There may be a nod toward helping the business by highlighting the improvement in data quality, consistency, and management of access and security in broad vague terms. The data strategy ended up looking more like an IT plan to execute data management,” she writes. This leaves the business folks wondering what’s in it for them? Goetz urges IT managers need to rethink their approach and start thinking like the business when pitching a data governance project. According to her, IT managers need to do the following: Change your data strategy to a business strategy. Recognise the strategy, objectives, and capabilities the business is looking for related to key initiatives. Your strategy should create a vision for how data will make these business needs a reality. Stop searching for the business case. The business case should already exist based on project requests at a line of business and executive level. Use the input to identify a strategy and solution that supports these requests. Avoid “shiny object syndrome”. As you keep up with emerging technology and trends, keep these new solutions and tools in context. There are more data integration, database, data governance, and storage options than ever before and one size does not fit all. Leverage your research to identify the right technology for business capabilities. Meanwhile another interesting aspect is that social media also presents a new means of accessing talent for application development projects, as well as the potential for areas of product support. Some IT organisations are adopting crowdsourcing as an alternative to global sourcing and other labour arbitrage strategies. If IT organisations can determine what work is appropriate in which environment, and allow for the freedom inherent in this delivery option, the speed and cost of crowdsourcing will start to become a driving force for increased adoption in many IT services sourcing portfolios.

E nte rpri se Round -up

photo BY photos.com

Hype Didn’t Kill Big Data in 2012 Perceptions around the technology continue to gain strength

Too much of hype around a particular technology can sometime trivialize it, even hurt its adoption. From the amount of press Big Data generated in the last year or so, one could argue that it sometimes ran the risk of becoming one such piece of enterprise technology. However, despite skeptics’ suggestions that the subject had been ‘over-hyped’, sentiments surrounding Big Data and its vendors have remained positive. According to researchers at Ovum, in 2012, even as Big Data buzz word transcended from

the enterprise IT world to become a hot topic for business publications and journals, perceptions around the technology continued to gain strength throughout the year. “Given the level of build-up and suggested hype, it surprised us that sentiment expressed about Big Data vendors still remained so positive in 2012,” said Tony Baer, principal analyst for Ovum. “What’s also interesting is the degree to which Big Data became a business, not just a technology story in 2012.” Ovum analysts sifted through data gathered by DataSift, which ranked Twitter mentions and sentiment of vendors associated with the Big Data market in 2012. The study revealed that while positive mentions of Big Data vendors outnumbered negative mentions by 3:1, negative sentiment spiked in November with headlines over HP’s troubled acquisition of Autonomy. Not surprisingly, given that vendors accelerated the pace of product announcements during 2012, 60 percent of Twitter activity occurred in the second half of the year. The Twitter data analysed by Ovum researchers provided a good glimpse into vendor brand recognition with Big Data. 10gen, which developers the popular MongoDB document-oriented NoSQL database, scored high in mentions, trailing only the Apache Foundation. Others such as IBM and Teradata were also well represented in the Twitter stream, trailing only behind Apache and 10gen in positive mentions. Splunk, which is associated with machine data and, like 10gen, is also popular among developers, also scored high, showing that there is growing awareness about harnessing “the Internet of things” to generate business insights.

Fact ticker

Is Your Security Geared Up for Big Data? A sneak peak into how Big Data will transform security There was only so much time before Big Data conversations veered into the realms of security! Seeing as how Big Data is expected to dramatically alter almost every discipline within enterprise computing, it was only a matter of time before information security professionals began discussing the possibilities of

cto forum 07 february 2013

what impact it might have on enterprise security. In a brief, security firm RSA has outlined guidelines which can help organisations begin planning for Big Data-driven transformation of their security toolsets and operations as part of an intelligencedriven security programme. Security professionals are urged to:

The Chief Technology Officer Forum

Set a holistic cyber-security strategy–Organisations should align their security capabilities behind a holistic cyber security strategy and program that is customised for the organisation’s specific risks, threats and requirements. Establish shared data architecture for security information – Because Big Data analytics require information to be collected from various sources in many different formats, a single architecture that allows all information to be captured, indexed, normalised, analysed and shared is a logical goal.

Business Intelligence

hey say that the insights from a BI engine will be only as good as the quality of data that is fed in it. While there's no denying the validity of this argument, given the tremendous growth in the number of data sources in the recent years, it can be now be said that the insights from a BI engine will be only as good as the variety of data sources it refers to. Gartner has urged BI and analytics professionals to consider the robust growth in the number of data sources when embarking on any initiative. It feels that business intelligence leaders must embrace a broadening range of information assets to help their organisations. By 2015, 65 percent of packaged analytic applications with advanced analytics will come embedded with Hadoop. Organisations realise the strength that Hadoop-powered analysis brings to big data programmes, particularly for analysing poorly structured data, text, behaviour analysis and time-based queries. While IT organisations conduct trials over the next few years, especially with Hadoop-enabled DBMS products and appliances, application providers will go one step further and embed purpose-built, Hadoopbased analysis functions within packaged applications. The trend is most noticeable so far with cloud-based packaged application offerings, and this will continue.

Helping CIOs A vendor should possess technology & service capabilities

K e v i n E g g l e s to n

A Question of answers

Kevin Eggleston | Hitachi Data Systems

“IT infrastructure is becoming unwieldy” In a discussion with Yashvendra Singh, Kevin Eggleston, Senior VP & GM, Apac, Hitachi Data Systems, talks about the company’s future plans By 2015, you want Hitachi Data Systems (HDS) to touch revenues of a billion dollars. How will you achieve this target? The momentum and organic growth of HDS in the market alone will help it touch $850 million. Our success records of the past prove this. We intend to take more market share by continuing to make big investments. We could also look at acquisitions in some of the markets to expand our capabilities as we have done in the past. There are lots of plans underway but at this stage we won’t be able to divulge them. It is increasingly becoming unwieldy for CIOs to continue to buy more and manage more. What is the way out for them?

The IT infrastructure is definitely becoming unwieldy. That is why CIOs are increasingly coming to us and saying that they just want service without the hassle of buying and managing IT. So, we see a trend towards a combination of private cloud model and consuming that as a service. India is at the forefront of this evolution. This is the biggest trend in the industry but because it is capital intensive, you have to be large enough to manage it. To help CIOs achieve this, a vendor should possess technological and service capabilities. We are well-positioned in the space to do so. What are your predictions for 2013 from a CIO’s and industry’s perspective?

The service-level-based delivery model is the biggest trend that we are seeing and will get bigger and bigger in future. It blurs the line between cloud because at the essence these are really cloud models. What will be interesting to see is whether there will be consolidation in the supplier base. Some of the companies are struggling in these tough economic times, acquisitions are being made, and top management is changing. I think there is a potential for another wave of consolidation in the IT industry. According to experts, 80 percent of the companies typically stick with their supplier choice. But only 80 percent of this deliver the same services. So if you do the math, over a third of that market space is available for competition. I would

The Chief Technology Officer Forum

cto forum 07 february 2013

A Question of answers

K e v i n E g g l e s to n

personally say that India-based service providers are going to grow like crazy as compared to the classic service providers like IBM, HP and CSC. We are finding that CIOs care less and less about technology. They just want technology at the lowest possible cost. India is an interesting conundrum for IT companies. Ninety percent of the people we deal with in IT are engineers and therefore they are smart when it comes to technology. They have strong opinions on what technology is right for them. But this is the exception. Across the world, IT people are saying that we don’t need to know about technology. We don’t need to glue it together, we don’t want to do our own integration. We just want the solution to plug and work. The technology direction, therefore, is towards delivering converged stacks of technology. Would HDS allow its customers to go to a public cloud? We may go so far as to allow customers to utilise public cloud models outside of Hitachi as a tier in their strategy that can be managed by us. They can look at it as a federated model. With all due respect to what Google and Amazon have done in this space, it is not up to the security and availability levels that a bank in India or a government agency has to have. Lots of CIOs have turned their IT departments into profit centres. Will cloud enable them to change to revenue centers as well? Yes, in the near future IT will be looked at as a profit and revenue center. First indications of this trend were a few years ago in the telecommunications’ companies. These companies earlier thought of IT as the back office thing that allowed them to keep track of service orders and that sort of stuff. However, they realized that their land line business was fast disappearing in the face of mobile telecom companies because

cto forum 07 february 2013

“CIOs want services without the hassle of buying and managing IT”

the latter had far superior IT infrastructure and more importantly they had a lot of bandwidth and network available. So, we saw them looking to their IT department as an engine for new revenues and profits for the companies. This was the first instance when companies looked at their IT departments for revenues and profits. Now we are seeing this across other industries also. HDS has transformed from a hardware to a software and services company. Where do you see the companies evolving in the next phase? We are at present 50:50 (hardware:software). Going forward, in light of the new business models, this is bound to change. In addition to this, you will see some more use-case specific solutions from us that take advantage of not just the IT IP. A good example would be our solutions in the healthcare industry.

The Chief Technology Officer Forum

things I Believe in Today, CIOs care less and less about technology Over time you will see HDS doing broader industry-specific solutions that go beyond IT The technology direction, therefore, is towards delivering converged stacks of technology

We have a strong technology practice for healthcare in our company. Over time, you will see us doing broader industry specific solutions that go beyond IT. We see this as an opportunity because we are uniquely positioned for this. Today, we can provide you an in-the-box Oracle solution. Tomorrow it could be inthe-box medial imaging solution. It is an expansion beyond IT. What are your plans on the smart city project? Are you bringing them to India? Typically the smart cities’ projects are driven by a country’s government. They identify cities and drive the projects with an eye on the interests that we need to change the way we consume energy, move people around or educate them. Smart cities to me look like pilot projects within a country. The concept aligns nicely with many things that we do – what we call the social infrastructure.

Best of

Features Inside

Breed

How to Develop Business Continuity Pg 22

Illustration by raj verma

odayâ&#x20AC;&#x2122;s CIOs face a host of complex challenges. Their departments must continually find more efficient ways to store, process and analyse massive (and growing) volumes of incoming data. They need to support globally distributed enterprises, including internal staff, external partners, customers, facilities and other assets around the world. More data in more places also means more risk, as legal, regulatory and privacy obligations increasingly apply to all types of electronic information, including email messages, texts, tweets, phone call records, customer data, blog posts . . . the list goes on. Todayâ&#x20AC;&#x2122;s CIOs face a host of complex challenges. Their departments must continually find more efficient ways to store, process and analyse massive (and growing) volumes of incoming data. They need to support globally distributed enterprises, including internal staff, external partners, customers, facilities and other assets around the world. More data in more places also means more risk, as legal, regulatory and privacy obligations increasingly apply to all types of electronic information, including email messages, texts, tweets, phone call records, customer data, blog posts . . . the list goes on. What used to be solely the domain of records management and legal departments is now yet another responsibility for IT, as information experts are asked to identify and protect data that has business, legal or regulatory value, while facilitating the defensible disposal (i.e., deletion) of

A retention schedule provides a framework for RIM and legal departments

A Govt Strategy for Data Disposal Todayâ&#x20AC;&#x2122;s CIOs can collaborate with legal and records management team to cut IT cost By Lorrie Luellig

cto forum 07 february 2013

The Chief Technology Officer Forum

m a n ag e m e n t

everything else. This is a critical task—the elimination of “data debris” can have a dramatic impact on compliance.

Corporate Data At the 2012 Compliance, Governance and Oversight Counsel (CGOC) Summit, a survey of corporate CIOs and general counsels found that, typically, one percent of corporate information is on litigation hold, five percent is in a records-retention category and 25 percent has current business value. This means that approximately 69 percent of the data most organisations keep can— and should—be deleted. Less IT budget spent on unnecessary storage, servers and backup means that more resources can go to strategic investments. Less information to manage means that legal and regulatory responses can be handled more efficiently and with fewer errors. Unfortunately, confusion often exists about what data needs to be kept. More than 100,000 international laws and regulations are potentially relevant to Forbes Global 1000 companies—ranging from financial disclosure requirements to standards for data retention and privacy. Additionally, many of these regulations are evolving and often vary or even contradict one another across borders and jurisdictions. To achieve defensible disposal, stakeholders from IT—who are stewards of the data—must collaborate more closely and transparently with records and information management (RIM), legal and business units to build an information retention and disposition strategy that makes sense in today’s global, complex and digitally driven enterprise.

The Role of a Retention Schedule in Enabling Defensible Disposal A retention schedule provides a framework for RIM and legal departments to organise corporate records and information, and detail the length of time that such records must be retained for compliance and business needs. It’s an important tool, but a dated one. It was devised in an era where paper records were the norm and IT departments didn’t need to concern themselves with legal holds or retention policies, for example. The legal and regulatory landscape has since changed dramatically. Today, the vast majority of information that needs to

B E S T OF B R E E D

Today’s CIOs face a host of complex challenges. Their departments must continually find more efficient ways to store, process and analyse massive (and growing) volumes of incoming data. They need to support distributed enterprises, including internal staff & external partners be either preserved, retained or deleted is under the direct responsibility of IT. Here’s the problem: IT often lacks the legal and regulatory insight to link compliance obligations to the thousands of applications, databases and other repositories it manages. Legal and RIM professionals possess the knowledge to set retention and disposal policies, but don’t have a holistic view of the IT infrastructure needed to identify where relevant data is, nor the ability to dispose of electronic information that’s no longer of value. Clearly, a more modern, broadly useful and executable retention schedule approach is necessary—one that recognises the shared responsibility for information management and defensible disposal among legal, RIM and IT departments. In such an environment, all stakeholders would have insight into the flow of information throughout the enterprise and be armed with the right policies, processes and tools to protect what’s important for business, legal and regulatory purposes.

Making It Work in the Real World A modern and executable retention schedule supports the goal of defensible disposal and guides the roles of business, legal, RIM and IT stakeholders in the process. The key elements that must be incorporated for a retention schedule in a enterprise are: 1 Manage all information, not just “records.” The retention schedule must apply to all the data in an organisation’s possession, not just information officially classified as “records.” Consider anything and everything—including both structured and unstructured data sources—as either having legal, regulatory or business value or as debris, whether it’s a human

resource record, patent filing, financial statement, email message or tweet. 2 Connect legal, privacy and regulatory retention obligations directly to relevant information. The retention schedule must clearly define how legal, privacy and regulatory obligations apply to all types of information and business users, including what is covered, who is obliged to comply, and how retention obligations, privacy directives and disposal mandates are triggered. Technology solutions may be deployed to help organisations automate the connection of information to retention and disposal requirements. 3 Retention periods must take into account the business value of information in addition to legal and compliance value. This value should be explicitly defined by business stakeholders and made transparent to legal, RIM and IT. Again, technology solutions can help by allowing users to associate information types, such as purchase orders or employee agreements, with specific data sources, such as enterprise cost management and human resources systems, or applications such as Microsoft SharePoint, and to include details on why and for how long the information is and will be of business value. 4 Identify where information is located. Information inventories are a must, describing where data is stored, what record classes apply, who was or is responsible for the content and who manages it. With the help of a reliable “data map,” data stewards can more easily identify information and understand the value and obligations related to that information according to lines of business, departments, and so on. The Chief Technology Officer Forum

cto forum 07 february 2013

B E S T OF B R E E D

m a n ag e m e n t

5 Ensure that retention and disposal obligations are communicated and publicised. This involves two key elements: defining what is required of data users when creating and identifying information, and defining the responsibilities of data stewards related to the disposition of information. For example, IT won’t be able to make sense of a disposition directive that states, “Comply with record class HUM100.” Translated more clearly, this directive might state, “Job applications created by HR users and stored in the HR shared drive must be permanently deleted 10 years after the termination of the employee.” Clarity invites compliance. 6 Allow for flexibility to adapt to local laws, obligations and limitations. The retention schedule must be flexible enough to incorporate “local” insight into the policies and procedures driving retention and disposal. To assist with this, technology solutions can be used to catalog all the specific laws and regulations in applicable regions so that various jurisdictional exceptions and

in laws, to the business and in changes can be communitechnology. With global regulacated to relevant stakeholders. tory, legal and privacy require7 Include a mechanism that ments constantly evolving, allows legal and IT to collaboit’s important to stay ahead of rate. No retention schedule was the dip in changes and incorporate new can achieve the goal of defenrequirements into the retention sible disposal without clear semiconductor schedule. Technology can assist communication between legal revenue in the with alerts that communicates and IT stakeholders regarding year 2012 to systems and data stewards what specific information is when adjustments are needed. on legal hold, and when holds can be released. 8 Identify and eliminate duplicate inforShepherding Information Through mation. Confusion about what exactly Its Useful Life Cycle needs to be retained and for how long CIOs have an important role to play in can encourage a tendency to “save everyefficiently and cost-effectively shepherding thing,” which is a bad information manthe flow of corporate information through agement habit, especially as some privacy its useful life cycle while finding a way to laws—the Health Insurance Portability “release the pressure valve” when the legal, and Accountability Act in the United regulatory or business value of information States and the Data Protection Directive in has come to an end. the European Union, for example—actu— Lorrie Luellig is of counsel, Ryley Carlock ally require the deletion of certain types of & Applewhite. information after a period of time. —The article was first published in CIO Insight. 9 Update in real time to account for changes For more stories please visit www.cioinsight.com.

How to Develop Business Continuity

Today’s world is plagued with natural disasters, power outages & civil unrest. Are you prepared? By Paul Hyman

hen Hurricane Sandy took a $65 billion toll on New York and New Jersey last October, flooding streets, knocking out power, and demolishing infrastructure, it’s impossible to know how many businesses were prepared for

the devastation. But disasters like Sandy are exactly what comprehensive business continuity (BC) plans are designed to protect against. And it is very likely there are an awful lot of companies out there that are now considering how they might deal with the very next disaster– natural or human-made. The number one reason to develop a BC plan, if your company doesn’t already have one, is to keep the critical services up and run-

cto forum 07 february 2013

The Chief Technology Officer Forum

ning in the event of an outage or interruption, say experts, making sure the plan is in place, that it’s regularly tested, and that it’s up-todate. It’s like having a spare tire in your car, they say, or a Plan B. The goal is to protect seven resources that are the key to your business: facilities, staff, technology, machinery, transportation, critical records and supply chain. Before any planning is started, the leadership team, which should include the CIO, must determine what are the critical processes that need to be protected, says Michael Emerson, senior director of infrastructure at Citrix in Fort Lauderdale. The plan can’t be all encompassing. The next step, Emerson says, is to make sure you have buy-in from the executive leadership team and that the plan, which takes

m a n ag e m e n t

considerable time and effort, is a priority for the company. And then start building your team. Make sure they understand that their level of commitment to the program needs to be strong to make it successful. Having people plan for something that might never happen is extremely difficult when people have deliverables due daily, he says. Getting the commitment from the executive leadership team sends the right message, sets the tone and helps prioritize BC efforts. John Linse, an advisory solutions principal for EMC’s Assured Availability Services Group within EMC Global Services,who blogs about business continuity, recalls working with a Midwest company that didn’t have a BC plan. The company had two offices, which housed about 2,600 employees, located on both sides of an expressway with a walk bridge connecting the two buildings. One morning, a power outage knocked out electricity in one of the buildings. Because no BC plan was in place, a security guard made the decision that, due to the lack of power and air conditioning, he would send home the building’s 1,300 employees. “That decision — made by an $8.75-an-hour security guard--cost the company about $1.2 million in expenses,” says Linse. “If there had been a plan in place, employees might have been prioritized by who needs to be at work and who doesn’t, work space could have been set up on a temporary basis in the second building’s conference rooms, and a back-to-work plan could have kept the business going that day. When we talked to the CIO and COO afterwards, you can be sure they were ready to begin creating a plan, knowing what can happen in the absence of one.” But which type of plan protects a data center best that, after all, is usually the CIO’s main concern? Here are three examples to choose from depending on the company’s budget and how long it can afford to be without its technology services, says Douglas Henderson, president of Disaster Management, Inc. Redundant site. A completely functional separate operation that continually duplicates every activity of the primary data center. Under this environment, the primary data center can be completely shut down without any interruption of service as the redundant site is fully staffed, equipped and continually operational. PRO: Technology services can be accessed instantaneously. CON: Requires duplicate staff, hardware and space, which may make it a very expensive choice. Hot Site. A separate operation that’s ready on a standby basis with compatible hardware, power, communications and other necessary assets. Must be regularly tested to assure readiness. PRO: Doesn’t require a duplicate staff. Can generally be made fully operational in 24-36 hours. CON: Requires duplicate hardware and space. Cold site. A separate facility that isn’t operational but can be made

Illustration by xxxcom

B E S T OF B R E E D

The goal is to protect seven resources that are the key to your business

cto forum 07 february 2013

The Chief Technology Officer Forum

operational within a reasonable period of time. Electric power and communication access is available, but the computer hardware isn’t in place. PRO: Doesn’t require duplicate staff or hardware. Least expensive choice. CON: Requires duplicate space. Provides partial recovery in five or more days but full recovery takes longer. Regardless which BC plan you choose, your priority should be resiliency--assuring reliability within the data center so that, perhaps, Plan B may never be necessary. Experts point out that backing up electronic data to an off-site location as frequently as possible is the very best, simplest way to prevent catastrophes. With the popularity of cloud computing, electronic vaulting is a no-brainer. What you don’t want to do is backup data daily but only move it off-site, say, once a month. This means that if a disaster occurs 28 days from the most recent transfer, you’re at risk of losing almost a month’s worth of data. A weekly transfer is recommended. And be sure your staff knows how to access the data that’s offsite. A planning session is critical to determine that everyone knows where the data is and how to get to it. Also, are you sure you are backing up everything, even the data that employees are working on at home on their laptops? Or from the Macs in your art department, which may not be part of your main data center? Smaller companies may try to cut corners and save money by storing data onsite in a so-called fireproof enclosure, like a safe. Be aware that safes may be fire-resistant but they aren’t fire-proof. And if the data is on the premises, what happens if a fire or other disaster prevents you from accessing the building? Or perhaps the building is destroyed? —The article was first published in CIO Insight. For more stories please visit www.cioinsight.com.

HORIZONS

Features Inside

The Dawn of E-Politics Pg 27

illustration by anil t

The Five Traits of the Quantum IT Organisation These traits are not about technology. They are about people By Charles Araujo

he IT we have known it for the past 45 years is dead and we are entering what is being called The Quantum Age of IT. It is an era in which the customer is in charge and in which IT organisations will become highly specialized to deliver value as either strategic sourcers or strategic innovators. It is a time of great disruption, but for those IT leaders who understand what is coming, it is also a time of great opportunity. But merely being aware of what is coming is not enough. To survive and thrive in this new era, IT leaders at all levels of the organisation must actively develop five new organissational traits that will define the Quantum IT organisation. Each IT organisation must become: A Learning Organisation A Disciplined Organisation A Transparent Organisation An Intimate Organisation A Dynamic Organisation These are not new ideas. In fact, many of them have been discussed for decades. And like County of Orange, Calif., CTO Joel Manfredo, many progressive IT leaders have begun embracing these concepts and The Chief Technology Officer Forum

cto forum 07 february 2013

N E X T H OR I Z O N s

g ov e r n a n c e

applying them in their organisations. But what will set IT leaders apart in the coming era is the recognition that an explicit and holistic approach to developing all five of these organisational traits is required to transform into a Quantum IT organisation.

Understanding the Five Traits These five traits have little to do with technology. They are about creating an organisation that thinks and operates differently from the way IT organisations have always operated. They are fundamentally about interactions and relationships. These five traits do not represent a new maturity model. You cannot pick and choose--you will need to develop all five traits to thrive in the Quantum Age. While these are a bit of a hierarchy, you need to begin by understanding the meaning of these five traits.

The Learning Organisation The learning organisation is one in which change is a constant, and delivery is always evolving to anticipate needs and proactively improve services. It is one in which every member of the organisation takes personal accountability for improving service–every day. It is about being psychologically close enough to your customer that you have the opportunity to learn. As Bill Wray, CIO of Blue Cross Blue Shield of Rhode Island, puts it, “You must be forward deployed. This job isn’t 90 percent people, it’s 98 percent people. IT people have not been able to or wanted to understand that.” Becoming a learning organization is about changing that.

“A transparent organisation is one that unabashedly exposes its financial and operational performance to enable better business decisions. It is not about showing how the sausage is made” The Transparent Organisation Most IT professionals are good with the first two traits. The traits make sense and there is little risk. Becoming a transparent organisation is another matter. A transparent organisation is one that unabashedly exposes its financial and operational performance to enable better business decisions. It is not about simply showing how the sausage is made. It is about giving the customer enough information and communicating in a way that together you can make a better decision. “The onus is on IT to stop speaking IT speak and to begin speaking business speak,” says Ashwin Rangan, CIO of Edwards Life Sciences. “My direct reports--none of them are technologists. They are relationship managers.” Being a transparent organisation is fundamentally about openness and trust — and it is the starting point for establishing true intimacy with your customer.

The Intimate Organisation

Intimacy is not a word that is often used in the world of IT, but it needs to be. Alignment is not enough. It implies two bodies The Disciplined Organisation moving independently, but trying to stay The disciplined organisation is one in sync. It just doesn’t work. The intimate that employs rigorous processes and organisation is one that moves the relationmanagement practices to ensure the ship beyond requirements and consistent and efficient delivery SLAs — beyond the roles of of services. This is table stakes. the order giver and the order This is simply doing what your taker--to create a deep, businesscustomer expects–every day. centered relationship. It is about Doing that, however, requires meeting the customer where that a sense of rigor and discipline get ingrained into the of mobile market they live and not expecting them to come to you. “You need to get culture. Being a disciplined organisation is about doing your will be of hybrid to where the people are doing the work,” says Wray. “We need job, but it is also the foundation apps by 2016 to go 80 percent their way and of trust on which everything else let them come 20 percent our will get built.

50%

cto forum 07 february 2013

The Chief Technology Officer Forum

way.” Call it the Intimacy Line — IT needs to forget 50/50, it is all about going 80 percent. But intimacy, according to Rangan, is also a two-way street. It requires a mutual trust and vulnerability. “When you're in an intimate relationship at the personal level, you agree to be in a mutually vulnerable relationship. That's a mind-bender for a lot of people. The mutual vulnerability defies definition. You have to be willing to let it all hang out.” It is only through intimacy, however, that IT can finally transcend the barriers that have held it back in the past and move into a full relationship with the customer.

The Dynamic Organisation Becoming a dynamic organisation brings it all home for IT. It is the only trait that brings technology back into the mix. A dynamic organisation is one with a highly scalable and adaptable architecture that enables the rapid provisioning of services to meet changing needs. It is about sustainability and adaptability. It offers freedom to your customers to react rapidly and seize opportunities as they present themselves. But it is more than mere technology — it is an attitude. It requires that you change the way IT looks at itself and the services it provides. “We are in an age where the tangible value of an IT asset is measured in months,” says Rangan. “If you take years to construct the asset when it has a useful life of months, it defeats the purpose. The whole point now is agility and nimbleness.” That is what it means to become a dynamic organisation.

Start at the Beginning The five traits represent five pieces of one whole. But there is a form of hierarchy in

g ov e r n a n c e

how they are developed. They evolve dynamically and in parallel, but also based on the success of the more foundational traits. Creating a learning organisation is the core foundation because it sets the organisational mindset to one that will be open to change. Creating discipline and rigor is the ticket to the dance. Transparency creates a new and deeper level of trust, which in turn opens the door to a truly intimate relationship. And it is only through a deeply intimate relationship that an organisation can understand their customer well enough to create the type of dynamic environment that is needed to drive game-changing business value. Many organisations are embracing the building blocks of the dynamic organisation: virtualisation, private clouds and other similar technologies. But those IT leaders

who believe they can realise this vision through technology alone will find themselves in a very uncomfortable position. They will have the technology, but lack an organisation that has the traits and skills necessary to operate it. It will be like building a sports car, but not knowing how to drive. It will only be those IT leaders who lead their organisations through the process of developing and evolving all five traits that will find their way into the Quantum Age.

It’s About Your People While his journey in Orange County is far from over, Manfredo has showed his people that change could happen. And the results speak for themselves. In less than two years he was able to create order out of the chaos he first found. There was the 77

N E X T H OR I Z O N S

percent reduction in SLA exceptions. There was the 75 percent reduction in service restoration time. But the biggest impact was on the attitude of his team. One of his managers said it best when he told him, “I have been here for 18 years and there have been numerous changes in management, but nothing changed in how we worked until you got here.” That is the secret of the Quantum Age of IT and these five organisational traits. It is not about technology or even organisations. It is about people, attitudes and relationships. The future belongs to the IT leaders who understand this and invest accordingly. —Charles Araujo is the founder and CEO of The IT Transformation Institute. — The article was first published in CIO Insight. For more stories please visit www.cioinsight.com.

The Dawn of E-Politics

The Obama campaign’s IT team built applications, using iterative approaches that enabled the campaign to respond to events or issues By Michael Vizard

was a team of engineers who were not only Web savvy, hen the campaign to re-elect U.S. but who would be highly committed to quickly building President Barack Obama got under applications, using iterative methodologies that would way, campaign chairman David give the campaign the agility to respond instantly to Axelrod was certain that social almost any event or issue. That decision meant one of media would play a much bigger the first people Reed hired was Jason Kunesh to be the role in the 2012 election than it did in 2008. Axelrod will be the rise in it campaign’s dedicated lead for managing user experience. didn’t know a lot about social media, but he recognised spending by india What set the Obama campaign apart from that that near-ubiquitous access to Facebook, Twitter and of Republican challenger Mitt Romney was a commitsmartphones were changing the way people became govt in 2013 ment to building social media applications that helped informed about events and issues. His insight led to the the campaign quickly target campaign messages to realization that the campaign needed a CTO who was specific constituencies, but just as importantly helped well versed in the ways of the Web, which led to appointstaffers get out the vote on Election Day. Given the margin of ment of Harper Reed, formerly CTO of Threadless.com, an online victory for President Obama in many key battleground states, it is community for artists based in Chicago, as CTO of the Obama for clear the campaign’s social media applications were a key compoAmerica presidential campaign. nent of that success. The first thing Reed says he recognised the campaign needed

10%

The Chief Technology Officer Forum

cto forum 07 february 2013

g ov e r n a n c e

“We pretty much used the Ladders of Engagement approach as our organising principle for building software,” says Kunesh. In fact, Reed says the one thing that really set the Obama campaign apart from the Romney campaign is that on Election Day, campaign staffers were working with applications that had iteratively evolved with a lot of feedback from the campaign staff. In contrast, the Romney campaign used a more traditional approach to developing applications that relied heavily on outside IT consultants and resulted in a set of applications, known as Orca, which the Romney campaign staff didn’t see until election day. With little to no familiarity with the applications or much guidance in the way of user feedback, the Romney social media effort met with predictable results, says Reed. In contrast, the agile development approach taken by Obama for America put the IT focus of the campaign on the user experience from the very beginning. “When you work from a specification, the application is never going to be right,” says Reed. “To succeed with people with little in the way of technology skills, like campaign staffers, you need to be very iterative.” That approach, says Reed, allows IT organisations to collect a lot of feedback and quickly produce new versions of the software. What made all that agile development possible was the use of a consistent set of application programming interfaces (APIs) known as Narwhal across all the applications the team built, which the IT operations team quickly deployed on an Amazon Web Services (AWS) cloud computing platform. According to Ryan Kolak, Narwhal tech integration lead, those APIs essentially created a framework that made rolling out each new social media application not only a lot faster, but also easier for the IT operations team to manage. “We had integrated data sets in a central database that could all be accessed via a single API,” says Kolak. Scott VanDenPlas, the campaign’s DevOps tech lead, says the campaign’s success shows the critical need to make sure that the application developers and IT operations team are able to work hand in glove. That doesn’t necessarily mean putting in place a lot of DevOps structure as much as it does making sure that each team member

cto forum 07 february 2013

The Chief Technology Officer Forum

illustration by photos.com

N E X T H OR I Z O N s

“It hard to see how anybody is going to get elected in the future without relying a lot more on engineers” understands the how dependent they are on each other to succeed. “Nothing we did was revolutionary. It’s not really about DevOps, it’s about integrated ops,” says VanDenPlas. “Having one level of hierarchy just provides a better way to work.” Reed says much of the methodologies used by his team have already been pioneered at companies such as Facebook and Google. What the IT team did was leverage an application performance monitoring service from New Relic to quickly identify performance issues and, just as importantly, application features that nobody was using. By aggressively eliminating those unwanted features, the IT organisation could ensure that application performance remained consistently high, says VanDenPlas. In fact, Chris Kelly, New Relic’s developer evangelist, says study after study shows that better application performance leads always contributes to more usage.

“What you’re really trying to do is flatten the IT organisation to achieve frictionless ops in a way that enables continuous delivery of applications,” says Kelly. “Monitoring is essential to making that happen.” Reed says he’s not sure how social media strategies in the next campaign may play out or what he and his team might do next, beyond leaving politics to focus on commercial business opportunities. But it is clear to him the US has entered a new era of e-politics in which getting people to vote for a particular candidate will be similar to the social media marketing efforts that are already being widely deployed across the Web. “Campaigns in the future are going to involve a lot more math and targeted analytics,” says Reed. “It hard to see how anybody is going to get elected in the future without relying a lot more on engineers.” — The article was first published in CIO Insight. For more stories please visit www.cioinsight.com.

A r e yo u a s o c i a l- b u s i n e s s CIO ?

COVE R S TO RY

Are You a SocialBusiness CIO? Our survey yields interesting insights into what CIOs think about social-businessenabling technologies By team CTOF Design By

Shokeen Saifi Illustrations By Rethish KR Shigil Naryanan & Peterson PJ

Imaging By

The Chief Technology Officer Forum

cto forum 07 february 2013

COVE R S TO RY

A r e yo u a s o c i a l- b u s i n e s s CIO ?

Do employees using social-businessenabling technologies increase productive during the workday?

"Yes. Social media is a platform, which provides instant connectivity and access to real-time information. Employees can use it for communication, seeking suggestions/ feedback and enhancing knowledge" Shankar Gurkha CIO, Gujarat Industries Power Company Ltd.

cto forum 07 february 2013

The Chief Technology Officer Forum

SELF ASSESSMENT

YES

A r e yo u a s o c i a l- b u s i n e s s CIO ?

COVE R S TO RY

How can one become a social-business CIO?

"One can become a social-business CIO by connecting social apps to goals such as accurate forecasts, quick decisions and other employeeworkflow areas of concern"

SELF ASSESSMENT

YES

Manoranjan Kumar CIO, Kanoria Chemicals & Industries Limited

The Chief Technology Officer Forum

cto forum 07 february 2013

COVE R S TO RY

A r e yo u a s o c i a l- b u s i n e s s CIO ?

What is the best way to make business unit heads understand the importance of social media?

"The best way is to speak the business language. Citing success stories and highlighting how social business can help increase productivity, also helps." Vijay Bhat CIO, Met Trade India Ltd

cto forum 07 february 2013

The Chief Technology Officer Forum

SELF ASSESSMENT

YES

A r e yo u a s o c i a l- b u s i n e s s CIO ?

COVE R S TO RY

Should collaboration tools be flexible?

"Yes, flexibility can help anywhere, anytime access" Tanmoy Mukhopadhyay CTO, A2Z News Channels

SELF ASSESSMENT

YES

The Chief Technology Officer Forum

cto forum 07 february 2013

COVE R S TO RY

A r e yo u a s o c i a l- b u s i n e s s CIO ?

Should authentication models expand internally, externally, and link information between systems?

"Yes. It is important to have authentication models that expand internally and externally, and link information between systems" Sanjay Malhotra CIO, Amway

cto forum 07 february 2013

The Chief Technology Officer Forum

SELF ASSESSMENT

YES

A r e yo u a s o c i a l- b u s i n e s s CIO ?

COVE R S TO RY

Survey Findings CTO Forum conducted a survey to find out if enterprise technology decision makers were tranforming into social-business CIOs. A total of 123 CIOs participated in the survey, which threw up some interesting results. An overwhelming majority of CIOs (74 percent) believes that social business enabling technologies can help in increasing productivity. Surprisingly, none of the respondents feel that social media negatively affects productivity. A majority of the responding CIOs (51 percent) believes that to become a social-business CIO, one needs to define new job positions and showcase examples how social media can help in prevention of productivity breakdown scenarios. When it comes to making business heads understand social media, 34 percent CIOs feel that the best way is to speak the business heads' own language and an equal number of CIOs feels that it is important to share social business success stories of other enterprises. Seventy eight percent of those who participated in the survey affirmed that collaboration tools must be flexible. 74 percent CIOs advocated an authentication model that expands internally and externally, and links information between systems. Do you feel employees using social-business-enabling technologies can increase productive during the workday?

What is the best way to make business unit heads understand the importance of social media?

By defining new job positions, such as social-business analyst and community manager - 3.4%

By speaking the language that business heads understands - 34.0%

% .1 26

By connecting social apps to goals such as accurate forecasts, quick decisions and other employee-workflow areas of concern - 31.5%

Yes - 73.9% No - 0%

73.9%

How can one become a socialbusiness CIO?

Canâ&#x20AC;&#x2122;t Say - 26.1%

By demonstrate how improved use of social tools would have prevented a productivity-breakdown situation - 13.8% All of the above - 51.3%

Should collaboration tools be flexible?

13 .0%

78.3%

No, it may create technical issues or security challenges - 8.7%

Highlighting how social business can help increase productivity - 29.8% None of the above ( business heads already understand the importance of social media) - 2.2%

Should authentication models expand internally, externally, and link information between systems?

Very Important 73.9%

% .1 26

8.7%

Yes, flexibility can help anywhere, anytime access - 78.3%

By citing examples of how other enterprises are leveraging social media - 34.0%

73.9%

Somewhat Important - 26.1% No - 0%

Both a & b 13.0%

The Chief Technology Officer Forum

cto forum 07 february 2013

COVE R S TO RY

A r e yo u a s o c i a l- b u s i n e s s CIO ?

The Force Multiplier

Social Media tools, if deployed strategically, have the potential to improve employee productivity and enhance enterprise revenues

s social media continues to grow, customers' expectations (both internally and externally) rises. By 2014, refusing to communicate with customers by social media will be at par with ignoring today's basic expectation like responding to emails and phone calls, says research firm Gartner. Organisations' use of social media to promote their products, responding to inquiries via social media channels will be the new minimum level of response expected. Enterprises in India are taking social media seriously. Most of them have accepted social media in one form or the other. However, CIOs are a little uncertain about how to get involved themselves in social networks, and use it as a tool for business enablement. The security concern, however, related with social media often troubles them. Some of the CIOs have already developed ways to reach consumers through social technologies and gather insights for product development, marketing, and customer service. Mahindra & Mahindra Financial services is successfully using social media to interact with its audiences. “We are addressing complaints by leveraging social media” says Suresh A Shan, Head - Business Information Technology Solutions (BITS), Mahindra & Mahindra Financial Services Limited.

cto forum 07 february 2013

The Chief Technology Officer Forum

Similarly, BIAL is working with OEM partners to develop mobile apps for travelers. “This will be the first phase of the project and in the second phase, we will provide seamless updates via social media” reveals S Francis Rajan, VP ICT, BIAL. “The trends suggest that by fully implementing social technologies, enterprises have an opportunity to raise the productivity of interaction workers—high-skill knowledge workers, including managers and professionals—by 20 to 25 percent,” opines Arvind Joshi, CISO, Honda Motorcycle & Scooter India. “In my opinion, social media/ techologies are not a product. It is a way of thinking and behaving. Social technologies enable social behaviours to take place within the workplace, if the underlying culture supports it” he adds. CIO and his business-technology team has tremendous insights into company’s operations, its priorities, its vulnerabilities, and its opportunities. Organisation looking forward to align social media with business goals has to ensure active participation of a CIO. To make it a success, CIOs have to be actively involved in the integration process. “So today, as our systems of record become systems of engagement, and as the social revolution opens up all facets of our enterprise to customer interactions as well as customer scrutiny, isn’t it time to bulldoze the internally constructed silos separating the folks that have traditionally

touched the customer,” exclaims Tanmoy Mukhopadhyay, Chief Technical Officer, A2Z News Channel. One of the biggest challenges that CIO faces(internal or external), is that engagement via social media is generally perceived as a voluntary activity. “Social business is part of a single continuum across workers, business partners, customers, and the marketplace, that internal use of social business and external uses involve participants that have a very different relationships with the organisation” feels Mukhopadhyay. However, there is a school of thought, which is not sure about social media's implication on the workforce. “Workforce may be more productive in some situations. However, it would be better off without social media” says K R Bhat, GM IT, NABARD. NABARD has decided not to use social media for business. Ironically, some organisations treat social media engagements on an ad hoc basis. Gartner says that over 50 percent of organisations monitor social media, but only 23 percent collect and analyse data. The facts simply highlight that organisations are not keeping records of interactions occurring on social media and do not keep social profiles for people they have engaged with. CIOs have to keep these facts in mind to effectively use social media for business enablement, otherwise it will be just another lost opportunity.

ci sco CISCO

ctof custom series

better because it takes a lot of complication out of the equation.

Next Gen UCS servers for Next Gen Computing

In a series of interactive articles, Cisco will shed more light on its Unified Computing System (UCS), thereby enabling CIOs to better manage their IT infrastructure

How has Cisco made server I/O more powerful and much simpler? Answer: One of the key differentiators of Cisco UCS (Unified Computing System) with Intel® Xeon® processor is the way in which highcapacity server network access has been aggregated through Cisco Virtual Interface Cards and infused with built-in high performance virtual networking capabilities. In “pre-UCS” server system architectures, one of the main design considerations was the type and quantity of physical network adapters required. Networking, combined with computing sockets/cores/frequency/cache, system memory, and local disk are historically the primary resources considered in the balancing act of cost, physical space and power consumption, all of which are manifested in the

various permutations of server designs required to cover the myriad of workloads most efficiently. Think of these as your four server subsystem food groups. Architecture purists will remind us that everything outside the processors and their cache falls into the category of “I/O” but let’s not get pedantic because that will mess up my food group analogy. In Cisco UCS, I/O is effectively taken off the table as a design worry because every server gets its full USRDA of networking through the VIC: helping portions of bandwidth, rich with Fabric Extender technology vitamins that yield hundreds of Ethernet and FC adapters through one physical device. Gone are the days of hemming and hawing over how many mezz card slots your blade has or how many cards you’re going to need to feed that hungry stack of VM’s on your rack server. This simplification changes things for the

There is also a need for higher processing power for bringing new choices for design optimization. What is happening on this front? Answer: Cisco has been working hard making server networking better with improved and optimized efficiency. With the advent and advance of multi-core processing, the workhorse two socket server has become a real performance monster. In fact, for some applications the amount processing power required, relative to the other food groups I mentioned in my previous answer, is outstripped by the capabilities of the mainstream processor family, which in today’s incarnation is Intel’s Xeon E5 2600 series. In response to this phenomenon, Intel subdivided the Xeon lineup to include a new “EN” class of processors, the E5-2400 series, which ease back on the gas pedal of Moore’s law for designs that don’t require as much processing power in relation to local storage and memory. This creates a new class of cost & performance optimized systems for lighter workloads or for storage heavy systems (think big data) at the entry end of the portfolio. Three of our new UCS M3 series systems fall in this category: the B22, C22 and C24. At the same time, Intel has brought four socket server options, formerly the province of the mission critical, “EX” end of the spectrum, down into the mainstream. An example of this is our new UCS B420 blade. So if you want four socket core count and performance but don’t necessarily need the comprehensive RAS features of an EX class system, you now have a price/performance optimized solution for that need. For any queries regarding UCS, please send them to yashvendra.singh@9dot9.in

BROUGHT to YOU BY

Intel, the Intel logo, Xeon, and Xeon inside are trademarks of Intel Corporation in the U.S. and/or other countries

The Chief Technology Officer Forum

cto forum 07 february 2013

NO HOLDS BARRE D

Sunil Sharma

DOSSIER

Company: Cyberroam Established: 1999 Headquarters: New Jersey, US Products: UTM, firewall, VPN, antivirus, antispyware

UTM Devices for

employees: 450+

Cost Reduction, Consolidation Sunil Sharma, VP, Cyberoam, in an interview with Akhilesh Shukla talks about how an India-based security company is making its presence felt globally 40

cto forum 07 february 2013

The Chief Technology Officer Forum

Sunil Sharma

These days CIOs are under pressure to consolidate, reduce the operation cost of the IT investment and infrastructure. How are Unified Threat Management (UTM) devices helping them to reduce cost without compromising the security of the network? The pressure of consolidation and reduction of cost on CIOs are helping the UTM industry including Cyberoam. Earlier the enterprises were buying different point products and solutions to protect their networks. However, an UTM can give the same results in as much as 20 percent of the cost of all point products generally a enterprises needs to buy. It is a consolidated play and plug device, easy to control and manage. These point product companies have been confusing the CIOs and CISOs for the last one decade. Ironically, as many as 85 to 90 percent of the enterprises need a genericlevel of security and doesn’t need to invest in point products and solutions. As the budgets are shrinking these CIOs/ CISOs have started exploring option and are excited by the offering of UTMs. At Cyberoam we have witnessed a huge acceptance of UTM devices during the last financial year. We have registered a year-on-year growth of 30 percent. Further, to the tap the growing demand we are lunching new products and will announce new UTM devices focusing on large enterprises. Government, defence, BFSI and education are the key verticals that we are targeting in the new year. How excited are CIOs/CISOs are when it comes to adopt an IT product developed in India by an Indian company, that too security? Do you face any resistance from them? When we had started Cyberoam people had apprehension about our product. They could not digest the fact that an Indian company is well equipped to launch an IT product, which is completely reseached and developed in the country. Today most of the IT products available in the market are developed and are sold worldwide by Norther American companies. But slowly and gradually we started getting recognition in the market and people started respecting us. Two years ago we won the NASSCOM innovation award. But I must

say still some of the CIOs are skeptical while buying our products. It will take a little more time to change the mindset of all, but it will happen for sure. One of the important thing for us today is we have to make a lot of ground to catch up with North-American companies. India itself is a huge market and we have a product range for an individual level to a enterprise level. At present, in India, we have a market share of around 23 percent. By the end of 2015 we are looking to capture 50 percent of the UTM market share.

“All our enterprise-level products are ready for social media integration or adoption of BYOD policy” How about global markets? Do you face similar challenges in the global market as well? CIOs/CISOs are excited to see a Indiabased company coming out with an innovative UTM product. But it is for sure that when an Indian CIO have apprehension about our product, how we can expect a

NO HOLDS BARRE D

global CIOs to be fair with us. Despite the fact, we are doing a considerable business in the global market. We have presence in more than 125 countries. As many as 65 percent of the revenue is generated from outside, rest of the 35 percent is contributed from the country. It is a remarkable feat against our global peers. Gartner which does not consider covering the UTM industry have been putting us in visionary quadrant for the last few years. How competitive are your products keeping in view of emerging threats and changing technology? We have a strong research and development (R&D) centre at Ahmedbad which keeps on coming with new products are technologies to suit the requirement of individual, SME and enterprises. All our enterprise-level product are ready for social media integration or adoption of bring your own device (BYOD) policy. Besides, Cyberoam products have user-identity-based recognition, content filtering and user policy IPS. By using our product a CIO/CISO can restrict users, application of any thing on the network. Our products are very much aligned with cloud and virtulisation technologies. We already have virtual CCC product and soon would be launching virtual UTMs. We continue to evolve ourselves to cater to the changing demand of industry. Even all our products are already IPV6 ready. Please share your plans and strategies for upcoming FY? The next level of growth from India will come from Tier II cities. Enterprises have already started having a direct presence in these location. We at Cyberoam have realised the fact that the trend will boost the demand of security product and services in these location. We have hired people on our rolls in Madhya Pradesh, Uttar Pradesh and Kerala so that they can support our business partners in these location. This will help us in catering to these market better and score over competition. Besides, our presence will help us to understand these markets better and develop product accordingly. For the next year we will continue to focus on enterprises and will continue to expand our presence in the these location and add more portfolio.

The Chief Technology Officer Forum

cto forum 07 february 2013

ThoughtLeaders Jaspreet Singh

Jaspreet is a Associate Director with Ernst & Young in the IT Risk & Assurance practice, focusing on the Technology, Communications & Entertainment sector.

Planning for Business Continuity The new international

standard i.e. ISO 22301:2012 specifies the requirements for setting up an effective BCM system The quantum of investment that needs to be made in business continuity planning can rarely be justified considering the uncertainty of a crisis event, against which an organisation must plan and prepare. However, this does not eliminate the need to adopt to a widely accepted and global Business Continuity Management (BCM) standard, as it has numerous benefits associated which can be realised to its maximum (both in qualitative and quantitative terms) if effectively employed. A well known fact is that global standards and certifications do not provide absolute assurance to organisations and its stakeholders in terms of being immune to any form of crisis such as the ones we’ve recently witnessed - the disruption of supply chain in the consumer and electronics industry caused due to floods in Thailand, changes in the regulatory landscape sector and therefore demonstrating non-compliance, weak global and local economic activity that influences the valuation of the currency and so forth. Therefore, the success of a business continuity strategy solely depends upon the extent and quality of the execution phase of the strategy.

cto forum 07 february 2013

Mobile devices such as smart phones, tablets and e-readers have become so portable, powerful, connected and user-friendly that they have penetrated every facet of our personal and professional lives. According to a survey conducted by Ernst and Young in 2011, which covered almost 1700 participants (mainly C-level executives) from 52 countries across all industry sectors, 36 percent of the respondents indicated that business continuity is their top funding priority which is three times as many respondents as those who indicated that the second-ranked area (data leakage and data loss prevention efforts) was their top priority. At the same time some firms are still not prepared for BCM: 18 percent indicated that they have no BCM in place and only 56 percent indicated that management had approved BCM activities. The British Standard (BS) 25999 standard was developed for organisations irrespective of size, complexity and the Industry it represents to address various business continuity requirements. Since its release by the British Standard Institute in 2006-07, the BS 25999 standard has been wide-

The Chief Technology Officer Forum

“It is important for companies to continue to invest in safeguarding their business interests and minimise the impact of shock events”

ly accepted across organizations on a global basis. Furthermore, the standard has also formed the basis for the development of many other Business Continuity Management (BCM) standards which includes the US ASIS/ BSI BCM.01 standard adopted by ANSI and now more recently creation of two new international standards: ISO 22301 (requirements) and ISO 22313 (guidance). The new International standard for BCM i.e. ISO 22301:2012 which has just been released this month (May 2012), specifies the requirements for setting up and managing an effective business continuity management system. ISO 22301 is titled as ‘Societal Security – Business Continuity Management System – Requirements’ standard. The timelines and criteria for organisations that intend to pursue the certification path is guided by the following: Organisations may certify against BS 25999-2 or ISO 22301 during the period May 2012November 2012; The upgrade period for organisations certified against BS 25999-2 is

from May 2012- 01 June 2014. Post November 2012, organisation can only pursue the ISO 22301 certification. In terms of similarities across both the standards, the methodology continues to be largely the same i.e. the adoption of the P-D-C-A (Plan-DoCheck-Act) cycle and all core elements of BS 25999 have also been incorporated in ISO 22301 for e.g. setting the scope, policy and objectives for BCM, establishing management commitment, risk assessments, conducting a business impact analysis, establishing resource requirements and the need to exercise, etc.. While on the other hand, the differences observed cut across the following BCM areas (but not limited to): Management commitment to provide evidence of its commitment to all phases of the Business Continuity Management System (BCMS); Planning and setting up measurable objectives with defined timeframes; Documentation and records (necessity to define the format of docu-

ments as well as media to store the documents); Business Impact Analysis (which introduces the new term â&#x20AC;&#x2DC;prioritised timeframesâ&#x20AC;&#x2122; which relates to the more familiar term â&#x20AC;&#x2DC;Recovery Time Objective (RTO); No requirements for conducting a self-assessment to assess BCM arrangement, Alignment of risk assessment approach to ISO 31000; More importantly, ISO 22301 further lays emphasis on quantifiable metrics to be defined for monitoring BCMS performance and effectiveness along with making testing for evaluation of continuity procedures a mandatory exercise. Given the fact that the current global economic outlook can have various implications on the functioning of an enterprise and industry sectors, it is even more important at this stage for organisations to continue to invest in safeguarding their business interests, minimise the impact of shock events resulting from an

Thought Leaders

illustration by photos.com

Jaspree t Singh

A well known fact is that global standards and certifications do not provide absolute assurance to organisations uncontrolled crisis and to maintain stakeholder confidence.

The Chief Technology Officer Forum

cto forum

07 february 2013

T E C H FOR G O V E R N A N C E

m a n ag e m e n t

illusration BY photos.com

POINTS

Privacy Scares

most industryspecific regulations, such as HIPAA and GLBA, focus on patents or customer data another growing problem is identity theft and identity fraud executed by trusted workers The more personal information workers have access to, the more fraud that can be committed, and more damage that can occur the privacy area typically focusses on only employee and customer information A large travel industry organisation indicated they check new applicants against the previous applicants to determine if it is even necessary to go further with an employment consideration

from the Ghosts

All personal information needs to be identified and appropriately safeguarded and then destroyed

By Rebecca Herold

cto forum 07 february 2013

The Chief Technology Officer Forum

m a n ag e m e n t

T E C H FOR G O V E R N A N C E

of job applicant personal information in locations they’d never thought about before.

There is a topic that has been coming

up, over and over and over again over the past 12 years, that I’ve never seen addressed in other publications. What does your organisation do with all the personal information you collect from job applicants? Consider a real situation I encountered around ten years ago. A moment of privacy revelation (and perspiration) I was working with a large multi-national technology company in 2003 helping them to establish their privacy programme. To effectively protect privacy you need to know where the personal information is located. I have a comprehensive set of questions I ask to help determine this (along with automated tools). While at a meeting with their CxO levels, along with some key information management staff, when I got to the topic of job applications I asked, “How do you collect job applications?” CISO: “In person on paper applications, and online on our website.” Me: “What do you collect?” CISO: “The usual. Name, address, phone number, job history, references, Social Security Number, and any other information they want to provide.” Me: “Why do you ask applicants for their Social Security Number?” HR: “So we can do the full set of background checks. You know; criminal check, credit check, and all the others.” Me: “Around how many applications do you get each month?” HR: “Probably around 7,000 to 10,000.” Me: “How many do you hire out of all those?” HR: “Oh, just a small fraction. Maybe one to three percent. We are always accepting applications even when we don’t have openings.” Me: “So you could be collecting information on close to 10,000 people each month that you don’t actually hire. What do you do with the information about those applicants you don’t hire?” The 15 people at the large table looked and stared around the room.

Me: “How long do you retain it? Or, do you delete it as soon as you determine you are not going to hire the applicant?” IT Manager: “We keep everything until the media stops being usable or falls apart.” CISO: “We’ve never thought about that. We need to do some checking. Legal: “Let’s take a 15 minute break and we’ll find out.” Fifteen minutes later… Legal: “It seems we do not do anything with those applications.” Me: “Where do you keep them, then?” HR: “We have many boxes of the print applications in our warehouse storage.” CISO: “And the digital applications are stored in the webserver behind a firewall.” Legal: “Chris, delete all the applications from the webserver that are older than 6 months as soon as possible.” CISO: “I would like to determine what if any ramifications there may be first.” Me: “How about the backups from that server? How far back to they go? Where are they stored? And, do any of your staff download those applications to their own desktops, other devices, or into other systems?” The room got quiet while everyone looked around during a very pregnant pause. Legal: “Well, that will take some more looking into. Do you have any more questions relating to applicant information? Let’s hear them, then you can come back and we’ll try to have the answers for you tomorrow.” After another 20 minutes or so of questions, I left for the day. Most in the room were looking nervous and a bit stressed. The next day they had identified treasure troves

Likely a widespread but generally unidentified problem In most organisations I’ve found this type of job applicant information, digital and hardcopy, is largely overlooked and not secured. The information security area typically does not have this type of information in their radar when they are creating their information inventories. The privacy area typically focuses on only employee and customer information. The previously described situation was the first of multiple interesting engagements I’ve had on this topic in the years since. Here are some of the more egregious, and legally risky, activities that I’ve had firms tell me they’d done with the data they’ve collected from job applicants: A large retailer told me they incorporate all their applicants’ information into their marketing databases. A healthcare insurer indicated they had stored all this type of data in an outsourced data warehouse, and then the data warehouse went out of business. They could not receive confirmation that the data was destroyed, or where all the backups were located. A large travel industry organisation indicated they check new applicants against the previous applicants to determine if it is even necessary to go further with an employment consideration. A large managed services provider used the data for one of their subsidiaries that did background checks. Do you know; what is your organisation doing with all the job applicant information they collect? Who is responsible for securing that data? Where is it located?

Some laws kick in when job applicant data is breached Most industry-specific regulations, such as HIPAA and GLBA, focus on patient or customer data. Others are specific to employees. In most organisations the information management efforts are focused on patient, customer, consumer and employee information. There is a general, mistaken, assumption that those are the only types of personal information that need to be safeguarded. The Chief Technology Officer Forum

cto forum 07 february 2013

T E C H FOR G O V E R N A N C E

m a n ag e m e n t

However, don’t forget that there are at least 50 US state and territory breach notice laws in effect that generally apply to all personal information, regardless of the intended use or population from where it was collected. And data protection laws outside the US require that that all personal information, regardless of the industry or purpose for which the information was collected, must be safeguarded. What if a breach of job applicant information occurs? How would your firm react? You need to make sure your breach identification and response plans include this type of info.

And then there’s the insider threat… Another growing problem is identity theft and identity fraud executed by trusted workers; otherwise known as the insider threat. A study funded by the Department of Homeland Security Science and Technology Directorate examined 80 insider fraud cases that occurred between 2005 and 2012. They found the individuals cost each organ-

Bottom line for all organisaisation an average of $382,000 tions, from the largest to the or more depending on how long smallest: All personal info, for they were able to operate withall types of individuals, need to out detection. be identified and appropriately The more personal informasafeguarded and then destroyed tion workers have access to, the growth in govt when no longer necessary for more fraud that can be comtelecom spending the purposes for which they mitted, and the more damage were collected. You haven’t that can occur not only to the in 2013 in india done this yet? To get you startassociated victims, but also ed, break this process down into to the organisations that are four questions to answer: responsible for safeguarding 1. Where is all the job applicant information, that information. So, how many people in all forms, located? have access to the job applicant information 2. How long do you keep that information? in your organisation? If you haven’t thought 3. What do you need with that information about the security of this information, beyond the hiring decision? chances are there are many more individu4. What if that information is breached? als, both inside your organisation and also Put a target date on your calendar for from outside contracted entities, that can finding out the answers to these important access the job application information than questions. you would ever have guessed. This creates significant risks for identity fraud to occur —The article is printed with prior permission right under your nose by those workers you from www.infosecisland.com. For more features trust, but who see opportunity to financially and opinions on information security and risk profit without being caught. management, please refer to Infosec Island.

FOGGED OUT BY THE CLOUD? PETER COCHRANE WILL GIVE YOU A CLEARER VIEW Inflexion Convex 2013: Cloud… the easy next step The Inflexion Conference/Expo will help you:

• Determine the next steps needed to leverage the capabilities of cloud computing • Choose and implement the most effective cloud solutions • Mitigate the risks associated with the implementation of ‘Cloud’ Inflexion will include buyers' meets, workshops and an innovative immersive cloud café Who will be there: Over 700 of India’s enterprise CIO/IT community, CXOs, LoB Heads, Government officials, over two days.

Peter Cochrane One of the world's most respected and sought-after experts on technology, change and the future effects of change on corporations and individuals

Date: February 18 - 19, 2013 Venue: India Habitat Centre, Lodhi Rd, New Delhi

Partners

Inflexion Ad_final.indd 40

Knowledge Partner

Organised by

2/6/2013 11:32:40 AM

VIEWPOINT Steve Duplessie | steve.duplessie@esg-global.com

illusratuib by Peterson PJ

Wine, Religion, Dinosaurs, and IT The Blog That Should Never Be Written

Before you start lobbing holy hand grenades at me, open your mind and read! I was just in Napa, which for a guy like me is effectively the same as sending my 9-year old Lily to Disney Land. Overwhelmingly wondrous. I went to speak at Barracuda’s 2013 kickoff meeting. More on that in a few. My trip was short, or at least was intended to be short. Playing with weather in Boston in January is playing Russian roulette, except at least half the chambers are loaded with bullets. I got there in time to watch the Niners pull out a victory and the Pats choke down a loss. (Selfrationalization: New Orleans is worse for me than Napa, therefore it is good that the Pats lost. Plus, I missed the game, which is even better since I was in Napa drinking wine instead of sitting in traffic massively irritated.) As I was waiting for a ride to my hotel like room/condo (Silverado - a zillion condo/room things, none of which anyone can walk too - and weirder, they didn’t sell their own wine at their own bar. Fortunately, the Barracuda execs like Silver Oak

cto forum 07 february 2013

and Mt. Veeder. I felt a kinship growing from the start), there were a few folks waiting for the shuttle, talking about “God.” I’m not sure the point they were getting at (seemed like they were trying to argue over who was a bigger God fan), but what was apparent was that they, like most I think, were interchanging God with religion. I found that interesting. People interchange the concepts of a higher power with the way they chose to worship that higher power. People don’t really argue much about “God.” They argue about how they “practice” their belief in God. If you argue about there being a higher power or not, you are at least arguing about the same thing. It’s very binary—you either believe in it or you don’t. Since there is no absolute proof either way, it’s an individual belief. Not a lot to argue about. However, when listening to this animated “discussion,” it quickly devolved into justification (of what I still am unclear since the two participants clearly both believed in “God”) of some point based on their individual belief systems around

The Chief Technology Officer Forum

About the author: Steve Duplessie is the Founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com

the PRACTICE of worship—i.e., religion. As soon as one started quoting the Bible, it was no longer about “God” but what that religion believed one should do about God. For the record, I find most all organized religions absurd, however I’m a big fan of God. I’m living proof that a higher power exists and pulls strings. I’ve had WAY too many crazy things happen (for the good) in my life to argue this point—not the least of which was discovering a lump the night before the Sox lost game 7 to the Yankee’s in 2003 (Grady Little), and remembering to ask my Vasectomy doctor the next day, after the lump had totally disappeared, which turned out to be cancer—caught on DAY ONE and thus treatable (I still cannot scientifically dismiss the cause as either Diet Pepsi nor my ex). Plus, have you seen my wife? I rest my case. I’m also completely fine with those who don’t believe in such concepts. And I’m just fine with people choosing HOW they wish to interact with their gods—as long as they don’t attempt to inflict or force their methods upon me.

54 22,000 70 GALLERIES – PART OF DUBAI’S VIBRANT ART SCENE

PEOPLE VISITED ART DUBAI IN 2012

PER CENT OF MIDDLE EASTERN ART IS TRADED HERE. WELCOME TO THE REGION’S ARTISTIC HUB

WHEN YOU RUN THE NUMBERS, DUBAI MEANS BUSINESS. SEE THE FILM AT VISION.AE/VIDEOS/NUMBERS

EXPO2020DUBAI.AE

FalconDubaiAC_CTOForum_290x220_AW.indd 1

INFO@FALCONANDASSOCIATES.AE

28/12/2012 19:57