S P I N E
CTO FORUM
Technology for Growth and Governance
WHAT'S BREWING? | DATA-FOCUSED RISK ASSESSMENTS | SRM'S SECOND LIFE
I BELIEVE
Power Strokes PAGE 04
March | 07 | 2010 | Rs.50 Volume 05 | Issue 14
What’s CTOs OF LEADING EDGE IT VENDORS SPILL THE BEANS ON THE TECHNOLOGIES OF PAGE 21 TOMORROW
BEST OF BREED
Unlocking the
Fortune
Cookie PAGE 11
NEXT HORIZON Volume 05 | Issue 14
The Good, Bad and
Ugly of SaaS PAGE 39
A 9.9 Media Publication
EDITORIAL RAHUL NEEL MANI | rahul.mani@9dot9.in
Are you investing in the future? CIOs are moving from costcutting measures to raising IT productivity for an agile enterprise
C
IOs haven't ever had it easy. Whether it is making IT a strong enabler of business, getting faster returns on technology investments or choosing the right technologies - a CIO’s task has always been tricky. Tackling technology budget cuts has only made the task more daunting. CIOs who successfully fought the downturn are now getting back to growing their business. And to support that growth, they are looking for
light-weight, easy-to-manage technologies that don’t require huge upfront capital commitment. Our research proves that CIOs in 2010 will seriously look at adopting new technologies such as virtualisation, cloud computing, collaboration, unified communications, mobile computing, etc. The shift from huge, cumbersome and complex technologies to easy-to-implement, flexible technologies marks CIOs’ plans
EDITOR’S PICK 16
Unlocking the Fortune Cookie Escorts AMG was suffering from high raw material and finished goods inventories. Automating their supply chain has resulted in unlocking substantial amounts of cash.
to lead an agile enterprise that is fully in sync with business goals. These technologies, if implemented rightly, can create many opportunities for the technology teams to take the operational performance of the enterprise to the next level. Very clearly, CIOs are moving from cost-cutting measures to those that help raise IT productivity. IT leaders are working to get more value from their existing resources, and this requires strategic investments in new technologies. To help CIOs make an informed decision, we decided to seek information from where all the action begins. We reached out to the CTOs/ Research Lab Heads of some of the leading edge technology vendors and took a sneak peek into their technology roadmaps.
During this mammoth exercise, we were fortunate to get an opportunity to speak to the Global CTOs of technology bigwigs like Microsoft, VMware, Symantec and HP. The rest were in a class of their own too. We spoke to the India Research Lab Heads of Cisco and IBM to know their plans. The outcome was fabulous. We are delighted to present the roadmaps of some of these global technology giants which will help you invest in technologies of the future.
CTO FORUM thectoforum.com
07 MARCH 2010
1
VOLUMN 05 | ISSUE 14
MARCH 10 CONTE NTS
THECTOFORUM.COM
What’s
COV E R D E S I G N: SAN TOS H KU S H WAHA
Brewing 21 COVER STORY
21 | What's brewing?
COLUMN
04 | I BELIEVE: POWER STROKE Jayant Sinha, Associate VP (IT) at Spanco on what works and what doesn't when dealing with change management issues in government.
CTOs and research heads of vendor companies share their impressions of what's the next big thing in technology going to be like.
48 | VIEW POINT: GOAL SETTERS - WHAT'S YOUR TYPE: Evolutionary goal-setters and revolutionary goal setters and how they differ. BY ROD KING
Please Recycle This Magazine And Remove Inserts Before Recycling
2
COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o K.P.T House, Plot Printed at Silverpoint Press Pvt. Ltd. TTC Ind. Area, Plot No. A-403, MIDC Mahape, Navi Mumbai 400709
CTO FORUM 07 MARCH 2010
thectoforum.com
FEATURES
39 | NEXT HORIZONS: THE GOOD, BAD AND UGLY OF SAAS: It makes sense to understand the pros and cons of SaaS before embracing it. BY ANDREW BAKER
VOLUME 05 | ISSUE 14 | 07 MARCH 2010
www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur EDITORIAL Editor: Rahul Neel Mani Editor (Online): Geetaj Channana Resident Editor (West & South): Ashwani Mishra Sr. Assistant Editor: Gyana Ranjan Swain Assistant Editor: Aditya Kelekar Consulting Editor: Shubhendu Parth Principal Correspondent: Vinita Gupta Correspondent: Sana Khan DESIGN Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Manager Design: Chander Shekhar Sr. Visualisers: PC Anoop, Santosh Kushwaha Sr. Designers: Prasanth TR & Anil T Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi
16 BEST OF BREED CASE STUDY
16 |Unlocking the Fortune Cookie
At Escorts Agri Machinery, automating the supply chain helped in better integration of demand and supply.
11
11 | BEST OF BREED: ENTERPRISE PRIVACY POLICY How to tell a serious privacy breach from the less serious ones.
45
45 | HIDE TIME: RAJEEV BATRA, CIO, MTS A family man who likes to dwell on "what you don't know that you don't know".
REGULARS
01 | EDITORIAL 06 | ENTERPRISE ROUNDUP 44 | BOOK REVIEW
ADVISORY PANEL Ajay Kumar Dhir, CIO, JSL Limired Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IS, Godrej Industries Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, Executive VP, Global Head-Industry Verticals, Patni SALES & MARKETING VP Sales & Marketing: Naveen Chand Singh National Manager Online Sales: Nitin Walia National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager – Rachit Kinger Asst. Brand Manager: Arpita Ganguli Co-ordinator-MIS & Scheduling: Aatish Mohite Bangalore & Chennai: Vinodh K (09740714817) Delhi: Pranav Saran (09312685289) Kolkata: Jayanta Bhattacharya (09331829284) Mumbai: Sachin Mhashilkar (09920348755) PRODUCTION & LOGISTICS Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Nine Dot Nine Interactive Pvt Ltd C/o K.P.T House,Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India
advertisers’ index IBM REVERSE GATEFOLD SAS IFC Naseba 47 IBM BC This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd C/o K.P.T House, Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India Editor: Anuradha Das Mathur C/o K.P.T House, Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India Printed at Silverpoint Press Pvt. Ltd. D 107,TTC Industrial Area, Nerul.Navi Mumbai 400 706
CTO FORUM thectoforum.com
07 MARCH 2010
3
I BELIEVE
BY JAYANT SINHA | AVP & Head (Power-IT) Spanco Ltd THE AUTHOR IS a senior IT professional, with over 24 years of experience in IT infrastructure development in the power sector
Power Strokes
Bringing IT reforms in the power sector can cause a lot of sparks. Tact and patience are needed to tide over resistance to changes.
I BELIEVE that honesty, teamwork and commitment are essential ingredients required to succeed in life. That's a given, but in the course of implementing egovernance projects in Uttarakhand Power Corporation Limited (UPCL), I realised that there were other skills that were essential. Some of these take time to acquire.
4
CTO FORUM 07 MARCH 2010
thectoforum.com
CURRENT CHALLENGE GETTING MULTIPLE SERVICE PROVIDERS TO COMPLY WITH STRINGENT SLAS
Like negotiations skills. I am not talking about negotiating with vendors but negotiating with users for mindset change. In government setups there is a tremendous resistance to change. I headed mission-mode projects such as introducing a Web-based complaint management systems in the corportaion. Many employees are reluctant to take on additional duties or agree to change, in however small way, the way they are carrying out their duties. You have to put yourself in their shoes and learn to empathise. You need to have the people on your side to implement such projects. Just as important is building a good team. I believe that the success of a project depends a lot on the dynamics between the team members. I like to do a selection based on the genuine skills of a person but also consider the person's individual behavour as well as his/her behaviour in a group. However, every once in a while I have had a team member who does not fit with the culture. In a government setup, it's risky to ask him to leave; I believe the better option is to keep him inlvolved and persuade him to mend his ways while at the same time make him feel important by asking him for his opinion on some matter. I have a lot of faith in what training can do to employees. At UPCL, we had selected a “user champions� group and trained them in leadership and technical skills. This team consisted of staff from different departments who had opted to help in the speedy implementation of e-governance projects. The training worked wonders! I am now on the other side of the table working for the private sector, using my domain experience in designing and executing IT projects for PSUs/ government organisations.
CTOForum LinkedIn Group Join more than 200 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:
CTO Forum PACKS MORE PUNCH
www.linkedin.com/groups?gid=2580450
Some of the hot discussions on the group are: What are those key competencies that a CIO shall look to acquire to become a true global business leader? Understand Business, Finance and Expenses Never talk Technology but just plain language Do it if possible, otherwise explain and convince users Cultivate the habit of questioning Always be proactive and not provocative Accept new ideas from anyone and evaluate with your technical knowledge
—Viswanathan Sundararaman, VP (IT) at Clariant Chemicals (India) Ltd.
Form IV
Statement about ownership and other particulars about newspaper CHIEF TECHNOLOGY OFFICER FORUM to be published in the first issue every year after the last day of February Place of publication Periodicity of its publication
: Mumbai : Fortnightly
Printer’s name Nationality (a) Whether a citizen of India? (b) If foreigner, the country of origin Address
: Kanak Ghosh : Indian : Yes : Not Applicable : KPT House, 41/13, Sector 30. Vashi, Navi Mumbai 400 703
Publisher’s name Nationality (a) Whether a citizen of India? (b) If foreigner, the country of origin Address
: Kanak Ghosh : Indian : Yes : Not Applicable : KPT House, 41/13, Sector 30. Vashi, Navi Mumbai 400 703
Editor’s name Nationality (a) Whether a citizen of India? (b) If foreigner, the country of origin Address
: Anuradha Das Mathur : Indian : Yes : Not Applicable : KPT House, 41/13, Sector 30. Vashi, Navi Mumbai 400 703
Names and addresses of individuals who own the newspaper and partners or shareholders holding more than one per cent of the total capital: NINE DOT NINE INTERACTIVE PVT LTD., KPT House, 41/13, Sector 30. Vashi, Navi Mumbai 400 703 NINE DOT NINE MEDIAWORX PRIVATE LIMITED, K-40, Connaught Circus, New Delhi 110 001
I, Kanak Ghosh, hereby declare that the particulars given above are true to the best of my knowledge and belief.
Date: March 2010
Sd/Signature Of Publisher
In keeping with our goal of providing a platform for sharing the best insights relevant to CTOs and CIOs in India, CTO Forum has tied up with CIOUpdate. com - an internationally renowned site that features strategies, trends and best practices for technology leaders. Through this initiative, we sincerely hope that you will benefit from global perspectives on how to drive more business value from IT. Also, achievers willl share their experiences on the challenges they faced. After all, isn't technology supposed to bring our world closer together? Do stay tuned...
WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community. Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com
CTO FORUM thectoforum.com
07 MARCH 2010
5
STORY INSIDE
Enterprise
HP's newest data centre in England uses air from the North Sea for cooling Pg 9
PHOTO IMAGING : SANTOSH KUSHWAHA
ROUND-UP
Social Software Predictions for 2010 and Beyond: Gartner shares Best Practices for Embracing Social Networking.
GARTNER has shared its predictions on the use of social networking and collaboration in the enterprise. These predictions focus on offerings ranging from team collaboration to dynamic social networking applications that offer rich profiles and activity streams. Gartner's predictions related to social networking: 1. By 2014, social networking services will replace e-mail as the primary vehicle for interpersonal communications for 20 percent of business users. 2. By 2012, over 50 percent of enterprises will use activity streams that include microblogging, but stand-alone enterprise microblogging will have less
6
CTO FORUM 07 MARCH 2010
thectoforum.com
than 5 percent penetration. 3. Through 2012, over 70 percent of IT-dominated social media initiatives will fail. 50 percent of business-led social media initiatives will succeed. 4. Within five years, 70 percent of collaboration and communications applications designed on PCs will be modelled after user experience lessons from smartphone collaboration applications. 5. Through 2015, only 25 percent of enterprises will routinely utilise social network analysis to improve performance and productivity. —Source: Gartner.com/pressreleases
13
DATA BRIEFING
$
billion
was the total server market in the Q4, 2009
E NTE RPRI SE ROUND -UP
THEY ANIL SAID IT AMBANI Anil, Ambani, Chairman of one of India’s large business groups ADAG, who also owns a large telecom and technology company, feels otherwise about the power of information technology and the Internet. Here are his views:
Microsoft launches Windows MultiPoint Server 2010: Product will make computing affordable WINDOWS MultiPoint Server is best suited for educational scenarios such as classrooms, labs and libraries. It allows multiple users to simultaneously share one computer using multiple screens. Windows MultiPoint Server 2010 is now globally available to OEMs and will be rolling out to Microsoft academic volume licensing customers from March 2010 onwards. Windows MultiPoint Server 2010 is an operating system that enables multiple people to connect to a single host computer with their own monitor, keyboard and mouse through USB or a video card. Each person individually controls his or her own station with an independent and familiar Windows computing experience. Windows MultiPoint Server 2010 is the flagship product in a family of shared resource computing technologies, the MultiPoint solutions, which provide teachers and students with greater access to educational technology. Shared resource computing is an emerging category that allows a customer to tap into more of a computer’s capability to enable a single host computer to support multiple users simultaneously.
“If you look at the top 20 companies of the world, 19 of them are still brick-and-mortar companies. I have nothing against tech companies. But if you are a car manufacturer or an oil and gas manufacturer, you won’t get the supply over the Net.” —Anil Ambani
Source: www.microsoft.com/presspass
QUICK BYTE ON VOIP MARKET
Residential VoIP services remain healthy, comprising the majority of worldwide VoIP services revenue, and subscribers are up 14% from the end of 2008. On the business VoIP side, while managed IP PBX revenue growth has slowed in line with IP PBX shipments, IP Centrex and hosted UC service revenue grew 26% year-over-year. CTO FORUM thectoforum.com
07 MARCH 2010
7
E NTE RPRI SE ROUND -UP
"This new offering delivers a very intuitive, guided workflow for people of any expertise level," said Marge Breya, EVP of SAP. The backbone of the service is a simple explorereport-share workflow. In the exploration phase, users can find and blend data from their own desktops and corporate sources without being an information management guru, according to the vendor.
SAP Revamps BusinessObject SaaS BI Suite: Upgraded service
consolidates CrystalReports.com, adds workflows for BI starters. SAP has significantly upgraded its Business Objects (BO) BI OnDemand offering. The offering now consolidates SaaS offerings and presents simpler interfaces for new BI adopters. The pricing and detailed data integration options are yet to be defined by the application software major. The upgraded SAP BusinessObjects BI OnDemand unites and replaces two formerly distinct offerings: CrystalReports.com and
the past version of BI OnDemand, which was based on the SAP BusinessObjects XI BI suite. The new service delivers a single environment in which users can harness online versions of familiar tools, including Crystal Reports for reporting, Web Intelligence for query and analysis, Xcelsius for dashboarding and data visualization, and SAP BusinessObjects Explorer for fast, in-memory data analysis.
GLOBAL TRACKER
server shipments increased by a small margin. 8
CTO FORUM 07 MARCH 2010
thectoforum.com
Timeframe
Q4 2009 Q4 2008
Units Shipped
1.9 Million 1.86 Million
SOURCE IDC
According to the IDC Worldwide Quarterly Server Tracker, worldwide
Main Features: SAP BusinessObjects Explorer software empowers people with powerful data exploration and visualization capabilities. It has capabilities that guide people with no prior BI experience through the process of accessing, exploring, visualizing, and sharing data – all without needing to switch between applications. It gives ability to access all on-demand and on-premise data – including SAP data and data from the Salesforce customer relationship management (CRM) application. People will be able to easily upload data to create dashboards, reports, or interactive visualizations. It is an on-demand solution for creating ad-hoc reports, conducting what-if analyses, and securely sharing this information inside or outside the company. Business users will be able to provide customers, partners and employees across all lines of business with immediate, anytime access to the most current data. This offering will include flexible pricing and ease deployment scaling features, according to the vendor.
E NTE RPRI SE ROUND -UP
HP has extended its cloud consulting services portfolio with a new design service that helps businesses and government agencies accelerate the adoption of cloudbased infrastructures to improve technology and business flexibility. HP Cloud Design Service will offer cloud-based infrastructures
that speed up the delivery of projects while mitigating risk. Additionally, it will ensure that cloud infrastructure supports a hybrid sourcing model that includes private and public cloud options. As part of the HP Cloud Design Service, HP works with clients to understand their requirements
FACT TICKER
Seven Major Guidelines to BPM Project Success GARTNER has identified
seven non-technology-based factors that organisations need to pay close attention to in order to attain business process management (BPM) success. Limited scope: For the best results, start small. This means a limited-scope project, not a major end-to-
end process to improve, but perhaps a portion of one. High value: The business performance improvement must be seen as having a high value towards attaining the desired business performance results. Clear alignment to goals: Another parameter to consider for target process
and existing IT investments. HP then creates a customized cloud infrastructure design blueprint and an implementation plan. This plan includes cost estimates, guidelines for deployment, testing, operational management, service life cycle management, governance and support. The HP Cloud Design Service offers the following benefits for clients: Everything needed to offer a cloud service. The HP Reference Architecture for Cloud acts as a common framework for all cloud engagements. The design blueprint and implementation plan take into account people, process, technology, cost estimations and workload migration aspects. Reduces costly technology redundancies while helping clients make strategic investment decisions. Leverage existing technology investments. The HP Cloud Design Service is available worldwide with pricing based on specific customer requirements. For clients that are still at the education, strategy or planning stages, HP offers the HP Cloud Discovery Workshop and the HP Cloud Roadmap Service.
selection is that of alignment with important organisational or business-unit goals and strategies. The right metrics: Only through measurement can companies get the necessary awareness and credibility regarding the value of the BPM-based improvement achieved. Goal agreement: All the relevant process stakeholders must work together to agree on what is the desired perfor-
mance improvement. Enthusiastic business sponsor: To get the project done promptly and well, and to spread the word across the organisation, an enthusiastic business sponsor is essential. Business user engagement: Getting the people who actually do the work of the process onboard can be an enormous help towards success.
GREEN TALK
ILLUSTRATION : SANTOSH
HP's New Design Service. HP Unveils Service for Design of Scalable, Flexible Cloud-based Infrastructures
H
P’s newest data centre - a 360,000 square foot facility in Wynyard, England, makes good use of cold air blowing in off the North Sea to cool the building. The data centre is HP's most energy-efficient yet; it has a PUE of about 1.2 all told, and if you look only at the computing space (as opposed to the 20,000 square feet of office space), the PUE drops to 1.16. The building is located in a chilly area and thus it is entirely aircooled. HP has built eight 2.1meter stainless steel and plastic intake fans to draw cool air. The air runs through a massive bank of modular filters to remove dust and other contaminants before it circulates in a massive cavity, called a plenum, below its data centre halls. The air is forced up though the floor and runs over the front of server racks before being exhausted. The system keeps the hall at a constant 24C (75.2F). When it is cold outside, some of the exhausted heat is re-circulated with the outside air to maintain the right temperature. Despite running the server rooms at 75 degrees Fahrenheit, HP was required to install traditional chillers in the facility, since the temperature does rise above that threshold in Wynyard, even if only for about 20 hours per year. Source: www.greentech.com
CTO FORUM thectoforum.com
07 MARCH 2010
9
BEST OF
FEATURES INSIDE
BREED
Virtualisation Opening the Pandora’s Box. Pg 14
Unlocking the Fortune Cookie Investing in SCM gave Escorts quick ROI Pg 16
PHOTO BY PHOTOS.COM
A Perplexities of Enterprise Privacy Policies
Some privacy breaches warrant notification, others don't. Businesses must know the difference. BY REBECCA HEROLD
n important consideration with information security incidents is identifying if personally identifiable information (PII) is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. Answering the question, “Has a privacy breach actually occurred?” is not as easy a task as it may seem. The definitions of privacy breach vary greatly from country to country. I love talking with practitioners about their information security incident and privacy breach response plans and practices. I’m always interested in hearing the challenges and unique situations they run into. I often find that companies run into situations that they had not considered when they created a plan, but then have to deal with them in real-life situations. Here are three of these situations, often overlooked and not planned for, but experienced by organisations.
Electronic messages accidentally going to the wrong internal recipient I’ve spoken with at least a couple of dozen information security practitioners who have come across situations where someone on the internal corporate network has accidentally sent email messages containing PII to another person within the organisation who was not authorised to see the PII. In one case, an employee in the accounting department meant to send an email containing PII such as employees' Social Security Numbers and medical information to the corporate lawyer, but accidentally sent it to an IT employee with a similar name.
CTO FORUM thectoforum.com
07 MARCH 2010
11
BEST OF BREED
P R I VA C Y
1.5mn.
of programmers are putting this type of “testing” code into programs. The situation became worse when the CISO discovered that AMERICANS HAVE the hard-coded passwords were BEEN VICTIMS OF left in the code when it was MEDICAL IDENTITY placed into production. Not just in one program, but THEFT this had been going on for a long time for multiple applicaSOURCE: THE PONEMON INSTITUTE tion programs. So, basically, all the programmers with So, is this a privacy breach? access to the code also had access to the It is a great question and good situation to customers’ live accounts and associated discuss and debate. Certainly this is a recinformation. Is this a privacy breach? ommended discussion between the inforCertainly this situation calls for a discussion mation security, privacy and legal offices. between the information security, privacy For each organisation to determine the and legal offices and all the related impacts best answer that applies, consider: and consequences. What breach response laws apply to your Again, for each organisation to determine organisation? the best answer that applies, consider the Do the laws specifically address this issue? following questions: Do the definitions of a breach cover this situation? Are the passwords actual passwords for the customers? Or, were they passwords Did the recipient actually open the mesmade to work, by the programmers, to sage? Do you have logs that can verify access the customer accounts? this? Have you interviewed the person who To what resources do the hard-coded IDs received the message to see if he or she and passwords have access? Customer read it? PII? Based on your discussion, and any other Are the people who coded these backissues related to the individual’s work hisdoors and passwords still working at your tory, do you have any reason to believe the organisation? recipient would abuse the information? Do the programmers have access to the same resources as those to which the hard-coded IDs and passwords have Passwords built into applications access? Building in back-door access capabilities and coding passwords into programs are securityHow many programmers have access to poor practices probably as old as programthe code? ming itself, but even as the number of incidents resulting from insider attacks continue to rise, the question that is assuming prominence is: what really is a privacy breach? Over the past year, I’ve spoken with information security and privacy officers who are pondering over this question. And for good reason — not only to seek clarity on the 'insider threat' issue, but also to understand how backdoors and hard-coded passwords can be exploited. In one case, a programmer was updating an application hard-coded password to get access to the accounts of real customers to test the application before putting it into production. A bad idea? Very. However, I bet a lot She realised the error when the IT employee called and asked if she really meant to send the email to a different employee. Embarrassed, she said yes, asked the recipient to delete the email immediately, and then, following the documented corporate breach response plans, she notified the information security department.
A GROWING NUMBER OF PERSONNEL ARE MOBILE WORKERS, AND USE THE COMPANY’S LAPTOPS IN THEIR HOME OFFICES, FULLY LOADED WITH TONS OF PII.
12
CTO FORUM 07 MARCH 2010
thectoforum.com
Are the programmers contracted and employees of another company?
Employees taking PII when leaving the organisation Now here’s a situation I know all organisations have had to deal with at one time or another: theft of PII by an employee leaving the organisation. With the widespread use of USB thumb drives and the ease of sending huge amounts of data through email attachments, the situation only gets more alarming. What's more — a growing numbers of personnel are mobile workers, and use the company’s laptops in their home offices, fully loaded with tons of PII, or even are using their own personally owned computers to do business work. So, if you discover an ex-employee has taken PII with him or her, or the individual didn’t return a computer or storage device containing PII, or hard print papers with PII, is this a privacy breach? In the past year a CPO at another organisation had an employee who had been approved to work from home on her own computer. She did payroll activities for the company, and over the course of a year or so had basically accumulated all the employee PII relating to compensation, including benefits that had Social Security numbers and insurance numbers, onto her computer. She apparently went through some personal hardships within her family, and unexpectedly called in one day and said she had to quit immediately to take care of family problems. When asked to allow someone to come to her home to remove the company information and software from her computer, including the employee PII, she refused, saying that she had already deleted all the data and software, and she was not going to let anyone look at her personal and home files, and she was simply too distraught to even think about the company any more. So, is this a breach? There are definitely many issues involved with this situation, beyond a potential breach. And yes, this is yet another recommended discussion between the information security, privacy and legal offices. But let’s focus for now on the breach issues. You should consider the following: What were all the PII items that the indi-
P R I VA C Y
BEST OF BREED
WHILE THIS WAS A TRUSTED EMPLOYEE, THE ORGANISATION WAS COMPLETELY TAKEN BY SURPRISE BY HER SUDDEN DEPARTURE.
vidual had in her possession? Are there any logs or audit trails providing an indication of the this individual may have (mis)used the employee files? What contracts, if any, were in place with this individual to work from home? What policies and procedures existed for mobile working? used, or disclosed without authorisation (secIs there any legal recourse to persuade the tion 13400, definition of ‘‘breach’’).” individual to provide access to the comEven though all the organisations used as puter and home office area? examples were not necessarily healthcare Have there been any indications that covered entities or business associates, the the individual was planning to use the definition will serve for the purpose of our employee files, or did she need money, discussion. and so on? Let’s consider each of these perplexing privacy issues by using just one regulation, Accidental electronic messages possibly the most far reaching of recent The person sending the PII in an email breach notice laws — the HITECH Act message was authorised to access the PII, breach notice requirements that expanded and the person who received it notified the the reach of HIPAA. sender soon after she received the message The HHS provides the following in their of the error. The message did not leave the guidance for complying with the HITECH Act. corporate network, or business email sys“For purposes of these provisions, tem. The recipient, during interviews said ‘‘breach’’ is defined in the Act as ‘‘the unaushe deleted the message right away and the thorized acquisition, access, use, or disclocompany confirmed the message was deletsure of protected health information which ed soon after it was sent. Interview results compromises the security or privacy of such determined she was not likely to have copinformation, except where an unauthorised ied the message and no evidence could be person to whom such information is disfound to indicate she had. closed would not reasonably have been able Since the message was unintentionally to retain such information.’’ sent to the wrong person, an employee at The Act includes exceptions to this definithe same organisation, during the course tion for cases in which: of work, and the message was (1) The unauthorised acquisiconfirmed deleted from the tion, access, or use of PHI is erroneous recipient’s email unintentional and made by an account, the organisation deteremployee or individual acting mined that no breach actually THE TIME IT TAKES under authority of a covered occurred, and that no notificaentity or business associate if tion was necessary. FOR MORE THAN such acquisition, access, or use The company provided infor50 PERCENT OF was made in good faith and mation security and privacy CONSUMERS TO within the course and scope of training to both the sender and the employment or other prorecipient, and then documented DISCOVER THAT fessional relationship with the the incident and the training. THEY HAD BEEN covered entity or business assoVICTIMISED ciate, and such information is Coded passwords not further acquired, accessed, The programmers were defiSOURCE: THE PONEMON INSTITUTE used, or disclosed; or... nitely doing something bad, 2) where an inadvertent disclosure occurs but interviews and discussions determined by an individual who is authorised to access they were doing it because they believed that PHI at a facility operated by a covered entity was the best way to test the programs; there or business associate to another similarly sitwere no policies, procedures or training uated individual at the same facility, as long addressing this type of activity. as the PHI is not further acquired, accessed, While the access was technically unautho-
1 year
rised for the individuals, the programs were authorised for the access. The organisation decided not to treat this as a breach. They implemented policies, supporting procedures, and provided not only training but also ongoing awareness communications to the IT areas about the need for incorporating security into their job responsibilities and programming activities. They documented the situation and filed the documentation with their lawyer, who approved of the actions taken.
Ex-employees keeping PII The insider threat has been shown to be very real and very significant. While this was a trusted employee, the organisation was completely taken by surprise by her sudden departure. Even though she was authorised to access the employee PII as an employee, she immediately became unauthorised as soon as she quit. And since she refused to allow the company to remove the PII and other company data and information from her computer and home, in addition to refusing to cooperate with the organisation, this was considered as a privacy breach, and the privacy breach response plan was put into action. The organisation immediately implemented new policies, procedures, training, ongoing awareness communications and contractual requirements for their mobile workers. They also discontinued allowing personnel to use their personally owned computers to do business work. They notified all their employees of the breach and provided them with two years of credit monitoring as per their documented privacy breach response plan. They also provided some question-andanswer sessions for the employees to ask the information security and privacy leaders, along with the legal counsel: questions about how a breach could potentially impact them, and the changes being made to prevent a similar situation.
CTO FORUM thectoforum.com
07 MARCH 2010
13
BEST OF BREED
V I R T U A L I S AT I O N
Would your organisation make the same decision? Do you have personnel that work outside of your company facilities? Do you have contracted workers who do mobile working or work from home? Do you allow mobile workers to use their own personal computers and storage devices? Do you have policies, procedures and training in place for this issue? Think about it.
Follow the laws and use common sense Of course using the HITECH Act definition of a breach is just one definition out of many definitions in many different laws. Your organisation must consider all laws that apply to your organisation when making decisions in these types of situations. You must comply with your applicable laws; that is a given. However, most of the laws do
not clearly cover the many obscure and perplexing issues involving PII that all organisations must address on an ongoing basis. Many, and perhaps most, organisations often err on the side of being overly cautious and will send notices for all such situations. I call this type of cautionary decision to send breach notifications for any type of situation, inside or out, involving PII to be “over-notifying.” The potential problem with over-notifying individuals about these types of possible breaches that may not really be breaches at all when considering all things involved is that the folks receiving the notification may get irritated that you alarmed them only to find out that the situation really did not put them at any risk of fraud or crime at all. Common sense thinking also needs to kick in along with your incident response plans
when considering breaches involving PII. Know what the definition of a “breach” is within all the laws that apply to you, and then plan for, and document, what you will do for obscure but common situations, such as those described previously. Meet with your legal counsel and ask the questions provided here, and you will be well on your way to making some good decisions for your organisations. By planning now you will save a lot of valuable time later, and your decisions will not be fettered and fuzzy by the stress of the active situation when it occurs. —Rebecca Herold, CIPP, CISSP, CISM, CISA, FLMI, is an information privacy, security and compliance consultant, author and instructor with her own company, Rebecca Herold & Associates, LLC. This article is printed with prior permission from Infosec Island.
Virtualisation’s Pandora’s Box
Minus planning, the technology can invite a lot of problems. BY THOMAS STRUAN
M
any of us understand the nuances of server virtualisation — you take a server, you replicate it into a hosted environment using some sort of Virtual Machine Software and then you retire the physical machine from its former purpose. Sounds simple, and for the most part it is. Software products like VMware have made the process very simple and have made virtual server utilisation a very commonplace event. But, in the mad rush to virtualise everything there has to be an evaluation of what to virtualise.
Everything is beautiful I recently attended a conference where virtualisation was the hot
14
CTO FORUM 07 MARCH 2010
thectoforum.com
topic. One CTO even boasted about how many physical servers he had retired — it was impressive. But, when I asked him what his effective throughput rate or transaction was with the new virtual environment as opposed to his physical server infrastructure he had no answer. It is not an uncommon occurrence. Many top IT professionals don't look at their metrics before they do something, and then have no idea how they have helped, or hurt, themselves. The obvious positives of virtualisation are clear — lower power consumption, simpler server duplication/replication, easier server management, simpler IP address and VLAN management, etc. The Aberdeen Group conducted a study in 2008 which outlines some of these issues. In it, they found that organisations experienced 18 percent reductions in infrastructure
V I R T U A L I S AT I O N
cost and 15 percent savings in utility cost by virtualising their server environments. But, there are times when other performance measures need to be considered. There is a quantitative aspect to everything — that is a given, but there is also a qualitative aspect to most things — and that is often more important.
Honey, I shrunk the server!
BEST OF BREED
For many companies, the gains they see in virtualisation can be quickly wiped out by the need for larger internet or network bandwidth.
So, this CTO took his server environment from 180+ servers to fewer than 60. What did he virtualise? In his own words, "everything." I followed up with him on the details and they have indeed virtualised everything. But after our meeting at the conference he began to think more on what we had discussed about performance and throughput. Since he had no metrics prior to virtualising he had to use a more ad hoc method — user feedback. This is often very problematic unless you have vetted the responses objectively. To his chagrin, he noticed that trouble tickets related to his BES (blackberry enterprise server) had risen by 25% in the 30 days since that environment was virtualised. A huge rise given his company has more than 1300 Blackberry users. If only his people had done their homework ahead of time they would have realised, based on other companies experiences, that BES can be virtualised, but there can be some sever IO penalties and performance can (and most often does) suffer.
To P2V or not to P2V: That is the question? E-commerce systems were some of the first to be virtualised because of their, typically, web based components. Web servers, typically, do very well in a virtualised environment. Some will argue that virtualisation was made for web servers and internet application servers. But is this a global truth? There is a great deal of evidence that virtualisation can muddy the waters when it comes to performance. The Aberdeen Group's June 2008 report shows that organisations can experience up to a 9 percent loss of overall revenue if issues exist with business-critical application performance. Seventy four percent of the organisations surveyed also reported problems with application performance which coincided with a significant drop in customer satisfaction. A key challenge for organisations adopting virtualisation is effectively managing application performance in virtualised environments. The capabilities required in a virtual environment were not necessary when these organisations were looking to achieve the same performance goals in physical environments.
Full speed ahead.. One of the biggest uses of virtualisation is server consolidation. Many larger companies had, for the longest time, multiple data centres that interacted and interfaced continually (or using batch processing). Users in each location logged onto their local servers which then exchanged data between sister servers in other locations. WAN traffic was, thus, consolidated and data greatly compressed.
With virtualisation, many companies have opted for more centralised computing environments. So, users in Europe now have to log on to servers in the US, whereas before they logged onto servers locally. WAN traffic then starts to increase and system bottlenecks become more common. These are not abstract observations or "what-if's." They are real life occurrences that companies have experienced. Because of the increased WAN traffic, the end user experience, for internal and external users, was not improved and actually degraded. Thus moral to this story is — PRIOR PLANNING PREVENTS POTENTIALLY POOR PERFORMANCE. For many companies, the gains they see in virtualisation can be quickly wiped out by the need for larger internet or network bandwidth. Thankfully, for many, WAN accelerators can be put in place, but it is always better to consider this as part of the initial virtualisation plan instead of provisioning it on an afterthought.
Recap Here are a few factors to consider when making the move from physical to virtual environments: Obtain performance metrics for as many aspects of your physical environment as possible so you can actually see what has improved and what has not as a result of virtualisation. Identify, in advance, what technologies are not suited to being virtualised. Consider what you are consolidating and look at bandwidth as a factor — you can recover from poor planning, but you only get one chance to make a good first impression. The WAN is often more sensitive than the LAN — look at what impact virtualisation will have on your Wide Area Network. Ensure that visibility into your entire transaction flow is not lost by moving from a physical to a virtual environment. This is one of the areas where individual server statistics can be obscured in a virtualised environment. Measure the quality of your end user experience before you start a virtualisation project. Identify ways of managing your Service Level Agreements around applications hosted in a virtual environment. Anticipate performance issues in the planning stages of your P2V project. The more you think of ahead of time the better the overall experience will be for all involved. This list is by no means definitive, and best practices would be the forum for another article. However, these factors are meant as a beginning point and as a means of initiating the thought process before engaging in a virtualisation project. It is the minutia that will kill you (or your career) when it comes to high profile projects of this magnitude. —Thomas Struan is Principal and Senior Consultant at Thomas Struan Consulting
CTO FORUM thectoforum.com
07 MARCH 2010
15
CASE STUDY | ESCORTS AGRI MACHINERY GROUP
Unlocking the Fortune Cookie Challange:
Escorts Agri Machinery Group was suffering from a DISCONNECT between PRODUCTION and DEMAND, resulting in HIGH RAW MATERIAL and FINISHED GOODS INVENTORIES. Automating their supply chain has resulted in substantial UNLOCKING OF CASH and BETTER INTEGRATION of demand and supply. 16
CTO FORUM 07 MARCH 2010
thectoforum.com
C A S E S T U DY
BEST OF BREED
During the recession, the biggest of companies were forced to relook at their processes and change them where required to unlock working capital. Escorts was no different.
The challenge
3
2 PHOTOS BY SUBHOJIT PAUL
1
1
SHEETAL OSWAL,
Head - Materials, has been able to reduce the material planning cycle from 11 days to 7 days while reducing raw material inventories by 40%
W
2
VIPIN KUMAR,
Head – Information Services, rolled out an extensive IT infrastructure at 32 offices across the country to ensure that the implementation went ahead smoothly
3 SHAILENDRA AGARWAL, Chief of Operations has been able to optimise his processes and improve productivity in the system by 6-8%
BY GEETAJ CHANNANA
hen you think of a tractor in India, one of the first names that come to your mind is Escorts. Established in 1960, Escorts Agri Machinery Group is one of the oldest and largest agricultural equipment manufacturing companies in the country. It has revenues of over Rs 2000 crore and has over 6500 employees. The supply chain of the company includes more than 6000 part-supplier combinations with more than 350 suppliers, 33 sales offices and 800 dealers across the country.
When the company first decided to go for a full fledged supply chain automation, the company’s system was plagued with inefficiencies. This included a supply chain that was based on assumptions and gut feel, which resulted in huge accumulation of inventories, both on the raw material side as well as the finished goods side. They were producing the wrong model of tractors at the wrong time with high lead times to market. A lot of cash was locked in inventories, but for a while no-one seemed to mind. When recession set in, it became essential to unlock this capital to keep the wheels of the business in motion. Things that were a norm were suddenly being looked upon as huge bottlenecks in running the business. In October 2008, the management at Escorts decided to change the way the company was conducting its business. Along with other strategic reforms, the company decided to automate its supply chain and unlock working capital from inventories. It was a challenging task. Escorts had a huge supplier network, with many offices across the country and a large workforce that had become habituated to working with long lead times and inefficiencies. “Our biggest challenge was to have 150 territory managers and 800 dealers, spread in 32 offices, reach an agreement between themselves on the forecasts they made,” says Aswin Jaikanth, Head of Sales, Escorts AMG. “There was no visibility on demand from the market and thus production was not tuned to what was needed. This resulted in raw materials stocks piling up as well as an
CTO FORUM thectoforum.com
07 MARCH 2010
17
BEST OF BREED
C A S E S T U DY
“There was no visibility on demand from the market and thus production was not tuned to what was needed. This resulted in RAW MATERIALS STOCKS PILING UP AS WELL AS AN INCREASE IN THE INVENTORY OF FINISHED GOODS” VIPIN KUMAR, Head – Information Services, Escorts Agri Machinery Group
increase in the inventory of finished goods,” says Vipin Kumar, Head IT, Escorts AMG. “The production was driven by shortage lists, gut feel and manual adjustment,” adds Sheetal Oswal, Head, Materials of the company.
Solution The first thing that the management did was to get a buyin from all the stake holders and make them a part of the supply chain implementation. A team of 12 people was formed to ensure that the rollout of this project happened without speed-bumps. This team included top managers from materials, sourcing, production, marketing, sales, technology and operations. They were supported by the team from i2 Technologies, a supply chain software solution provider, which set up the supply chain system for the company. The company was already using i2 for generating supplier schedules. However, the software was only partially implemented and so users were accessing only some of the features of the application. The earlier system was based on the assumptions of territory managers and production planners who used their experience to make a fortnightly plan. The formula worked pretty well when the company had a small footprint, but, as the company grew, it was difficult for a small team to remember each and every detail pertaining to 150 territory managers working with 800 dealers based in 32 offices across the country. To begin with, the sales and marketing teams decided to create a process whereby they could do the forecasting of tractor sales in a more scientific manner and in a way that both territory managers and dealers agreed upon. “Mismatch of inventory can cause loss of up to 4-5% of sales if you don’t have the right stock at the right dealership at the right time,” says Jaikanth. The management decided to go for i2 after evaluating various options and giving consideration to their comfort level with the current implementation in the organisation. But before the system was implemented, the IT team had another monster to tackle – connectivity. “We had to roll out an MPLS backbone based network in 32 area offices and seven
18
CTO FORUM 07 MARCH 2010
thectoforum.com
COMPANY DASHBOARD COMPANY Escorts Agri Machinery Group BUSINESS Tractors and other farm equipment REVENUE Over Rs. 2000 Crore SUPPLIERS Over 350 SALES OFFICES 32 COUNTRYWIDE DEALERS 800 CIO Vipin Kumar
regional offices. Training of resources and partners was the other challenge that had to be overcome,” says Kumar. With the IT system in place and all the stakeholders on the same plane, Escorts AMG started the year-long journey of implementing the supply chain tool. Though there were arguments and differences of opinions, the employee and management buy-in ensured that every argument was constructive. All the business units and technology teams worked together for about a year to implement it. “We started the implementation in October 2008 and completed it by December 2009,” says Kumar.
Benefits The benefits were immediate. With the implementation of the software, the organisation was able to substantially reduce its stock of raw materials and finished goods inventories. “The savings from reduced raw material inventory costs alone have been over 500 percent of the total cost of implementation of the i2 project. We are able to forecast production in a much better manner,” says Sangeet Oswal, Head Materials, Escorts AMG. "The planning time has also been reduced by 40 percent," he adds. "The savings were not on the raw materials side alone. Even more cash was unlocked from the finished goods inventory, which accounts for a huge amount of working capital in the industry. “We were able to unlock 1000-1200 tractors from our finished goods inventory while giving better service to our dealers and customers,” says Ashok Anantraman, Head Marketing, Escorts Agri. With each tractor costing approximately Rs 400,000, the value of the inventory unlocked, achieved over a period of 12-18 months, was about Rs. 400 million. The amount was significant considering that many companies at that time were raking in huge losses. The benefits have not just been monetary. The change in process has led to a reduction of the planning cycle from 15 days to 7 days. There is a lot more sense of discipline in the organisation and the stake holders. From a total absence of forecasting culture, “the system has brought about a culture where 150 territory managers and 800 dealers arrive at a consensus on the sales forecasts,” says Jaikanth. “We now have lower inventory costs, but
C A S E S T U DY
BEST OF BREED
Driving Efficiencies Q: What were the biggest challenges faced by the organisation that prompted you to go for a new SCM implementation? A: There were many daunting challenges before Escorts AMG which necessitated a close look into our supply chain. A strong need was felt to optimise the efficiency of management of cash which was locked due to high inventory and finished goods, well beyond the acceptable norms. One of our key challenges was to align our production to market needs and thus operate with a minimum level of finished goods and raw materials. To make this happen we needed clear visibility into the market demand in terms of model mix and volumes. That would help us to align backwards our material requirement to the suppliers, correct our inventory and meet the demands of the market in time. A major challenge was to change our processes and mindsets. I am happy to note that we have succeeded in this. What business process changes were needed to get this going? Firstly, we took a conscious decision to operate with minimum inventory and produce strictly as per market need. This required our suppliers to have clear visibility into our material requirements over the next couple of months.
How do you think a solution of this kind can help in improving top/ bottom line performance? It helps in many ways. We were able to unlock a lot of cash, which was blocked due to higher raw material and finished goods inventories. The SCM solution helped us in producing the right product mix and making it available on time to increase customer satisfaction. There is a marked improvement in the overall efficiency of our supply chain which is reflected in reduced inventories and a very cohesive functioning with our suppliers and dealers. ROHTASH MAL
CEO & ED, ESCORTS AGRI MACHINERY GROUP
A lot of effort went into vendor coordination and creating a process to get the desired material at the right time without facing the problem of stock out or excess inventory. Secondly, to get visibility into the market, our complete sales team had to work very closely with dealers to generate the correct demand. It required a major effort to mature this process and train our field staff on the software functionality. We had to gear up our IT infrastructure in a big way to connect all the sales offices spread across the country with our central IT hub. A major infrastructure rollout was done at each of the sales offices.
the product parts, but this mapping is yet to be factored in the system,” says B.D. Mathur, Head Sourcing. “The planning for spares is also a bit difficult, since it has to be done using historic data. We are still not fully prepared to handle spikes in demand,” says Kumar.
that doesn't mean we are losing on sales. The customer satisfaction levels have also gone up several notches. The quality of tractors is also better since they are reaching the customer fresh from the oven,” adds Anantraman. While increasing customer satisfaction, “the system has also helped us increase employee productivity by 6-8%,” adds Shailesh Agarwal, Chief of Operation, Escorts Agri.
Shortcomings As happens with all big implementations, the solution's performance has been less than satisfactory on a few fronts. “Forecasting is still being polished and it will take fourfive more iterations before it is perfected. Nevertheless, we are certainly getting there. Also, we need to work more to customise the system to fit our needs,” says Jaikanth. The materials planning staff also have some gripes. “Changes in the design of products calls for changes in
What key benefits has your organisation derived from this project? There are many tangible and non tangible benefits. The tangible ones are reduced inventory carrying cost, availability of the right product at the right time, increased efficiency of operations, a high level of cohesiveness with suppliers and dealers. As far as the non tangibles are concerned, clearly it’s about making various cross functional teams work better together, bringing in external agencies like dealers and vendors into the internal processes and more importantly a cultural shift towards meeting consumer goals in terms of on-time performance and satisfaction.
The way forward
500
%
OF THE TOTAL COST OF I2 IMPLEMENTATION ALREADY RECOVERED.
New modules that would enhance the usage of the system are in the works. “The next step is integrating the suppliers in the system by building a two-way communication with them by using a supplier portal,” says Kumar. “For any organisation, the customer is the focus. For us, the tractors should be available at the right time, in the right number, with the right model, in the right quality and at the correct location. This implementation is a big step in achieving this goal,” says Agarwal. —geetaj.channana@9dot9.in
CTO FORUM thectoforum.com
07 MARCH 2010
19
T E C H N O LO G I E S 2 01 0
COVE R S TO RY
What’s
Brewing
CTOs of leading edge IT vendors spill the beans on the technologies of tomorrow Where is virtualisation headed?
Is there a plan to offer services over the cloud?
We got the technology experts who call the shots in the largest IT companies to talk about what's churning in their research labs and what it could mean for enterprises in the years to come.
CTO FORUM thectoforum.com
07 MARCH 2010
21
“SaaS has the potential to be a
game-changer” Mark Bregman, Executive Vice President and Chief Technology Officer, Symantec Corporation says that SaaS has the potential to be a game changer. In a conversation with Ashwani Mishra, Bregman talks about the company’s strategy in the security and storage areas and how it plans to deliver best solutions to its customers.
How is Symantec dynamically changing its product portfolio to deal with all the issues related to security? In other words, Symantec, like many other large software vendors, wants to have an end-to-end, integrated stack to manage infrastructure. How do you plan to achieve this? In today’s times, information is more distributed than ever before. Our product portfolio focuses on an informationcentric model for security and management. We innovate and integrate across our portfolio to enable our customers to secure and manage information. The strength of our portfolio, combined with a focus on innovations, enables us to help customers succeed. The breadth and depth of security, storage and systems management technologies we offer allows us to innovate in unique ways and leverage integration points across our product portfolio. Organisations today face a rapidly
22
CTO FORUM 07 MARCH 2010
thectoforum.com
evolving range of threats related to information security from organised criminals as well as malicious insiders. So it is important to take a proactive, risk-based approach that protects not only the infrastructure, but also the information that resides on it. Enterprises face many challenges in reducing risk and ensuring that data is protected at all times, regardless of where it is used or stored. Our strategy is to help companies protect their infrastructure, protect their information, develop and enforce IT policies and manage their systems.
According to a recent Symantec report, staffing, cloud computing and IT compliance have been ranked as the top enterprise security challenges this year? How can enterprises tackle these challenges now and in the coming years? For a vast majority of organisations, the transition to the cloud will be a gradual movement of applications, services, and
supporting infrastructure into the cloud. We plan to enable customers at all stages of this transition. Today we offer choice and flexibility in the adoption of our solutions to secure and manage information in the cloud. We are helping customers capitalise on the promise of cloud computing in four ways. These include providing hosted services to businesses and consumers, enabling enterprises to build their own private cloud infrastructures with our software and services, offering cloudready Symantec software through third party cloud-infrastructure providers and offering consulting services for cloud strategy development. To tackle the IT compliance challenges, organisations need to develop and enforce IT policies and automate their compliance processes. By prioritising risks and defining policies that span across all locations, customers can enforce policies through built-in automation and workflow. They can identify threats and remediate inci-
T E C H N O LO G I E S 2 01 0
dents as they occur or anticipate them before they happen.
At a recent media briefing, your CEO Enrique Salem said that the IT industry is undergoing many changes and Software-as-a-Service (SaaS) is key for its future business. How are you going about this? SaaS has the potential to be a gamechanger and we are well-positioned to expand its position in the market space. Symantec Hosted Services now covers more than nine million end users from 21,000 organisations spanning across 100 countries. More than nine million consumers are using Symantec SaaS offerings through Norton Online Backup.
What would be your strategy on the storage front for the next couple of years?
Symantec’s storage strategy supports our information-centric focus and includes several efforts. First, we will continue to enable our customers to commoditise their infrastructure, and standardise on software that supports major operating systems, storage platforms, databases and applications. We will also look at ways to help our customers build scalable, highperformance file-based storage systems for their enterprise, including their private and public clouds, using our FileStore technology. Our strategy will also include efforts to innovate and integrate across our storage and security portfolio using new technologies such as Data Insight to help customers improve data governance and gain insight into the ownership and usage of information. Innovations such as Data Insight are aimed at aligning
Hackers are Becoming Smarter Day by Day
W
ith 2009 behind us, we look forward to what the next year might bring. Here are some of the key security trends , and how they might affect the overall security game plan. Hackers are better equipped: The tools used by the black hats have become more sophisticated. This will result in an increase of automated attacks that no longer target a specific company, but instead look for specific vulnerabilities wherever they exist. Solutions for security in the cloud: Security concerns prevent enterprises from moving to the Cloud. How does one protect
data when you don’t even know where it is residing? This year will see a many new solutions which will solve the issues of securing data in the cloud. Using methods that attach data controls to the underlying database and centrally manage the policies and logging, data can be secured even in a highly dynamic environment. Aliens freaking inside your networks: Attacks are generally classified as either coming from outside the network perimeter, or from internal users. However, this differentiation will gradually blur in 2010, as a number of attack vectors gains in
popularity. Just visiting a website can now result in downloading new types of malware. Organised crime targeting specific companies by inserting “sleepers” to infiltrate the organisation as employees or contractors, solely for the purpose of gaining access to sensitive data, will also become prevalent. Defending against these insiders will require solutions that protect data, regardless of the source of the attack. Therefore, going beyond perimeter defences or network monitoring should be an important part of every organisation’s data security strategy.
COVE R S TO RY
“The truth of the matter, as you might expect, is that SaaS has both pros and cons, regardless of whether you are a provider or consumer of the technology” Andrew Baker
Infrastructure Manager, Institute for Integrative Nutrition, Solutions Architect & CTO, BrainWave Consulting Company
enterprise information assets to business goals by simplifying the remediation of exposed critical data and optimising their storage environment. ABOUT MARK BREGMAN: Mark Bregman is executive vice president and chief technology officer at Symantec, responsible for the Symantec Research Labs, Symantec Security Response and shared technologies, emerging technologies, architecture and standards, localization and secure coding, and developing the technology strategy for the company.
CTO FORUM thectoforum.com
07 MARCH 2010
23
From his perch as the Chief Technology Officer and Senior Vice President of R&D, VMware, Stephen Herrod shapes the future of virtualisation. In this interview with Rahul Neel Mani and Ashwani Mishra, Herrod discusses the issues and key trends in the virtualisation and cloud computing space. Excerpts:
“Public Cloud will not be a reality soon” You had opined that the choice for enterprises between a thick client and a thin client would be solved. Where is the industry today in terms of desktop virtualisation? The recession slowed down a lot of projects including desktop virtualisation. In the later half of 2009 we saw the launch of Windows 7. Many companies who had been using Windows XP for the last several years were looking to refresh their desktops. So you heard many CIOs saying that if they are doing a refresh for the software, why not change the way it was managed. This was also the time when the economy started improving. This has pushed many desktop virtualisation projects back on the front-burner. We see desktop virtualisation as a global phenomenon. However, there are certain industries like financial services and healthcare that need it more. Managing desktop at a centralised data centre level and letting all the users access it remotely makes much more sense for this segment.
24
CTO FORUM 07 MARCH 2010
thectoforum.com
How are you developing the virtualisation technology that goes in your products? We have built upon our data centre virtualisation product VMware vSphere. We launched it in May last year and then came out with a major refresh on our desktop product in December 2009. The thing that we focused on was to fit as many desktops on to a given amount of server and storage. We wanted it to be cost effective and also secure with high levels of availability. We want to ensure that the platform that enterprises are using in the data centre is as good as possible. Many customers are looking at a shared private cloud that can be deployed either for desktops or servers. This means they will use a common platform and place different workloads on top of it. There are still a lot of apprehensions surrounding the cloud computing model. What would be your advice to enterprises who want to evolve from virtualisation and move into the private cloud? The basis for cloud computing is virtualisation. We have been working with
various analyst groups and trying to find issues around cloud computing and make it more digestible for the CIOs. We think private cloud is a different model for running the IT department. So it is more of a ‘service provider approach’ rather than a cost centre for the business. That means there is a customer-centric notion of what one does. For example take the case of IT providing a portal for employees to log in for services that are approved by IT. This is an important part of it. The other thing that enterprises associate with cloud computing is ‘pay as you use’ model instead of locking huge upfront capital. For the private cloud it means more visibility and also tapping the shared resources that different group are using.
How would you react if I say that a private cloud is nothing more than an IT infrastructure within an enterprise? I strongly feel it is more than that. It is a business model as well as a heavily virtualised architecture that will help CIOs turn IT into service for the internal
T E C H N O LO G I E S 2 01 0
consumers. The infrastructure needs to be automated.
model? Also, what are the other issues that will confront CIOs on the cloud front?
So, what will be the time, resources and intelligence required to move from a private to a public cloud which is ‘pay-as-you-use’ and with minimal investments?
It is always better to rise by an evolutionary step. I think that such enterprises would leverage their existing infrastructure and make it more efficient by using some private cloud techniques. As some of them reach end of life cycle or there is a need for a new application, they could look at the cloud model. There is good opportunity to have a shared model for infrastructure, team, training and tools across server and desktop applications. Lock-in from a vendor is another major concern that we hear a lot. The approach taken by Google and Amazon.com is development of products that are proprietary and so is Microsoft’s Azure.
It depends on the profiles of customers and industries. The approach that VMware is taking is to use the existing software stacks of its users in their data centre and sell it to public cloud providers. So we are selling them a compatible stack of software that also has built-in features of disaster recovery, security and performance tracking. The service providers are interested in this offer because they can then have an enterprise offering that is not merely commodity computing but actually has added value. Enterprises today have the assurance that when they are ready for the cloud there will be a set of places where they could run their applications on their own terms. Till then they are doing the right thing by virtualising their infrastructure.
How can large enterprises in the banking and telecom sector justify their huge investments on IT till date if they decide to move to a cloud
What are some of the recent developments on the cloud computing standard front and what would they lead to? We are on the board of Distributed Management Task Force (DMTF) which is an industry group involved in the development, adoption, and interoperability of management standards and initiatives for enterprise and Internet environments. We have been working closely with the group to create standards for cloud
Vendors to Watch
W
atch out for Quest in the Desktop Virtualisation space. Its vWorkspace future proofs your application delivery and desktop deployments by being hypervisor agnostic while also providing support for multiple deployment options such as Terminal Servers, Blade PCs and VDI. This power-
ful flexibility transforms your physical desktops into virtual services. In server virtualisation Citrix is a formidable player. It completed acquisition of XenSource, the primary commercial maintainer of the Xen open source hypervisor in October 2007. Also, F5 Acopia intelligent file vir-
tualisation solutions help businesses efficiently manage the growth, complexity and cost of unstructured file-based information. Watch for FalconStor which develops innovative and open data protection solutions designed to optimise storage and protect critical business data and applications.
COVE R S TO RY
“Virtualisation is a technology that cannot be ignored anymore. If you are not already using it, start exploring. Chart your journey carefully.” Arun Gupta
Group CIO, K Raheja Corp.
computing and there are two that really matter. The first one involves creating a virtual machine that can run on any cloud solution and this has taken off pretty well by the use of an Open Virtualisation Format (OVF). I think of it as an MP3 music that can be played on any player. The tougher one is to manage and track and be assured of the service levels from different cloud providers. We are trying to do this by having a top level management interface called as vCloud. We are not there yet. The day we have this, we will surely be the best software that runs on the cloud. This should be made available by end of this year.
CTO FORUM thectoforum.com
07 MARCH 2010
25
“Collaboration is the dynamite in a
CIO’s arsenal” Barry Briggs, Chief IT Architect and CTO, Microsoft speaks with Ashwani Mishra on Microsoft’s efforts to help businesses collaborate better, be more productive and do more with less. Excerpts:
What key technology trends do you foresee and what are those tools that will prove helpful to enterprise CIOs in the next few years?
Microsoft recently launched its Windows Azure Platform - an Internetbased cloud services platform. What are the key features and your expectations from it in terms of enterprise adoption?
Most of the research done in Microsoft Research and Development Labs worldwide is focused on cloud computing. Early adoption trends and strong forecast suggest that cloud is going to become an integral part of enterprise IT in the coming years. There are a couple of different ways by which we see the evolution of cloud models. We see the cloud increasingly host certain services within the enterprise like email and SharePoint collaboration. A lot more of similar ‘not-so-critical’ services will move in the cloud in the next couple of years. These services will be run by a group of people responsible to keep the software on the latest technology. This becomes an inexpensive subscription model for many enterprises.
Windows Azure Platform is Microsoft’s product in the Platform as a Service (PaaS) space. If you have observed, over the last two years, we have already launched several products and solutions in India across other layers as part of our Cloud Strategy for the enterprises. These include hosted Dynamics, Office Web Apps, Microsoft Online Services (comprising Exchange Online, SharePoint Online, Office Communications Online, and Office Live meeting), Windows Server, SystemCentre and the Dynamic Data Centre Toolkit. With the launch of Azure, our cloud stack is nearing completion. All of our popular products are now cloud-ready, and we have a clear future roadmap to provide anytime, anywhere access across diverse devices be it PC, mobile or Internet.
26
CTO FORUM 07 MARCH 2010
thectoforum.com
There are a lot of interesting features and one that stands out is the ability of the solution to scale up on demand. For example, let’s look at enterprise performance review application. Twice a year Microsoft needs to conduct performance reviews. For other organisations, this may vary to a small degree. As the pattern of usage indicates, most of the year this application is quiet or not used on a regular basis. Hosting such an application on the cloud makes sense because it helps you save on both cost and resources. You can also scale it up when there is a rise in demand and scale down when the demand recedes. There is yet another interesting and noticeable feature that allows developers to run and test an application on their local computers before deploying it on production servers. So we do not have to use multiple testing, debugging, and production environments before deploying new applications or updates. This helps organisations drastically reduce the time taken for go-to-market.
T E C H N O LO G I E S 2 01 0
Do you have newer things to tell CIOs in areas of collaboration and productivity? Collaboration is definitely one of the most important areas for enterprise computing. Our customers are validating this fact through the huge deployment of SharePoint across geographies. We have around 217,000 SharePoint sites that are operational. This shows that the value exists and people are using it collectively. Even internally Microsoft uses SharePoint extensively to boost productivity and facilitate collaboration. SharePoint, which mixes documentcentric collaboration with social features, is our fastest-growing server software product. The software can be used for things like file storage, portals, intranet and Internet sites. Social computing is an interesting feature added to it. The platform allows enterprises to add applications seamlessly at their convenience. We are also expanding the software to encompass content management and social business capabilities. Our new SharePoint Server 2010 will have a greater emphasis on social networking that will be shipped in the first half
of this year. This will improve our blog and wiki capabilities, as well as add a Facebook-like user profile feature. It will also extend the content management features that we began adding to SharePoint 2007. These features will take collaboration to the next level.
How do you see the role of CIO evolving in the next couple of years? It is clear that not only technology companies but enterprises across industries are seeing a significant growth in the CIO’s role. From being a partner to the business, I strongly believe the role of CIO will evolve to become the operator for the business in the coming years. ABOUT BARRY BRIGGS Barry Briggs is Chief Architect and CTO for Microsoft’s IT organisation. Among other key initiatives, he drives building and adoption of Master Data Management (MDM) and Service Oriented Architecture (SOA) solutions for the company. Previously, he served as senior architect in the Business Process and Integration Division at Microsoft, where he helped
Technology Populism Shapes Collaboration Landscape
T
he transition from IT to business technology (BT), technology populism, and the down economy are changing businesses and the collaboration vendors that serve them. The door has opened to new vendors that appeal to the less technically savvy users in small and medium-size businesses (SMBs) and enterprise business units instead of focusing their
COVE R S TO RY
sale on IT departments. As a result, the collaboration vendor landscape today is polarised, with most mega-vendors selling through the IT department while smaller vendors — including some in the Web 2.0 space — tackle selling through the individual user. What model will win? Both. Collaboration will be a technology that will seep in through individual users' preferences as well
as IT-sanctioned solutions. To be successful in the future, vendors must sell both ways. The key for both top-down and bottom-up vendors is to build relationships and offerings that engender confidence in all business constituencies while being able to differentiate outside of price. Source: Forrester Research 2009
“We have created a collaborative environment across M&M group. Ideas, knowledge and opinions are being exchanged. The future plan is to take collaboration to the next level and build further interactivity” V S Parthasarathy
Executive Vice President – Finance, Mergers & Acquisition and Corporate IT
set the technology strategy for Microsoft’s enterprise integration and business process product line. Briggs held a number of senior executive positions serving as CTO for a number of successful software vendors. He is the author of numerous technical articles, two novels, and the popular “Barry Talks!” weblog.
CTO FORUM thectoforum.com
07 MARCH 2010
27
Chris Powers, Worldwide Director, Enterprise Storage, HP StorageWorks Division spoke to Rahul Neel Mani about HP’s latest push – ‘Storage and Server Convergence’ – as well as other technologies that will excite enterprise users in 2010-11.
“Don’t spend money where you don't need to”
How would you sum up the trends witnessed in the storage capacity and performance space in the course of the last few months? I have been running HP’s high-end storage business for over six years. Every year, one thing that doesn’t change in my presentation slides is the chart showing growth of storage in enterprises. This is due to the fact that most of the information is now digitised. But as opposed to earlier when this growth came from structured/transactional data, it now comes from unstructured data. Sites such as Youtube and Snapfish host data-heavy files of millions of users, just imagine the amount of storage they would be consuming! Also, in the high-end portion of storage business, we don’t see any mismatch between performance requirements and availability. Generation after generation, we continue to deliver step function and capabilities.
The growing popularity of Internet and other applications have meant
28
CTO FORUM 07 MARCH 2010
thectoforum.com
that downloads have increased several folds, and so have the storage challenges. At the same time, business leaders in India have been very conservative about technology refresh; how do you expect CIOs to cope with this challenge? According to my observations, the technology refresh in India is not conservative. On the contrary, India is catching up with the global frontrunners in technology adoption. The sales of newer generation storage arrays have significantly increased here. But, most certainly, enterprises are conscious of their investment protection while adopting new technologies. Today, a lot of investment goes into the purchase of spinning disks whereas our approach with StorageWorks is to put the entire storage behind a ‘controller’. With HP XP24000 you can take any number of third party products and connect them. We call it external storage but basically what it does to the host/server application is to connect the third party storage behind the controller and present it to the application as if it is internal to the
array. It provides a lot of improvement in performance vis a vis the legacy environment. It provides the capability from a Tier1 features function standpoint that they won’t get in the legacy systems. The technology helps offset the initial investment from an acquisition standpoint.
Do you think concepts like storage virtualisation are now finding favour with CIOs? How long would it take for the technology to mature in this space? Storage virtualisation is indeed being talked about in India very seriously. NIC (National Informatics Centre) has adopted it comprehensively across its organisation. The users in NIC are quite satisfied with the performance and are promoting the capabilities they have got using XP24000.
HP is talking of Storage and Server Convergence? What is this? As technologies become more advanced, the most challenging aspect is managing the complexity. CIOs have to manage servers, networks, infrastructures, and
T E C H N O LO G I E S 2 01 0
also storage. HP, with storage and server convergence, is trying to simplify the management as much as possible. Today you can put blade servers, blade storage, blade switches - all in one cabin and call it convergence. But the magic of convergence comes from its management. And virtualisation is ‘key’ to this whole convergence. When you are doing convergence, you are pulling in more business processes into the same set of attributes. If you don’t have something highly resilient and highly available, the whole thing may fall apart. The system should be capable of load balancing dynamically and have the capability of managing an application's performance. Another important aspect of convergence is orchestration. A single team can provision storage, servers and ports in a seamless way using convergence.
So, is HP calling this convergence the future? Absolutely! HP is going to push it very vigorously in the market. We see it providing the enterprises a very unique and necessary technical response to today’s business challenges. An important thing to note here is that all of this is not built around HP infrastructure. This concept very well embraces third party hardware too. It is part of HP’s vision to drive this very aggressively.
COVE R S TO RY
What suggestions would you like to give to CIOs to put up new storage infrastructure or enhance the capacities of old ones? The thumb rule is to ascertain the business requirements first. There is no ‘one-size-fits-all’ formula in storage. From an architectural standpoint, CIOs must think that the business requirements today are going to be different from those of tomorrow. Don’t spend money where you don’t need to be spending. Keep the most critical data on tier1 storage. Archive data on secondary storage media.
Does this give birth to ‘Storage-as-aservice’? Absolutely! The whole concept of cloud services stems from here. Cloud is basically a very nice visual behind virtualisation and behind tiering. What you are basically offering is capability (from an IT standpoint) to the customers who need to use that infrastructure. It hides the complexity and manages it in such a way that it becomes easy for the businesses to understand.
What do you think will be the major trends in the year 2010-2011? From the convergence standpoint, the specific platform from HP is part of the converged infrastructure. XP24000 is one
“I recommend virtualisation of storage as it can be used as a tool to create an ROI model for the CIO to show we are going to of our SAN/NAS purchases every year.” Robert Presley
Former IT Director GameStop
Data Protection & Management are High on Priority
I
n no order of priority or preference, here are a few high end storage trends that are inevitable and which enterprises can’t afford to ignore. Continuous Data Protection: This was reinforced by Symantec's 2010 State of the Data Centre report too. While it has been maturing
over the past few years, it seems enterprises are taking notice of its progress today. While it is way too early to say CDP will displace ‘daily backups’ in 2010, but it appears that the technology is a formidable challenger. Thin provisioning will continue to get the nod
over deduplication on high end primary storage systems: A few storage providers are making deduplication available on the primary storage. But what will ultimately drive the adoption of either of deduplication and thin provisioning on primary storage is cost.
piece that can be plugged in and out of this whole platform. From a virtualisation standpoint, HP can virtualise up to 234 petabytes of storage. From a resiliency standpoint, HP provides a nonstop architecture with a nonstop product. It is very much the part of HP’s convergence drive. From an opportunity standpoint, 2009 was a not such a good market. We see a lot of delayed purchase decisions. 2010 is going to be a rebound year. Enterprises are now positioning themselves suitably for growth.
CTO FORUM thectoforum.com
07 MARCH 2010
29
“Virtualisation & collaboration are
killer apps” In a conversation with Ashwani Mishra, V C Gopalratnam, Vice President, Information Technology and CIO Globalisation, Cisco Systems shares the company’s vision and future areas of focus: Excerpts:
What do you think are the key technologies that will drive the next wave of productivity for enterprise CIOs and why? Many companies have started to come out of the economic slowdown but until the business environment regains normalcy, they will continue to do more with less as the IT budgets will either remain stagnant or decrease. In such a scenario, we believe that virtualisation and collaboration will be the two technologies that will drive productivity in enterprise IT environments in the next couple of years. For Cisco, the network continues to be the platform and therefore we will promote any technology that leverages the network and try and see that the technology boosts productivity. The uptake in virtualisation technologies is clearly evident. Enterprises will keep investing more in virtualisation to get more benefits. They will move more into ‘services management frameworks’ that are offered from both within and outside
30
CTO FORUM 07 MARCH 2010
thectoforum.com
the enterprise to deliver flexibility. Cloud computing model is another area that will gain momentum. On the collaboration front, we have already seen enterprises embracing video conferencing, telepresence, and unified communications to reduce costs and increase productivity. As the nature of the future office changes, we have to enable humans to work with any device, from any place and at any time through collaboration.
Can you provide us a glimpse of a few futuristic applications of unified communications that enterprises can expect? TelePresence has been successful in the enterprise space as it integrates voice, video and data and minimizes the efforts to assemble at one place for face to face meetings. Earlier we had only large units, but now the solution is also available on the desktops. We are also actively working on developing TelePresence for home users. The
minute such a solution gains adoption it will create a storm in the market. If TelePresence is used in conjunction with high speed broadband, it will make services available to a wider group of people. As a result, it will enable many applications in various fields such as e-learning and healthcare - applications that could not be used earlier. The other area that we are focusing on is the integration of TelePresence with conferencing technologies like WebEx. This will again take both the applications to a wider audience.
What would be your product development strategy on the mobile security front? For us, mobility is really a business application. We have stayed away from the device aspect of mobility. However, we will continue to focus on how we can leverage our network and continue to offer services on our network, using the cloud wherever it makes sense. This will help enterprises to access all sorts of
T E C H N O LO G I E S 2 01 0
applications and services irrespective of the device they use.
Moving forward what would be the role of innovation at Cisco India? We have started assuming greater ownership of Cisco technology programmes globally. In the next few years we would see a large percentage of products and technologies coming out of India to meet global requirements. The development centre in Bangalore is the largest outside of the US. The centre has been instrumental in securing over 600 patents and there are another 300 plus awaiting approval. Also, through the launch of our ‘Smart Connected Communities’ the centre has addressed the growing need for sustainable energy, which today is a big challenge in urban areas.
On the other hand, our services organisation is constantly experimenting with new business models.
In the long run, does your company feel challenged by low-cost manufacturers and desperate competitors? (As per analyst reports Cisco’s share of the Ethernet switching market declined to 67 percent in 2009 from 71 percent in 2008 and 72 percent in 2007) Competition will always stay but there is a need to define it. We have competition both at global and local levels. However, our success has been due to the agility and nimbleness of our technology solutions. We are not necessarily driven by pricing. Moving ahead, we will continue to be a customer-driven innovation company. The alignment of our strategy and vision with customer needs allows us
Telepresence is the Future of Business Communication
2
009 was an excellent year for educating the enterprises across the world about telepresence and the capabilities for integrated video, audio and data solutions that can interoperate in heterogeneous environments. There were many factors that have impacted the growth of telepresence industry. The most pertinent factor was the external pressures of the weak economy, the pressure on society to safeguard environment and awareness towards public health. This year’s economic recession transformed telepresence from being
COVE R S TO RY
just an executive level conferencing tool to an enterprise-wide conferencing facility, which can be looked at as a replacement to physical meetings. Many companies believe that telepresence enhances employee productivity by reducing the time and cost incurred to travel from one location to the other. It also gives remote workers the chance to connect with their coworkers and customers located at various places. Environmental issues were also assuaged by telepresence's ability to save on business travel and therefore save on carbon
emissions and footprints of airplanes, taxis and the printing, mailing and storing of business materials such as training and presentation materials. Finally, awareness for the public health was a huge factor which greatly impacted the use of telepresence. The spread of H1N1 epidemic throughout the world like a wildfire compelled corporates to think of adopting this technology. This helped businesses to save their employees from coming in physical contact with people who were affected and thus reduce the risk of contracting or spreading the virus.
“Telepresence offers better coordination and faster results but the current cost of bandwidth makes it expensive for enterprises” Arvind Saksena
Group CIO and Head HR, Consilium Software Inc.
to take an architectural approach. The price to value ratio has been clearly in our favour and that’s the way we have always approached our customers and will continue to do so. ABOUT V C GOPALRATNAM V C Gopalratnam joined Cisco Systems - India in Nov 2007, as its Vice President (IT) and Chief Information Officer. As a core member of Cisco’s Executive Leadership Staff at its Bangalore campus, he also serves as IT’s Theatre Relationship Executive for India. He is also the executive sponsor for the IT Cisco-on-Cisco program at the Bangalore campus. Prior to joining Cisco, he worked with GE Capital International Services as the Business Leader and SVP of its analytics practice.
CTO FORUM thectoforum.com
07 MARCH 2010
31
“Analytics will create
business value” Advanced analytics, cloud computing and the mobile web will be the technologies to watch out for in the next few years, says Dr. Manish Gupta, Director, IBM Research – India and Chief Technologist, IBM India/SA in an email interaction with CTO Forum.
Which emerging technologies do you see playing a significant role in the next few years? The biggest game changers in the next few years will be advanced analytics, cloud computing, and mobile web. Organisations are realising the importance of analytics in creating business value. Advanced analytics will help organisations go deep into the data, analyse them, and derive business value. Businesses now have the capability to take preemptive measures. Cloud computing will be yet another game-changing technology in the coming years. It offers remarkable scalability to customers and requires little upfront investment. The use of clouds, therefore, offers tremendous advantage to enterprises, which are gradually but surely leveraging the pay-per-use model extensively. In countries like India, due to low penetration of the Internet as well as for socio-economic reasons, traditional Web paradigms are not so meaningful. They
32
CTO FORUM 07 MARCH 2010
thectoforum.com
need specific and localised information in a simple to use and easily accessible format. Moreover, most of the population does not have access to a PC, for which the Web was designed. Therefore, the increasingly ubiquitous mobile phones will soon be the most preferred medium for accessing the Web. We can expect to see new mobile interfaces and systems for the masses, ranging from speech-based information and interfaces on low-end phones to intuitive graphical and pictorial interfaces on highend phones. Enterprises will increasingly use the mobile web to reach a broader set of customers, increase the productivity of their work force, and to improve their processes, including supply chain and internal communications.
These are two of our Big Bets, exploratory projects with long-term and huge investments. We are leading the Mobile Web Big Bet globally, working closely with other IBM labs and also playing a critical role in the Service Quality Big Bet, and services innovation in general. The India lab is also engaged in fundamental research in several other areas, including HPC (high performance computing), information management, software technologies, IT infrastructure management, and human language technologies.
What are the key focus areas for IBM research in India?
A "Spoken Web" project, currently being piloted by IBM's India Research aims to take advantage of the rapid proliferation of mobile phones in emerging countries. Could you share the developments and benefits that it can provide?
IBM India Research has a balanced agenda with long-term exploratory projects and short-term industry focused projects. Our focus is on real-life innovations. We want to be in a leading role in two key areas – mobile web and service delivery.
Spoken Web is part of our broader Mobile Web programme, being led by IBM Research India. The technology aims to create a parallel Web over the telecom network and bring its benefits to people who do not have access to the Internet.
T E C H N O LO G I E S 2 01 0
The technology creates VoiceSites, analogous to Web sites and these VoiceSites are interconnected through the Hyperspeech Transfer Protocol (HSTP), developed at IBM Research India. We are currently running pilot programmes in client environments and evaluating different options to take it to the market. In one of the pilots, run specifically for farmers, the technology has helped 42 percent of the farmers improve their yields. IBM created a voice-based Information Dissemination System for farmers using the novel Spoken Web platform. Farmers could post questions which could be answered by experts and other farmers.
Are we looking for a more seamless integration between cloud and mobiles? We see the combination of mobile and cloud as one of the biggest transformational forces, specially in emerging markets. With the proliferation of mobile phones, we finally have information and communication technology in billions of hands.
At the same time, the cloud is offering the platform for both accessing and providing services without worrying about infrastructure implementation. This combination has the potential to change how Web is used today - going well beyond just searching for information. The mobile and the cloud together provides an opportunity for developing countries to leapfrog into a new model of ICT, leading the creation of a Web far greater in reach and scope than the existing one. For businesses, especially SMEs, the cloud enables delivery of IT services in a consistent and seamless manner across a variety of end points including mobile phones, personal computers, and thin clients. The range of services enabled will include desktop as a service, unified communications and social networking, and a variety of business processes such as accounting and finance.
What is the progress on the Smarter Planet campaign? Smarter Planet is IBM’s vision for applying IT to create a better world. Much of our planet’s resources are
Spoken Web
T
he World Wide Web is perhaps the greatest technology innovation the world has seen in the last few decades. It has helped eliminate geographical barriers and paved the way for global collaboration and integration. Unfortunately, a majority of the population on this planet does not have computers or connectivity to the Internet. The basic principle of Spoken Web lies in creating a system analogous to
the World Wide Web using a technology most of us all have in common - speech. Spoken Web helps people create voice sites using a simple telephone, mobile or landline. The user gets a unique phone number which is analogous to a URL and when other users access this voice site they get to hear the content uploaded there. Interestingly, all these voice sites can be interlinked creating a massive network. When a user wants to
create a voice site, he or she needs to call a number and a software called VoiGen helps the person create a new site. The user can upload voice content according to his or her needs and is given a unique phone number, analogous to a URL. When other users access the VoiceSite, they get to hear the content given there. These VoiceSite, linked like Web sites, create a parallel to the World Wide Web.
COVE R S TO RY
“I feel strongly about the security issues involved in shifting to the cloud. On top of it, the existing infrastructure in an enterprise needs to be dismantled” S R Balasubramanian
Executive VP, IT, Godfrey Phillips India
being wasted in the way we operate today. More than 50 percent of the food supply never reaches the consumers. Nearly 35 percent of water is wasted. Billions of litres of fuel is used up by vehicles that are stuck in traffic. A recent study by the IBM Institute of Business Value estimates that there are inefficiencies of about $15 trillion in the world economy, of which about $4 trillion can be saved by infusing intelligence into the systems. We need to find smarter ways of handling challenges across these areas.
CTO FORUM thectoforum.com
07 MARCH 2010
33
T E CH F O R G OVE R NAN CE
RISK ASSESSMENT
3
POINTS
PHOTO: PHOTOS.COM
DATA SECURITY FACT SHEET: UNLIKE COMPUTER VIRUSES: Result in data leaks and breach of integrity UNLIKE BUSINESSES PROCESSES: Cannot be outsourced UNLIKE BALANCE SHEET ASSETS: Companies don't know their current financial exposure to data security threats
Advantages of
Data-Focused Risk Assessments
Smoke detectors were made mandatory for a reason. The logic behind having data-focussed risk assessments is not very different. BY DANNY LIEBERMAN
34
CTO FORUM 07 MARCH 2010
thectoforum.com
RISK ASSESSMENT
A
t a meeting with one of our clients recently, the question of business case for data loss prevention came up quite strongly. It started with the client saying that they were hearing that while vendors like Symantec and Websense were getting a lot of customers to buy their Data Loass Prevention (DLP) products, many of these customers were failing in their attempt to implement DLP. The detailed reasons why people fail at DLP implementations merits a separate post – but it’s a lot like why over 50 percent of the content management implementation from vendors like Vignette never made it to production in the 90s – the root cause was that there was no real business case for the technology. I want to talk about why building a business case for data security is critical to the success of your data security/data loss prevention/fraud prevention project. If you run a business or business unit – you must ask yourself two questions: Is data security a major operational risk for your business? Could be! Unlike a computer virus – internally launched attacks on data that result in data leaks, breach of integrity, loss of data availability and non-compliance are your problem, not someone else’s. Unlike business processes – data risk cannot be outsourced.
Unlike balance sheet assets – companies don’t know their current financial exposure to data security threats. The next question is should you invest in DLP technologies? Anyone with only a nickel in their pocket (and in this market – that’s a lot of companies…) will say, “Why should we when we don’t know the return on investment? In order to answer your questions, you must measure your value at risk using a data security based risk assessment. This is a simple, almost obvious notion – you measure risk of asbestos poisoning by checking your building insulation and you measure risk of fire damage by checking the building itself and various policies, procedures and equipment related to fire prevention. Think about smoke detectors. You can’t put up an office building without smoke detectors (in Israel – the regulator has set a minimum density per square meter and the prices are low enough that the contractors will basically put in as many as you want). Why would you think of managing your data without the comparable data breach security monitoring equipment? Data security based risk assessment uses DLP technology (the test equipment) and a best practices analytical risk model to measure the value of your data and your value at risk. Within a couple weeks, you should
T E CH F O R G OVE R NAN CE
be able to get a picture of your current data security events, know your data value at risk in Euro and build a prioritized program for cost-effective data security controls in the people, process and technology planes. What you do then – is up to you. Most companies I know in Europe and Israel are not at a sufficient level of security maturity to do this kind of thing themselves – and will need an independent consultant – one with specific domain expertise in their industry vertical, specific data security expertise and ability to do analytical threat modelling – installing Checkpoint firewalls doesn’t count and you really want someone who is vendor neutral. Advantages of a data security-focused risk assessment Invaluable tool for obtaining visibility of inbound and outbound business transactions. Monitoring that provides input into the risk analysis process required by compliance regulation like SOX, PCI DSS and European privacy laws. Lays the basis for provable compliance to standards like PCI DSS 1.2 and ISO 27001/2/4. —Danny Lieberman is Managing Partner at The Control Policy Group, Israel. He is also the Founder at Software Associates. This article is published with prior permission from Infosec Island - https://www.infosecisland.com
A Billion Dollar Question If you think Converged Infrastructure and Fabrics are niche, think again. BY KEN OESTREICH
A
few months ago, I tweeted about an analyst conversation where it was looking like the market for Fabric Computing/Unified Computing would be growing rapidly in the foreseeable future. Another analyst friend of mine quickly commented back – sarcastically – that the market was sure to be in the billions of dollars. I was feeling a little unsure about this market until a few weeks
later when I was shown a technology report from Thomas Weisel Partners. Although the market definition for converged infrastructure (also known as Unified Computing) was still forming, TWP felt that sales of Converged Infrastructure solutions could rise as high as $15 billion by the end of 2014. Billion with a “b”? Right-on. Then there is a report by Gartner Research on fabric-based computing, which estimated that by the end of 2012, roughly 30% of the
CTO FORUM thectoforum.com
07 MARCH 2010
35
T E CH F O R G OVE R NAN CE
MARKE T PREDICTIONS
world’s top 2000 companies would have some form of fabric-based computing architecture. (Under the heading of “fabric” falls Unified Computing as well as Converged Infrastructure). So, why is the market (for fabric computing, converged infrastructure, unified computing) still considered so new in the market, yet forecast to be so booming in 2-4 years? First of all, what we’re talking about here are systems like Cisco UCS, Egenera PAN Manager, HP VirtualConnect, IBM Open Fabric Manager, and a few others. At the heart of each system is technology (sometimes HW, sometimes SW, sometimes mixed) that virtualises I/O and leverages converged networking. And why are vendors all chasing this approach? For a number of reasons: 1.It’s incredibly complementary to virtualisation: in the same way that the hypervisor changed how SW is abstracted, provisioned, managed and migrated, Converged Infrastructure changes how IO/ networking/connectivity is assembled and managed. This gives vendors a valuable set of new offerings, and can tie management of infrastructure to management of VMs – yielding end-to-end abstraction of the entire data centre. Roughly as much money is spent managing infrastructure as it is managing software. 2.It changes how availability is delivered: By manipulating IO
addressing, networking and connectivity, Converged Infrastructure Management can re-provision failed hardware – either in the form of physical servers, or indeed, entire environments. Thus, Converged Infrastructure has the potential to displace a big chunk of traditional clustering software… (nearly a $ billion, if you follow IDC’s estimates) 3.It changes how networks are physically wired and managed: Converged Infrastructure uses fewer IO components (either a single LOM or a single CNA), converged network protocols, fewer cables, and generally fewer switches. This yields a lower CapEx investment, and a commensurate lower OpEx to manage. The opportunity to sell alternative approaches to each of these technologies is immense. 4.Converged Infrastructure is highly complementary to shared storage: the pervasiveness of SAN storage is a major enabler of a more virtual/flexible data centre. As physical/virtual servers move, migrate and scale, storage simply follows. An increasing ratio of servers – especially blades – is being shipped with HBAs, indicating that SAN use is on the upswing. As to evidence that this market is shaping-up, we need only look to the magnitude of investment that Cisco, Egenera, HP, IBM – and even Emulex and Qlogic – are pouring into this market. I think we’ll see the hockey-stick shortly. —Ken Oestreich is VP, Product Marketing at Egenera
MARCH 2010, NEW DELHI
Advancing The Enterprise Of Education
India Higher Education Conclave will bring together senior leaders from a variety of private higher education institutions to consider new approaches to fostering and harnessing innovation, creativity and technology to drive the growth of their institutions. It will also help them develop an agenda for their institutions to capitalise on these emerging opportunities. The agenda of the conclave will be led by key stakeholders and will involve expert analysis, in-depth panel discussions, focused breakout sessions and insightful keynotes.
http://www.edu-leaders.com/edu2010/
THINKINGBEYOND CHRIS CURRAN | chris curran@9dot9.in
CHRIS CURRAN is Diamond Management & Technology Consultants’ chief technology officer and managing partner of the firm’s technology practice. He writes the CIO Dashboard blog at www.ciodashboard.com
Does the CIO care about IT?
Studies reveal that the attitude and culture required to embrace IT starts at the top. IN HIS latest post, IT project failure expert and writer Michael Krigsman CEO of Asuret Inc. beautifully summarises the risks associated with the lack of CEO and senior business leaders’ engagement in information technology investments. Developing support and engaging all of the business leaders in strategic use of IT is a problem we have been studying and helping clients address for a long time. A few years ago, we launched a broad annual study we call ‘Diamond Digital IQ’ which set out to get some insights into the problem that Michael discusses and the challenges associated with connecting the enterprise’s strategic objectives with the actual business value, which often comes several years after the big ideas are hatched. To get a “fair and balanced” view, half of the 592 surveyed are business leaders and half are IT leaders. Here are five questions from our 2010 survey questions related to the senior business executive support for IT.
1. Our CEO or senior-most business leader is an active champion in the use of information technology to improve our business The promise of a fully integrated organisation in which there is no “business” and “IT” must begin at the top. Information technology (the capability) must be seen by all business leadership as both a driver of growth and a tool to improve efficiency. Is this the case? While 64% of respondents agreed with this statement, it’s incredible to me that it’s not in the 80-90% range. While I didn’t explain this in detail, the industries included in the survey are large or very large companies in
1
35% 29% 20% 10% 5% Strongly Agree
Agree
Neutral Disagree Strongly Disagree
banking, financial service, insurance, consumer products, etc.
Only 54% of respondents felt that their CIOs were very involved in the business strategy development process
2. Our CIO is very involved in the business strategy development process This question indicates the senior management team’s buy-in of the importance of IT at the next level of detail. If only 54% agree with this statement, what are the other 46% doing? An insurance executive told me a story of a claims initiative that some colleagues in “the business” brought to him which they later approved. It involved taking images, video and audio to better understand the claims and so that more of the reviews and QA could be done remotely by experts. Late in the project, one of the managers came back to him and admitted a big mistake that would cost them several million dollars. Apparently, they forgot to estimate any storage for all of the digital media. 3. Business Executives are very confident in the company’s IT capabilities
CTO FORUM thectoforum.com
07 MARCH 2010
37
T H I N K I N G B E YO N D
CIO's ROLE
Half think that the business leaders are neutral or negative in terms of IT’s capabilities. My colleagues Peter Weill and Jeanne Ross at MIT believe that service delivery is the basis for everything else. I wonder if there is just some poor blocking and tackling that is at the root of this? 4. Our CIO is recognised as a BUSINESS leader, not just as a leader of IT Over half of the responses say that the CIO is not recognized as a business leader. I’d be interested to know how this correlates with the CEO’s stance on IT (question #1 above). I would also like to know how these CIO’s spend their time versus those who are seen as business leaders. 5. The CIO lacks productive working relationships with the Business Leaders Forty-seven percent say they are neutral or negative on the CIO-business working relationship. Since these are the people we surveyed, they
2
4
33%
29% 27%
26% 21%
19%
16%
18% 6%
4% Strongly Agree
Agree
Neutral Disagree Strongly Disagree
Strongly Agree
Agree
Neutral Disagree Strongly Disagree
40%
30%
5
3
21% 23%
23%
23% 18%
15%
3% 4%
Strongly Agree
Agree
Neutral Disagree Strongly Disagree
should know. I’d be interested to know your experience in good and bad day-to-day working relationships and techniques you or others have used to improve them. The value gained from IT in an
Strongly Agree
Agree
Neutral Disagree Strongly Disagree
Source: Diamond Digital IQ Study, 2010. Diamond Management & Technology Consultants, Inc.
organisation depends on everyone’s ability to understand it and access it. The attitude and culture required to embrace IT starts at the top.
NEXT
HORIZONS
FEATURES INSIDE
Many facets of SaaS The service is scoring on flexibility ratings but not so on security. Pg 42
ILLUSTRATION : SANTOSH KUSHWAHA
A SRM’s Second Life
Supplier relationship management now finds favour with managers. BY DYLAN PERSAUD
s the year 2000 approached, the catchphrase “lean manufacturing” was loosely thrown around in manufacturing industries. The media and software vendors led organisation to believe that a supplier relationship management (SRM) system could achieve the promise of lean. Yet the benefits promised by SRM systems were not realised. As organisations matured, they realised how the benefits were interrelated. Information sharing, sourcing, purchasing, and supplier relationships could translate into increased customer satisfaction and control of global spending. Predicting consumer demand became important. As organisations realised the need for these separate functionalities, they started looking for a solution that would combine these tasks. Enter SRM. As time marched on, organisations were less than impressed by the unacceptable results of how these solutions were implemented. Vendors and resellers did not educate organisations on the full user capacity or on how everything ties together. Lack of knowledge transfer from vendor to organisation gave the perception that the system did not meet organisation’s needs. Organisations lacked an understanding of how to translate the benefits of an SRM system into tangible results and of how all the system’s
CTO FORUM thectoforum.com
07 MARCH 2010
39
NEXT HORIZONS
S U P P L I E R R E L AT I O N S H I P M A N AG E M E N T
features could help businesses save money, increase operational efficiency, and control global spend. Stories of failed implementations and misconceptions of what the software system promised rapidly brought the development of this “next generation” business tool to a near complete halt. Several years later, SRM systems are now re-emerging as the next big promise. Several of the benefits that an SRM system can deliver, such as management of globalisation, adoption of mandated standards, inventory visibility, methods of managing stabilisations of technologies, and dealing with supplier auditing issues will be examined.
Reasons for the Resurfacing of SRM Globalisation: As organisations expand and become global operating entities, SRM is viewed as a method to help manage the process. The manufacturing of products is now largely outsourced to the East, as North America has become a service-based economy. This change in business structure has caused organisations to re-examine their current systems to determine if they can satisfy the new economic conditions created by this shift in the economy. Organisations must deal with foreign suppliers, but how? Information must flow freely between domestic and international channels and from one system to another. Global enterprise resource planning (ERP) – distribution products, such as those from SAP and Oracle, often provide such tools as supplier portals. A supplier portal is a tool for compiling information (a significant feature within the SRM software) to build contacts, audit functions of each supplier or partner, verify quality of products, and monitor supplier and partner performance. Users can think of this as customer relationship management (CRM) for suppliers. This is done by way of supplier scorecards, establishment of sourcing relationships, the creation of supplier information, establishment and maintenance of procurement channels, etc. If a North American organization has overseas trading partners, these partners may use the SRM system as an effective means to link up with western operations and schedule shipments, manage trading partners, control sourcing strategies at the
40
CTO FORUM 07 MARCH 2010
thectoforum.com
point of origin, manage supply overseas, and aid in the organisational planning of inventory to satisfy customer shipments Forced Adoption: Large organisations, such as Wal-Mart, Target, Albertson’s Metro, etc. are mandating standards that their suppliers must conform to. That is, do business their way as a condition of partner interaction. Suppliers are forced to comply with standards that were created specifically to reduce costs, manage the supply chain from end to end, and ultimately lead to lower prices and increased customer satisfaction. Small suppliers that cannot conform to these guidelines are forced to exit from a business relationship with the originating company. A system such as Wal-Mart’s Retail Link was designed as a tool specifically to manage inventory, suppliers, and procurement and to enable full partner disclosure to adapt to changing customer demands. The thought behind the system was that if partners could share order information, they could more accurately prevent “stock outs,” adjust order quantities, predict and accommodate forecasted quantities, and essentially reduce the size of the supply chain, leading to more selection and lower prices for the consumer. Retail Link performs the following: Analyses and controls global spend by
Suppliers are forced to comply with standards that were created specifically to reduce costs, manage the supply chain from end to end, and ultimately lead to lower prices and increased customer satisfaction.
category, volume, and product; manages service level agreements (SLAs); avoids duplication of contracts or materials to the same supplier; consolidates purchasing volumes and improves supplier selection; involves partners in the early phases of product development. Inventory Visibility: Organisations maintain that inventory visibility makes them more competitive. “How much,” “where it’s at,” “what’s its status,” “who currently has it,” and “when can it be delivered” are questions all organisation ask about their inventory. Knowing and understanding these variables allow an organisation to make better decisions pertaining to demand planning, replenishment stocking, and, most importantly, availability of inventory to fulfil customer orders. SRM systems are great tools to accomplish these business objectives. Even vendor managed inventory (VMI) is usually handled by some form of SRM system, normally through the supplier portal. With the capabilities to view “in transit” inventory over multiple modes, an organisation can control and manage potentially critical supply problems. The SRM system provides a unified view of inventory from one source that supports the business. Issues such as custom delays, extended lead times, scheduling conflicts, and transportation problems, to name just a few obstacles, can be adjusted and addressed within the SRM software. This advance notice of possible disruption to the supply of goods can provide alerts to all partners affected so that they may react accordingly and adjust to the disruption. The ability to view “in transit” products allows for accurate forecasting and replenishment. The collaboration of all the affected business partners allows organisations to respond to rapid market changes, and to deliver goods to consumers on time and at decent prices. Stabilisation of Technologies: The new millennium has brought stabilisation of technology. The rapid growth of the Internet has allowed organisations to use stable technology to share information over secure channels. The second nature of this method of communication has allowed for stable connections between locations as well as increased throughputs of network communications, which, during the 90s, was not been reliable enough. Modem connec-
S U P P L I E R R E L AT I O N S H I P M A N AG E M E N T
tions gave way to e-mail, digital subscriber line (DSL), and T1 connections, and fax machines became electronic data interchange (EDI), extensible mark up language (XML), and flat files that were sent electronically. This level of technology may have been previously overlooked or neglected due to poor information technology (IT) infrastructure and non-communication between partners. These technological advances were catalysts in taking partner interactions and trading to the next level. As organisations have built their networks, and stable connections are now the norm, the industry is reaping the rewards of SRM systems. Web services have enabled business-tobusiness communication to progress. This is the base technology used for supplier portals, and it requires access from several locations globally. Any business partner can log in and check the status of a part, peruse an order, check an estimated delivery time, etc. based on user security. This convenience and information sharing is expected to be standard, as organisations try to limit shipping costs, plan efficient routes for their goods, control and manage suppliers, and minimise costs. In terms of availability of supply chain execution software, only recently have vendors started to offer hosted models of software as a service (SaaS). Traditionally, this type of software was available only as in-house applications. Today, companies in all supply chain disciplines offer SaaS solutions, from demand management and warehouse management systems (WMS) to SRM. E2open, for one, offers a full SRM-hosted solution. Secure access and availability of industryspecific hubs (such as automotive or aerospace) are offered through hosted solutions. This level of collaboration capability may not be possible through an in-house system. A hosted solution offers access to other trading partners online. This service makes it possible for even small organisation to compete globally and comply with mandated standards imposed by trading partners. Supplier Accountability: Organisations have difficulty holding suppliers responsible. Metrics can easily be built within an SRM system because supplier data is located within the system. The collection of data gathered from the portal repository lends itself well to holding suppliers responsible
NEXT HORIZONS
Organisations assign duplicate resources to accounts without realising it, which
can be due to having several points of contact instead of just one, and time and money are spent unnecessarily. for quality and compliance issues. According to an Archstone Consulting survey conducted in August 2006, 58 percent of organisations fail to use incentives and penalties to audit suppliers. Resources (approximately 49 percent) are not properly assigned to supplier management, consequently causing quality issues and duplication of resource managers for the same vendor accounts. Organisations assign duplicate resources to accounts without realising it, which can be due to having several points of contact instead of just one, and time and money are spent unnecessarily to do the same job twice. Issues with quality and lack of compliance are not accurately tracked. According to Archstone Consulting, 45 percent of organisations believe that suppliers do not comply with their own SLAs when they deliver the product. Organisations have been looking at ways to change their sourcing and procurement strategies to get the above metrics back in line. They are beginning to see the value of the information a portal can supply. Consequently, the data aggregated from an SRM system can be used to analyse spend, cost, and performance, and eventually to align the data to business practices.
Conclusion Organisations are realising that the issues an SRM system can address can significantly influence their bottom lines. Factors such as globalisation, mandated standards,
inventory visibility, stabilisation of technologies, and supplier accountability are forcing organisations to re-evaluate the need for an SRM system. SRM solutions exist today that were not available just a few years ago. Hosted solution for SRM, such as those offered by SAP and E2Open, are now available more easily than they have ever been. Of course, an organisation always has the option of implementing in-house applications. Stabilisation of technology has lowered the price points of these systems, which are allowing more organisations to take advantage of the vast benefits an SRM system can offer. Common benefits of an SRM system include: Better customer service Accurate forecasting and product planning Control over global spending Control over procurement and sourcing Greater inventory visibility Reduced inventory carrying and holding costs If these are organisational goals that are mandated from the top down, then an SRM system may be the solution to implement some of these initiatives, while receiving a return on investment (ROI) that is palatable.
—Dylan Persaud is the Managing Director at Eval-Source
CTO FORUM thectoforum.com
07 MARCH 2010
41
NEXT HORIZONS
F A C E T S O F SA AS
The Good, Bad and Ugly of SaaS
S
SaaS's pricing model is making everyone happy, but security is still its Achilles Heel. BY ANDREW BAKER
ILLUSTRATION : PC ANOOP
oftware as a Service, or SaaS, is seen and marketed as a way to remove or reduce the complexities and costs associated with local enterprise software deployments, especially where such software has a desktop installation facet to it. As is typical with all (relatively new) technologies — especially in recent years — there comes the inevitable media hype that insists that this will be the wave of the future, that all prior approaches are obsolete, and that any CIO not looking to convert all of his/her organisation’s applications to this model, is looking to get fired. The truth, as you might expect, is that SaaS has both pros and cons, regardless of whether you are a provider or consumer of the technology. Yes, SaaS use will become more prominent in the next decade, but like other technologies before it, there will be some ups and downs on the way to world domination. What customers and providers expect From a customer’s perspective, the five major benefits of SaaS: Greater functionality for lower costs Less vendor lock-in Greater scalability Ubiquitous access for mobile employees Reduced security concerns From a provider’s perspective, the major benefits of SaaS are: Steady revenue Tighter control over the code Less difficulty in rolling out upgrades Diminished or eliminated piracy concerns Access to customer data for value add opportunities
42
CTO FORUM 07 MARCH 2010
thectoforum.com
Costs: The customer wants to minimise upfront costs, and to be able to grow and shrink expenses as they see fit over the life of the service. The provider wants to maintain a steady revenue stream with many up-sell opportunities over the life of the contract, and to be able to reduce or eliminate costs associated with piracy. Winner = Everyone: Depending on how the contract is worded, both party can meet their objectives. The customer can have stable operating expenses. The vendor can turn off access whenever the customer stops payment.
Complexity: The customer expects that the complexity of building or maintaining enterprise applications will largely go away with a SaaS deployment. This reduces downtime as well as costly headcount. The provider benefits from the perception that installation is simple and straightforward and that upgrade pain is minimised. On the back-end, however, there is a lot of architectural complexity that goes into providing a system that is always up and services separate clients, and handles upgrades with minimal disruption. Winner = It Depends: If the vendor is good, then the customer wins, as they have transferred all their upgrade issues to the provider for a steady monthly fee. If, however, the vendor did not plan well from an architectural standpoint, and lacks good operational procedures around Change Management & Release Management, then both the vendor and the customer will lose, as SaaS puts the entire burden for a successful upgrade on the back of the provider.
Scalability: The customer wants to be able to quickly grow as client volume increases. Spikes in traffic should be sustainable. The provider
F A C E T S O F SA AS
needs to be able to support sudden increases in customer traffic with minimal latency, and be able to provision additional storage and/or computing power on demand. Winner = Customer: There are no real vendor benefits here, other than being able to assure customers that their peak traffic can be supported upon demand. Doing this successfully requires good planning of infrastructure architecture. Doing it cost-effectively requires that the platform be well-developed from the software perspective. A good pricing model will ensure that the investment pays for itself quickly.
Uptime: The customer wants to be able to access the application at all times – and I do mean all times. Furthermore, they expect very little inconvenience from maintenance of the application platform. The provider expects that they will be able to roll upgrades into the environment without disrupting existing users, thereby keeping up with service level agreements (SLAs). Winner = Customer: The customer is the primary winner here, as they typically incur far less downtime for upgrades to the platform or the underlying infrastructure than they would with an in-house enterprise application. The vendor has to pay a pretty penny to provide a properly architected platform that will turn this from market-speak into reality. The bad news is when the vendor does have an extended outage in their SaaS environment the customer has virtually no recourse beyond remuneration for downtime. SalesForce.com and Google.com have both experienced problems in 2009.
NEXT HORIZONS
customer data stored on its network, and make it even more difficult for the customer to simply take the data and run with it. Winner = Vendor: The vendor tends to win this battle, despite the heavy use of phrases such as “standards compliant” and “easy export functionality” in the marketing materials. The customer will almost always find it harder to export the data being stored in the SaaS application in a very useful format that could be easily imported elsewhere.
Functionality: The customer wants to be able to take advantage of new features without a whole lot of implementation time or end-user training (we’ve already covered costs). The provider is looking to avoid big-bang releases, instead, providing new functionality in small chunks on a frequent schedule. Winner = Vendor: The vendor usually gets the better end of this deal, because small and frequent releases give them less time to fix bugs before releasing the code into production, so they get dealt with after release. In other words, customers double as beta testers
When the vendor does have an extended outage in their SaaS environment, the customer has virtually no recourse beyond remuneration for downtime.
Access & Security: The customer wants to have secure, ubiquitous employee and partner access to the application from the office, the home, and “the road”, but they want the security to be unobtrusive. The provider needs to ensure a secure environment that walls off clients from one another as much as possible, and is compliant with the government or industry regulations pertaining to information security and privacy. Winner = It Depends: Although not totally impossible to obtain, this is almost never a win-win scenario. The vendor must ensure that they educate the customer about the need for information security, and they must design sufficient layers of security to mitigate risk at the customer level. In most cases, however, shortcuts are made in this area to favor ease of access over security. This results in either the customer getting the easy access that is desired, or the vendor manages to implement good security and auditing functionality that the customer deems a little tedious.
Lock-in: The customer wants the greatest flexibility to move around and use whatever provider is offering the best value proposition at any given moment. The provider is looking for additional ways to make money on the
for some functionality. Additionally, the customer is largely tied to whatever changes are released, even if they preferred the previous edition of the functionality more. As the SaaS platform matures (and revenue increases), the provider gets better at developing multiple environments for effective testing, and with staging releases across the customer base in a controlled manner.
In Conclusion It is vital that organisations perform due diligence when seeking out a SaaS solution for their enterprise. Stick with vendors that allow pilot testing and customer-driven demo sites. Be sure to test mini migration scenarios if at all possible. And, above all else, be sure to focus on the service level agreement (SLA) being offered to ensure that there is some recourse in the event of a prolonged system or network failure by the SaaS vendor that impacts your business. SaaS is real, as are its many benefits, but there are just as many potential drawbacks, if you don’t manage the process of selecting a vendor and solution. Remember: You cannot outsource your problems, as you simply make them harder and more costly for you to manage. Be sure you understand what you need and what the vendors you evaluate can provide, or you’ll be in for a rough ride. At that point, SaaS won’t taste so good to you.
—Andrew Baker is Infrastructure Manager at Institute for Integrative Nutrition Solutions Architect & CTO at BrainWave Consulting Company
CTO FORUM thectoforum.com
07 MARCH 2010
43
Author: Tapscott & Williams
HIDE TIME | BOOK REVIEW
“Connected individuals can participate in innovation”
A Wild and Wiki World. Heard of Ideagora
and prosumers? These concepts shaped the world's popular online encyclopaedia and they are working. MANY of us grew up holding the Encyclopedia Britannica (EB) in great esteem as the ultimate source of knowledge. Nowadays my first source on almost any topic is Wikipedia. Note the differences. The EB was written by select experts, it was expensive, and for the large part it was available only in certain institutes of learning, as per the timings of their library. Wikipedia is written by us, it is free, and it is available to anyone who has Internet anywhere at any time. And Wikipedia is only the tip of the iceberg, as Don Tapscott and Anthony D. Williams explain in their fascinating book Wikinomics: How Mass Collaboration Changes Everything. Tapscott is a business strategy consultant and a professor of management at the University of Toronto. He has written and co-authored over a dozen books, including Growing up Digital: the Rise of the Net Generation and most recently Grown Up Digital: How the Net Generation is changing your world. Williams is a strategic advisor to top firms worldwide and a senior fellow with the Lisbon Council, a think tank in Brussels.
44
Both men are avid proponents of Web 2.0: “Billions of connected individuals can now actively participate in innovation, wealth creation, and social development in ways we once only dreamed of. And when these masses of people collaborate they collectively can advance the arts, culture, science, education, government, and the economy in surprising but ultimately profitable ways.” This book grew out of their joint work to understand how Web 2.0 would impact business: in other words, Wikinomics. Its four key principles are: having an open attitude in terms of important business functions; promoting peer production communities; sharing intellectual property; and acting globally. The chapters introduce new terms like Ideagora (a marketplace of ideas), peering (a new form of non-hierarchical and often selforganization, used to produce both information and physical goods), and prosumers (consumers who participate in the design and production of a product). Apart from Wikipedia, Tapscott and Williams describe other examples of highly successful col-
CTO FORUM 07 MARCH 2010
thectoforum.com
ABOUT THE REVIEWER
Ranjani Iyer Mohanty is a writer and businesss/ academic editor, based in Delhi. She has also contributed to the International Herald Tribune, the New York Times, the Wall Street Journal and the Mint. Details are available on LinkedIn: http:// in.linkedin.com/ pub/ranjaniiyer-mohanty/ a/51a/48b .
lective enterprises such as Linux, InnoCentive, and the design and construction of the new Boeing 787. They also relate interesting websites worth exploring, like TakingITGlobal, Del.icio.us, 43 Things, MIT’s OpenCourseWare, and of course Facebook. Remember that this book is after all two years old, and in the world of Web 2.0, that’s a long time. Fortunately, the authors are coming out with a new book this September – Macrowikinomics: Rebooting Business and the World. Wikinomics tends to be a bottomup movement, generated by the collective power and enthusiasm of the people. It has strong proponents such as James Surowiecki (author of The Wisdom of Crowds), and equally strong detractors like Andrew Keen. But whatever the case, it is a force that has been awakened and moving ahead and wisdom, collective or individual, says that it best to make that force into a friend. Businesses need to adopt the four principles of Wikinomics and thereby harness the immense value it offers. —Ranjani Iyer Mohanty
HIDE TIME | CIO PROFILE
RAJEEV BATRA CIO, MTS
IT'S NOT uncommon to come across a CIO who is proud of what he knows. After all, what good is tech knowledge if it is not to be bragged about? Rajeev Batra, CIO, MTS India, though, doesn't feel so. For Batra, what matters more is being aware of one's shortcomings and making a conscious attempt to fully understand them. Which is why his favorite book is The Three Laws of Performance by Steve Zafforn and Dave Logan. I find the book fascinating because it dwells on “what you don't know that you don't know.” The book offers an inspiring perspective on how some of the largest organisations in the world managed a turn around just when they were at the brink of closure and bankruptcy. With a BE in Electronics Engineering and a Post Graduate Diploma in Advanced Computers and Systems Analysis, Rajeev Batra has the right background to excel in the IT domain. It is his leadership ability, however, that has helped him in his achievements. In his current role, he has helped set up the IT infrastructure for MTS, a new player in the fiercely competitive Indian telecom market.
INSPIRING BOOK: The Three Laws of Performance by Steve Zafforn and Dave Logan An inspiring perspective on how some of the largest organisations in the world were turned around from the brink of closure and bankruptcy. EDUCATION: Batra moved all around the country in his childhood and finally studied Engineering in Aurangabad. He was a University Rank holder. MOVIE BUFF: He loves to watch movies with the family
and play with his school going son and daughter. FAMILY MAN: Batra likes to spend whatever time he gets outside of his work with his family – his wife Babita, who would earlier work as a customer care management professional and now is a dedicated homemaker, and his school-going daughter and son. FITNESS FREAK: Batra is focussed on fitness and rarely misses his work out at the gym
"I believe that a good leader should be able to inspire others in their sphere of influence and be able to bring out the best in them thus adding to their well being," he says. Before joining MTS India, Batra served in many other leadership roles such as President of Group IT at Reliance ADA and Corporate VP at Bharti Televentures. The experience gained during these roles has helped him align the use of technology with the business objectives at MTS. He sees his current role as one that provides him an
CTO FORUM thectoforum.com
07 MARCH 2010
45
PHOTOS BY SUBHOJIT PAUL
Wisdom in Humility
HIDE TIME | CIO PROFILE
Snap Shot opportunity to innovate, in order to enhance revenue and improve customer experience through the use of technology. A typical day at the office consists of meeting with key partners and vendors, working with his divisional directors on every aspect of the current projects and strategising on the technology direction for his group. His hectic work schedule leaves him with little time of his own, so he takes every opportunity to connect with his friends and family. Every morning, he uses his long commute to catch up with friends, relatives and parents. While at home, he loves to spend time with his son and daughter, and his wife Babita. Very particular about his fitness, it isn’t very often that Batra misses out on a workout session at the gym. Batra’s childhood was spent moving from place to place, as his father was employed by the Central Government’s Defence Engineering Division, allowing him to live in many parts of the country. He thus feels attached to no particular region or state and is proud to be an Indian. A gentleman to the core, Batra stands out in a group for his calm composure. —By Sana Khan
46
CTO FORUM 07 MARCH 2010
thectoforum.com
Philosophy in life Excellence leads to perfection. Keep trying, and the realm of possibilities expands infinitely. A good leader Batra believes that a Good Leader should be able to inspire others in their sphere of influence and be able to bring out the best in them thus adding to their well being. Outlook at workplace Batra believes that its part of his job to continuously come up with innovate ways for revenue enhancement and cost efficiencies. Besides aligning technology with business, he is dedicated to making services simpler so that the end customer can benefit.
VIEWPOINT ROD KING | rodkuhnking@sbcglobal.net
Are you an Evolutionary Goal-setter or a Revolutionary Goalsetter? Setting goals does
ILLUSTRATION BY PC ANOOP
matter, and so does the approach. DOES goal-setting really matter? I think it does matter, especially in a team or group of people involved in a project. How else would the group know where it is going? But again, non-goal-setters may ask, “Is it necessary for a group to know where it is going?” Again, I think it is necessary and does matter. Anyway, in the context of goal setting, there seems to be two types of goal setters: Evolutionary Goal-Setters (EGS) and Revolutionary GoalSetters (RGS). Evolutionary Goal-Setters are analytical and primarily use the left side of their brain. They formulate goals based on historical evidence and trend analysis. Since goals are based on extrapolation of the past or present, the goals and outcomes of EGS are predictable. Nevertheless, resources for achieving evolutionary goals are mostly in place. Consequently, evolutionary goals are more likely to be achieved. With evolutionary goal-setting, failure is usually not considered an option. A downside of evolutionary outcomes is lack of
48
differentiation and for businesses, their products and services may be swimming in the ‘Red Ocean’ which is defined by bloody competition and perennial price wars. RGS formulate goals based on their intuition and vision. To RGS, the present or the past does not matter. The past and present are simply irrelevant. RGS believe that they can ‘paint’ and create a radically different future and ecosystem. They pursue their vision with vigour and passion. Right brain thinking is the preferred cognitive style of RGS. RGS favour high risk-high reward projects. They are passionate about their vision and apparently impossible goals. In extreme cases, RGS may be oblivious of reality and living in a world of their own imagination and construction. In short, they may be day dreamers (to everyone except themselves). RGS often face the problem of resource constraints; critical resources may not be currently available so that there is serious risk of their goal not being achieved.
CTO FORUM 07 MARCH 2010
thectoforum.com
ABOUT ROD KING: He is a thought leader, consultant, and trainer on Trade-Off Mapping & Customer Experience Innovation as well as Blue Ocean Project Management. The goal of these approaches is to facilitate visual analysis, innovation, and decisionmaking for 'hit' products, services, and business models.
However, when RGS succeed, their results, products, and services are memorable and often awe inspiring. Revolutionary Goal-Setters in business often create ‘Blue Oceans’ that redefine market spaces, radically differentiate themselves from the competition, and attract a larger pool of consumers and previous non-consumers. With RGS, failure is surely an option (or a learning experience). George Bernard Shaw once said, “The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.” He may well have been talking about EGS and RGS. And what a way to summarise our predisposition towards the setting of goals! So, the big question is: Are you an EGS or a RGS? In other words, do you gravitate towards Evolutionary Goal-Setting or Revolutionary GoalSetting? What are your favourite examples of evolutionary and revolutionary goal-setting?