Cio July 2014 by Sreekanth Sastry

LEADERSHIP

VOL/09 | ISSUE/09

BUSINESS

TECHNOLOGY

TAMAL CHAKRAVORTY, DirectorIT and Test, Ericsson Global Services India, says chief data officers and CIOs complement each other.

THE PRICE OF DATA Figure out the monetary value of your information assets. Then you’ll know what the ‘I’ in CIO is really worth. Page 30

VIEW FROM THE TOP Sunil Lalbhai on how IT is taking Atul’s legacy forward. Page 40

JULY 15, 2014 | `100.00 WWW.CIO.IN

CXO AGENDA Srinivasan Iyengar, COO, Reliance Life Insurance, links IT and operations. Page 44

FROM THE EDITOR-IN-CHIEF

PUBLISHER, PRESIDENT & CEO Louis D’Mello ASSOCIATE PUBLISHER Parul Singh E D I TO R I A L

Different Data Denizens Rather than a CIO, a different CXO needs to champion data as a strategic corporate asset and revenue driver. “Data! Data! Data! I can’t make bricks without clay!” —Sherlock Holmes, fictional detective Businesses and their managements are interested in data, that’s acquired value by being filtered, sifted through, clarified and correlated. They want data that helps build the right product upfront rather than make a product right. They want data that reduces inventory levels, improves the targeting of customers, and boosts profitability. Data. Period. Not mountains of information. BI, big data, visualization, data integration, and the cloud have in the past half-decade helped to transmute the business value of data from base metal to gold. The time clearly has come to chalk out a strategy for managing enterprise data, improving its quality, delivering it to those who can benefit from it and of seeking new revenue opportunities with it. Just as with civilizations, in organizations too surplus leads to the emergence of specialization and specialists. The surplus today clearly derives from the quantum and economic value that businesses think exists in the data that lies within. But is the data specialist the CIO? Or the CMO? Or even the CFO? Or, a new entrant to the C-suite? Chief marketing technologists too are gaining strength, with a whole range of designations in play from ‘global head of marketing technology’, to ‘business information officer for global marketing’ to ‘director of marketing technology’. A recent Gartner study found that organizations with a chief marketing technologist spent on average a third more of their total marketing budget on digital strategies and twice as much on innovation. The CIO and team will most likely continue to drive data processes, formats and governance. Another, very different C-suite executive needs to champion data as a strategic corporate asset and revenue driver. An executive who would combine technology savvy with business knowledge. Can’t CIOs play this role? Again possibly. But these will have to be individuals clearly with a proclivity for business. What do you think?

EDITOR-IN-CHIEF EXECUTIVE EDITORS DEPUTY EDITOR FEATURES EDITOR ASSISTANT EDITORS

Vijay Ramachandran Gunjan Trivedi, Yogesh Gupta Sunil Shah Shardha Subramanian Gopal Kishore, Radhika Nallayam, Shantheri Mallaya SPECIAL CORRESPONDENT Sneha Jha PRINCIPAL CORRESPONDENTS Aritra Sarkhel, Shubhra Rishi, Shweta Rao SENIOR COPY EDITOR Vinay Kumaar VIDEO EDITORS Kshitish B.S., Vasu N. Arjun LEAD DESIGNERS Pradeep Gulur, Suresh Nair, Vikas Kapoor SENIOR DESIGNERS Sabrina Naresh, Unnikrishnan A.V. TRAINEE JOURNALISTS Bhavika Bhuwalka, Ishan Bhattacharya, Madhav Mohan, Mayukh Mukherjee, Sejuti Das Vaishnavi Desai SALES & MARKETING PRESIDENT SALES & MARKETING VICE PRESIDENT SALES GM MARKETING GENERAL MANAGER SALES MANAGER KEY ACCOUNTS MANAGER SALES SUPPORT SR. MARKETING ASSOCIATES

Sudhir Kamath Sudhir Argula Siddharth Singh Jaideep M. Sakshee Bagri Nadira Hyder Archana Ganapathy, Arjun Punchappady, Benjamin Jeevanraj, Cleanne Serrao, Margaret DCosta MARKETING ASSOCIATES Shwetha M., Varsh Shetty LEAD DESIGNER Jithesh C.C. SENIOR DESIGNER Laaljith C.K. MANAGEMENT TRAINEES Aditya Sawant, Bhavya Mishra, Brijesh Saxena, Chitiz Gupta, Deepali Patel, Deepinder Singh, Eshant Oguri, Mayur Shah, R. Venkat Raman O P E R AT I O N S VICE PRESIDENT HR & OPERATIONS FINANCIAL CONTROLLER CIO SR. MANAGER OPERATIONS

SR. MANAGER ACCOUNTS SR. MANAGER PRODUCTION MANAGER OPERATIONS EA TO THE CEO MANAGER CREDIT CONTROL ASSISTANT MGR. ACCOUNTS

Rupesh Sreedharan Sivaramakrishnan T.P. Pavan Mehra Ajay Adhikari, Chetan Acharya, Pooja Chhabra Sasi Kumar V. T.K. Karunakaran Dinesh P., Tharuna Paul Tharuna Paul Prachi Gupta Poornima

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in VOL/9 | ISSUE/09

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

IDG Offices in India are listed on the next page

REAL CIO WORLD | J U N E 1 5 , 2 0 1 4

105

contents JULY 15, 2014 | VOL/9 | ISSUE/09

56 | 11 Reasons

Encryption is Dead FEATURE | SECURITY Massive leaps in computing power, hidden layers, hardware backdoors—encrypting sensitive data from prying eyes is more precarious than ever. By Peter Wayner

Case Files 48 | Blue Dart GIS How a GIS-based routing solution helped Blue Dart deliver more shipments in reduced time and cost.

3 0

By Varsha Chidambaram

4 0

COVER DESIGN BY UN NIKRISHNAN AV & VIKAS KAP OOR

30 | The Price of Data COVER STORY | INNOVATION Figure out the dollar value of your information assets. Then you’ll know what the ‘I’ in CIO is really worth—and how much to spend protecting it. By Kim Nash with inputs from Radhika Nallayam and Shubhra Rishi

50 | IT’s a Buyer’s Market FEATURE | IT STRATEGY Big changes in the vendor landscape and new technology trends are shifting negotiating power from stingy vendors to savvy CIOs. Here’s how to make the most of it. By Cindy Waxer VIEW FROM THE TOP: “IT is a powerful aid that helps businesses like never before. It enhances speed, accuracy, efficiency and productivity,” says Sunil Siddharth Lalbhai, CMD, Atul. 2

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

14 – 17 October Goa, India gartnerevent.com/in/symcio

THE WORLD’S MOST IMPORTANT GATHERING OF CIOs AND SENIOR IT EXECUTIVES Register using promotion code SYMAD1 by 15 August to save INR 11,000

Gartner Symposium/ITxpo at a glance: • Four days • 950+ attendees with 300+ CIOs • Over 125 analyst-led sessions

Driving Digital Business Digital business is blurring the lines between the digital and the physical worlds, disrupting all industries and redefining the role of IT. At Gartner Symposium/ITxpo 2014, CIOs and senior IT executives will learn how to realize, build and optimize digital opportunities, move digital business from theory to practice, and evolve their own IT leadership to become indispensable in the new digital business world.

• Exclusive CIO Program • Five role-based tracks • 270+ organizations • 30+ Gartner analysts on-site • 40+ solution providers

LUMINARY GUEST KEYNOTE Lewis Pugh Ocean advocate, maritime lawyer and a pioneer swimmer

CIO PROGRAM KEYNOTE Anupam Kher Padma Shri award-winning actor

DEPARTMENTS 1 | From the Editor-in-Chief Different Data Denizens By Vijay Ramachandran

7 | Trendlines

4 4

20 | Alert Attacks | Back to Security Schooling Budget | Security Budget in Your Pocket

44 | Getting the Best of Both Worlds CXO AGENDA | OPERATIONS As technology and business become more interdependent, being a jack of all trades is inevitable. Srinivasan Iyengar, COO, Reliance Life Insurance, is leveraging his past experience as CIO to enhance the company’s operations and aligning business with IT. By Shubhra Rishi

Column

26 | Facebook’s Incognito Trap

61 | Essential Technology Social Networking | The Social Media Circle Enterprise Social Network | Social Life at Work

64 | Endlines Artificial Intelligence | I Am Robot, No Really By Tim Hornyak

3 2 0 6

SOCIAL MEDIA Facebook’s Anonymous Login is about neither anonymity nor logging in. It's about creating scarcity in the market for user data. By Mike Elgan

28 | The Fairer Sex Reigns LEADERSHIP How women executives are driving change in technology, and the world, through information-based decision making. By Rob Enderle

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

CIO Online

.in CIO ADVERTISER INDEX

Accenture Services

[ CI O TV ]

IFC

Akami Technologies India

Video Library

Axelos

From peer-to-peer advice, and new technology developments to international events, our videos cover everything that affects you. Keep yourself abreast with the world of IT, watch our videos on cio.in.

Canon India

Real Solutions

To know about the different business challenges that companies in your industry and beyond faced and how their IT departments came to their rescue, read our case studies. Real problems. Real people. Real solutions. cio.in/find/case_study

[ S l i des hows ] From the IT in the World Cup to other tech projects, view our slideshows.

Bharthi Airtel

8&9 IBC

Cyberoam Technologies

Gartner India Research & Advisory Services

3+ flap

Informatica Business Solutions

SAS Institute (India)

Schneider Electric IT Business India

The India Hotels Company Trend Micro India

[ Ca se S tudies ]

Vodafone India

5 15 insert

[ Su r veys ]

By the Numbers Our surveys are a treasure trove of technology, staffing, security trends and beyond. They mirror economic realities and how they impact you. Visit the By the Numbers section online. cio.in/by-the-numbers

[ N EWS ] Our CIO World newsletter gives you a daily dose of everything that impacts you, your staff, and your business. Log on to check out the latest news.

Don't receive our newsletters? Log on to our website to subscribe today!

>> cio.in/news

Read More@ cio.in 6

>> Case Studies >> Whitepapers >> Articles >> Slideshows >> CEO Interviews >> Events

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

VOL/9 | ISSUE/09

E D I T E D B Y VA I S H N AV I D E S A I

NEW

HOT

UNEXPECTED

E-Haute Couture wire into a zigzag pattern. Since it’s difficult to sew the wire into the rubbery material, scientists worked out a technique to, instead, stitch the wire into a sheet of polyethylene terephthalate, the material used to make transparencies for overhead projectors in classrooms. Once the wire pattern is stitched to the sheets, a rubbery elastomer material is poured over the sheet, encasing the wire as it solidifies.

Warm water is used to dissolve the thread and separate the polyethylene sheet from the rubbery material that now holds the wire. The basic sewing machine is a feasible alternative to more complicated and expensive techniques that other researchers have investigated, according to Purdue. The stretchable electronics are capable of stretching 500 percent of its length, Purdue said. Scientists have been trying to create stretchable electronics that can be used in computerized clothing that people might use to access the Internet, store data, and monitor the wearer’s health. The material could be used to create robots with sensors in their skin and synthetic muscles. —By Sharon Gaudin

TRENDLINES

Thanks to a basic sewing machine, your shirt might someday connect to the Internet. Researchers at Purdue University have made an advance in stretchable electronics that could lead to computerized clothing and robots with humanlike skin that can “feel.” The issue has been how to create stretchable electronics and Purdue scientists have found a simple answer—a sewing machine. Researchers at Purdue University have used a standard sewing machine to create stretchable electronics that could lead to more advanced robotic skin, wearable electronics, and implantable medical systems. The sewing machine uses a water-soluble thread to stitch the

ELECTRONICS

Know Thy (Tech) Neighbors

VOL/9 | ISSUE/09

neighborhood you’re in at the time). The network is accessible on your desktop or on iOS and Android phones. The robotic elements set Fatdoor apart from other conventional networks. The Bot Appetit is a 3-foot-high rover that moves along sidewalks at a leisurely pace. The rover is connected to the Fatdoor social network and designed to be controlled by your smartphone using both Wi-Fi and 3G. Abhyanker wants cities to purchase Bot Appetits to be shared by the community. Its first use case: Food delivery. Abhyanker’s vision extends farther than shared rovers—he dreams of a day when every resident owns a

personal rover that they park next to their car in the garage. When you leave for work in the morning, your rover will go off to run your errands. Fatdoor is reaching out to other small, Palo Altolike towns across the country to pilot the Bot Appetit. “IDEO created a product design that’s friendly, it looks like a skateboard,” Abhyanker said. “When it’s flying in the sky it doesn’t look like it’s going to kill you, it looks like part of the neighborhood.” But do neighbors really want to share robots? Only Palo Alto residents get a chance to choose for now.

IMAGE: BABAK ZIAIE/PURDUE

Fatdoor is the kind of neighborhood social network that would work perfectly in a small, tech-friendly town like Palo Alto, in the heart of Silicon Valley. Founder Raj Abhyanker envisions a day when neighbors would use rovers to deliver food or medicine to the townspeople and personal drones to film block parties. Abhyanker’s ambitious concept launched in Palo Alto as a marriage of social networking and robotics. The social network part is easy: Fatdoor uses your verified home address and your phone’s trusted location to let you broadcast messages to your neighborhood (or the

SOCIAL NETWORK

—By Caitlin McGarry REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

Ads on the Move You’re steering your car around an unfamiliar city, close to lunchtime, and you’re not exactly sure where to eat, let alone where you can park. But your in-car infotainment system springs into action, serving up not only the location of a nearby parking lot but also coupons and offers for restaurants just steps away from where you’ve left your car.

AU TO

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

Drone Shots The US Federal Aviation Administration is considering exemptions that will allow the use of drones for filming movies. Seven aerial photo and video production companies have asked for regulatory exemptions to use the unmanned aircraft systems (UAS) for the film and television industry, the FAA said. The exemption, if granted, will however be on a caseto-case basis and a far cry from the industry demand for ‘open skies’ for commercial drones. FAA said companies from three other industries, including precision agriculture, power line and pipeline inspection and oil and gas flare stack inspection, have approached and are also considering filing exemption requests. The petitioners must still obtain operational approval from the FAA. The Motion Picture Association of America has described the UAS as a “new tool for storytellers” that will allow for creative and exciting aerial shots. MPAA said its members had worked with some of the applicants during overseas shoots. FAA waivers or authorizations for UAS are currently available to public entities that want to fly a drone in civil airspace for purposes such as law enforcement, firefighting, border patrol, disaster relief, search and rescue, military training, and other government missions. Commercial operations are authorized on a case-by-case basis, FAA said. Except for flights over the Artic, other commercial UAS flights have not been authorized so far. The issue is, however, not without controversy. The FAA said in February that “there are no shades of gray in FAA regulations. Anyone who wants to fly an aircraft— manned or unmanned—in US airspace needs some level of FAA approval.” The agency has said that the operational and certification requirements for the operation of public unmanned aircraft systems in the national airspace will be set not later than December 31, 2015.

AERIAL TECH

—By John Ribeiro

VOL/9 | ISSUE/09

IMAGES BY AVIATION TO DAY

TRENDLINES

It’s called contextual marketing, and to some drivers, it sounds like a dream—tailor-made offers delivered right to you based on your location. To others, it’s more of a nightmare—advertising finding yet another way to intrude on your daily life, and inside the privacy of your own car no less. Whatever you think of the practice, it’s not going to go away any time soon: In-car marketers are looking for new ways to tap into your automotive data to deliver targeted messages and offers. The trick, experts say, will be for these kinds of ads to walk the fine line between being useful or being annoying. As with any marketing, though, the challenge will be to make it a service and not an imposition on the driver. Kiip CEO Brian Wong thinks his company’s approach—Kiip-enabled apps reward people for using the app—meets that requirement. Now it’s moving into the connected car realm, striking a deal earlier this year with Mojio to reward what the company calls “driving moments.” Mojio makes a $149 (about Rs 8,900) device that connects to the on-board diagnostic computer in your car and includes a companion smartphone app. Mojio’s device logs real-time data, including driving styles and weather conditions. That, in turn, generates rewards from Kiip. If it’s raining, say, a driver may get an offer for a free windshield wiper blade installation. It won’t be long until we see how the reward program works in practice: Mojio is set to arrive later this spring. Aha Radio offers amazing deal with its audio location-based offers to in-dash systems. An ad comes on the radio promising a free drink and chips at a nearby Quiznos Subs; all the driver has to do is tap a “thumbs up” button on the in-dash screen to receive the coupon via email. Even the availability of connectivity provides opportunities for carmakers to reach out to drivers. A growing number of cars are offering 4G LTE connectivity as a feature—General Motors, for example, is adding 4G to more than 30 of its models during the 2015 model year. — By Lynn Walford

CUSTOM INTERVIEW AKAMAI

EXECUTIVE VIEWPOINT

TURNING TRENDS TO TRIUMPHS Sidharth Malik, VP and MD, Akamai Technologies India, elaborates on how Indian enterprises can leverage trends such as cloud and mobility for sustained business growth. By Gopal Kishore How can developing economies like India deal with the lack of fast, affordable IP access in workplaces and branch offices? According to the latest State of The Internet report, India’s average connect speed is about 1.7 Mbps, making it the lowest in the APAC region. However, this has been changing over a period of time, though not as fast as the rest of the world. As more and more users move online, the expectation from personalized Web experience increases. Considering this, more and more enterprises and businesses are seeing the Internet as a mission-critical channel for commerce and communication, and are upgrading the underlying network layer protocol from IPv4 to IPv6. In India, trends like mobility and BYOD are playing a key role in the consumerization of IT. With the rise in mobile devices in the market and with more and more people bringing their own devices in the workplace, we are witnessing an era where people expect a seamless online experience regardless of the location or the device. To facilitate this, it is essential to have an infrastructure/solution that is designed to intelligently maximize site and application performance with appropriate security measures.

than owning storage and processing capacity, outsourcing maintenance and upgrading, and ensuring all-time availability for end-users.

How can Indian enterprises harness the power of cloud computing to deliver their business anywhere, anytime without costly networks and specialized hardware? There has been a steady increase in cloud adoption in the last couple of years among enterprise clients in spite of concerns related to security and understanding the ROI. Enterprises are turning to the cloud to reap economic benefits and extend the reach of their business application to users across different location and devices. For enterprises, cloud computing offers several advantages that makes it compelling for them. These advantages include the potential economic benefit of ‘renting’ rather

How can CIOs ensure security while also providing a flawless end-user experience that is both personalized and fast? A recent IDG survey showed that just 56 percent of Indian organizations use encryptions, while only 46 percent use identity and access management tools, and 34 percent use cloudbased tools for DDoS mitigation and intrusion prevention. This is a clear indication of how much organizations really know about the traffic on their networks and the attempts being made to compromise corporate security. The fastest and most reliable way CIOs can deliver security over the enterprise network without compromising on performance or end-

What are the key considerations that CIOs need to adhere to before making the move to the cloud? With cloud adoption, there is no one size fits all solution, however, there are three key things that CIOs need to evaluate before moving to a cloud environment. First, deciding what application you will move to the cloud is important and this will depend on your use case. For example, any application that is used by your employees or partners can be put on the cloud to enable accessibility. Second, every time you are moving an application on to the cloud, you are doing it using the Internet, which may not necessarily be a business-ready platform. This could affect end-user experience and loss of investment. To avoid this, CIOs need to adopt security, acceleration, and optimization solutions that are robust and can scale with the size of the company. Finally, it is important to have a distributed security model with appropriate policies that will protect the data on the cloud.

SIDHARTH MALIK,

VP and MD, Akamai Technologies India

user experience is by employing a third-party service provider. This helps save the time and money CIOs need to invest in implementing skilled workforces, IT infrastructure, and servers globally; and lets enterprises focus on profits and market share. How can enterprises benefit from the new era of connectivity spurred by the proliferation of mobile devices? According to IAMAI, India’s Internet user base is projected to hit 243 million by June 2014, a year-on-year growth of 28 percent. Enterprises looking to tap into new online audiences stand to benefit from a few major movements, namely: mobile, media, security, and cloud. The hyperconnected era is upon us with more and more Indians going online, adding to the global online population that uses the WWW for tax payments, media purchases, license registrations, e-commerce, and gaming among others. The hyperconnected era means more scope for innovation and opportunity for companies that choose to understand and master the four aforementioned trends to reach a far wider audience, foster a more loyal customer base, discover new revenue streams, and trigger industry disruption. This interview is brought to you by IDG Services in association with Akamai

Bitcoin Kicks Off The virtual currency is about to go big-time thanks to the Bitcoin Bowl, which will be held in St. Petersburg, Florida, this December. By this December, a pair of college football teams kicks things off at the Tropicana Dome in St. Petersburg, Fla., for the first-ever Bitcoin Bowl. The bowl game, which is operated by a subsidiary of the ESPN cable sports network, has lined up payment processor BitPay as the event’s sponsor. In a blog post announcing the partnership, BitPlay says the sponsorship agreement for the bowl game—formally called the Bitcoin St. Petersburg Bowl—runs through 2016. “This will be a fantastic opportunity to raise bitcoin awareness to millions of new users,” BitPay’s Tony Gallippi writes in the blog post. There’s more to the Bitcoin Bowl than just a name change. The Wall Street Journal reports that you’ll be able to buy tickets to the contest, pitting an Atlantic Coast Conference team against one from the American Athletic Conference, using Bitcoin (with the payment processed through BitPay, of course). But why stop there with the tie-ins? Maybe the game itself could mimic Bitcoin’s wild fluctuations by changing the amount of points a touchdown is worth at various stages of the contest. At least we’ll know what kind of currency they’ll use for the coin toss in the Bitcoin Bowl—assuming a hacker doesn’t swipe it before kickoff, that is. —By Philip Michaels

Shady Software In 2013, 43 percent of software installed on PCs around the world was not properly licensed. And a majority of unlicensed software users are in the APAC region.

SECURITY

Average Rate of Unlicensed Software Use

61%

19% North America

59% Latin America

29% Western

Central & Eastern Europe

62% Asia-Pacific

East 59% Middle and Africa

Source: BSA Global Software Survey

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

Drunk? No Driving Here’s an effective way to stop drunk drivers from taking the road: Make sure that they can’t start the car whenever they’re under the influence. That’s the idea behind alcohol ignition interlock devices, which a growing number of states are using to keep drunk drivers off the road. An ignition interlock device can stop a vehicle from starting if a breathalyzer estimates the person behind the wheel has a blood alcohol content over a preset limit. Ignition interlock setups feature a handheld breath alcohol tester and an electronic control unit connected to the ignition and integrated into the dash, says Derek Latif, media manager for Alcohol Countermeasure Systems (ACS). Before the car can start, the driver has to blow into a disposable mouthpiece on the handset. A sensor within the handset analyzes the breath sample and gives a precise reading of the alcohol level before the car will start. Ignition interlock systems can be ordered by judges after drunk driving convictions. The devices allow people with drunk driving convictions to commute to work, while also reducing the risk of a repeat offense. Benvenisti and Jake Nelson, director of traffic safety advocacy at the American Automobile Association, both say that concerned parents have had ignition interlock devices installed in family cars to prevent teen drivers from starting a car when intoxicated. The technology behind ignition interlock systems promises to evolve as well. ACS integrated an alcohol interlock handset directly in the computer of the souped-up Lexus, using the QNX operating system instead of a separate electronic control unit. That means the alcohol measurements and driver profiles are seen and set through the infotainment unit. Parents who’d like an ignition interlock in the car to prevent their teenage children from driving drunk could enter a preset level for breathalyzer results and get text messages or emails with the results of any breath test along with a location of the car. It’s an interesting indicator of where the technology is headed.

DEVICES

—By Lynn Walford

VOL/9 | ISSUE/09

IMAGE: ACS-CORP.COM

TRENDLINES

C RY P TO CU R R E NCY

14 – 17 October Goa, India gartnerevent.com/in/symcio

THE WORLD’S MOST IMPORTANT GATHERING OF CIOs AND SENIOR IT EXECUTIVES Register using promotion code SYMAD1 by 15 August to save INR 11,000

Gartner Symposium/ITxpo at a glance: • Four days • 950+ attendees with 300+ CIOs • Over 125 analyst-led sessions

• Exclusive CIO Program • Five role-based tracks • 270+ organizations • 30+ Gartner analysts on-site • 40+ solution providers

LUMINARY GUEST KEYNOTE Lewis Pugh Ocean advocate, maritime lawyer and a pioneer swimmer

CIO PROGRAM KEYNOTE Anupam Kher Padma Shri award-winning actor

Sensored Cows!

TRENDLINES

I N T E R N E T O F E V E R Y T H I N G What can be connected will be connected. This seems to be the modern mission with all technologists today. The Internet of everything truly is upon us, which would have John Chambers at Cisco beaming with some degree of smugness. The prospect of things both living and inanimate being connected through sensors, chips and wireless networks is no longer fantasy. Recently, two pioneering companies in sensors and IoT technologies General Alert (GA) and 1248, have embarked on collecting real-time data from pigs, poultry and other livestock in the UK to provide early warning of transmitted diseases. The Internet of pigs is all set to fly as sensors are tracking multiple factors to monitor livestock health, behavior and imminent signs of diseases such as foot-and-mouth. Real-time data will include temperature, drinking water flow, animal feed rate, humidity, CO2 concentration, ammonia and pH readings which will be gathered via in-vivo RFID (in-body) and temperature tags planted in pigs, effectively turning a pig into a ‘thing’ on the Internet of Things. Cows have also joined the web of connected livestock with WiFi-connected collars and artificial intelligence software being deployed in an effort to monitor when cows are ‘on heat’. The objective here is to maximize the potential to impregnate cows and boost milk production. The data allows farmers to ensure their herd is as healthy as possible in order to

maximize the amount of milk being produced. It helps identify any sick animals as early as possible. Football fans around the world can also get into the IoT act. In a move to help aspiring sharpshooters, Adidas has just launched its miCoach Smart Ball along with iPhone app that promises to turn your tame free-kicks, penalties and wayward long-range passes into the very best that Ronaldo and Gerrard can muster. The ball tracks the point of impact from every kick and measures spin, speed and maps the ball’s flightpath. The idea is to help players train their dead-ball skills and optimize ball-striking ability. More connectivity is inevitable. —By Chee-Sing Chan

Robots Play Doctor ROBOTICS Minuscule robots of the future that swim around in your body delivering drugs have come a step closer to reality. Meet MagnetoSperm. They’re infinitesimal robots that squirm around just like sperm and reach parts of the body that are difficult to access. Developed by researchers in the Netherlands and Egypt, MagnetoSperm robots navigate using weak oscillating magnetic fields. With polymer bodies and cobalt-nickel heads, the robots are 322 micrometers long, about the size of a house dust mite, and have a shape similar to sperm cells. The magnetic head allows the robot to align itself along weak magnetic fields, according to research published in Applied Physics Letters by scientists from the University of Twente in the Netherlands and German University in Cairo. The magnetic fields have a strength of less than five milliTeslas, which is about the power of a refrigerator magnet, for example.

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

When the robot aligns itself, it generates thrust along its flexible body, moving forward as it wriggles. It can move at speeds around 160 micrometers per second, and can be steered using the magnetic fields. The robot could be driven around vessels ranging from arteries to capillaries, the researchers said. “The applications of this micro-robot include targeted drug delivery, in vitro fertilization, cell sorting and cleaning of clogged arteries, among others,” Sarthak Misra, an associate professor of robotics and mechatronics at the University of Twente and one of the authors of the paper, wrote in an email. MagnetoSperm isn’t the only mini-robot that takes its design cues from sperm. They plan to further shrink the MagnetoSperm bots by equipping them with nano-fibers that would serve as flagella. They are also working to synthesize drug payloads for the robots that could be released near diseased cells. —By Tim Hornyak

VOL/9 | ISSUE/09

Digital Study Partner

TRENDLINES

E - L E A R N I N G CompTIA has launched a new e-learning tool that leverages research in neurobiology, cognitive psychology, and game studies and uses key principles from each field to help you learn necessary information quickly and retain it long-term. The CertMaster training program features a variety of techniques to help you learn, including adaptive learning, spacing and motivation triggers, says Terry Erdle, CompTIA’s executive vice president of certification and learning, and to give students the confidence to pass the test and move on to an IT career. “We’re trying to overcome challenges by tapping into brain science and figuring out how best to prepare students to both sit a challenging exam and pass,” Erdle says. Most of the scientific research CompTIA used to develop CertMaster is the same as that used by the gaming industry to keep players engaged and energized

while playing, and encourages a sense of progression, risk, achievement and curiosity. This pings dopamine levels— since it feels good to succeed—and creates a positive feedback loop, making it easier to retain information and skills. CertMaster also provides immediate, high-level feedback to encourage students to learn from mistakes and lessen the risk they’ll abandon the course, says Erdle. Erdle says CertMaster’s personalized, adaptive learning and data analytics technology will customize the training to each individual’s strengths, weaknesses and level of knowledge and retention. Data analytics can also predict when students have reached their maximum learning capacity and need to take a break. CertMaster can be accessed via any Web browser, and on both iOS and Android mobile devices. — By Sharon Florentine

W E A R A B L E S A new pet collar developed and manufactured by startup PetPace can track vital signs and other health indicators in a dog (or cat) while at a clinic or in the pet’s home and create an electronic health record of sorts for animals. The wireless smart collar can also send alerts about potential problems and help with early detection of diseases and behavioral problems, the company said. Dr. Teresa Lightfoot, director of BluePearl Science, who conducted clinical trials of the collar, said the ability to have real-time, continuous access to pets’ vital information is “undoubtedly going to save pets’ lives.” PetPace’s tech collar has an array of contact sensors that continuously and

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

automatically monitor temperature, pulse and respiration, as well as activity patterns, positions, calories, pain, heart rate variability and other physiologic and behavior parameters relevant to a pet’s health and wellbeing. The Pro model allows wireless monitoring of multiple pets simultaneously and provides animal health professionals with immediate alerts sent to a centralized control center or directly to mobile devices as well as sophisticated analytics. PetPace uses proprietary Big Data software to analyze the information, which is automatically uploaded to a cloud service in real-time. The data is reviewed in the context of historical and breed-specific criteria

and relies on a rule-based engine and data optimization. The home version transmits data to a web page where pet owners can log into to track their dog or cat’s health. The “Pet Professional” system also allows a veterinarian to register pet owners to connect to a central online database, which then extends the vet’s reach into the home, creating a type of electronic health record (EHR) for animals. The device can also watch pets with existing health problems, or those at risk of developing diseases. The cloud service can evaluate a condition, such as diabetes or congestive heart failure, as well as progress and response to treatment. PatPace’s wireless smart collar can track vital signs and other health indicators in a dog or cat.

VOL/9 | ISSUE/09

IMAGE: T HINKSTO CKP HOTOS

Smart Collared Pets

COMPILED BY TEAM CIO

Best Practices

Indian CFOs Sold On IT

CFOs in India—and worldwide—are increasing investments in IT to take their businesses ahead.

TRENDLINES

Riding on a wave of hope and optimism, Indian CFOs are ready to spend on technologies that promise growth and profitability. According to the American Express and CFO Research Global Business and Spending Monitor 2014 survey, CFOs in India are investing in IT to improve the overall efficiency and productivity of their companies. And, 57 percent are parking money for IT to improve financial reporting and analysis. They are also of the opinion that IT will improve decision-making and scalability. In order to achieve that, CFOs are focusing on BI and analytics. The survey points out that 57 percent of organizations plan to invest in BI and analytics. Apart from that, new and disruptive technologies like mobility and cloud computing are marching into Indian enterprises. Forty seven percent of CFOs have realized the importance of investing in these technologies to keep up with the trend. Globally, 38 percent of CFOs say they will spend more in enterprise level IT systems this year, 44 percent will spend the same amount, and only 16 percent say they will spend less. Also, 34 percent of CFOs say they will spend more on hardware this year, 46 percent will spend the same amount, while 18 percent will spend less.

STRIKE a balance between caution and investment. It’s important to invest smartly in technology, keeping the economy in mind.

WORK smartly to have a perfect mix of investment and spending. Employ people and technologies, and focus on value creation.

FOCUS on operations data. It can help in identifying and highlighting new product needs.

FIGURE out the technologies that are necessary for your company and invest in them. Don’t follow the herd.

Loosening the Purse Strings CFOs plan to invest in …

77 %

Of Indian CFOs are willing to spend on IT to improve overall efficiency and productivity.

Expanding market access Improving business intelligence and analytics Improving production process efficiency New product / Service development process efficiency

57% 57% 55% 55%

47%

Of Indian CFOs have understand the relevance of investing in cloud computing and mobile technologies.

SOURCE:AMERICAN EXPRESS & CFO RESEARCH

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

CUSTOM FEATURE INFORMATICA

CASE STUDY

IndianOil Innovates to Protect Cash Subsidies for

78 Million LPG Consumers When faced with a mandate to transfer direct cash subsidies to individual LPG consumers, IndianOil realized it needed a robust and secure centralized system that enables access to realtime information. Here’s how partnering with Informatica helped the oil and gas behemoth.

ndian Oil Corporation (IndianOil) is India’s largest company, with a sales turnover of Rs 4,73,210 crore and a profit of Rs 7,019 crore in the year 2013-14. Ranked 88th in the latest Fortune ‘Global 500’ listings, IndianOil has been meeting the nation’s energy demands for over half a century. It has been credited with bringing about a ‘kitchen revolution’ in India, thanks to its LPG distribution to millions of households across urban and rural locations.

“To stop malpractices and curb all the irregularities, it was important for us to invest in the right technology which could offer ease of business in identifying the source and putting in place the most stringent business rules and processes to ensure prompt enforcement,” says Projjal Chakrabarty, Executive Director - Information Systems, Indian Oil Corporation, who was at the forefront of this initiative with the backing of a strong and committed IT team.

Company: Indian Oil Corporation Industry: Oil and Gas Offering: Enterprise Data Integration Platform service-oriented architecture (SOA). IndianOil eventually chose to partner with Informatica, favored for being an independent provider of data integration software.

TO THE PEOPLE In April 2013, the Government of India issued a directive to transfer direct cash subsidies to the bank accounts of individual LPG customers. IndianOil had a 6,700-strong LPG distributor network spread across the country, but 60 percent of them were based in remote locations with poor connectivity (dial-up connections) and standalone software which was prone to security breaches and manipulation of data. This led to the grave issue of LPG subsidy leakage, where the diversion of subsidized cylinders from a domestic connection to a commercial establishment could only be detected from a post facto analysis of the distributors’ operations. By deeply analyzing the situation, IndianOil discovered technology gaps that needed to be addressed in order to ensure data security, correct account linkage, and elimination of duplication. A core operational challenge that IndianOil faced was the lack of a safe and secure centralized system that would enable access to real-time information, complete control on authorization of business processes, and the ability to manage over 100 transactions per second. Integration of data with external data providers and consumers such as Oil Marketing Companies (OMCs) and banks was another critical business challenge they had to tackle.

AT A GLANCE

FOR THE PEOPLE

Projjal Chakrabarty

Executive Director - IS, Indian Oil Corporation

BY THE PEOPLE The task was to roll out a configurable and dynamic software application capable of efficient and large-volume data transformations, in order to transfer cash subsidies directly into the bank accounts of individual consumers in a timely manner. Mr. Chakrabarty, along with his team, assessed several data integration solutions and technologies commonly deployed in a

Informatica’s Real Time Edition for Enterprise Data Integration enabled the development and delivery of a very unique and sophisticated set of solutions and services via a SOA. A centralized platform was created to eliminate risk of data manipulation and diversion of subsidized LPG cylinders for unauthorized non-domestic use. The solution resulted in a productivity gain of more than 50 percent over the earlier process and a direct cash saving of over $2 million (about Rs 12 crore). Most importantly, the overall transaction time was reduced from 48 hours to less than 2 hours with the new centralized system, ensuring direct transfer of cash subsidies to 78 million end-consumers.

This case study is brought to you by IDG Services in association with Informatica

alert

ENTERPRISE RISK MANAGEMENT

Back to Security Schooling I

IMAGES BY THINKSTOCKPHOTOS.IN

t is now common knowledge across the information security industry that human weaknesses, not technological flaws, are what put enterprises most at risk from cyber attacks. A recent report by Enterprise Management Associates (EMA) found that 56 percent of workers may not receive any security awareness training (SAT) at all. The report, titled “Security Awareness Training: It’s Not Just for Compliance,” is based on a survey of 600 people working for companies ranging from fewer than 100 employees to more than 10,000. Jeffrey Bernstein, executive vice president of Critical Defence, whose firm does post-breach forensic investigations, said in the social engineering element of penetration tests done by his firm, 75percent of the time, “we tricked end-users into doing something they should not

have done, like click a malicious link, enter a user name and password, open a malicious attachment, etc.” Lack of training for a majority of workers shows in their risky behavior. As noted in a SecurityWeek story on the EMA report, about a third (33 percent) reported using the same password for work and personal devices; just over a third (35 percent) said they had clicked on an email link from an unknown sender; nearly two thirds (59 percent) said they stored work information in the cloud; and nearly as many (58 percent) said they stored sensitive information on their mobile devices. David Monahan, research director, security and risk management at EMA, who defined the research criteria, noted the

obvious problem illustrated by the results of the survey: “Many companies are not doing their part to educate their personnel on how to make appropriate security-focused or risk-based behavioral decisions,” he said in a statement. “This creates a gap in the first line of attack–their people.” Why such a lack of training? In an interview, Monahan said many companies don’t see the value of SAT, “but that is often because they have very poor programs to begin with. They do not use best practices and often take a ‘check-the-box’ approach. Awareness training performed as a seminar, aka ‘death by monologue’ or ‘death by PowerPoint,’ will not get the attention and retention needed to affect change.” Jon-Louis

Security Budget in Your Pocket FINDINGS

Business issues that drive security spending Economic conditions

41%

Business continuity

36%

Change and business transformation

36%

Company reputation Internal policy compliance Regulatory compliance

43%

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

33% 28%

Rise in security threats have brought organizations’ security budget to the forefront. Here are some of the business issues that drive information security spending.

69%

Of Asian firms have a senior executive who communicates the importance of security. SOURCE: GISS 2014

VOL/9 | ISSUE/09

CUSTOM INTERVIEW CYBEROAM

EXECUTIVE VIEWPOINT

SECURITY FOR CRITICAL INFRASTRUCTURE Abhilash V. Sonwane, SVP-Product Development, Cyberoam, speaks about how the network security leader is enabling specific security solutions for connected critical infrastructures such as ICS and SCADA. By Gopal Kishore What are the key challenges that CIOs are facing in securing critical infrastructure and Operational Technology (OT)? Following a close coupling of IT and industrial control system environments, security risks now cascade from the Internet and corporate IT network into Industrial Control Systems (ICS) and SCADA (Supervisory Control and Data Acquisition) networks. SCADA is at the core of many industries such as manufacturing, energy, water, power, and transportation. Today, everything of value is pushed to the online corporate network, and therefore, becomes subject to risks of the deep Web. CIOs and CSOs remain wary of what may be lurking in their enterprise network. Enterprises that are driving increased collaboration between their IT and critical infrastructure need to build proactive cyber resilience. They must focus on network security practices that deliver situational awareness and allow prioritizing risks and enforcing security policies through built-in automation and centrally managed workflows. One of the most basic challenges of the connected critical infrastructure is maintaining security in control systems such as SCADA, which have one foot in the past – as isolated silos using purpose-built hardware and software, and one foot in the present – connected to the network for remote access. This leaves them vulnerable to security breaches. Simply put, an ideal approach for securing connected critical infrastructure must involve not only security as seen through the classic IT security logic, but also the reliability and safety of physical control systems. What are some of the concealed security gaps and vulnerabilities that can be targeted by attackers to sabotage mission-critical enterprise infrastructure? Due to inherent security flaws such as VOL/9 | ISSUE/08

lack of authentication and unencrypted communication, SCADA networks have become prone to network-level external and internal threats, advanced targeted attacks, and other cyber security threats. Traditional firewalls and other security solutions used for defending enterprise business networks are neither sufficient nor were designed to secure SCADA networks. Due to inherent lack of capabilities to inspect the application layer, they can’t inspect traffic from SCADA protocols. Today’s SCADA networks are information-driven and interact with heterogeneous systems, IT and Web applications, services, and devices. Moreover, SCADA networks, particularly in the energy industry, represent an ecosystem consisting of Internet-connected computer systems, telecommunications networks, embedded processors and controllers. Recent attacks exploited vulnerabilities in these interdependent systems. For SCADA networks, securing remote connectivity and communication with encrypted outbound communications is also vital to avert hackers from exploiting an unforeseen flaw in remote access. How can Cyberoam help Indian enterprises overcome these challenges? Cyberoam addresses major security gaps by offering a holistic approach that understands ICS / SCADA network communication, secures against various threat incidents, provides desired situational awareness, and enables adequate control over user and network activities while ensuring business continuity through uninterrupted availability. For instance, OT control systems are linked with the IT / Web infrastructure to enable automated and remote control. Effective risk mitigation for SCADA networks hence can’t be achieved with traditional perimeter defence. Cyberoam provides in-depth network defence with

ABHILASH V. SONWANE,

SVP-Product Development, Cyberoam

proactive security, deeper understanding into a varied set of communication protocols for SCADA networks, and desired visibility into network, user and application-specific events. What are some of the key highlights of Cyberoam’s solution? The world of OT security and SCADA networks is fundamentally different from traditional IT and network security solutions. It involves a unique set of complexities that are very different from protecting a typical IT network or a datacenter. To this end, Cyberoam brings a comprehensive security approach, enabling holistic security with the following capabilities, which, in turn, enables continuity of key business processes and operations securely. The key highlights include user authentication, visibility and granular control over commands and protocols, protection against malware infiltration and propagation, preventing exploitation of vulnerabilities, enabling secure remote access to ICS / SCADA systems, on-appliance logging and reporting for enhanced situational awareness, and providing centralized security management and reporting.

This interview is brought to you by IDG Services in association with Cyberoam

REAL CIO WORLD | J U N E 1 5 , 2 0 1 4

105

alert

ENTERPRISE RISK MANAGEMENT

Heimerl, senior security strategist at Solutionary, agreed, noting that even at companies that do have SAT programs, a “check-the-box” mentality sends a message to workers that, “the organization does not really care, which makes the employees not really care.” “You have to teach employees new habits, then encourage them to support those habits, and reinforce the good habits.” he said. “And the security training has to work for that employee in that organization. What works for Pete at Big Blue Bank will probably not work for Mary at ACME Healthcare.” Another problem is the fatalistic view that training is not worth the time and expense, since all it takes is one person to click on a malicious link and the enterprise is compromised. To that, Monahan wonders if they have the same view of Transportation Security Administration (TSA) screening at airports, when, “it only takes one terrorist to get through and blow up a plane.” While acknowledging that one mistake can cause a major problem, “the goal of the programs is to reduce the attack surface and associated risk,” he said. Workers seem to grasp the importance of training being relevant. When asked by EMA what they considered the most important attributes for SAT, the top two choices were “easy to understand” at 66 percent, and “easy to apply to real life” at 61 percent. So, experts say, solving the lack of effective SAT is simple, but not easy. “Most organizations undervalue SAT, and undervalue the amount of energy it takes them to do proper awareness training, and

undervalue the amount of time it takes employees to take proper awareness training,” Heimerl said. The Information Security Forum offers 10 principles to embed positive security behaviors into employees. They include: Make systems and processes as simple and user-friendly as possible. Motivate workers to protect the business, and empower them to make the decisions necessary to do so. Don’t simply give orders to employees– sell them on security habits. Use multiple departments, like marketing and human resources, to help embed security behaviors. Hold employees accountable by rewarding the good and confronting the bad. Another short list comes from Lance Spitzer, training director for the SANS Securing the Human Program, who told an audience at a recent conference that the most important thing a security trainer can do is personalize it. “Start with how they can protect their kids online and their own mobile device. Let them see what’s in it for them.” Beyond that, he said, the key principles are to keep it brief and focused on limited topics, and reinforce it with repetition. The EMA report validates that, noting that, “studies on learning effectiveness indicate that training is better in shorter sessions with repetitive content that students can practice while they learn.” The report recommended that training be conducted at least quarterly since, “a simple piece of information

must be heard at least three times by the average person to be able to recall it in short-term member, and up to 20 times to commit it to long-term memory.” Heimerl has advice. “Make sure that your SAT accounts for your people, the way they work, the culture of your organization, and your organization itself,” he said. That, he said, means using specific examples that will make the training, “as un-theoretical as possible. Use an example of social engineering that someone in your organization experienced.” Finally, he said there are creative ways to promote security. In one firm, he said, the CEO was trying to get people to wear their employee badges, to improve physical security. He sent an email saying he expected employees to challenge anyone not wearing a badge. He then walked around the building without his badge on, and when a low-level worker challenged him, he gave him a $100 (about Rs 6,000) bill. It happened twice more on his walk. “By the end of the day, the stories of the $100 bills had circulated around the company and they evolved to near 100 percent compliance in about three hours,” Heimerl said. “It cost them about 30 minutes of the CEO’s time and $300 (about Rs 18,000). That may have been the best $300 they ever spent.” CIO

Taylor Armerding is a writer for CSO magazine. Send feedback to editor@cio.in

[ONE LINER:]

The cloud removes geographical boundaries, making it difficult for organizations to locate where their data is stored, increasing threats. —ASHISH MISHRA, CISO, TESCO HSC

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

Cost Savings Prefabricated Data Center Modules Standardized, pre-assembled and pre-integrated data center facility power and cooling modules are at least 60 percent faster to deploy, and provide a first cost saving of up to 13 percent or more compared to traditional data center power and cooling infrastructure.

hen data center stakeholders are faced with the challenge of deploying new data center power and cooling infrastructure, is it better for them to convert an existing room within the building or to construct an extension to house additional power and cooling equipment? Or is it more cost-effective and technically feasible to source the power and cooling from a series of facility modules? Facility modules are pre-engineered, pre-assembled / pre-integrated, and pretested data center physical infrastructure systems (i.e., power and cooling) that are delivered as standardized “plug-in” modules to a data center infrastructure. This contrasts with the traditional approach of provisioning physical infrastructure for a data center with unique one-time engineering, and all assembly, installation, and integration occurring at the construction site. The benefits of facility modules include cost savings, time savings, simplified planning, improved reliability, improved agility, higher efficiency, and a higher level of vendor accountability.

Following are the major areas where organizations can achieve savings by adopting the prefabricated architecture for their data centers:

1. Design Costs

In the traditional approach, multiple parties play a role in developing the design. Numerous meetings are held as electrical contractors, mechanical contractors, designers, end users, facilities departments, IT departments, and executives are all involved. Design points are argued back and forth, politics plays a significant role, and decisions often have to be made sequentially. In the case of facility modules, the equipment selection and layout is already done in the factory (rolled into system cost), and site plan design/engineering is reduced by over 80 percent compared to the traditional build because site layout and planning becomes much simpler.

2. Installation Costs

“Installation” costs include all work performed in the field to assemble, integrate, and commission the system

for operation. Specifically, this includes savings on systems project management, site prep and site project management, power & cooling system installation, management/controls installation and programming, and commissioning.

3. Maintenance Costs

The potential exists to reduce facility module maintenance costs. Rather than having to write up an assortment of terms and conditions with different vendors, only one contract could be drawn up to support the one or two “big box” facility modules. The cost savings could also extend to software/ management upgrades. Instead of custom-written code for a large assortment of products, the data center facility power and cooling modules could make available to the customer one set of standard firmware upgrades.

4. Energy Costs

Traditional mechanical and electrical rooms consume more energy than comparable power and cooling facility modules. Energy savings exists primarily because the pre-engineered design of the modules allows for better integration of power and cooling system controls. The ideal applications for facility modules are new data centers seeking faster, cheaper ways to “step and repeat” computer power and support systems, organizations with vacant space that can be leveraged for a more quickly-deployed new data center, and existing data centers that are constrained by space and power / cooling capacity. This feature is brought to you by

For more information and stories, visit: http://www.greenenterpriseit.com/ Contact Us: Email: indiainfo@apcc.com Phone: 1800 4254 272

IDG SERVICES

alert

ENTERPRISE RISK MANAGEMENT

Secure a Healthy Pessimistic Attitude

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

mountain bike, I often encounter deer, fox, raccoons, squirrels and other wildlife. In all of them, the survival instinct is strong. As soon as they see me approaching, they presume me to be a threat and immediately scurry away. It’s a reasonable reaction—and not just because it’s me. And how do we get developers to emulate squirrels? One answer might be to expose them to a knowledge base of security issues in a way that they can internalize. Don’t hand them a bunch of papers on SQL injection, XSS, etc., and hope for miracles. I’ve found that developers, like most people, learn best by hands-on experience. Once they see what can go wrong when untrustworthy data inputs poison an application and get the

Dodge The Tricky Trap

ecurity professionals and developers don’t think alike. And, yes, I am making a sweeping generalization with that observation. There are exceptions, of course. But for the most part the characterization is true, and that has a lot to do with why security professionals often can’t comprehend developers’ attitude toward security matters, and developers can’t stomach the ways security professionals want to mess with their creations. Developers look at systems, apps and other software tools and are impressed by the cool things they can do, and maybe by the economy with which it was all achieved. Security professionals look at those same things and immediately analyze them for what can go awry. We have a healthy presumption that things will go wrong more often than not. We are always trying to anticipate how we can respond to the things that go wrong and thinking about how we can keep them from going wrong in the first place. For security professionals, the coolness factor isn’t all that meaningful if it’s overshadowed by the risk factor. I spend a great deal of my time working directly with software developers, architects, and other people whose focus is on building things. As a class, they are full of optimism, and that trait probably has a lot to do with why they are good at building things. On my side of the table, though, pessimism reigns, and the builders often complain that we security folk are always raining on their parade by constantly focusing on negative things. But you cannot shake a security professional’s default attitude: We assume everything is dangerous until proven safe. So how do we instill in our junior software staff a healthy sense of mistrust? We need them to take a lessons from squirrels. Let me explain. When I ride my

application to misbehave in sometimes spectacular ways, they tend to internalize the issues thoroughly. Most computer scientists that enter the workforce are not exposed to much in the way of security training, if any at all. When you hire these folks, invest the time and energy to show them first-hand what can go wrong. You’ll end up not just developers who act a bit like squirrels (in a good way), but like highly sarcastic squirrels, who will look at the requirements for a very cool piece of software, roll their eyes and say, “What could possibly go wrong?” Kenneth van Wyk has worked at Carnegie Mellon University’s CERT/CC, the U.S. Department of Defense, Para-Protect and others. Send feedback to editor@cio.in

Cybercriminals tricked Fred into giving away sensitive information. Now he wants to know how “to mitigate this situation?” Don’t feel bad. Here’s what you need to do after realizing that you have been had, and keep those mistakes from costing you. What you need to do depends on how you were tricked. Did you give them your email password? Your bank and/or credit card numbers? Did they remotely access your PC, or trick you into installing software? If you have reason to believe that criminals can access your financial accounts, call your banks and credit card companies immediately. Explain the situation and follow their instructions. Next, change any passwords that might have fallen into criminal hands. This includes email, social network, and other passwords. If you’ve been using the same password for multiple accounts, change all of those passwords as well. And stop using the same password for multiple accounts already. If you can’t change a password—or even log on to a site—the crook got there first. Check the site for instructions on recovering a hijacked account. Search for hijacked account and the name of the service and follow the directions given on the service’s website. Next, call the police and ask to make a report. Banks, credit card companies, and other institutions may want to see a police report.

— Lincoln Spector

VOL/9 | ISSUE/09

VISION

Vision. Action. Direction. The Dynamic CIO sees business and IT trends few others see, takes the lead by setting direction, and executes effectively. Weâ&#x20AC;&#x2122;re looking to felicitate the most Dynamic CIOs in the country. Do you think you have these qualities? Are you Dynamic?

www.cio100.in

4 - 5 September, 2014 | JW Marriott, Pune

Nominations close on July 15, 2014

Write to rupesh_sreedharan@idgindia.com

Mike Elgan

SOCIAL MEDIA

Facebook’s IncognitoTrap Facebook's Anonymous Login is about neither anonymity nor logging in. It's about creating scarcity in the market for user data.

ILLUST RATION BY T HINKSTOCK

Personal data is the new currency. Companies want to get information about people— their location, age, relationships, interests, preferences and much more—because when they have that information they can offer more powerful, more monetizable apps and services and can make money with highpriced personalized ads. But people want to prevent companies from getting their personal information for fear of being exploited, surveilled, abused, and sold out. It's in the context of this tension that Facebook CEO Mark Zuckerberg announced a new offering called Anonymous Login. It's one of the most ingenious ideas Facebook has ever had. Here's how it's supposed to work: If you provide your personal data to Facebook, you can then install and use apps that support Anonymous Login without giving your personal data to the app maker, at least initially. In other words, a mobile app that supports Facebook Anonymous Login would allow logged-in Facebook users to interact with the app as if they had supplied their personal information, even if they hadn't actually done so. Facebook says the feature provides "anonymity." But that's not accurate, because you do have to tell Facebook who you are. And it's not "pseudonymity," either, because you're not using a surrogate identity. Facebook is walking a very fine line between the need to attract users (with a promise that they won't have to share their data) and the need to attract app developers (with promises of a greater number of users who will hand over some personal data eventually).

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

Mike Elgan

SOCIAL MEDIA

When he announced Facebook Anonymous Login, Zuckerberg seemed to imply that people wouldn't use apps indefinitely without ever divulging their personal details. He implied that once you've decided to trust or use an app, you'll be expected to agree to have personal information collected by the app maker. "Even if you don't want an app to know who you are yet," Zuckerberg said–note the word yet—"you still want a streamlined process for signing in." It's a way to "try apps without fear," he said—note the word try. But I wonder. Facebook promises app developers a process for converting "anonymous" users into data-divulging users. But I haven't seen any mechanism or contract or agreement or policy in any of this that might trigger the need for people to hand over personal information to app makers after some specific period of time. My guess is that it will be up to the app makers to come up with incentives that will entice users to cough up their data. The implication that people would eventually hand over their data is probably just Facebook's attempt to spin the service in a way that's friendliest to app developers as it tries to win them over to its platform. In an interview, Zuckerberg characterized the process of moving from what he calls "anonymity" with an app to divulging personal data to the app as a "nice upgrade path" that maintains a "seamless experience without having to set up a new identity within the app." As he said on stage at his company's F8 developers conference: "You can always sign in with your own identity once you're more comfortable with the app." And then he explained that if you do offer your personal information, you can have what is essentially a line-item veto over what information is shared. For example, Zuckerberg said, "if someone wants to share their email address with an app but not their birthday, they can make that choice with a couple taps." So even if users choose to divulge information to an app— perhaps because they're given an incentive to do so—they'll have the option of withholding any personal data they choose. (It's important to note that, as with many new features Facebook has announced in the past, Facebook Anonymous Login won't be fully operational for many months.) Facebook presented Anonymous Login as a benefit to users because they can share less data. It does benefit users for that reason. The company also says Anonymous Login is a benefit for app developers because they get around user hesitation to try their apps. And it may prove to benefit developers as well for that reason. But it's clear who really benefits from Anonymous Login: Facebook, of course.

upon the company's ability to make increasing amounts of money on advertising. In the past five years, advertising-centric companies like Facebook made most of their money by selling ads that would be seen inside desktop PC Web browsers. Two trends are changing all that. Users are spending far more time with mobile devices like smartphones. And when they use smartphones, they're spending nearly all of their time using apps, not mobile Web browsers. If Facebook is to keep growing its ad revenue, it must sell ads inside mobile apps. Within the world of advertising, there's another long-term shift—from broad-based, general advertising to specific, personalized and targeted ads. You can't personalize ads unless you know about the individual you're targeting. That's where user data comes in. It's also why everybody wants that data. The future of advertising monetization is based on possession of, control of or access to user data. In a world in which every single mobile app gathers as much data as it can from every user, the value of that data

The future success or failure of Facebook depends entirely upon the company's ability to make increasing amounts of money on advertising. goes down. That's the genius behind Facebook Anonymous Login: It creates an incentive for users to not share data, and an incentive for app developers to not request it. Meanwhile, you can be sure that Facebook's own apps— including the Facebook app, Instagram, WhatsApp, Moves, Messenger, Facebook Camera, Paper, and others—will be collecting every scrap of user data possible. In a world in which many mobile app developers embraced Facebook Anonymous Login, the amount of user data "in the wild" would go way down. And the value of the data in the hands of Facebook would go up. If mobile app developers want to sell contextual ads, they'll have to come to the companies that have all the data, as well as the ad network to serve up highly personalized ads. And that will be Facebook (and a small number of competitors, especially Google). Facebook Anonymous Login, in combination with other announced offerings, does provide some benefit to both consumers and app developers. But above all, it's designed to create scarcity in the user data market. And when user data is scarce, two things will happen: The data itself will grow more valuable, and more small companies will be forced to get that data through Facebook's ad network, rather than from the users directly. It's a truly brilliant move on Facebook's part. CIO

Why Anonymous Login is brilliant

Mike Elgan writes about technology and tech culture. Send feedback on this

The future success or failure of Facebook depends entirely

feature to editor@cio.in

VOL/9 | ISSUE/09

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

Rob Enderle

LEADERSHIP

The Fairer Sex Reigns How women executives are driving change in technology, and the world, through information-based decision making.

ILLUST RATION BY T HINKSTOCK

e suddenly have a lot of women CEOs, both inside and outside of tech. While this certainly represents change, it falls far short of the potential. Most seem to struggle in their roles, too, which speaks more to an across-the-board lack of mentoring for top executives but seems more prevalent in women executives because there are fewer of them. Thus, they stand out more. I see no evidence that female CEOs are any better or worse than male CEOs, especially when they're thrown into the top spot without adequate preparation. Below the CEO, though, in companies such as Dell, HP and Intel, women are having a profound impact on their companies—and one effort underway could eventually make all CEOs more successful, regardless of gender, by restoring effective mentoring. This came to me as I moderated a panel on big data analytics for Women in Technology Summit. As I listened to the panelists— Anjul Bhambhri, vice president of big data and streams at IBM; Yael Garten, manager of mobile data science at LinkedIn, and Cheemin Bo-Linn, president of the analytics consulting firm Peritus Partners—it became clear I wasn't looking hard enough below the office of CEO to see the positive changes that women bring to the technology segment. An increased use of analytics stands at the core of much of the coming change. Let's look at three examples that showcase how women executives are driving change in technology, and the world, through information-based decision making.

CMO Turns Into a Closing Machine Most companies first use data analytics in the marketing department, so that's where most of the skills for best using 28

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

Rob Enderle

LEADERSHIP

this tool are developed. As I mentioned, HR is part of my background; at that time, it came with a substantial anthropological and physiological component. One thing that came from that work was the understanding that women are more likely to reach decisions analytically, though men are more likely to develop the analytical engine. (We men are great at creating the tools but not so good at using them properly.) Women dominate marketing, and the skill you need to sell a product is that of a user, not an engineer. At Dataquest a number of years back, we did a study and concluded that user advocates, by a massive margin, represented the most effective closing tool. Dell CMO Karen Quintos is a closing machine brought to Dell to showcase not only what products do but how customers benefits from them-and, more importantly, how to achieve those benefits. By using data analytics properly, she's not only changing the effectiveness of marketing at Dell, but also for each and every Dell customer. Through both example and direct effort, this should dramatically change which companies win and lose, and what you and I buy over time. Quintos had me thinking that female executives are an untapped resource to be the driving power, both for sales and execution, behind big data analytics.

experience and research, is perhaps the most interesting of the power players, largely because she's studying people to help Intel and other firms to build a better future. Bell is one of the few social anthropologists used in businessand she's, by far, the most visible and powerful. She runs a good deal of Intel's labs effort and has been instrumental in helping Intel see beyond the tactical horizon and into a future that's not only better for Intel but better for the rest of us. Bell's team of futurists includes Brian David Johnson, who's published pieces on greed and technology and is now looking at 3-D printed robots and other ways to get kids excited about science and technology. Robots likely represent Intel's greatest emerging revenue opportunity. Intel recognized early on that funding intelligent machines designed to kill people wasn't a great way to assure the human race would survive the next big change.

Women dominate marketing , and the skill you need to sell a product is that of a user, not an engineer.

Employees: Costs to Strategic Assets

Focusing on products that are more intuitive to use, that fit into our lives rather than disrupt them, and that make the world a happier place-rather than the nightmare that some imagine-is perhaps the biggest, and I'd argue the most important job in tech.

I've argued that Tracy Keogh, HP's executive vice president of HR, is the only strategic HR head I've seen in a large company. HP has joined Dell and Microsoft to eliminate forced ranking, realizing that it's perhaps the stupidest policy ever. On top of that, Keogh's systematic, data-centric approach to addressing what had been a horrid employee problem left over from a CEO who nearly crippled the company has focused on improving employee working conditions and employee tools, as well as identifying, retaining, and acquiring critical skill sets. (Granted, huge layoffs have offset her efforts as HP moves to recreate itself in the face of massive industry change.) At HP, though, Keogh is driving the science back into HR (another segment dominated by women). At the Women in Technology Summit, this idea resonated with my panelists and a number of folks in the audience. People are a firm's most valuable asset, but their treatment rarely reflects this value. Folks like Keogh, with the help of analytics, are changing thisâ&#x20AC;&#x201D;and making companies far more successful. HP hasn't started using Keogh the way Dell uses Quintos to close deals. But nothing's stopping HP from doing so. Keogh's changes should ensure that the next HP CEO will be effectively mentored into the job. This is critical to a company that changes CEOs more often than I change cars.

Every one of these women showcase how data analytics can improve their company as well as their position in it. They prove that analysis, not gut instinct, leads to better results and exemplify the importance of all three parts of data analytics closing the deal, managing employees, and making decisions. In the end, our companies, our lives, and our world will get better when men or women make better decisions, not faster ones. Fortunately, with data analytics, you don't have to sacrifice quality for speed. Lastly, we should focus less on the technology behind data analytics and more on the skills needed to use data right. Otherwise, the decision maker will be the weakest link. These three very different executives showcase the opposite: Through their actions and results, decision makers can actually be the strongest link. The fact that I can't point to men doing the same thing at this scale suggests that women may now have a strategic advantage. You know what? Given the amazing things they're doing, the only issue with this is that it should have happened decades ago. CIO

Building Human-focused Products

Rob Enderle writes on emerging technology, security, and Linux. Send feedback

Intel's Genevieve Bell, the firm's director of interaction,

on this feature to editor@cio.in

VOL/9 | ISSUE/09

Better Decisions Change the World

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

THE PRICE OF DATA Figure out the rupee value of your information assets. Then you’ll know what the ‘I’ in CIO is really worth—and how much to spend protecting it. By Kim Nash 30

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

Cover Story

Data Analytics

We know in our gut that data has Can’t Touch This value. No company can run without it. In the 1930s, when the newly Reader ROI: But what is it really worth? As CEOs formed Securities and Exchange Why it’s important to put a realize that data is an asset that can be Commission demanded that public price to your data exploited as a new source of revenue, companies account for their true Different methods to evaluate they will start to ask CIOs about its costs and profits in regular reports, the value of data financial potential. Responding with most of their assets were physical— How to determine which data a shrug and a shot in the dark won’t machines, factories, buildings, to safeguard exactly enhance your own value in land—and assessing their value the CEO’s eyes. was straightforward. Now the Patents, trademarks and other most important assets for many forms of intellectual property companies are comparatively abstract have long been accounted for as intangible assets in and may include patents, copyrights and trademarks. a company’s financial reports. But those numbers Increasingly, a good chunk of the value of a company are only estimates that may or may not include more lies in the fields of a database and in secret algorithms mundane kinds of information, such as customer used to cut and combine data to reveal new insights. profiles. That’s partly because no standard method or Think of Acxiom, Equifax, or Dun and Bradstreet, accounting procedure exists for putting a price on data. companies that only buy and sell information—nothing “It’s frustrating that companies have a better sense of you can touch. These data brokers already know what the value of their office furniture than their information their information is worth: Whatever it will fetch in the assets,” says Doug Laney, a Gartner analyst who studies free market. information economics. “CIOs are so busy with apps It used to be that technology and data officers gave and infrastructure and resourcing that very few of CEOs historical data so they could spot trends. That’s them have cycles to think about it.” not good enough now, says Paul Ballew, global chief data But now is the time. The chief supply chain officer and analytic officer at Dun and Bradstreet. “This phase knows the value of his factories. The CFO knows the requires us to talk about business outcomes [from data]. size of the company’s debt and, to the penny, its cash If you can’t do that, you are a cost center.” on hand. The CEO knows the company’s closing stock Top executives across industries, though, typically price on any given day. CIOs need to know the value of overestimate how much and how well they measure the “I” in their title. the value of their data, says Gartner’s Laney. About You’ll be a more strategic player if you do, says one-quarter of 410 senior leaders surveyed recently by Andreas Weigend, a Stanford lecturer and consultant Gartner say their organizations quantify the value of on data value and consumer behavior to Lufthansa, their information assets as precisely as if they were on MasterCard and United HealthCare, among others. a balance sheet. “Be curious,” he urges. After all, information is a One-third say they measure the benefits that each type competitive asset to insure, secure, and develop. And of information generates, and nearly one-quarter say knowing its value means you’ll have better answers their information assets are well cataloged and defined. when fellow members of the C-suite want to quantify But, Laney says, that’s “an acute disconnect from reality.” the risks and rewards of creating new products and He estimates that less than 5 percent of organizations services from internal data. Here’s how to get started. calculate the value of their data, measure its benefits,

VOL/9 | ISSUE/09

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

Cover Story

Data Analytics

or properly inventory their information, based on client interviews and his ongoing research. But the valuation itself may not be as important as tracking how it changes over time, Laney says. You want to keep increasing the value of your data, so you

must know how much it was worth at the start. Then continuously assess your most important data to see how accurate, fresh, unique, complete and relevant it is, he says, to recalculate the data’s value. If CIOs can’t or won’t expend the energy, someone else will. Namely, chief data

CDO Vs CIO: Who Does What Tamal Chakravorty, Director-IT and Test, Ericsson Global Services India, talks about what a chief data officer should do and the role of the CIO. Data analytics and performance are new buzzwords within businesses— especially among those trying to grow in competitive market conditions. Business wants to see numbers and analyze data. But unfortunately, this comes from all kinds of sources, right from Excel sheets to SAP, and from the Internet and mailers. A CDO will need to know how to find the required information to fuel business growth—and that’s not an easy task. In contrast, most CIOs may know where to look for data but may not know what to look for. The retail sector is an example of how tedious data analysis can be. Most retailers struggle with information points or a lack of them. This is primarily because a lot of retailers do not know what to look for. They want data from social media, internal sources, Excels, paper, barcodes, and general market intelligence meshed together to tell them how they can source the right product, place it on the right shelf, and sell it. But they still can’t say how many customers bought a particular item—and how many did not, which, in fact, is the simplest of problems to crack. So a CDO also may not help. Instead, we should have virtual officers; not on a leadership level but within each team to Tamal Chakravorty, Director IT and Test, Ericsson manage two data sources. One that helps the Global Services India, says CIOs may know where to company grow its revenue. And the other one hunt for data, but maybe not what to look for. that helps the company control governance. And that, according to me, should be a divided responsibility. So where would a CIO play a role? He would work as part of a team to identify data requirements in batches and provide source data. It would be ideal if a CIO’s information management team can churn and produce reports; or else the virtual business team could. This would help a company build a data bank of, say, its top 50 data packages. These top 50 should be reviewed by a competent CDO, as we might want to call him eventually, to drop and induct new forms or packages.

—As told to Radhika Nallayam

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

Cover Story officers and other executives responsible specifically for data strategy. Years ago, a CDO, if you had one, reported to IT. Now they may belong to the COO, CFO or another non-IT leader, says Aditya Kongara, head of enterprise data management at the $6.8 billion (about Rs 40,000 crore) American Family Insurance. Kongara has worked in data management for 13 years, including in senior roles at Capital One and Discover Financial Services. Early in his career, he reported to IT. Now he reports to the chief risk officer. “I’m not really sure the CIO can be a new-business or revenue generator,” he says. “IT is a steward of data— integrates, stores, manages security. But who actually uses the data and can make strategic decisions? The business.”

Absolute Value Some data experts say it’s possible to be exact when evaluating the value of a piece of data and they get frustrated when others disagree. In many circumstances, data does indeed hold an inherent value. Companies buy and sell demographics, psychographics, records of shoppers’ purchases, health reports, online browsing histories—all kinds of data about individuals and groups. For example, $75.95 (about Rs 4,500) will get you a list of 4 million e-mail addresses. The Financial Times offers a handy online calculator to find out what your personal data is worth, if you can stand the insult. (The typical price is fractions of a penny per person. You’re worth more—maybe half a buck—if you’re moving or expecting a baby and, therefore, about to make big financial decisions.) One enterprising grad student last year created a Kickstarter campaign to sell data about his online activities for $2 to $200 (about Rs 120 to Rs 12,000), including the websites he visited, his GPS locations and his cursor movements. Also for sale: Tools to analyze it all. “I’ve data-mined myself,” Federico Zannier told potential customers. He ultimately made $2,733 (about Rs 1.6 lakh). Individual pieces of corporate data, too, are worth something, according to Bob Schmidt, a data steward at Wells Fargo. Schmidt and colleague Jennifer Fisher applied for a patent in 2011 on a method for calculating that something. Key to the math is first quantifying the quality of the data. One way they do that is by looking at how often a piece of data is used by employees or customers, assuming that frequent use indicates a vote of confidence. Other variables include accuracy, timeliness and security of the data. Freshly obtained and scrubbed consumer addresses, for example, would be much more valuable than old, undeliverable ones. Schmidt declined to be interviewed, but the patent application makes clear his irritation with outdated ideas about the significance of corporate data. He talks,

VOL/9 | ISSUE/09

Data Analytics

The chief supply chain officer knows the value of his factories. The CFO knows the size of the company’s debt. The CEO knows the company’s closing stock price on any given day. CIOs need to know the value of the “I” in their title. for example, about accounting regulations that treat the training of employees in how to use data better as a cost, with no offsetting measure of the value gained from people then working smarter, as bosses so often demand. Without an established accounting rule for valuing it, data becomes invisible—a zero—in financial documents that are supposed to portray a company’s true health. That can’t be right. As the patent application notes, “This ‘data is free’ mentality stymies investment in quality data.” The patent description acknowledges that the Wells Fargo method isn’t the only way to value information, but it provides “one or more valuations of data that can be useful for settling on a course of action.” In other words, “Hey, at least we’re trying.” In February, the bank hired its first chief data officer, reporting to the CIO. Companies may not be in any rush to report the value of their information publicly. It’s a source of power and market differentiation, so why tip off competitors? But pinpointing the value of data has some practical consequences internally. A company can more accurately value itself in a merger or acquisition. IT leaders can also make a better case for spending money on data security and privacy technology and personnel, says Ed Ferrara, an analyst at Forrester Research. He likes an approach that considers current and future revenue. Broadly speaking, CIOs would chart the IT systems that support each major corporate function, such as sales, marketing, manufacturing or research and development. Then they measure the contribution each system makes to top-line sales or bottom-line profits. Next, ask questions. Could the company meet sales targets if these two databases were out of commission? “Then you know which information has value in an estimated hierarchy,” Ferrara says. In justifying security spending, CIOs or CISOs would also want to evaluate the probability of particular threats. “If you can do that, you can make decisions on how much you want to spend on [protecting] the asset.” The system isn’t as precise as, say, generally accepted REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

Cover Story

Data Analytics

When Data Becomes Information How the CIO of Happiest Minds assesses the value of data. Data is and has always been an asset, only the context of how it is used and accessed has changed. There are a number of ways in which we realize the value of data in our organization. But in order to quantify the value of data, the challenge has always been to have a dedicated team to make sense of it. Technology has enabled CIOs to allow users to create their own view of databases. Today, a lot of dashboards allow users to look at data with such accessibility and ease that it has changed the way organizations can decipher, drilldown or analyze data. From a customer’s perspective, we make sense of information through data analytics dashboards to determine the various opportunities and trends for our customers. Our analytics team helps customers evaluate gaps in their existing data footprints and this helps them reach out to a larger set and serve their customers better. Internally, we use our existing data to optimize business processes. For instance, the data from our organization’s travel expense management helps us determine the number of people settling their travel costs in time or calculate the average spend for a particular city—which helps optimize our costs. Our operational data—a combination of project information and CRM data—enables us to correlate data in terms of opportunity and also capture the number of leads, losses, and whom we are losing leads to. This helps business Darshan Appayanna, CIO, Happiest Minds, says data analytics helps business evaluate impending costs and evaluate impending costs and benefits on the basis of data benefits in such a way that it empowers a CIO to justify in a way that it empowers a CIO to justify the decisions he the decisions he makes for his organization. makes for his organization. —As told to Shubhra Rishi

accounting principles. But it’s more than what many CIOs do now, he says. Ken Grady, CIO of New England Biolabs, is going through a data valuation exercise to figure out how much and what kind of insurance to buy for the company’s information assets. But not everything is worth protecting. For example, PowerPoint presentations from routine meetings, videos from a training seminar and chemical safety sheets are everywhere and easily reproduced, he says. Sorting the mundane from the valuable “requires us to really understand and assess which types of data have a financial value if compromised and which don’t.”

Context Matters Zannier, the privacy-eschewing grad student, might have made more money if he had talked friends into joining him in sacrificing their privacy. Marketers could then buy the data to answer questions about twenty-something university students in New York with a penchant for risk. Many data gurus say information has no absolute value; its worth materializes only when it can be used to make a decision, then it goes away. 34

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

“The value of data has to do with imagined impacts,” says Doug Hubbard, founder of Hubbard Decision Research, a consultancy that focuses on applied information economics. Those impacts can be either positive or negative. Movie rights, for example, can be licensed and generate revenue for years. A weakly protected customer list, on the other hand, can be stolen, forcing a company to pay millions in fines and court settlements. Rather than trying to gauge the value of information alone, a CIO should consider which decisions would be made differently if the value were known, Hubbard says. Look at the potential costs and benefits of making one choice instead of another. That is, analyze the situation, not the data. “You’re making decisions with consequences. Those are more significant than any one bit of data,” he says. If there are no consequences to a decision, the data is worth nothing. “The data is useful in that it helps eliminate uncertainty.” Unlike your wedding ring or your Rembrandt, data can be stolen but still remain in your possession. Thieves who take copies immediately diminish—maybe destroy—the value of your original.

VOL/9 | ISSUE/09

Surging Ahead with the Cloud Organizations that are aware of today’s business dynamics and want to keep pace effectively are increasingly adopting cloud computing. IT decision-makers from some of the leading enterprises in India shared insights on how they’re making the best of the technology to enable their organization’s future growth. By Vinay Kumaar

loud computing is not just a buzzword anymore; it’s serious business. The multifarious benefits it provides enterprises—irrespective of their size and vertical—is reason enough that the technology is a force to reckon with. And unsurprisingly, most organizations are gradually taking the cloud route to achieve those benefits. To discuss how different organizations are employing different strategies for utilizing the cloud effectively, Amazon Web Services (AWS) and Intel, in association with CIO magazine, had recently conducted a roundtable in Gurgaon. The general mood surrounding the cloud seems positive. Enterprises are increasingly looking at leveraging the cloud to host both their non-core as well as mission-critical apps. Hitesh Arora, CIO, YUM Restaurants, said, “We’re really excited about the cloud. We’re taking conscious steps regarding what may go on the cloud and what may not. My opinion is that you are using the cloud in its true sense only when you put your applications on it. This means you’re not on your own hosted application.” Similarly, the breadth of technology solutions that are available on the cloud makes it a must-have component in any enterprise’s IT environment. Genpact’s CIO, Sanjeev Prasad touched upon this aspect when he said, “Today we run multiple large projects, from ERP reimplementation to contract management to learning management, simultaneously. And the only way we can do it easily is using the cloud. This large-scale adoption is happening only because the functional leadership recognizes the value that the cloud delivers.” Echoing the same opinion, Bikram Singh Bedi, head-India, Amazon Internet Services,

said, “Cloud computing has created a major shift in how people are procuring and deploying IT. There are three highlights. First, there is no lock-in or long term contract for AWS as you have the ability to move away if you choose to do so. Second, you need not negotiate price points for AWS as the cloud service pricing is transparent and publicly available on AWS website, businesses can choose any of the services on a pay-as-you-use basis. As a result, the trust factor in the vendor-customer relationship has changed. Third, AWS has been lowering prices with its operational efficiency and passing the savings back to customers, as a result customers pay less. These are just some of the positive changes that cloud computing has brought to businesses.” Fortunately, for IT decision-makers, convincing the C-suite to adopt cloud services will be considerably simple because cost reduction and faster time-to-market are some of its most notable benefits. Avinash Arora, New Holland Fiat’s director-ICT (India & SE Asia), spoke about this aspect. “The fundamental reason for adopting cloud computing is very clear – it brings agility in service delivery. Capex investments take a long time to give returns. In today’s scenario, where speed of delivery and productivity are of utmost importance, a return which takes more than 18 months is considered counter-productive. At the same time, speed of service delivery is the key. If business does not achieve results in the time specified, there’s no point in it. Therefore, cloud computing is the way to go.” However, two areas that are still concerns to organizations when it comes to cloud adoption are security and performance. Talking about how Intel has been enabling cloud platforms,

Ravi Gupta, head-Enterprise & PSU Vertical, Intel India, said, “A large part of our architectural optimization in the last five years has been around delivering near-native or equal-to-native performance in remote multitenant environments. This improvement in server architecture includes optimization of compute and I/O in virtual environments to ensure there are no bottlenecks in the work flow. Similarly, moving data from one VM to another in case of a security breach is a crucial aspect. Intel is investing and innovating hugely in these two areas.” “For AWS, security is always our top priority. The AWS Cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available. We provide many resources, guidelines, and mechanisms to help customers use our security best practices. Many customers have told us that using AWS has improved their security posture,” added Bedi. This transparency in customers’ articulating their needs, and cloud partners’ understanding and fulfilling those needs signifies a monumental change in customer-technology partnerships. And cloud computing is the reason this shift is happening rapidly.

This event report is brought to you by IDG Services in association with Amazon Web Services and Intel

Insurance companies offer cybersecurity policies to reimburse expenses related to breaches and theft, but the value of the data isn’t the central issue, says Reynold Siemens, an attorney at the law firm Pillsbury Winthrop Shaw Pittman. He represents policyholders trying to extract payments from insurers. Rather than value the data at the center of the situation, the two sides quantify the costs of the incident, such as customer notifications, technology to stop or prevent a future breach, fines and judgments, he says. In some cases, the CIO may be questioned about costs to investigate the

Dollars for Data Many types of data already have a price—either in the free market or in the underworld. Putting a price tag on information isn’t new. A classic example is the ticker data that flows from stock and futures markets. A 1905 Supreme Court ruling (Chicago Board of Trade v. Christie) gave financial exchanges the right to own and sell that proprietary data, a cash cow that can amount to 30 percent of an exchange’s revenue, says Robert I. Webb, a professor of finance at the University of Virginia. A real-time feed of New York Stock Exchange stock prices for use by online media outlets, for instance, costs $25,000 (about Rs 15 lakh) per month. All manner of personal and corporate data is for sale, from legitimate and black-market brokers alike. Quick-and-dirty Web research offers the following shopping list: • Individual criminal histories: $13.95 (about Rs 840) • Database of U.S. physicians: $239.99 (about Rs 14,400) • DNA test for tracing family history: $99 (about Rs 6,000) • 4 million fresh email addresses: $75.95 per week (about Rs 4,560) • Major League Baseball game statistics feed: $1,900 per month (about Rs 1 lakh) • Consumer mailing list: 2.5 cents per record (about Rs 15) While much of that data is inexpensive, the cost of a data breach is not: an average of $145 (about Rs 8,700) per record, according to Ponemon Institute. That can really add up if you lose millions of records. There’s a burgeoning underground market for stolen data, including a flood of purloined credit card numbers from the Target security breach that affected up to 110 million consumers. According to blog posts by cybercrime investigator Brian Krebs, the price of payment numbers stolen from Target ranges from $23.62 to $135 (about Rs 1,440 to 8,100) per card. He says the prices vary based on factors such as “the issuing bank, the type of card (debit or credit), how soon the card expires, and whether the card bears a special notation that often indicates a higher credit limit, such as a Platinum card.” —By Mitch Betts 32

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

incident, determine the extent of it or reconstruct data that’s been damaged by criminals. Policies and premiums are determined based on assessments like these, for which the two sides can estimate a dollar value. But the data itself isn’t insured, Siemens says, though it is possible to buy insurance to cover the cost of reconstructing or repairing damaged data. At the $73 billion (about Rs 438,000 crore) retailer Target, last year’s theft of the personal data of up to 110 million customers caused expensive problems (not to mention that it cost the CIO and CEO their jobs). In the first three months after the breach, Target spent $61 million (about Rs 360 crore) on card reissues, fraud-detection systems, legal fees and other expenses. The store also plans to spend $100 million (about Rs 590 crore) to install systems to support smart-chip credit and debit cards, which protect data associated with them better than point-of-sale systems alone. The breach’s trickle-down effects include lost sales during the important holiday shopping season. CFO John Mulligan told Wall Street analysts he can’t yet measure its full impact, but he described the situation as “meaningfully negative.” So far, Target has received an insurance payout of just $44 million (about Rs 260 crore). Consequences of a breach are difficult to plan for, says Grady, the New England Biolabs CIO. “Trying to anticipate the scale and scope of data compromise can run a very large range, from an email sent to the wrong place unintentionally to a Target-level compromise,” he says. Such unknowns make valuing data difficult, he says. Siemens, who isn’t involved in the Target case, says clients sometimes ask if they can buy insurance to protect some discrete piece of data or intellectual property. “The answer, generally, is ‘no’ because there’s no real way to put a value on that,” he says. “The process is so esoteric and speculative that the insurance industry is not willing to underwrite it.”

Like a Beef By-Product As technologies such as mobile apps, sensors and analytics come together to produce mountains of data, CIOs have the opportunity to lead discussions about how the information can be packaged as new products and services. Making the business case in those conversations is different from justifying the cost of a new ERP system, says Barbara Wixom, a principal research scientist at MIT’s Center for Information Systems Research. She is studying how companies monetize data in a digital economy. Selling data or new products based on data “is a lot different from using it internally,” Wixom says. CIOs have

VOL/9 | ISSUE/09

Cover Story

Data Analytics

Time for a Chief Data Officer? Two CIOs from different verticals share whether the need to get actionable insights from data is making a case for CDOs.

I feel CDO, by definition, is a confusing term. What companies instead require is a chief data analyst who can analyze data in a more sensible way. In fact, he should do more than just data analysis. He should be able to tell what kind of data is not being captured and what should be captured. With the ongoing growth in unstructured and semistructured data, companies need to analyze trends to get the right perspective of data. Vijay Sethi, Vice President & CIO, Hero MotoCorp

I don’t think companies will appoint CDOs anytime soon. Most organizations would be reluctant to add another member to the C-suite. They would rather want the CIO to handle the data as it was always done, but with a better focus this time. Alternatively, they will want the CIO to appoint someone relevant to exclusively analyze data and use it meaningfully. Sunil Mehta, SVP & Area Systems Director, JWT

to think about valuation and pricing but also about packaging, customer service and a sales strategy. “All require investment and a vendor mentality,” she says. People should stop thinking of data as something inherently different from tangible products like soap or cars, says Forrester’s Ferrara. Data is a by-product created and shed during a company’s normal operations. “This is no different from a company that processes beef to put steaks in the supermarket. They find the by-product of that process can be used for animal feed,” he says. For example, data from sensors built into refrigerators to improve the manufacturing process might also be sold to repair companies that want to target customers as their fridge’s cooling coil or ice maker is about to go, he says. Innovation teams that include the CIO or other IT leaders can “take raw information and turn it into a product.” Hubbard contends that the CIO should have data scientists, even a chief data officer, on the technology team to supply quick, thorough data to support burgeoning information products. “You need the equivalent of an actuary in IT.” Kongara at American Family Insurance characterizes data as being “manufactured” and says some products are more valuable than others. Part of his job is to support efforts to create new revenue streams with various business units. At the same time, his data management group works on perpetual problems, such as trying to find the definitive way to predict the lifetime value of a customer. Insurers, retailers and consumer packaged goods companies all chase this metric, combining many pieces of data via proprietary algorithms. The result is always an estimate, sometimes accurate and sometimes not. An incontrovertible number is “the holy grail in insurance companies,” Kongara says. “People are searching for it still.” CIO

With inputs from Radhika Nallayam and Shubhra Rishi Send feedback to editor@cio.in

VOL/9 | ISSUE/09

Sunil Mehta, SVP & Area Systems Director, JWT

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

SPECIAL EVENT COVERAGE TATA COMMUNICATIONS

THE WAY OF THE LEADERS In a premier leadership meet held in Srinagar in June 2014, senior IT decision-makers from across industries congregated to inspire, be inspired, and take back with them best practices and insights from peers that will aid them in aligning the IT function for business growth. By Vinay Kumaar

othing stimulates critical thinking and imagination like the company of likeminded people who have embarked on the same quest, and a scenic landscape to inspire thoughts worth sharing. Twentyfour IT decision-makers from leading Indian organizations got to experience just the same at a premier leadership event organized by Tata Communications. Christened Leaders’ Meet, the event served as an incredible platform for peer-to-peer learning. As part of the event, the CIOs were segregated into three different groups and

asked to deliberate on ways to counter different, pertinent challenges that IT departments and decision-makers are facing in today’s dynamic business environment. Their brainstorming brought many a valuable insight to the fore. Managing the Dynamics of Business Outcomebased IT A lot of things have changed post the economic slowdown that happened a few years ago. This has given rise to new funding models, a majority of which are coming from implicit budgets—those that are allocated to separate

lines of business (LoBs). This development has changed a lot of dynamics in the organization. “CIOs weren’t really bothered about RoI some years ago; things were far easier for IT leaders then. Today, however, since delivering outcomes is crucial for CIOs, LoBs are becoming equally important too. It’s up to you to decide whether you want to have proactive or reactive conversations with them,” said Vijay Ramachandran, editor-in-chief, IDG Media, who moderated the discussions. The CIOs were of the opinion that hygiene services such as datacenter, network services, e-mail services etcetera, which are centralized, can remain in the cost center paradigm. They also felt that offloading responsibility of applications or services to the process owners themselves is one way to ensure business outcomes. In the case of LoBs’ involvement, conflicts about enterprise needs are inherent and inevitable. CIOs should proactively straighten these out. “As CIOs, we should keep a check on shadow IT which arises due to LoBs’ implementing cloud-based solutions for various purposes. Decisions on technology implementation should remain within the IT department’s control,” said Chandan Sinha, CIO, Jindal Saw. Keeping Pace with User Expectations On the other hand, trends such as mobility, BYOD, and consumerization of IT along with

SPECIAL EVENT COVERAGE TATA COMMUNICATIONS the entry of millennials in the workforce are leaving a profound impact on the way IT services are delivered to end-users. Therefore, it is imperative for CIOs to concentrate their efforts on managing user expectations. And they should take proactive measures instead of reactive ones in this sphere. As a first step, CIOs should work on finetuning the mode and pace of data delivery such that it ensures outcomes. “End-users don’t bother whether the data is on the cloud or in captive datacenters. They just need easy and quick access to data to be able to deliver outcomes for the business,” said Varun Sood, CIO, Fortis Healthcare. Other steps that would aid CIOs are having a consolidated view of the various applications in the enterprise and their impact on employees using them, making users part of the decisionmaking process, enabling quick delivery of data to users by ensuring there is a middle layer that helps in the transition of data from legacy to cloud/mobile solutions, and enabling easy and quick visualization of data. Leveraging Digital Disruption for Smart Customer Connect Today’s tight business scenario prompts businesses to take the digital route to generate leads, improve outreach, tap into customer

Leading from the Front:

A Strong Roadmap

rganizations today are increasingly realizing the need for seamless communication and a robust infrastructure to enable it. What this means is

needs, and generate sales. Even traditionally brick and mortar businesses have become aware of the pressing need to go digital to stay ahead in the future. But a majority of the funding for these go-digital initiatives are not directed by the IT department. With a bit more focus and innovation, IT departments can help their organizations chalk the right digital roadmap that would put them on the path to further growth. CIOs believe that a strong mobile and social strategy will be of great help on this front. The CIOs who brainstormed on this topic opined that B2B organizations can benefit by developing mobile applications and integrating them with other relevant business processes and systems. They also suggested CIOs proactively try to bridge the gap between the existing version of the application and that version of the application which will support their digital strategy. Another best practice that came through the discussion was that there must be better interlocks between marketing and IT, and both teams should hire people with the appropriate skills. However, the CIOs unanimously agreed that the marketing team should retain control over branding and content, while IT should be responsible for enabling the necessary platforms, apps, cloud services besides testing them.

more innovations and contribution from telecom vendors and subsequently, more growth in the market. “Unified Collaboration (UC) is growing across the world. Almost 93 percent of companies are deploying UC solutions in one form or the other. The good part is that about 49 percent of it is based in the regional market. Therefore, a global presence is not necessary for succeeding in the UC market. Moreover, both SMEs and enterprises alike are adopting UC solutions today,” said Rajesh Menon, VPBusiness Development -Enterprise Voice & Collaboration, Tata Communications, at the Leaders’ Meet. Shedding more light on the overall market and Tata Communications’ performance in the space, Sumeet Walia, Global Head, Enterprise Business at Tata Communications, said, “We enjoy 24 percent market share in India, and are positioned as a leader in Gartner’s Magic Quadrant. As technology vendors, we should build a portfolio of services that is more and more relevant to our customers. Otherwise, we run the risk of becoming obsolete. We’re acutely and aggressively working on a new

Marketing-IT Alignment 10%

Overall marketing engagement Engagement via digital channel

40% of the digital engagement must be via mobile. Source: Workgroup Discussion at the Leadership Meet

portfolio of services which we’ll launch in the October of this year.” Menon further said that Tata Communications’ success in the UCC space can be attributed to its varied offerings, which include unified conferencing and global hosted contact center among others. “We offer these as discrete pieces, or as integrated, consolidated solutions if customers want,” he said. Another significant improvement in Tata Communications’ portfolio revolves around its collaboration tool, jamveeTM. “JamveeTM, as a client, predominantly supported only video. However, the latest variant will have chat, video, audio and Web tightly integrated. This is a significant step in our UCC strategy,” added Menon.

This event coverage is brought to you by IDG Services in association with

VIEW

from the TOP

Our endeavor is to build a strong team replete with motivation, curiosity, insight, engagement, and determination to sustain and grow in an ever-changing business enviro nment, says Sunil Siddharth Lalbhai, CMD, Atul.

What do CEOs and other C-level executives expect from you? Read all about it in VIEW FROM THE TOP. Visit www.cio.in/ceointerviews

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

The

Internal

Constant BY SNEHA JHA

Atul of Lalbhai Group has the rare distinction of being India’s first private sector enterprise to be inaugurated by the first Prime Minister of India, Pandit Jawaharlal Nehru. The Rs 2,500-crore chemical conglomerate was founded by noted industrialist and philanthropist, Kasturbhai Lalbhai, on September 15, 1947, exactly a month after India’s independence. Spread over 1,300 acres in the Valsad district of Gujarat, the company's first manufacturing facility is an example of the transformation of barren lands into one of the greenest chemical complexes in the world. This revalidated one of the important intents of Kasturbhai Lalbhai’s life, namely “business with a social purpose.” Sunil Lalbhai, CMD, Atul, and his team are endeavoring to uphold the tradition of conducting business with a “vision beyond self”. Lalbhai was named one of the top 100 CEOs of India by BT-PWC India in 2014 and was felicitated by SBI for his entrepreneurship in 2014. In this interview, he talks about the scope of growth in the Indian chemical industry, the role of IT in propelling business growth, his leadership style, and how he strives to live up to the ideals of his grandfather, the founder of the company and many companies and institutions of national importance.

VOL/9 | ISSUE/09

SUNIL LALBHAI EXPECTS I.T. TO Create value for production processes Increase transparency Improve process efficiency

PHOTOS BY FOTOCO RP

Could you give us an idea of the scale of Atul's operations? Sunil Siddharth Lalbhai: Atul (incorporated on September 15, 1947 as The Atul Products) was founded by my legendary grandfather, Kasturbhai Lalbhai, immediately after independence to create wealth in rural India, generate employment on a large-scale and make the country self-sufficient in its requirement of chemicals.

VOL/9 | ISSUE/09

One of his close confidants, Balwantrai Mazumdar, an economist educated in the UK, and my father, Siddharth Kasturbhai, a chemical engineer educated in the USA, shifted to what was then a completely barren 1,200 acres of land and developed the first site of Atul, which has since been transformed into one of the largest and, more importantly, the greenest chemical complexes of its kind in the world. Though Atul started with the manufacture and marketing of a

few dyestuffs (in a way a backward integration of the seven textile mills established by my grandfather), the company now manufactures about 900 products and about 450 formulations falling broadly into two segments: Life science chemicals; and performance and other chemicals and serves about 5,000 customers belonging to diverse industries such as aerospace, agriculture, automobile, composites, construction, defence, electrical and electronics, flavor

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

View from the Top

and fragrance, glass, home care, paint and coatings, personal care, pharmaceutical, textiles, and tyres around the world. Atul has established subsidiary companies in Brazil, China, the UK and the USA to better serve its customers. It has formed Atul Bioscience to grow APIs and their intermediates; Atul Rajasthan Date Palms, a 74-26 joint venture between Atul and the Government of Rajasthan; has set up, for the first time in India, the largest facility in the world to produce tissue culture raised date palms with the objective of transforming the ecology and economy of arid regions; Atul acquired DPD Ltd, one of the oldest facilities to produce tissue culture raised palms in the UK which markets its plants in different parts of the world. Atul and Rudolf GmbH have formed a 50-50 joint venture, Rudolf Atul Chemicals, to manufacture and market textile chemicals in India. In 2013-14, Atul achieved (standalone) sales of about Rs 2,300 crore and profit before tax of Rs 297 crore. I may add that there are immense possibilities to grow and contribute meaningfully to the society.

What's the best advice you've received from your grandfather? My legendary grandfather did not give advice to anyone unless asked. He led an exemplary life which by itself was a message to the many who knew him. Integrity, discipline, excellence, larger purpose and simplicity were the hallmarks of his industrious life. These qualities made his life worthy of emulation, and without speaking about them, he was able to leave an indelible impression on all of us in the family and numerous others. To give you an idea, he did not use ink or stamps of the companies he promoted for sending personal letters (integrity); his personal belongings comprised three pairs of clothes, namely, kurta and dhoti, which he changed once in three years, a pair of shoes, which he changed once in five years and a watch (simplicity). His almost obsessive 42

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

another quality of respect for others no matter their position. I say, with humility, that our group today is known and valued for continuing to nurture that legacy.

“IT is a powerful aid that helps businesses like never before. It enhances speed, accuracy, efficiency and productivity. The mandate is to use IT wherever available.” — Sunil Lalbhai focus on thriftiness in his personal life as opposed to his large heart for philanthropic work reflected the values with which he chose to lead his life. He spent his afternoons only for doing social work (larger purpose).

What effect did this ideology have on the group? I mentioned integrity as one of the qualities of my grandfather; this was not restricted only to matters of money. For example, he will do whatever he said; everyone around knew that once he said, there was no need to ‘pen’ it. In other words, there was a complete alignment between what he thought, said and did. Every company that he founded, conducted business with a larger purpose. In addition to the aforementioned qualities, he had

How would you describe your leadership style and management philosophy? There are many possibilities to improve the existing operations of Atul Conglomerate which has a huge potential to become much bigger. This, in turn, expects us to continuously identify new initiatives in every function and then execute them. ‘Hard’ results will come from ‘soft’ leadership qualities: Promoting a working environment where the use of ‘we’ is more often than ‘I’, where we say ‘let us do’ than ‘do’, where an eye for details is the way, where decisions are invariably based on the strength of logic and not that of the position, where dissent is encouraged and where showing due respect to all is the priority. I am a student myself, but I like such people around me.

Some of your products are exported. How do manage forex fluctuations? It is imperative to have a good insight into the marketplace in order to sustain and grow. Furthermore, our manufacturing plants and sites have to be world-class as India since liberalization is not isolated from the rest of the countries. Fortunately, our founding fathers, and I wish to recall Balwantrai Mazumdar, an economist from the UK and my father, Siddharth Kasturbhai, a chemical engineer from the USA, built Atul with such great foresight that we have the flexibility to foster many changes. We have established prudent hedging policy under the aegis of our board for managing forex related risks which are there to stay.

Where does innovation stand among your priorities? Dr Manmohan Sharma, guru to many of us in Atul, has continuously stressed this idea

VOL/9 | ISSUE/09

View from the Top

SNAPSHOT

Atul of innovation in the entire supply chain and beyond. If one looks at all what has been done in Atul, he will find that many ideas have been conceived and implemented for the first time.

What drives innovation, strategy, or the availability of a specific technology? I suppose it is the passion to do what has never been done before, it is the desire to take calculated and finite risks, it is the courage to accept failures in such risks and it is the commitment to build a learning organization that drives innovation. These are key attributes and the obligation of leadership at different levels.

Is Atul an early adopter of technology or in the triedand-tested camp? The history of Atul will reveal that the company has many firsts not only in introducing products in India, but also processes. Atul has been, on many occasions, an early adopter of technology and even if the company has selected tried and tested technology, it has invariably and significantly improved it.

How can the IT help drive business performance? IT can empower managers in many different ways; technology helps improve speed, accuracy, efficiency and productivity. The mandate is to use technology wherever available and (or) find customized and innovative solutions with or without outside help. For example, though Atul is using Oracle ERP for some time now, it can be utilized a lot more. For example, there is a considerable scope to derive more value in the areas of planning, scheduling, CRM, asset management, etcetera; it will also be possible to derive value by creating a uniform platform for all the companies under the umbrella of Atul.

How can this engagement be made more seamless and painless? VOL/9 | ISSUE/09

ESTABLISHED:

It is by the realization that productivity. The endeavor September 15, 1947 we are all part of the same of Atul IT, in addition, will EMPLOYEES:: group working to serve the be support the common 1,500 customer and by developing functions which cut across an understanding that the businesses or the HEADQUARTERS: Gujarat though we may be many, company. Atul is considering our destiny is one, closely leveraging the resources IT TEAM: 43 linked with that of the and experience of its IT unit organization. Teamwork and and undertake projects for solidarity starting from the other companies; though top management, focus and this initiative is still at its clarity of work to be done by the user(s) incipient stage, a company named Atul and the IT managers are essential to Infotech has already been formed. achieve the desired results and create an atmosphere where everyone concerned What is next for Atul? enjoys the work. The size of world chemical industry is estimated at US$4.1 trillion, growing at 2.5 percent. The first five countries, in Should IT or business units terms of size of their chemical industry, are justify IT project ROI? China (US$1340 billion), the USA (US$598 The business or function receiving billion), Japan (US$225 billion), Germany the benefit, quantitative or qualitative, (US$211 billion) and South Korea (US$163 may take up fully or on shared basis the billion). India (US$108 billion) comes responsibility of taking care of the capital only at number six. These facts mirror the and (or) revenue expenditure. possibilities of our times, and we at Atul will grow our company bigger and better But a focus on business and persevere in our own small way to outcome-based IT could reclaim a promising future for India. create a bias only for My colleagues and I are working to projects with hard ROI. make Atul a leading diversified Indian As one of the first companies of company operating world-wide. More independent India, Atul has survived the importantly, we will like Atul to be a test of time, and this meant undertaking responsible company that is focused not only those projects which have ROI, in a balanced way towards all its but also those without (ROI). For example, stakeholders, be it customers, employees, we have made IT-related investments to society or shareholders. In essence, we, support functions such as audit, legal and as the people of Atul, have the most personnel, which may apparently seem onerous of responsibilities: To expand without ROI, but such projects enhance and diversify business footprints, but transparency, speed and clarity which in also nurture his legacy and follow his turn improve performance. figurative footsteps. We will endeavor to achieve this in full measure. These are As IT gets more strategic, our times and obligations. CIO will IT vision be driven

increasingly by lines of businessâ&#x20AC;&#x201D;rather than IT?

It may not help to have a vision of Atul IT that is independent of the different Atul businesses. IT is a powerful aid that helps businesses like never before; it enhances speed, accuracy, efficiency and

Sneha Jha is special correspondent. Send feedback to sneha_jha@idgindia.com

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

Iyengarâ&#x20AC;&#x2122;s Agenda: To sew IT into the operational fabric in order to take the organization ahead.

CXO Agenda| Operations

GETTING THE BEST OF BOTH

WORLDS BY SHUBHRA RISHI

As technology and business become more interdependent, being a jack of all trades is inevitable. Srinivasan Iyengar, COO, Reliance Life Insurance, is leveraging his past experience as CIO to enhance the company’s operations and aligning business with IT. It doesn’t get harder than this. Being COO is arguably the C-suite’s toughest roles. Yes, more than that of a CIO’s. That’s because COOs need to build capacity, improve scalability, and productivity and at the same time, make sure that the right resources are hired to contribute to organizational growth. And that’s not it. As technology gets more and more intertwined with business, it’s putting pressure on COOs to leverage IT to take their organizations ahead. This is making the COO’s role more complex. But if you are a COO with an IT background, like Srinivasan Iyengar, of Reliance Life Insurance, you have less reason to fret. As the former CIO of Aegon Religare Life Insurance—who later went on to become its COO— Iyengar comes with a rich IT experience. And that’s something that packs a double punch in his role as COO at Reliance Life Insurance. In this interview, he talks about how his IT background is helping him align with business better and why operations and technology are stitched together.

VOL/9 | ISSUE/09

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

CXO Agenda | Operations

CIO: Was the transition from the CIO to the COO’s role an obvious one?

SRINIVASAN IYENGAR: I have always looked at any technology from the point of a business implementation. As a result, you focus on the drivers that will help you achieve business benefit. For instance, you need to ask yourself how technology can be used to drive more operational efficiency or innovation within the organization. In that sense, I had been preparing myself for the transition for quite some time. The opportunity at Reliance Life was also ideal as there is a healthy culture of looking at decisions from a business perspective.

where I spearheaded the launch of one of India’s first e-sales platforms. During that period, a large part of my time was spent in understanding customer segment markets and channels—for driving customer satisfaction levels, and at the same time, blending backend integration—that an organization might require from a system and a process point of view. At Reliance Life, the stage was set to deliver launch an online sales platform which is best-in-class. Is the COO role encompassing the CIO role?

My answer is a resounding yes. Today, no COO can successfully execute his role without having a good handle on IT,

Absolutely. It goes without saying. It helps the CIO from the aspect of not having to explain every single fundamental technology to me. As a COO, it helps to quickly co-relate with the CIO and come up with quick decisions without having to prolong projects. A lot about the COO role is operational. What’s the strategic element in it?

The COO role is a mixture of both operational and tactical. A large part of it is operational and a reasonable part is tactical. For instance, there are a number of factors that a COO must consider such as: How do you safeguard the company’s vision; or what do stakeholders and the

How did your previous experience help you prepare for your COO role?

A large part of my success as a COO has to be attributed to two very important aspects of my experience as a CIO. First, I firmly believe that having a technology background makes for a far more successful COO. The primary reason is that a COO with a technology background can understand the business dynamics and also look at providing a roadmap on how technologies can be leveraged to achieve business goals within an organization. Second, the CIO role is also very unique in a way that it interacts with every single function or line of business in an organization. For instance, as a CIO, you would have to work with sales to deliver a strategy, or a host of other functions such as marketing or legal, which makes the position of the CIO quite unique and makes the transition to a COO role simpler. Can you give us an example?

Initially, as a CIO, I was responsible for designing and developing a rules engine. It enabled me to think about the nuances of risk management and risk writing, which is the core function of an insurance company. Many implementations helped me transition to the COO’s role in a much seamless manner. It was my past experience as a CIO of an insurance firm 46

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

because technology is all-inclusive and all-pervasive. The traditional matrix has been superimposed with the technology layer—like how a COO achieves efficiency, cross-sell, distributed-style of working, and cross-leveraging the performance capabilities of the people using technology to share the load. As a result, all these have got a strong layer of technology embedded into the operations of an organization. Does collaboration with your CIO become simpler because you have been on the other side?

CEO expect from the company; or how do you translate this vision into executable projects and initiatives that can lead you there. It is to ensure that there’s a strong bridge between operations and non-sales functions such as underwriting, claims, customer care, and how all this ties with the sales front-end team in a way that you can collectively accomplish the vision. This calls for a lot a balancing act and a need to ensure that in the quest to go for the top line, you don’t sacrifice quality. And in the quest for control, you don’t end up closing the doors on business.

VOL/9 | ISSUE/09

CXO Agenda | Operations In fact, I wouldn’t like to over-glamorize the tactical role by saying that it’s all about new initiatives and strategy. New initiatives are avenues that you look for in order to obtain the incremental change for an organization that can help you achieve targets—not just numbers, but top-line, bottom-line, quality and customer retention—and that’s the way the CEO envisions it. COOs have a clear opportunity to help define this strategy that underpins a CEO’s vision. How practical is this? One of the important aspects of a COO’s role is to convert the CEO’s vision into a concrete business strategy. For example, in our organization, the vision is to strengthen the quality of business which

From a COO’s standpoint, how has the insurance industry evolved over the years?

The industry has undergone a huge transformation in the last 14 years. From its privatization in 2000, the biggest change that took place was the evolution of the insurance sector–from merely two private players to all the way up to about 24. Regulatory changes have contributed immensely to the growth of the insurance sector. The other big change that took place was the dynamism of the product offering. Instead of classifying policies to be traditional or annuity policies, the industry created different products catering to different customer segments.

Today, no COO can successfully execute his role without having a good handle on IT, because technology is all-inclusive and all-pervasive. manifests, from a strategic point of view, into a few areas such as identifying various customer profiles and setting up on-board processes that need to be put in place so that the business can get the right customers in the right manner. At the same time, there will always be a number of ways in which one can approach this vision. It’s the COO’s responsibility to work with the CEO as well as other CXOs to choose the best available option. This helps in realizing the vision in a given timeline without compromising the principles of an organization and becoming the most practical way to get to the end deliverables.

VOL/9 | ISSUE/09

boarding process, and customer service and support. We implemented the pre-issuance verification calling system (PIVC) in more than 900 Reliance Life Insurance branches. With this system, as soon as a policy is logged in, the customer receives a call from us and all major proposal form points are read to him and his concerns are noted. This way, we have been able to reduce customer dissatisfaction levels. We also revamped our underwriting model so as to reflect a wider spectrum of risk inputs. This way, we have been able to take a balanced risk call which enables us to identify the right risk, give preferential treatment to different segments of the society in terms of life insurance cover, and also helped us reduce the early claims that could come by putting the underwriting model in place. We have also been early adopters of digitization of our insurance repository as initiated by the regulator, which is going to be a game changer. What IT initiatives are being implemented in your organization?

So what has been your agenda since you took charge at Reliance Life?

We are implementing some major technology initiatives such as revamping our CRM systems, and scaling up our analytics capability, apart from creating operational data stores. There’s been a major thrust on analytics. I feel that very soon—in the next 24-36 months—it will become core to insurance companies and strengthen pillars like claims, renewal, sales hiring, customer retention, and orphan policy management. We also launched a claims guarantee program under which if a customer’s policy has run for three years and above and he wishes to file for a death claim, we make a promise to the customer to give a decision in 12 calendar days. If we aren’t able to do so, our organization will pay him the penal interest at 6-and-a-half percent on the policy. This clearly demonstrates our commitment to customer service and ensures that we make the customer feel content in the choice that he makes by buying our policy. CIO

At Reliance Life Insurance, we are very clear about the quality of our on-

Send feedback to shubhra_rishi@idgindia.com

Technology plays a major role—especially analytics and market intelligence—in designing a product for a particular segment and making it sharper and more accurate in satisfying a customer’s requirements. But the most important change that has taken place is that insurance is no longer seen as a tax saving element. Instead, customers are using it as a medium to satisfy their insurance needs.

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

casefiles REAL PEOPLE

* REAL PROBLEMS * REAL SOLUTIONS

THE RIGHT

TRACK How a GIS-based routing solution helped Blue Dart deliver more shipments in reduced time and cost.

BY VARSHA CHIDAMBARAM The Organization: With 52 percent market share in the organized air express industry in India, Blue Dart Express is the benchmark in express logistics services in India and is miles ahead of the next closest competitor. Here’s a company that prides itself on its use of technology. In fact, Anil Khanna, MD of the company, once said, “You need to build a strong technology system. Technology is what helps us deliver delightful customer service and attain new customers.” Daniel Matthews, GM-Systems, Blue Dart, has been one of the key persons to help ingrain this vision into the work culture of the company for the past 20 years. The Business Case: With a pan-India presence, Blue Dart handled over 126 million shipments and 513,474 tonnes of cargo as on March 31, 2014 across 34,138 locations. This was achieved by leveraging a network of five aircrafts, and 8,703 vehicles. As the economy forced business across the world to tighten their purse strings, Blue Dart started to evaluate ways in which it could improve the supply chain. “What happens between first and last mile of the network needs to be in our control and we knew we could play a direct role in improving that,” says Matthews. The routes traversed by the trucks for delivery were also quite dynamic. “There was a lot of dependence on the intelligence of the manual systems to pick up the best route,” says Matthews. The problem was further compounded by the nature of the deliveries. Some had premium shipments riding on them that were required to be delivered

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

quicker than the other shipments. Some consignments were temperature controlled which had to be delivered faster and many others had specific delivery instructions such as, a specific time window when the receiver was available to accept the package.

Daniel Matthews, GM-Systems, Blue Dart, was able to increase the number of deliveries in a day by creating a GIS-based routing solution.

The Solution: As a part of the DPDHL group, Blue Dart experimented with the routing solution that DHL had implemented in Europe. But that wouldn’t be effective in India. “In Europe, addresses are very well structured. Also, in India, we do not have the same precise lane-level GIS information that is regularly updated,” says Matthews. That’s when it was decided to develop a unique version within the company. The First Step: The first step was to modify the algorithm to recognize the Indian address system which was a difficult process. It was an enormous task to help the system understand that ‘Richmond Road’ or ‘Richmond Rd’ were basically the same place. The middleware would then incorporate this information against the pincodes and the geo codes, to build a pan-India address mapping system. “This allowed us to mark and plot the packages even before they arrived in the destination city saving us the time taken to manually segregate them,” says Matthews. Once the shipment arrives in the city, the route manager is assigned with the task of segregating the packages across different routes into different trucks. Here’s where the ingenuity of the application was realized. The system, which relies on map data from an Indian service provider, would automatically compute the best possible routes with the least traffic congestion that would help complete all

VOL/9 | ISSUE/09

the deliveries of the day. Now, the route manager can take several decisions based on the specific conditions of the day, for example, a trucker doesn’t arrive and there is shortage of resources or there is an unforeseen delay. The manager has to simply input the changes and the system will compute and re-route the next best solution. The system also takes into account the weight and nature of

shipment while allotting the packages across different routes and trucks. The Benefits: The solution worked wonders. “We realized a reduction in our delivery time. We also saw an increase in the number of deliveries in a day,” says Matthews. CIO Send feedback to editor@cio.in

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

IT Strategy

IT’S A BUYER’S MARKET Big changes in the vendor landscape and new technology trends are shifting negotiating power from stingy vendors to savvy CIOs. Here’s how to make the most of it. By

C i n d y Wa xe r

fter years of fighting tooth and nail with vendors for meagre price Reader ROI: discounts or modest service-level agreements, IT has seen the tables Changes affecting the start to turn: Sweeping changes are reshaping the vendor landscape, IT market shifting negotiating power from stingy service providers to savvy CIOs. How CIOs and IT vendors At the center of this sea change are trends such as cloud computing, are responding to the changing market social media, data analytics, remote monitoring, automation, and The importance of CIOmobility. Whether it’s manufacturers opening sensor-operated plants vendor collaboration or healthcare providers using remote patient-monitoring systems, organizations are acting fast to seize new opportunities and satisfy customer demands. And as the need for agility increases, cloudbased computing is booming: Infrastructure as a service and business process as a service are the two fastest-growing segments of the IT services market, expanding 44.9 percent and 12.4 percent, respectively, in 2014, according to Gartner. Just ask William Graff, senior vice president at Cerner Technology Services. “We’re spending a lot of time with specific internal business units looking at cloud solutions that traditionally we would have hosted on our own datacenter. But because of business pressures to move rapidly, we’ve selected a handful of cloud providers over the last year,” he says. Decisions like that at companies of all kinds are adding an infusion of new, agile cloud 50

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

IT Strategy

providers into the average company’s mix of more traditional vendors. Combined with the need for speed is an increased awareness of high-tech products and services. “The buyer’s paradigm has changed dramatically over the last several years,” says Keith Lubner, CEO and a managing partner at Channel Consulting, a Philadelphia-based management consulting firm specializing in vendor relations. “Access to information and content is so dramatic that buyers are more astute than ever before. They have instant access to information on every single product out there—they’ve flipped the whole sales cycle on its head.” Armed with information and eager to take advantage of fast-acting cloud, analytics, and mobile technologies, CIOs are voting with their wallets: A staggering two-thirds of respondents to a recent Gartner CIO survey said they expect to change primary suppliers by 2017. Desperate to stay on top, traditional IT vendors are responding by tossing out their typical IT sales models to offer flexible subscription services, shorter sales cycles, unprecedented product innovation and

AS CIOS AND VENDORS INCREASINGLY BECOME BEDFELLOWS, THE I.T. WORLD IS DRAFTING ITS OWN VERSION OF A PRENUP. personalized service. And that’s creating a once-in-a-career opportunity for savvy CIOs: A chance to negotiate huge price cuts, packaged deals, favourable contracts and unique partnerships with big-time vendors once too busy to return calls.

Tough Customers Jim Forbes is a perfect example of the type of technology executive that’s keeping vendors up at night. The CTO at University Health Network (UHN) in Toronto, Forbes had for years relied on standard criteria such as “functional requirements and server compatibility” to select technology solutions. But a

POLISH YOUR NEGOTIATING SKILLS

nce you sort through the chaos, it’s easier than you think to take advantage of the changing nature of the IT-vendor dynamics. Here’s what you can do: If a vendor won’t budge on price, ask to have additional products or services thrown in for a more cost-effective package deal. If you’re working with a new vendor, test the waters by taking advantage of a monthly subscription service. Always ask a vendor what migration path it has in place for your business in case it’s involved in a merger or acquisition. Create a five-year plan that limits a vendor’s ability to raise its prices. Request a single point of contact for all customer service. Investigate any legal liabilities that might arise from using a certain product, such as questions regarding intellectual property rights. Hire a third-party consultant to provide industry benchmarks on fair market prices for products and services. When hammering out cloud deals, be sure the terms of service-level agreements cover specifics such as network uptime.

—Cindy Waxer 52

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

desire for a more scalable cloud-based tool recently convinced him that it was time to switch IT management vendors. “Our new thinking sent us in a very different direction,” says Forbes. “We ended up going with an entirely different vendor—one who really wasn’t on our radar. There was some nervousness, but we recognized that this was the right strategic move, and looking back, it was a very good choice.” James Cole, CIO at First National Bank of Omaha, also has a set of purchasing priorities that could cause vendors to panic. Once susceptible to industry buzz and product hype, Cole says he now finds himself taking a more businessoriented approach to vendor selection by asking, “Where does a solution fit into my organization?” Today, IT staffers meet with the retail bank’s business-line leaders five days a week “to understand what their needs are and bring IT solutions to them,” Cole says. “We’re becoming more in tune with our core business, helping our business-line leaders with their needs and then going out into the market and determining who best can solve that need.” But shifting the focus from acquiring tech tools to discovering business solutions is also changing the nature of the CIO-vendor relationship—to the CIO’s advantage. Increasingly, vendors are being asked to be a partner rather than simply a provider. Cole points to the First National Bank of Omaha’s four-year relationship with Client Resources Inc. (CRI), an IT talent and solutions provider. Once considered

VOL/9 | ISSUE/09 ISSUE/05

IT Management

a supplier of temporary labor, the midsize vendor has evolved into a key collaborator with the bank’s IT department, Cole says. For example, CRI recently worked hand in hand with the bank to design and develop a mobile app. “It became this great partnership,” says Cole. “If you were in a room with us, you’d have a hard time knowing who the First National employee was and who was with CRI.” Even tech vendor titans are shedding their hands-off reputation for a handholding approach that they hope will help them retain customers. Seven years ago, Cole says, the bank’s dealings with Oracle could have been described as “a catalog relationship” involving occasional database orders. Today, a senior executive from Oracle is dedicated to helping First National Bank of Omaha with some seemingly minor IT projects, such as developing a better login process for mobile employees. “It’s very much a collaboration,” says Cole. “Oracle is looking at their business model differently now and seeing customers as a relationship rather than a product sale. It’s just interesting that Oracle is listening to us.”

Power Shift In fact, whereas power-wielding IT vendors once shaped CIOs’ buying behavior, CIOs are now having a profound impact on the way a vendor approaches everything from customer service to product development. Says Graff: “When we enter into a longterm agreement with a vendor, we expect that our voice as an end-user community will be heard and that we’ll influence changes and enhancements to a product.” But as CIOs and vendors increasingly become bedfellows, the IT world is drafting its own version of a prenup. For instance, when UHN began vetting vendors for a new managed service contract, Forbes insisted that each interested party develop a five-year plan illustrating how unit costs might change over time. Vendors that promised cost-per-unit decreases earned extra points. Another way Forbes gained an upper hand in negotiations was paying

VOL/9 | ISSUE/09

IT DIVES INTO THE MONEY POOL

T contractors are expecting a large number of roles to be created in financial services in the next 12 months, as investment in the sector continues to produce more opportunities, according to employment provider giant group. Results from the organisation’s latest survey of IT contractors found that 22 percent are predicting that more job opportunities will be created in the financial services sector over the next year. Many banks are currently heavily investing in technology that can aid them in streamlining capital and liquidity reporting through either in-house developments or off the shelf packages, and this is what is partly behind the demand for IT contractors, said giant. Organisations are having to draft in experts with niche skill sets to focus on extensive regulatory and legislative projects. Managing director of giant group Matthew Brown said: “It’s exciting, if unsurprising, to see IT professionals in financial services being so sought after, given the ongoing investment in the sector. The majority of the demand we’re seeing is for contractors with specialist technical skills as many businesses are investing in their reporting systems.” Brown said: “Part of the demand could also be driven by the number of mergers in the financial services sector in recent times. We’ve seen Bank of America and Merrill Lynch join forces as well as the RBS/ABN-Amro merger, and these largescale unions create sustained, long-term assignments in a number of areas—not least the huge systems migration projects and change management programmes needed to ensure a seamless changeover.” Brown said this demand will “continue to intensify” as “there simply aren’t enough permanent specialists on the ground at the moment.” This is in line with other results from the giant survey, which found that the percentage of contractors expecting a pay increase grew by 6 percent, “reflecting the demand that many professionals feel will be shown,” Brown said. —Cindy Waxer

research firms, including Gartner and PricewaterhouseCoopers, for market analysis on IT service prices such as help

desk costs and server fees—industry benchmarks that provided “a viable opportunity to negotiate cost reductions REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

IT Strategy

right upfront before signing a contract,” he says. “We’re doing more strategic thinking as part of the RFP process as opposed to just writing an RFP and throwing it out onto the street.” Such an informed approach to negotiating pays dividends, according to Cole, who says he once talked an IT vendor into reducing the price of a system by $3 million (about Rs 1,770 lakh). “We build performance milestones into all of our contracts,” he says. “We also do a very good job of negotiating [financial] holdbacks so that we don’t feel like we’re paying for a service well before it’s delivered.” Faced with dwindling bargaining power and better-educated customers, many vendors are sweetening the pot by offering cost-effective bundles of services. For example, a vendor specializing in email encryption technology might try to package its tool with an Exchange server and high-margin services such as consulting on compliance issues. In fact, Lubner says peddling packages is “the only way for vendors to differentiate themselves and provide more value to the buyer” these days. Forbes agrees. Just as the federal government has been slowly embracing a shared services strategy, he says, the healthcare industry is inching toward a similar model, where multiple hospitals, clinics, and laboratories will agree to share the funding and resourcing of key IT services to cut costs and improve efficiency. “There’s a lot of opportunity to save money and reinvest the subsequent savings back into healthcare if we only shared some of these IT services,” says Forbes, adding that the vendors that are most likely to come out ahead are those that “recognize the market is shifting and respond by packaging their software.”

Sharing the Legal Load But greater collaboration, bundled IT services, and high performance standards aren’t the only changes in the IT landscape helping to create a buyer’s market. Organizations are demanding that even legal issues be treated as shared 54

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

FACED WITH DWINDLING BARGAINING POWER AND BETTER-EDUCATED CUSTOMERS, MANY VENDORS ARE SWEETENING THE POT BY OFFERING COST-EFFECTIVE BUNDLES OF SERVICES. responsibilities rather than matters to be hashed out by bloated legal departments. After all, says Cole, “if you just have two sets of legal teams talking, you’ll reach an impasse very quickly.” Cole should know. In the first four months of this year alone, he’s had to tackle questions of intellectual property with at least three different vendors. That’s because, in these litigious times, it’s becoming increasingly common for unwitting end users to wind up entangled in patent infringement suits. For example, a hotel chain that offers its guests free WiFi might find itself involved in a patent suit simply because it relies on server technology that has come under legal fire. However, whereas in the past, vendors would simply scoff at the notion of shared liability, Cole says there’s more willingness now to address issues such as intellectual property as a mutual business challenge rather than as a legal technicality. We need to have protection so now it’s a negotiation to determine how much liability a vendor is willing to give up and how much risk am I willing to accept,” says Cole. “It’s become a business discussion, not a legal discussion. In fact, it’s a very common conversation in the IT community today.” That’s not to suggest, however, that vendors are simply rolling over and letting customers call all the shots. For

example, Graff points out that Kansas City, Mo.-based Cerner is both a buyer and a provider of IT services and says that, no matter how profitable a project might seem, the company will “never sign a deal [as a provider] where we can’t deliver on what we’ve written into the contract.” But that’s not all. Cole says most organizations do recognize and respect a vendor’s need to turn a profit. “Recently we negotiated a deal where it came down to both sides saying, ‘Here’s what I’m willing to give you in terms of profit and here is where I need to be in terms of expenses,’” he recalls. “That’s a partnership where we shook hands. But had we dug in our heels and said, ‘Here’s all I’m going to give you,’ we both would have left with a bad taste in our mouth.” After all, there’s no telling when the pendulum will swing back to a seller’s market. All the more reason, says Graff, for savvy CIOs to make sure “it’s a win-win situation for both parties.” CIO

Send feedback to editor@cio.in

VOL/9 | ISSUE/09

ACTION

www.cio100.in

4 - 5 September, 2014 | JW Marriott, Pune

Nominations close on July 15, 2014

Write to rupesh_sreedharan@idgindia.com

Security

11DEAD Reasons Encryption is

Massive leaps in computing power, hidden layers, hardware backdoorsâ&#x20AC;&#x201D; encrypting sensitive data from prying eyes is more precarious than ever.

M A R C H 1 5 , 2 0 1 4 | REAL CIO WORLD

By Peter Wayner

Security

veryone who has studied mathematics at the movie theater knows that encryption is pretty boss. Practically every spy in every spy movie looks at an encrypted file with fear and dread. Armies of ninjas can be fought. Bombs can be defused. Missiles can be diverted. But an encrypted file can only be cracked open with the proper key—and that key is always in the hands of a dangerously attractive agent hidden in a sumptuous hideout on the other side of the world. Alas, this theorem of encryption security may be accepted as proven by math geniuses at Hollywood but reality is a bit murkier. Encryption isn’t always perfect, and even when the core algorithms are truly solid, many other links in the chain can go kablooie. There are hundreds of steps and millions of lines of code protecting our secrets. If any one of them fails, the data can be as easy to read as the face of a five-yearold playing Go Fish. Encryption is under assault more than ever—and from more directions than previously thought. This doesn’t mean you should forgo securing sensitive data, but forewarned is forearmed. It’s impossible to secure the entire stack and chain. Here are 11 reasons encryption is no longer all it’s cracked up to be.

No Proofs—Just an Algorithm Arms Race

The math at the heart of encryption looks impressive, with lots of superscripts and subscripts, but it doesn’t come with any hard and fast proofs. One of the most famous algorithms, RSA, is said to be secure—as long as it’s hard to factor large numbers. That sounds impressive, but it simply shifts the responsibility. Is it truly that hard to factor large numbers? Not really. Well, there’s no proof that it’s hard, but no one knows how to do it right all of the time. If someone figures out a fast algorithm, RSA

VOL/9 | ISSUE/09

Encrypted Web Traffic Reveals Sensitive Information

nalyzing encrypted Web traffic can potentially reveal highly sensitive information such as medical conditions and sexual orientation, according to a research paper that forecasts how privacy on the Internet may erode. In a paper titled I Know Why You Went to the Clinic, researchers show that by observing encrypted Web traffic and identifying patterns, it is possible to know what pages a person has visited on a website, giving clues to their personal life. Almost all websites that exchange sensitive data rely on SSL/TLS (Secure Sockets Layer/Transport Security Layer) technology, which encrypts data exchanged between a person’s computer and a server. The data is unreadable, but the researchers developed a traffic analysis attack that makes it possible to identify what individual pages in a website a person has browsed with about 80 percent accuracy. Previous research had shown it was possible to do such analysis, but the accuracy rate was 60 percent. They evaluated the effectiveness of the attack using 6,000 Web pages within 10 websites. Studying encrypted page views of health care websites, for example, “have the potential to reveal whether a pending procedure is an appendectomy or an abortion, or whether a chronic medication is for diabetes or HIV/AIDS,” they wrote. In order to execute a traffic analysis attack, an adversary would have to be able to identify the encrypted traffic patterns of a particular site as well as be able to observe the victim’s Web traffic. ISPs and employers would have visibility on users’ data streams, they wrote. There are still complications that hamper pattern identification in encrypted web traffic. For example, different operating systems, devices and locations of devices could make the Web traffic appear more diverse and harder to identify. The research also assumes that a person is browsing the Web through a single tab in their web browser. It was unclear to the researchers how much traffic might be generated by other open tabs. —Jeremy Kirk

could be cracked open like an egg, but that hasn’t happened yet. At least, that’s what it looks like.

Disclosure is the Only Means of Detecting a Crack

Suppose you figured out how to factor large numbers and crack RSA encryption. Would you tell the world?

Perhaps. It would certainly make you famous. You might get appointed a professor at a fancy college. You might even land a cameo on The Big Bang Theory. But the encryption-cracking business can be shady. It isn’t hard to imagine that it attracts a higher share of individuals or organizations that might want to keep their newfound power secret and use it to make money or extract valuable information. REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

Security

Many of our assumptions about the security of cryptography are based on the belief that people will share all of their knowledge of vulnerabilities—but there is no guarantee anyone will do this. The spy agencies, for instance, routinely keep their knowledge to themselves. And rumors circulate about an amazing cryptographic breakthrough in 2010 that’s still classified. Why should the rest of us act any differently?

The Chain is Long and Far from Perfect

There are a number of excellent mathematical proofs about the security of this system or that system. They offer plenty of insight about one particular facet, but they say little about the entire chain. People like to use phrases like “perfect forward security” to describe a mechanism that changes the keys frequently enough to prevent leaks from

John McAfee Slaps Name on Private Messaging App

he former anti-virus software creator and international fugitive is promoting a new app called Chadder, which claims to keep messages secure through key server encryption. The app is available now for Android and Windows Phone, and an iOS version is coming soon. However, the app appears to be in extremely rough shape, not even deserving the “beta” tag that the developers use in their description. Theoretically, you should be able to look up the intended message recipient by name, phone or e-mail, and then exchange a four-digit code that acts as the encryption key. The key remains invisible to Chadder, ensuring that only the recipient can see the messages. In our testing, I wasn’t able to find my fellow app tester by name, even when he had set his profile information to “public.” Entering a code in the “claim code” field simply caused that code to disappear. Even if there’s some crucial step we’ve missed, the app is far from being user-friendly. And once you’ve created an account, the app doesn’t give you any way to delete it. Aside from lending some notoriety, the extent of McAfee’s involvement with Chadder isn’t clear. A press release says that McAfee’s company, Future Tense Secure Systems, released the app “in partnership with” Etransfr, and also says that a team of developers at Rochester Institute of Technology helped build the app. In the Google Play Store, Etransfr is listed as the sole developer and appears to be responsible for gathering feedback and answering user reviews. In response to one review, Etransfr said that it has been developing Chadder for only one month. The only other available product from Future Tense Secure Systems (which also goes by the name Future Tense Central) is a privacy control app called DCentral1. McAfee had previously announced a hardware product with a similar name, which supposedly would have allowed for local, secure communications, but this product has not materialized. Clearly, McAfee enjoys bashing the company that still bears his name. But without a little quality control, his new venture isn’t going to fare any better.

— Jared Newman

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

spreading. But for all of its perfection, the proof covers only one part of the chain. A failure in the algorithm or a glitch in the software can circumvent all this perfection. It takes plenty of education to keep this straight.

Cloud Computing Power is Super Cheap

Some descriptions of algorithms like to make claims that it would take “millions of hours” to try all the possible passwords. That sounds like an incredibly long time until you realize that Amazon alone may have half a million computers for rent by the hour. Some botnets may have more than a million nodes. Big numbers aren’t so impressive these days.

Video Cards Bring Easy Parallelism to Cracking

The same hardware that can chew through millions of triangles can also try millions of passwords even faster. GPUs are incredible parallel computers, and they’re cheaper than ever. If you need to rent a rack, Amazon rents them by the hour too.

Hypervisors—The Scourge of the Hypervigilant

You’ve downloaded the most secure distro, you’ve applied all the updates, you’ve cleaned out all the cruft, and you’ve turned off all the weird background processes. Congratulations, you’re getting closer to having a secure server. But let’s say you’re still obsessed and you audit every single last line of code yourself. To be extra careful, you even audit the code of the compiler to make sure it isn’t slipping in a backdoor. It would be an impressive stunt, but it wouldn’t matter much. Once you have your superclean, completely audited pile of code running in a cloud, the hypervisor in the background could do anything it wanted to your code or your memory—so could the BIOS. Oh well.

VOL/9 | ISSUE/09 ISSUE/05

Security

Hidden Layers Abound

The hypervisor and the BIOS are only a few of the most obvious layers hidden away. Practically every device has firmware—which can be remarkably porous. It’s rarely touched by outsiders, so it’s rarely hardened. One research “hardware backdoor” called Rakshasa can infect the BIOS and sneak into the firmware of PCI-based network cards and CD drivers. Even if your encryption is solid and your OS is uninfected, your network card could be betraying you. Your network card can think for itself! It will be a bit harder for the network card to reach into the main memory, but stranger things have happened. These hidden layers are in every machine, usually out of sight and long forgotten. But they can do amazing things with their access.

Backdoors Aplenty

Sometimes programmers make mistakes. They forget to check the size of an input, or they skip clearing the memory before releasing it. It could be anything. Eventually, someone finds the hole and starts exploiting it. Some of the most forward-thinking companies release a steady stream of fixes that never seems to end, and they should be commended. But the relentless surge of security patches suggests there won’t be an end anytime soon. By the time you’ve finished reading this, there are probably two new patches for you to install. Any of these holes could compromise your encryption. It could patch the file and turn the algorithm into mush. Or it could leak the key through some other path. There’s no end to the malice that can be caused by a backdoor.

Bad Random-Number Generators

Most of the hype around encryption focuses on the strength of the encryption algorithm, but this usually blips over the fact that the key-selection algorithm is just as important. Your encryption can be

VOL/9 | ISSUE/09

Even if your encryption is solid and your OS is uninfected, your network card could be betraying you. Your network card can think for itself! It will be a bit harder for the network card to reach into the main memory, but stranger things have happened.

super-strong, but if the eavesdropper can guess the key, it won’t matter. This is important because many encryption routines need a trustworthy source of random numbers to help pick the key. Some attackers will simply substitute their own random-number generator and use it to undermine the key choice. The algorithm remains strong, but the keys are easy to guess by anyone who knows the way the random-number generator was compromised.

Room for Typos

One of the beauties of open source software is that it can uncover bugs—maybe not all of the time but some of the time. Apple’s iOS, for instance, had an extra line in its code: Goto fail. Every time the code wanted to check a certificate to make sure it was accurate, the code would hit the goto statement and skip it all. Was it a mistake? Was it put there on purpose? We’ll never know. But it sure took a long time for the wonderful “many eyes” of the open source community to find it.

connection, and to be extra careful, you click through to check out the certificate. After a bit of scrutiny, you discover it says it was issued by the certificate authority Alpha to PeteMail.com and it’s all legit. You’re clear, right? Wrong. What if PeteMail.com got its real SSL certificate from a different certificate authority—say, Beta. The certificate from Alpha may also be real, but Alpha just made a certificate for PeteMail.com and gave it to the eavesdropper to make the connection easier to bug. Man-in-themiddle attacks are easier if the man in the middle can lie about his identity. There are hundreds of certificate authorities, and any one of them can issue certs for SSL. This isn’t a hypothetical worry. There are hundreds of certificate authorities around the world, and some are under the control of the local governments. Will they just create any old certificate for someone? Why don’t you ask them? CIO

Certificates Can Be Faked Let’s say you go to PeteMail. com with an encrypted e-mail

Send feedback to editor@cio.in

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

DIRECTION

www.cio100.in

4 - 5 September, 2014 | JW Marriott, Pune

Nominations close on July 15, 2014

Write to rupesh_sreedharan@idgindia.com

ESSENTIAL

technology IMAGE BY MASTERFILE.COM

SOCIAL NETWORKING

In a world where things are constantly changing, like business models, people and technology, social media and networking have become a necessary part of the formula for success.

VOL/9 | ISSUE/09

The Social Media Circle BY RICH HEIN

| "Networking as an executive in any profession or industry is possibly one of the most valuable ways to build credibility both personally and professionally. It won't happen naturally and requires significant investments both in time and fostering business relationships, but can yield long lasting ROI both in business, leveraging referrals, new business, and opportunities to advance your own career," says Laura McGarrity, VP-Marketing at Mondo, an IT sourcing and staffing firm.

SOCIAL NETWORKING

Employment Opportunities If nothing else motivates you about social networking then consider this: The days of working for one or even two companies for your entire career have all but gone away. Those days have given way to a world where CIOs last on average four to five years while IT pros average somewhere around three. Looking for a job is hard work and takes a long time. In surveys, a majority of people find their next position via an introduction through networking. What that means is that social media and social networking have become woven into the fabric of the job search process. In addition to that reality, there are other compelling reasons to join in.

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

ESSENTIAL technology

Immediate Feedback Finding your next job is one reason but there are a few more for CIOs and IT managers to consider, such as immediate feedback. Social media outlets like Facebook, Twitter and LinkedIn have given people who care enough to get involved and interact at a one-on-one level with their customers, their peers, and their staff. Places like Twitter require a tough skin, but the payoff is honest feedback from the people who use your service or product. Services like Twitter offer almost immediate feedback, which comes in handy when a new product, service or feature is launched. Sage IT managers and CIOs monitor these places to see how their user base is reacting and interacting to their new launches. "Twitter is a tremendous asset for tech professionals. It feeds the need for instantaneous response," says Shravan Goli, president of Dice.

Building your Dream Team Hiring IT pros has become increasingly

discussions, or with other IT leaders," says Jeffrey Hurley, VP and head of technology for Canada Pension Plan Investment Board.

Creating a Collaborative Environment In order to innovate, companies need to create more collaborative user-friendly environments. Social media and the Web are providing the tools to make that happen. More teams are staying connected with suites like Campfire, Yammer and other online collaboration tools. To stay relevant you need to be where the innovation happens, and if it's in one of these collaboration suites, then you better get involved or get left behind.

Being an Industry Thought Leader How will people know about your genius if you aren't out there sharing your experiences in places like LinkedIn Groups, Twitter, Quora and other communities? Whatever you do, whatever industry you

Demonstrate through your posts that you are an informed leader who knows what's going on within your industry. Writing a blog is a great way to share insights and show off your troubleshooting prowess. difficult, as headhunters and staffing firms can be cost-prohibitive for some businesses. But thanks to places like LinkedIn, SpiceWorks and various job boards there are more places than ever to look for fresh talent. LinkedIn is especially helpful in finding the passive candidates for your team, allowing you to search for people by geography, years of experience and various skills, among other things. "I use LinkedIn to connect with others, whether it be potential candidates for a job opening I may have, vendors, usually through group 62

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

are in, the Internet has a place for you to interact with like-minded professionals that facilitate collaboration and sharing. So don't be shy, get out there and start asking and answering questions. Demonstrate through your postings that you are an engaged and informed leader that knows what's going on within your specific industry. "You can raise your profile in other ways too—answering questions on Stack, contributing to an Open Source project, marketing your own Open Source project on SourceForge. With the new recruiting tools that aggregate information,

26%

Of Indian CIOs say social network analysis is a leading BI tool within their organizations. recruiters are expecting to see passion related to your work. So, I recommend tech professionals do something to show that commitment to their craft," says Goli.

Social Networking Online While there are thousands of articles that cover the various ways to network on the different social networks available, the problem according to career coach and strategist Donald Burns, is a lack of focus. Many people fall into the trap of blindly networking with everyone when the key is to be more focused. "...many people start 'networking' because they've been ordered to do so—beaten over the head to keep networking—but just connecting with people is not enough. You must be connecting with people to reach a target. In my humble opinion, that's the problem with 'networking', people aren't clear about what they're after. When a job seeker has a clear target, a red-hot passionate, welldefined position at a particular company— then connecting with the right people is much easier," says Burns.

Start a Blog or Column Many of us work in our various industries with the intention to become thought leaders. Writing a blog is great way to share your knowledge, insight and show off your troubleshooting prowess. "Creating content is a powerful way to build your personal and professional brand online," says McGarrity. When most of us are interested in doing something new, one of

VOL/9 | ISSUE/09

ESSENTIAL technology

SOCIAL MEDIA CAMPAIGN

the first things we do is search the Web to find someone who has been down this road before to get an idea of what to expect. "Have a content strategy. Create content, share data, multimedia, photos, and engage in conversation with original content creators. Relevancy and frequency is the name of the game. Have a goal, be transparent, be conversational, be YOU, and get engaged," says McGarrity. There are various outlets you can use but most experts agree that having your own branded site, especially in the technology world, is the best way to go.

Offline Networking Social media is a great tool but it's important to remember that itâ&#x20AC;&#x2122;s not all done from behind a desk. That is only one of the fronts in the battle to remain relevant. Ultimately, nothing is better than meeting someone face to face. Our experts encourage you to get out there and start building your professional network in person. "Networking online is great when you are looking for macro trends or just making high level connections. However, going offline and meeting face-to-face allows you to go deeper with individuals. I look at online networking as 'casting a net' and offline (F2F) networking as 'spear fishing.' When you go wide, you get to see what others are talking about and what challenges they have, but when you are offline that is really when you get into the details," says Tushar Patel, VP-Marketing for Innotas, a company that specializes in IT Project and Portfolio Management Services. In a world where things are constantly changing, like business models, people and technology, social media and networking have become a necessary part of the formula for success. To stay relevant in the upper echelons of the tech world requires a commitment to learning and the ability to engage others where ever they may be, whether it's your development team, the board room, a conference or a meetup. CIO

Social Life at Work ENTERPRISE SOCIAL NETWORK | Pearson's viral campaign to get employees across its 411 subsidiaries using a new enterprise social networking (ESN) tool, achieved 80 percent adoption within six months. Last year, the UK-based multinational, which owns publishers Penguin Random House and the Financial Times group decided to implement the software's enterprise social network (ESN) to get employees to discuss business solutions and share valuable information across the group's global brands. Neo, Pearson's customized Jive software, is a hub similar to Facebook, with employee profiles, activity streams, microblogging, document sharing and group workspaces. Pearson employees are currently using it to connect with users in different continents and share business solutions across the separate brands. Prior to deploying Neo the human resources and internal communication team were navigating 134 different intranets. To achieve critical mass without an enforced roll-out, logins were created for employees and marketeers. Communications and senior executives were encouraged to begin using the community and spread the word. Collaboration across the expanding Pearson portfolio is also crucial for retaining employees, Kim England, Pearson's head of internal communications, said. Neo uses gamification to keep employees using the software including a competitive point system for the amount of connections a user makes across the network. The tool offers a reputation centre where employees can view their current and completed "missions" and the points and badges they have earned. Managers can customise "missions" with more than 130 specific actions they want employees to engage in to accomplish business goals. These capabilities are powered by Bunchball. Pearson is currently working with the ESN provider to turn its data and anecdotal evidence into hard numbers to quantify the ROI. It will also analyze the results of its next engagement survey to measure impact. â&#x20AC;&#x201D; By Margi Murphy

Send feedback on this feature to editor@cio.in

VOL/9 | ISSUE/09

REAL CIO WORLD | J U LY 1 5 , 2 0 1 4

endlines

ARTIFICIAL INTELLIGENCE

* BY TIM HORNYAK

A supercomputer has achieved an artificial intelligence milestone by passing the Turing Test, according to the University of Reading in the UK. At a recent event at the Royal Society in London, a conversation program running on a computer called Eugene Goostman was able to convince more than a third of the judges that it was human. It marks the first time that any machine has passed the Turing Test proposed in 1950 by Alan Turing, regarded as the father of artificial intelligence (AI), according to the university, which organized the event. The Turing Test is an experiment that focuses on whether people can tell whether they are communicating with a person or a machine. If the machine is able to fool people into thinking it's human during a series of text conversations, it's considered to have passed the test. The program, dubbed Eugene, was developed by Vladimir Veselov and Eugene Demchenko and competed against four other supercomputers at the Royal Society event. Eugene is designed to simulate the responses of a 13-year-old boy. Eugene convinced 33 percent of the human judges that it was human, and the results were independently verified, the university said. Kevin Warwick, a visiting professor of cybernetics at the University of Reading, said in a statement that the event at the Royal Society did not place restrictions on topics or questions, and was thus a true Turing Test.

J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD

VOL/9 | ISSUE/09

IMAGE BY T HIN KSTO CKP HOTOS.IN

I Am Robot, No Really

Need help in managing the ever-growing stockpiles of documents in your enterprise?

Access your business data in real-time, from anywhere. We deliver an end-to-end digitisation and document management service. Digitisation also includes scanning, data integrity, tagging, indexing and search ensuring that your data is secure and at your fingertips. Let the digitisation experts come to your rescue.

Call CBS consultant: 1800 180 3366# / 39010101* or email us at customersupport@canon.co.in. Visit www.canon.co.in. Corporate Office: Canon India Pvt. Ltd., 7th Floor, Tower B, Bldg. - 5, DLF Epitome, DLF Phase III, Gurgaon - 122002, Ph: 0124-4160000. # From MTNL / BSNL / Airtel landlines, * Prefix your city code while filing from mobile phone.

Missing a vital component?

Harnessing the benefits of the world’s strongest IT Service Management framework for your company? Smart move. If you’re looking to gain the competitive edge and capitalize on IT investments to truly support business objectives and enable business change, you should be looking at ITIL®. Celebrating 25 years of helping companies to benefit from advancements in global best practice, ITIL has become the choice of industry leaders worldwide – from small and medium sized enterprises to large corporations. Find out more about how your business can utilize leading edge IT capabilities and provide world class services. Visit www.itil-officialsite.com/cio-india ITIL for your business: smart move.

ITIL is a registered trade mark of AXELOS Limited. AXELOS, the AXELOS logo and the AXELOS swirl logo are trade marks of AXELOS Limited.