Issuu on Google+


Lessons From the third Cio Leadership summit. Page 31



VOL/04 | ISSUE/20

Which way is the cloud blowing? Veteran CIOs give you a forecast. Page 22

SEPtEmbEr 1, 2009 | rs100.00 www.CIO. I N

Sharing The Burden Why e-governance needs a multipronged approach.

Tracking Performance How scorecards can help monitor your business.

Page 38

Page 53

From The Editor-in-Chief

The Crowbar or The Gun? The accountability equation.

TIME: The present. SCENE: A sparsely-furnished room in the office of the Central Bureau of Investigation. A CIO has been brought in for questioning. A not too stern looking CBI officer faces him. No one else is present. CBI OFFICER: Good afternoon, my friend, would you like some tea? CIO: I don’t want any tea. Why have I been brought here? OFFICER: Relax, my friend. Have the tea, it will calm you. CIO: Are you arresting me? OFFICER: Not as yet, in any case. However, your former CEO stands accused of siphoning away thousands of crores. CIO: What has the IT department or I got to do with any of this? OFFICER: So you say. But my colleagues don’t believe you. They feel it’s impossible to commit this scale of fraud, without involving the IT guys or the chaps in the finance department. CIO: I have told you so many times, I don’t know anything! Why are you harassing me? OFFICER: We haven’t even begun leaning on you as yet, my friend. All we’re requesting is a bit of help. In any case, let me tell you an The case for governance interesting story. A farmer buys crowbars controls and audit trails boils and hands them to his workers, one of down to this: What would you whom attacks another and kills him. do if your management was CIO: So? accused of committing fraud? OFFICER: So, I arrest the worker in question and take the crowbar into custody as evidence. Cause and effect, you see. Another farmer, buys knives and hands them to his workers, one of whom murders a colleague. CIO: What of it? OFFICER: I arrest the worker and the farmer, and take the knife into custody as evidence. The circle begins to widen. Yet another farmer buys guns and hands them to his workers, one of whom shoots a worker dead. CIO: What does any of this have to do with me? OFFICER: Patience. You’ll get to know soon. In the shooting case, I arrest the worker, the farmer, the gun supplier, and take the revolver into custody as evidence. Things have now moved beyond the simple. CIO: So, who do you think I am? The farmer, the worker or the gun supplier? OFFICER: You, my friend, are the gun. Now convince me you are the crowbar. How would you account for the sins of your management? What governance controls have you built into the system? Write in and let me know.

Vijay Ramachandran Editor-in-Chief


s e p te m b er 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 2

Vol/4 | ISSUE/20

8/28/2009 12:53:34 PM

cont n en nt nt nt

september 1‑ | ‑Vol/4‑ | ‑issue/20

CEO VisiOn

The upturn is around the corner and once again businesses and their CIOs have the chance to do something extraordinary.

2 2 32 I Sanjay nayak, Co-founder, CEO & MD, Tejas Networks 34 I Gourav jaSwal, Director, Synapse 36 I Sumit Dutta ChowDhury, CIO, Reliance Communications

CiO DisCussiOns

I P hoT ho T o by Sr IV IVa aTS TSa a ShandI Shand I lya

The leadership council provided a platform for CIOs to share their experiences and express their opinions on the value of data to the business, the importance of IT optimization and protecting corporate information. 42 I iS Data an aSSet? 44 I optimizinG i.t. 46 I people power

CoVE Co VEr: r: dESI d ESI gn by MM Shan IT h


48 I a matter of SeCurity The results of the Indian Information security survey are proof of how enterprises look at security. A panel of eminent IT leaders discuss what exactly is going wrong with information security.

Cloud Computing

COvER StORy CLOuD COvER | 22 Pressure for flexibility, savings and speed is driving up CIO interest in cloud computing. But veterans of the tech hype wars say they won’t be won over by big promises alone. Feature by Jarina D’Auria & Kim S. Nash PLuS:

NINE CLOuD COmPutINg mythS | 28 As more IT leaders turn to the cloud, they will be faced by rumors and hearsay floating around the technology. We clear up the fog. Feature by Robert L. Scheier more »


s E p T E m b E R 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/20


(cont.) departments Trendlines | 9 Staff Management | Keeping Them Happy Quick Take | Sunil Kunders on Customer Satisfaction Voices | What’s Your Criteria for Hiring New People? Internet | Tapping Into Rural Talent Security | New Age Secret Agents Opinion Poll | Healthcare at Your Service E-mail | Going on an E-mail Diet Green IT | Datacenters: In the Green Zone

Essential Technology | 52 Performance Management | Do It Better

with Scorecards Feature by Esther Shein Pundit | The Skinny Straw

Column by Bernard Golden

From the Editor-in-Chief | 2 The Crowbar or the Gun?

By Vijay Ramachandran


3 8

For more opinions, features, analyses and updates, log on to our companion website and discover content designed to help you and your organization deploy IT strategically. Go to


Case File Ontario Takes I.T. to the Next Level | 38 Ontario’s 13 million citizens get good service from the state via its IT infrastructure, but the local government wanted to do more. So it took a business approach to government IT.

2 0

Feature by David Carey

Peer-to-Peer Alignment with I.T. Best Practices | 18 IT best practices can continuously improve strategic business performance, but some CIOs are daunted by it. Here’s how one CIO implemented it. Column by Al Kuebler


s e p te m b er 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 6

8/28/2009 12:53:51 PM

Governing BOARD

Advertiser Index

Alok Kumar

Publisher Louis D’Mello

Global Head - Internal IT, TCS

Associate Publisher Alok Anand

Anil Khopkar

Editor ial Editor-IN-CHIEF Vijay Ramachandran


GM (MIS) & CIO, Bajaj Auto



assistant editors Gunjan Trivedi, Anjan Choudhury

Kanika Goswami Senior Correspondent Kailas Shastry

Correspondent Sneha Jha

Chief COPY EDITOR Sunil Shah Copy Editor Shardha Subramanian

Trainee Journalists

Priyanka Varsha Chidambaram

Product manager Online Sreekant Sastry Des ign & Production Lead Designers Vikas Kapoor Suresh Nair





CTO, BSE Ashish Chauhan President & CIO, IT Applications, Reliance Industries Atul Jayawant President Corporate IT & Group CIO, Aditya Birla Group

This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.

Donald Patra CIO, HSBC India

Girish A V (Multimedia) SENIOR Designers Jinan K Vijayan

Unnikrishnan A V Sani Mani (Multimedia)

Dr. Jai Menon Director Technology & Customer Service, Bharti Airtel & Group CIO, Bharti Enterprises

Designers M M Shanith

Photography Srivatsa Shandilya

Production Manager T K Karunakaran

DY. Production Manager T K Jayadeep Ma rk eting and Sa l es VP Sales Sudhir Kamath Senior Mananger Siddharth Singh Assistant Manager Sukanya Saikia Bangalore Kumarjeet Bhattacharjee, Arun Kumar, Manoj D., Ajay S. Chakravarthy Delhi Aveek Bhose, Punit Mishra, Rajesh Kumar Sharma Mumbai Parul Singh, Hafeez Shaikh, Suresh Balaji, Pooja Nayak Dipti Mahendra Modi CUSTOM PUBLISHING SR. MANAGER MARKETING Rohan Chandhok COPY EDITORS Kavita Madhusudan Deepti Balani LEAD DESIGNER Vinoj KN SENIOR DESIGNER Jithesh CC Events VP Rupesh Sreedharan Senior Manager Chetan Acharya Managers Ajay Adhikari, Pooja Chhabra

Gopal Shukla VP - Business Systems, Hindustan Coca Cola Manish Choksi Chief Corporate Strategy & CIO, Asian Paints Manish Gupta Director-IT, Pepsi Foods Murali krishna K. Head - CCD, Infosys Technologies

marketing & sales BANGALORE Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027 Ph: 3053 0300 Fax: 3058 6065

Navin Chadha CIO, Vodafone Pravir Vohra Group CTO, ICICI Bank Rajesh Uppal Chief General Manager IT & Distribution, Maruti Udyog Sanjay Jain

DELHI 410, Hemkunt Towers, 98, Nehru Place, New Delhi 110 019, India Ph: 4167 4230 Fax: 4167 4233

MUMBAI 201, Madhava, Bandra Kurla Complex, Bandra (E), Mumbai 400 051 Ph: 3068 5000 Fax: 2659 2708

CIO, WNS Global Services Shreekant Mokashi Chief-IT, Tata Steel Sunil Mehta

All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.

Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.

Sr. VP & Area Systems Director (Central Asia), JWT T.K. Subramanian Div. VP-IS, UB Group V. K Magapu Director, Larsen & Toubro V.V.R Babu Group CIO, ITC


s e p te m b er 1 , 2 0 0 9 | REAL CIO WORLD

Content,Editorial,Colophone.indd 8

Vol/4 | ISSUE/20

8/28/2009 12:53:51 PM






IllustratIon by anIl t

Keeping Them happy

S t a f f M a n a g e M e n t Tough times make it hard to keep workers — even those at stable organizations — hard to motivated. Here are five ways to keep your organization remains a positive place. Don't sugarcoat the truth. Open communication is better than silence. Discuss the organization's current situation and future. To the extent appropriate, share plans for riding out the recession. Invite workers to brainstorm about lessons from past downturns could be applied now.

Listen to your staff. By giving your workers a chance to voice their concerns, you'll be able to gauge the overall attitude in the workplace. Because some employees may be reluctant to speak up, you could try strolling through your workplace — do you hear laughter, or are people working in grim silence? Their behavior will provide clues about the prevailing mood. Assign work strategically. Re-evaluate each staff member's responsibilities and do some fine-tuning so the team can work more efficiently. Make this a collaborative process — ask your staff how best to distribute the workload. There may be duties or projects they would like to tackle, and giving them manageable new challenges can be motivating. Protect staff from overload. Be realistic about your employees' limits. If you sense that your employees are

overwhelmed, take action before they reach burnout. Determine which projects are urgent and which can be put on hold or redistributed. Or consider bringing in freelancers to provide additional support and relieve pressure. Reward employees and show appreciation. This is less about offering material things than about the small gestures, such as saying thank you, asking their opinions on ideas and complimenting their efforts. It's a show of how grateful you are for their hard work and loyalty. Focus on the future. Although you may not be able to make binding commitments or promises, now is a good time to talk with your employees about their career paths. Speak to them about how to make their jobs more satisfying, assist them in reaching their professional goals or provide opportunities for advancement. —By Dave Willmer

Quick take

Sunil Kunders on Customer Satisfaction Customer delight is something that every company — in every vertical — focuses on. But to gauge customer satisfaction and rake in profits, business and technology need to work together. Kanika Goswami spoke to Sunil Kunders, head-IT, Arvind Brands to find out how it's done:

BuSineSS iSSueS

How does Arvind Brands track and maintain customer loyalty? We have our own loyalty program, a card called Smart One, which we use to track, analyze and reward customer behavior. Basically, the card ensures that that the customer gets the discounts he is entitled to. What mechanism do you use to measure the level of your customers’ satisfaction? We have a store stock serviceability index. This looks at optimal stock in the store and based on that assesses the basic requirement of that store. The marketing team also conducts a lot of surveys on what customers want, etcetera.

Vol/4 | Issu I ssu E/20

These surveys are constantly monitored. This is not a pure IT initiative, but a business-IT one. How high an index does customer satisfactionhold in the retail sector? In the retail industry, it is extremely important, especially, in terms of capturing mind space within the organization. So, all departments focus on how to deliver quality to customers. In other industries, I’d assume it is as important as it is in retail.

Sunil Kunders

Are CRM applications adequate to manage all your customer related needs? We use a product for loyalty management. In the coming financial year, we plan to invest in a CRM solution. Currently, we have a mechanism where customer feedback is collected and sent back to the head office. Every complaint and feedback is essential as it gives a fair idea of what we are doing wrong and an opportunity to rectify it. REAL CIO WORLD | s e p T e m b e r 1 , 2 0 0 9


What's Your Criteria for Hiring New People? The economy has forced many companies to look for ways to prop up their bottonlines by restructuring. But as the downturn weakens, hiring cycles are slowly picking up. Varsha Chidambaram spoke to some of your peers about hiring strategies, and here’s what they had to say: S ta f f


“One criterion is that they should have inherent competencies in the technologies we work


with. A candidate's will to learn, work hard, and be productive as fast as possible are also essential.” Ankur Basu Head-Technology & IT Infrastructure, Mjunction Services

"For senior positions we are looking for well-rounded professionals who can take on multiple roles across functions rather than specialists with expertise in a single domain.” Manoj Shrivastava VP-Group IT, Reliance ADA

“Right now, we are not hiring. We have a huge bench and we are trying to leverage it. Many employees have been pushed into our virtual pool program. We are focusing on getting them back.” Srinivas Kishan Anapu Head-Internal IS Mahindra Satyam

Lend Your


Write to 10

Trendlines.indd 10

s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Tapping Into

Rural Talent I n t e r n e t A new online recruitment website in India plans to target the country's rural youth, who have been cut off from jobs in the cities due to a lack of communications infrastructure. The site,, (employment world) set up by recruitment firm Monster, will take advantage of a vast network of Internet kiosks in rural areas to help farmers access information on crops, weather, agricultural demand and pricing. The network, called e-Choupal, was set up by ITC to aid its procurement of produce for its agriculture products business. The website will help employers who are planning to expand their operations in rural areas, besides providing opportunities in urban markets for rural people, said Sanjay Modi, managing director of Monster India. The tie-up with ITC gives Monster access to about 40,000 villages in nine Indian states. Potentially, one million job seekers could reside in these villages, Modi said. ITC e-Choupal is expanding quickly, and is connecting three to four new villages every month. Sanchalaks, the farmers who manage the e-Choupal kiosk for farming communities, are now being trained to help young people submit resumes online, apply for jobs and explore other career opportunities. There are lots of employment sites, but villagers lack access to the Internet, Modi said. The e-Choupal network helps Monster address a large section of youth looking for jobs in the cities and even in rural areas, he added. Monster currently gets about 25 percent to 30 percent of applications on its main recruitment website from small cities, but there is very little activity from the villages. The company's aim is to target all the job seekers in India, whether in the cities and towns, or villages, Modi said. Monster India and Dishtv, a direct-to-home television company, announced a partnership to offer an interactive online job search service MonsterJobs Active via television. The service targets users in small cities and towns who lack Internet access. Monster and ITC decided on a separate website for rural job seekers rather than an extension of the mainstream Monster India recruitment site. After surveying rural markets, Monster found that the needs of rural job seekers and the kind of jobs in rural markets are distinct, and required a separate website, Modi said. The site is managed by ITC e-Choupal and Monster, which will share in the revenue. The site will charge employers, but will not charge job seekers, Modi said.

—By John Ribeiro

Vol/4 | ISSUE/20

8/28/2009 12:50:40 PM

New Age Secret Agents S e c u r i t y Here are eight cloak-anddagger ways, legal and illegal, to secretly tap into networks and computers to capture data and conversations.

Wireless keyboard eavesdropping: has released an open source hardware design and accompanying software for a device that captures then decrypts signals from wireless keyboards. The device uses a wireless receiver that can be concealed in clothing or disguised as a common object that could be left on a desk near a PC to pick up signals.


Wired keyboard eavesdropping: Electromagnetic pulses that keyboards make to signal what key is being hit travel through the grounding system of the keyboard and the computer itself as well as the ground for the electrical wiring in the building where the computer is plugged in. Probes placed on the ground for the electric wiring can pick up these electromagnetic fluctuations, which can be captured and translated into characters. Andrea Barisani and Daniele Bianco, researchers for network security consultancy Inverse Path, are researching on the topic in the hopes of sparking more public research of these techniques. Laptop eavesdropping via lasers: Bouncing lasers off laptops and capturing the vibrations made as keys, give attackers enough data to deduce what is being typed. Each key makes a unique set of vibrations different from any other. The space bar makes an even more unique set. Language analysis software can help determine which set of vibrations correspond to which key, and if the attacker knows the language being used, the message can be exposed. Mobiles: remotely activated bugs Software loaded onto certain models of cell phones can silence the ringers and cut off the light displays that would 12

s e p T e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Language analysis software can help determine which set of vibrations correspond to which key. normally be triggered when calls are made to them. The caller can then listen in on conversations in the room where the phone is located. Law enforcement wiretapping based on voice print: Phone company voice switches include software that can search all conversations going through it for voices that match sets of voiceprints. Whenever the switch makes a match, it can trigger a recording of the conversation and alert law enforcement officials, says James Atkinson, an expert in technical surveillance countermeasures. Cable TV as an exploitable network: Because most cable TV networks are essentially hubbed, any node can monitor any other node's traffic, says James Atkinson, an expert in technical surveillance countermeasures. By and large

security is rudimentary and the encryption used could be hacked by someone with basic technical skills and readily available decryption tools, he says. Cell phone monitoring: Commercially available software claims to capture cell phone conversations and texting. Attackers need to get physical access to the phone to upload the software that enables this. There are several commercial brands on the market, but there are also online complaints that the software doesn't work as advertised or is more complicated to use than the vendors let on. Commercial keyloggers: Early keyloggers were devices attached in-line with keyboards, but they advanced to software tools that grab keystrokes and store or send them to an attack server. Commercial versions have the software loaded on memory sticks that can dump the software on a computer and then be reinserted later to download the collected data.

—By Tim Greene

healthcare at Your Service Top self-service applications Electronic medical records aside, consumers say IT can make managing their healthcare more convenient.

Booking appointment

54% Receiving test results or follow up information

54% Seeing and managing personal health information 43% Getting information about healthcare issues 41% Getting directions to locations within a hospital 37% source: nCr/buzzback Market research s

Vol/4 | Issu E/20

Going On an E-mail Diet CIO Tony Murabito surveys workers at his company every year, asking them about their experiences and expectations regarding the IT systems they use. The responses usually focus on technical issues, which is why last year's comments about e-mail shocked him: "Let's blow up the Reply-to-All key!" "Why can't people get to the point!" "There was just an overwhelming sense that there were no controls [on e-mail] in place," Murabito says. CIOs are in the business of delivering technology, not curtailing its use. But Murabito decided to do just that. His goal for his company, Cubist Pharmaceuticals is to cut the number of e-mails by 25 percent by training employees how to better use one of the basic tools of the modern office. This e-mail problem isn't unique to Cubist, says Dianna Booher, CEO of Booher Consultants and author of E-Writing: 21st Century Tools for Effective Communication. "I hear a lot of complains, and there's not a lot of people doing something about it," she says. Booher's surveys of clients have shown that 58 percent of workers spend up to three hours a day on e-mail. This isn't a spam problem. Workers at Cubist are complaining about the excessive amount of business-generated e-mails,



Murabito says. They say they trudge through confusing and pointless messages because senders mindlessly hit 'Reply All' just to say something like 'Thanks.' Murabito says his research showed that cutting e-mail communications could help each worker recover an estimated 15 to 20 days of lost productivity annually — or 7,000 to 9,000 days every year for the whole organization. "I never had a project before that could have that kind of ROI," he says, noting that his investment was mostly internal staff time and about $50,000 (about Rs 25 lakh) in training costs. He set up a program that would clean out everyone's deleted-mail folders every night and delete all sent e-mails that were over six months old, but some workers resisted, saying they needed those messages. "It showed they were using e-mails for more than communication. Some were using it for document management," Murabito says. This revealed that workers, such as those in the clinical and regulatory areas, need better document management tools (which he's delivering). Murabito is confident that he can reach the goal of cutting e-mail by 25 percent once everyone is trained later this year.

—By Mary K. Pratt

Datacenters: In the Green Zone The recession is driving green IT into datacenters, and organizations that are facing continued pressure on their budgets and datacenter resource, are now actively investigating software and outsourcing alternatives. So said analyst house Datamonitor in its , report Can Green IT Bloom in an Economic Downturn. "The global economic recession has spurred a paradigm shift in the way organizations evaluate, budget for and deploy green IT", said the report's author, Rhonda Ascierto, senior analyst at Datamonitor. The report said current green IT investments are being driven by compliance with environmental legislation and cost savings. In particular, the report suggested green IT that also eliminates the need for

G r e e n IT


Trendlines.indd 14

s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

storage, communications capex, such as datacenter The report says that infrastructure, and business virtualization, datacenter the type of green IT which also eliminates applications, are being design and layout, and the need for capex virtualized across a pool of asset lifecycle management, — such as datacenter datacenter hardware," she said. has become increasingly virtualization — has become increasingly Ascierto was also clear that important as IT budgets important as IT budgets the ROI model for green IT is remain constrained. remain constrained. now compulsory and much Indeed, Datamonitor says shorter. "What has really that its research shows IT shifted nowadays is the ROI model of budgets are likely to remain flat in green IT," she said. 2009. This view was backed up when "Before the downturn, enterprises Gartner recently confirmed the gloomy had a vague notion of what ROI green outlook for the IT industry. IT would deliver," she said. "It was Interestingly, Ascierto believes there not necessarily quantified, and there will be a slowdown in datacenter builds, was not a lot of disciplined ROI. But in with a corresponding increase in the today's environment, those vague ROI use of green IT, with virtualization the notions have gone, and all capex, and main beneficiary. increasingly opex, has to be justified "Datacenter virtualization is because of constrained IT budgets." becoming more holistic, whereby various assets, including servers, —By Tom Jowitt

Vol/4 | ISSUE/20

8/28/2009 12:50:41 PM

Al Kuebler


Alignment with IT Best Practices IT best practices can continuously improve strategic business performance, but some CIOs are daunted by it. Here’s how one CIO implemented it.


Il lustratio n by Sasi Bhaskar

e was the managing director for a strategic business unit that was part of an international enterprise. I first met him when he was looking for an IT project manager. I found out, though, that the IT system development project he wanted me to manage had been under way for three years and that it was one year late. Worse, it had been reported to be 99 percent complete each month for the past seven months. The individually contracted junior programmers responsible for the software were nowhere to be found. Instead of the industry standard of three seconds or less per transaction, the response time for the system's online functions averaged about four minutes. I declined the job offer in a letter in which I suggested that systems being built to improve the productivity of his business unit needed their basic requirements established upfront. I went so far as to say that all such IT systems needed to be developed using something called a ‘systems development methodology’, or SDM. I also sent him a couple of books that explained that SDMs were IT best practices. Three years went by, and suddenly he wanted to see me again. I found him in a new office, occupying a corner of the corporate building 50 floors above Manhattan. He was now the COO of the entire enterprise, reporting to the CEO and chairman. He started off by filling me in on what had happened after I had refused his offer. "We did what you suggested in your letter. It cost us a lot to do it, but the darned thing has been running just fine since we redeveloped it using that 'best practices' thing." He went on, "My responsibilities have changed, and guess what. IT development projects like the one you know about are everywhere I look." 18

s e pt e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn_1_Getting the best out of IT best practices.indd 18

Vol/4 | ISSUE/20

8/28/2009 12:49:33 PM

Al Kuebler


That was why he had called me in. "Here's the deal. I've created a new IT management position. No one knows exactly what it means yet, but I've clearly indicated enterprisewide that I'll no longer fund unproductive business unit IT projects unless my new senior director of systems assurance approves them." Now, I'm somebody who really likes to build things, and here was an opportunity with an interesting twist: to have some influence over building things properly. I had a few concerns over the staying power of such influence, however. "I know," he said. "You'll be needing these." He handed me an envelope full of his business cards. "I need the word to get out that I will be happy to personally engage anyone that wants to build a system that doesn't do what is needed, is late or is over budget."

Putting It in Place With that kind of air cover, things began to happen. Still, it took about a year for the best practice systems development approach to be fully adopted. IT folks both at corporate and in the business units were required to attend training in how to apply a standard SDM approach to IT development. While some parts of some IT development projects had to be completely redone, none of them were declared an entire failure and scrapped. The whole idea was to build on what was already

no SDM, no matter how rigorously followed, can automatically accommodate the sudden acquisition of a new subsidiary with a different business model into the capabilities of a system under development. Ditto the divestiture of an existing company or a suddenly imposed major regulation. Ultimately, the answer was to adopt a higher-order IT best practice. Individual IT development projects would no longer be thought of as standalone ‘IT transactions’. Under a new framework, each IT development effort would be considered an integral and connected part of improving the enterprise's strategic performance through IT. That is, every project would be conceived as a way to avoid cost, improve service and increase revenue at every level. Proposed changes to business or enterprise strategies would now involve something called an ‘IT impact assessment’, which considers not only existing IT operational issues, but IT system development effort issues under way at the time as well. The result? No more white elephants.

Useful Frameworks These days (with everything Googleable), if I were asked about IT best practices and where they'd be most usefully applied, I'd start by suggesting CMMI for predictable system development outcomes and a way to continuously improve IT development

With that kind of air cover, things began to happen. Still, it took about a year for the best practice systems development approach to be fully adopted. in place whenever possible. The process of ‘cross-walking’ an existing IT development project to the standard SDM approach continued to improve and, at some level, it always worked. IT projects were now usually on time, as specified and at the agreed cost. An IT fairy tale, with everyone living happily ever after? Not really. Something was still missing.

The Need for Improvement Even though we were doing everything right, we still wound up with all or partial ‘white elephant’ systems. They either were awkward to use, had features that were no longer needed by the business that funded them, or both. The results weren't disastrous. Changes could usually be made to those white elephant systems to make them more usable. But clearly this was not the best use of IT dollars, either. Why did this happen? Well, I was too busy cross-walking things to see what was right there before my eyes. It was too obvious. We were using system requirements that had been established up to two years before a system was implemented. With the passage of so much time, we had done nothing to account for changes in the business that occurred in the meantime. But aren't SDM approaches built to accommodate changes throughout the development process? Yes, certainly. But by itself,

Vol/4 | ISSUE/20

Coloumn_1_Getting the best out of IT best practices.indd 19

productivity and IT strategic alignment. For IT operational issues, there is the ITIL, which is useful for those in IT operational roles to consider their contributions as part of what their client's experience, with emphasis on process results instead of precise organizational assignments. And these can be built upon with the ISO 9000 framework for quality management systems. Something you may find useful to keep in mind in all of this is the fact that every IT best practice embodies the basic principle to continuously improve strategic business performance through the effective use of IT. The upshot of this should be no surprise to you: Stockholders always consider investing in and managing IT around this principle to be smart leadership. So what? Well, if you're in IT management and you haven't yet looked into IT best practices, you may wish to consider how one or more of them might apply to your situation. All IT best practices contain wonderful guidance to show and communicate their value in business terms. Once past the awareness and trial steps, you'll wonder, as I did, "Why didn't I do this sooner?". CIO Al Kuebler was CIO for AT&T Universal Card, Los Angeles County, Alcatel and McGraw-Hill. He is now a general management and IT consultant and graduate school lecturer at NYU, De Paul and UCLA. Send feedback on this column to

REAL CIO WORLD | s e pt e m b e r 1 , 2 0 0 9


8/28/2009 12:49:33 PM

David Taber

Applied Insight

Getting Sales and Marketing to Team Up You can help solve the ongoing row between sales and marketing over leads by focusing on CRM’s true purpose: providing a solid basis for collaboration among marketing, pre-sales, and sales teams.


Illustrat io n by pc anoo p

he business purpose of customer relationship management (CRM) is to capture new customers more quickly, grow them more predictably, and keep them as loyal repeat customers. A CRM system should streamline the revenue business process and make every revenue dollar more profitable. And it will — providing IT leaders focus on optimizing the overall revenue business process, not individual point measurements like ‘new leads’. The revenue business process starts with market planning, audience targeting, and outreach campaigns, and it ends with collections. The process spans marketing, sales, customer service, delivery/fulfillment, and accounting departments. While the sales cycle may take only a few weeks, the revenue process cycle can take as long as several months (if not several quarters) in B2B environments. A flow-chart of the revenue business process will often take up an entire wall, and will include a surprising number of question marks. Trust me, it's more complicated than you think. Why do leads lie? Leads lie because we think they're saying something that they aren't. A lead is not ready to buy. They're typically not even ready to talk with one of your sales representatives. A lead is merely somebody who indicated "tell me a little more," by clicking on a link, responding to an e-mail, or registering on a site. Marketing wants to look good, so they market the value of leads. Their thinking goes like this: Easy to measure, straightforward to buy. Declare victory. Unfortunately, sales departments wants to make money this quarter — and they optimistically jump at the idea of


s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Coloumn_2_Taking a Hammer to Your Data.indd 20

Vol/4 | ISSUE/20

8/28/2009 12:48:52 PM

David Taber

Applied Insight

100 new prospects a day. But they quickly find that those 100 leads don't want to take a meeting, and the inevitable frustration with marketing starts to set in.

What’s a Lead, Really? Let’s look at this another way. If you think of the revenue business process as a refinery, it takes in low-grade ore and purifies it to gold. Leads are the low-grade ore, often with conversion rates of 1 percent or less, ready for refining but not for final use. Until the leads are cultivated, nurtured, qualified, and converted to contacts, there can be no sales cycle. In many B2B and B2C businesses, the unqualified leads that are in the nurturing cycle may be numbered in the millions. Industry statistics show that up to 40 percent of leads may make their first purchase after having been in what’s called a ‘remarketing database’ for 18 months or longer. Even though the exact statistics depend on your industry and target market, this principle applies equally to B2B and B2C markets. This is the whole purpose of marketing automation systems that integrate with your CRM system. When do leads lie? For most companies, the number of leads is, by itself, almost always meaningless for the big

load up the CRM system with 10,000 new leads, marketing will be trying to figure out how to get 100 people interested and motivated enough to take a call. They'll collaborate on scripts for the telesales folks, and work to solve conversion rate problems, and try to optimize the number and cost of those sales-cycle starts.

Leads and Your CRM Of course leads are a good thing. But there's one more problem with them: despite what you think, they don't really connect with the revenue pipeline. Here are three reasons why:  When a lead matures, it doesn't become an opportunity or a deal. It becomes a contact in your CRM system.  When a contact matures and starts a sales cycle, it doesn't become an opportunity either. The contact might be connected to an opportunity, but in real world CRM systems this happens less than 40 percent of the time (in B2B environments, it may happen less than 10 percent of the time).  So when you look at your revenue pipeline, most of the deals won't refer back to leads. It'll make your lead generation look less important than it really is. This goes double if you use the ‘Named Account’ model of selling.

By focusing on sales-cycle starts rather than leads, you'll be able to measure something that's meaningful to the business and provide a solid basis for collaboration among marketing, pre-sales, and sales teams. And that's the whole point of CRM. picture. (The exception is when you're getting almost no leads: this can't be good.) Leads are a nice indicator of market interest, but like measures of ‘visibility’ or ‘market impressions’ it is not a direct predictor of good times ahead for an organization. Leads start to get meaningful when you include measurements of lead quality, such as conversion ratios, scores, and frequency of activity. They get more and more significant as the leads pass through qualification and conversion steps. But understanding and assessing all the subtleties takes way too much time for most users: they just want to see a number that's meaningful. And the meaningful number, both for the sales boys and the overall business process, is the number of sales cycles started in a period. The number will be much lower than what the executives like to throw around — and it's throttled by the speed and skill of the sales representatives. But by focusing attention on the number of sales cycles started, it forces the marketing, pre-sales, and sales teams to work together. They have to think about what it takes to create and execute a first customer meeting, and figure out how to do that in a more repeatable manner. Instead of trying to

Vol/4 | ISSUE/20

Coloumn_2_Taking a Hammer to Your Data.indd 21

Even though leads are part of the revenue business process, in most real-world CRM systems it’s hard to connect lead analysis to pipeline analysis. The bottom line: by focusing on sales-cycle starts (opportunity-creates) rather than leads (visibility events), you'll be able to measure something that's meaningful to the business and provide a solid basis for collaboration among marketing, pre-sales, and sales teams. And that's the whole point of CRM. CIO

David Taber is the author of the new Prentice Hall book,

Secrets of Success and is the CEO of SalesLogistix, a certified consultancy focused on business process improvement through use of CRM systems. Send feedback on this column to

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9


8/28/2009 12:48:52 PM

Gather a few hundred CIOs in a room for a day and talk of cloud

Reader ROI:

Where the cloud is on the CIO radar Which apps are suited for the cloud The people costs


computing billows forth. For CIOs who are already dabbling, projected savings are debated. From bullish analysts and eager vendors, more dazzling benefits are predicted. Yet just as quickly come the caveats. Questions abound on security, reliability and control over corporate data. The biggest shadow of all is cast over what, exactly, cloud computing means. A recent academic study identified at least 22 definitions of ‘cloud computing’ in common use, from the broad notion of using the Internet to access any sort of managed technology services to the wideeyed optimist's view that a diverse, powerful lineup of cloud services will be delivered in real time by crash-proof distributed servers "without complicated deployment worries." The sorry economy is prompting more CIOs to explore cloud computing and its cost-cutting promise, says Doug Tracy, former global CTO for Rolls-Royce. "But it's still an idea that a lot of people don't know a whole lot about." The core attraction of the cloud is that companies can avoid buying and running hardware, software and other equipment by contracting with a services vendor to run selected systems or applications on its own infrastructure of virtualized servers. The ‘services’ you purchase are delivered in a standardized, multi-tenancy fashion that observers say will save one-third to one-half of your current costs. That's certainly appealing as this recession forces CIOs to seek ever-greater efficiencies from IT infrastructures already as lean as starving wolves.

s e p T e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/20

Cover Story | Cloud Computing

Pressure for flexibility, savings and speed are driving up CIO interest in cloud computing. But veterans of the tech hype wars say they won't be won over by big promises.

PhotoS by Sr IVatSa Shan dIlya Il lUStratI on by MM Shan It h

By Jarina D' D'auria , Kim S. naSh

"We're under tremendous pressure to provide flexibility and agility and to be driving cost models down," says Charles Soto, vice president of IT at Motorola's Broadband Mobility Solutions business, which recently tested cloud computing services for four different applications. But thinking that cloud computing will release an instant reservoir of savings is a mistake, he adds. To Arthur Winn, head of pricing at BT Group, the cloud is nothing but a marketing term. The $41 billion (about Rs 205,000 crore) London telecommunications company has been doing what could be considered cloud computing for several years, he says. That is, handing over BT customer calling data to a third party to analyze and then let BT access via the Internet. "As long as we are getting more service for less money each year, we're happy," he says. Making decisions about an over-hyped, under-delivering technology amid today's unrelenting economic pressures certainly isn't easy. So to help uncloud your thinking, we looked into exactly how several companies across various industries are experimenting with cloud computing.

Vol/4 | ISSUE/20

What we found is that the cloud is an umbrella term for many services, including SaaS and virtualization — anything but traditional computing behind the walls of your own datacenter. If you're worried about being behind the cloud curve, don't be.

Spinning the hype CyCle CIOs recognize this latest hype cycle all too well. When client-server computing was all the early-90s' rage, every vendor slapped the term onto its marketing pitch whether it fit or not. Then it was data warehousing lining up to provide a single view of all your customers at the touch of a button. Next came ERP systems intended to replace the disparate best-of-breed software across business operations. All of these hype-cycled technologies eventually had a significant impact on corporate computing environments, but invariably at much greater complexity and expense than initially promised. First, a definition of the cloud that most CIOs understand: You don't own software or hardware and, unlike outsourcing, no equipment is dedicated to you. You access vendor's systems over the Net in a secured REAL CIO WORLD | s e p T e m b e r 1 , 2 0 0 9


Cover Story | Cloud Computing way. For that access, you pay a subscription fee that rises or falls with how much or how often you draw on the vendor's systems. Google, for example, offers office basics such as e-mail and word processing, with password protection and a per-user fee. Amazon offers substantial systems such as complete e-commerce or storage facilities, and charges per hour or per gigabyte for various configurations. From a newcomer such as Seattle-based Skytap, which provides virtual datacenter services, you get access to application development and testing environments for a monthly base charge and pay extra for virtual-machine, storage and data-transfer options. Cloud permutations range from network plumbing to business applications (see The Cloud Takes Many Forms). But using a cloud of someone else's technologies isn't as simple as calling Amazon and then writing a check every month, cautions Motorola's Soto. He would love to re-jig Motorola's IT to match computing power and cost-touser demand, whether it falls during a bad economy or rises during a good one. "How do we find a consumption-based model to pay for what we use, to be able to spin them up quickly or shut down without having to be burdened with depreciation schedules in the normal IT process?" he asks. That idea appeals to many IT leaders considering cloud computing, says Tom Pettibone, managing partner of consulting firm Transition Partners. CIOs have had to design their datacenters to take peak loads. But during off-peak times, that capacity

“The risks are high in a cloud environment but it is fairly cost effective.” — K. murli Krishna VP & Head CCD, Infosys Technologies sits unused and idling at great expense, Pettibone says. "That costs you every day." In the Skytap experiment, Motorola put four apps on Skytap servers: a project management tracker, a Web design app , an IT asset management database and a Microsoft Active Directory app. For $1,000 (about Rs 50,000), a small group of Motorola employees could test how those apps worked on Skytap's cloud for 30 days. Motorola is used to getting IT from outside, with 33 SaaS apps in production, including But what the cloud experiments showed is that agility and savings come with trade-offs. While Soto estimates the cost at one-third to one-half of what Motorola normally spends on those apps, Skytap's security needs work, he says. Motorola's people could see each other's data, he says. "That's very significant." Plus, adds Sujit Sinha, senior director of IT strategy and architecture at Motorola,

“I see SaaS and cloud computing as transformative IT. Of course, there will be risks. But, IT executives should stick their necks out." — Atul Jayawant President Corporate IT & Group CIO, Aditya Birla Group


s e p T e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

complying with SOX rules about segregation of duties in the cloud appears difficult. "We didn't see a way to segregate who has rights to do what," Sinha says. That raises concerns about failing a SOX audit, which requires clear evidence of employee assignments that present no conflicts of interest when handling company financial data. Skytap is learning from its customers, says Ian Knox, the vendor's director of product management. Security settings can be changed to protect data from the eyes of others, he says. A few weeks after Motorola's test ended, Skytap added several reporting and role-based access features to address SOX concerns, Knox adds. In cloud computing in general, Sinha notes, other issues also need to be worked out, such as who has rights to your data. With no universally accepted terms of what a cloud vendor can and cannot do, he says, "you have to work it out in your contracts." Despite the obstacles, Motorola is moving forward with its cloud initiatives. Next, they will pilot cloud services from a bigger player and, soon, they hope to have a small cloud application in production. Says Soto: "We'd do it yesterday if we could."

game Changing ability At BT, what Winn considers a cloud began years ago. Winn's group, which sets rates and deals for cell phone calling plans, had to compete with other departments for time on BT's internal, massively parallel servers. The group couldn't get enough time to test new pricing ideas, Winn says, so they looked outside the company for computing power.

Vol/4 | ISSUE/20

BT contracted with Kognitio for "data warehousing as a service," done on the vendor's servers on data BT ships via the Internet. Each month, BT sends the vendor hundreds of millions of call center records, or about 3.6TB of data. Kognitio then performs regression analysis so BT can study customer churn, for example, and what-if scenarios to discover how new price plans would play out. BT pricing specialists can log in to Kognitio's machines through a Citrix server to play around with the data, making queries using Business Objects tools. "The concept of interested people sharing a common resource has been around forever," Winn says. "It's the model of the combine harvester." Augmenting its computing resources this way has allowed BT to launch groundbreaking cell phone plans. A few years back, cell phone competition was a race to the lowest per-minute rate. BT wanted to know whether capped pricing would be profitable. That is, no call would ever cost more than, say, five pence. By applying that theoretical pricing package to a month's worth of real calling data from every BT customer, the company determined that such a scheme would be profitable. So BT went ahead with it. "BT is never going to be the lowest per minute," Winn says. "We needed to change the game." Winn's group might have done such modeling with Excel spreadsheets on a subset of BT data. But aggregates and averages are a risky way to model, he says. Abstractions can distort results. Working out pricing problems on Kognitio's servers lets BT use actual customer data — and lots of it. "When the answer comes out, it has a lot more credibility," he says. "This isn't a few assumptions in a spreadsheet. It is truly penny perfect."

The Cloud Takes

Many FOrMS A sampling of service providers, prices and features. When putting your systems in the cloud, a few options are available depending on exactly what you want to put there and for how long. Although each vendor offers essentially the same service — a place to move your computing efforts away from your own infrastructure — they break down the pricing in a number of ways. Here's a sample.

amazon Elastic Compute Cloud (EC2) provides an environment to run computing resources while keeping control over the data in users' hands and emphasizing pay per use. As users' requirements change, EC2 allows for easy scaling of capacity. Pricing is per terabyte per month, which decreases a few cents as the data amount increases. Users build their own Amazon Virtual image to include customizable features such as an operating system, starting and ending usage dates, security and network access controls, APIs or other management tools and the number of locations.

Google App Engine allows you to build your own virtual application to run Web applications on Google's servers in either Java or Python environments. Resources used by the applications, such as bandwidth and storage, are free for up to 500MB of data plus the CPU and bandwidth needed to serve more than five million page views a month. Once users surpass the free limits, prices are per gigabyte only for the extra resources used. Usage limits can be set so you never use more than what you are willing to pay for. Features include dynamic Web serving, automatic scaling and load balancing, storage sorting, APIs for authenticating users and more.

Skytap Virtual Lab supplies users with a ready-made platform to operate their applications and virtual machines without needing to build virtual machine images. As such, it gives users instant gratification for moving servers to the cloud, especially those requiring temporary usage of computing. Users are able to customize features of the platform, such as access and assets, through a provided management tool. The services target development and testing environments. Subscriptions for limited use of the self-service lab management application start at $500 (about Rs 25,000) per month. For additional fees based on usage of storage and data transfers, users can select an unlimited capacity option.

a Cloud by any other name


Jim Swartz, CIO of Sybase, sees potential in cloud computing but isn't ready to give up data to a third-party host. Instead, he has virtualized Sybase's servers — essentially creating his own private cloud — so he can study the best way to use the architecture. At Sybase, a private cloud of virtual servers inside its datacenter has saved nearly $2 million (about Rs 10 crore) annually since

vSphere 4 is a virtualization operating system providing the capability to move physical infrastructures into the cloud. By moving all physical datacenters, companies not only save money on computing and energy-related costs but also have one silo for storage and resource management. Pricing starts at $166 (about Rs 8,300) per processor or $995 (about Rs 50,000) for three physical systems and varies depending on the edition purchased. Depending on the size of the company, different versions are available and include different features, such as vMotion management tools, VMsafe security APIs and data recovery, among others.

Vol/4 | ISSUE/20

— Jarina d'auria REAL CIO WORLD | s e p T e m b e r 1 , 2 0 0 9


Cover Story | Cloud Computing

“There should be a complete riskmitigation analysis of the cloud. And risk mitigation will effectively negate for what you are trying to save.” — sunil mehta Sr. VP & Area Systems Director, Central Asia , JWT 2006, Swartz says, because the company can share computing power and storage resources across servers. The virtual setup also lets Sybase move data electronically from one physical site to another, for a more agile disaster recovery program. Whenever you hear the term private cloud, understand that it's "nothing more than virtualization," notes David Linthicum, principal of Linthicum Group, a consulting firm that specializes in enterprise architecture and Web technologies. Virtualization lets CIOs take advantage of the economics of cloud computing but within their own walls and under their own control. Virtualization has certainly saved money for Norton Healthcare, a non-profit hospital system, although CIO Joe DeVenuto declines to cite exact figures. Norton recently revamped its datacenter with vendor Emerson Network Power, installing 160 virtual servers. The goal was to milk every drop of computing power and storage capacity from its machines. Virtual servers scale up and down fast, and new ones can be added in less time than it takes to configure a traditional server, DeVenuto notes. Cloud vendors might be even more efficient than he is, De-Venuto says, but that extra oomph isn't worth the risk of letting go of patient data from Norton's four hospitals, 10 urgent care facilities and 60 doctor's offices. He would consider cloud for disaster recovery, he says, but not for primary computing. "I'm fairly conservative. It's a struggle for me to put patient information in the public cloud." 26

s e p T e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

e-mail optionS to explore One organization more willing to farm out some of its data is the United States Golf Association, which governs the rules of golf and runs 13 championships every year. Daily operations at the USGA rely heavily on their own e-mail system because they are in continual contact with their constituencies, such as state and regional golf associations, USGA members, championship host clubs and the general golfing community. Even an hour of downtime would cause major disruption to this workflow, says Jessica Carroll, managing director of IT. Carroll wanted to revise an existing e-mail backup plan that would take hours or days to recover. Under theplan, IT would handle the entire recovery process, including ordering new hardware to start from scratch. To take the weight off her team's shoulders and to make sure the company wouldn't lose data

or productivity, she signed a deal with IBM to host a replication of USGA's e-mail system in IBM's datacenters. If a USGA server hits a problem, Carroll can click a button to switch to the replicated version that IBM maintains for her without USGA users noticing a thing. Then her IT department can fix the internal issues. The e-mail system carries USGA's most critical data, such as membership information and correspondences between the constituents. But before Carroll could feel comfortable with the deal, she extracted stringent servicelevel promises from IBM. For example, in the event of a short-term outage like as a hardware failure, IBM must immediately provide a year's worth of backed-up e-mails for senior management of the USGA staff so they can continue work. In the event of a fullblown crash, IBM would provide multiple years' worth of messages. The hardware and software for this kind of backup and recovery system would have cost the USGA too much to do on its own, Carroll says. Hamilton Beach Brands also dipped a toe into cloud computing via e-mail. When the time came to upgrade Lotus Notes last year, the appliance company hesitated. Hamilton Beach hadn't refreshed Notes in three years and Jerry Hodge, senior director of information services, knew jumping from Notes 6.53 to version 8 would force him to upgrade his IBM iSeries servers and retrain the 500 users on the system. A lot of expensive work just for e-mail, he thought. Hodge asked his staff to look into Google's Gmail service, among other alternatives. E-mail isn't a competitive differentiator,

“The technology is in a very early stage and we are in no hurry to become early adopters. We are still considering the kind of applications we can put on the cloud; a combination of SaaS and cloud computing is an interesting possibility." — manish Choksi Chief - Corporate Strategy & CIO, Asian Paints

Vol/4 | ISSUE/20

he reasoned. By subscribing to Gmail for a monthly per-user fee, Hamilton Beach would avoid the expense of new hardware, software licenses and training. Because Google provides archiving and retrieval, Hodge also figured he'd save on items such as backup tapes and disks and the IT labor to support electronic discovery for lawsuits or audits. "Over five years, the cost would be half," he says. Such savings in capital and ongoing operating expenses were too compelling to pass up, he says. "Let someone in the cloud run e-mail and free up my guys' time to work on stuff that does make a difference."

“It will take some years for the model to mature but the technology is highly beneficial for SMEs. It makes sound business sense for them because of the flexibility it provides and its cost effectiveness.” — K.T. rajan Director Operations, Information Systems & Projects, Allergan India

doubting the Cloud It's one thing to put a basic, almost selfcontained system like e-mail into the hands of an outside service provider. Quite another to off-load more interdependent applications filled with sensitive customer or competitive data, says Tracy, who recently left RollsRoyce to become CIO of Dana Corp. "I don't think there's a mad rush for people to put their ERP systems in the clouds," he says. For Tracy and other skeptics, security and reliability issues raise serious questions. Outages of Gmail for several hours in February and April frustrated a mass of customers. Amazon, too, has experienced outages due to authentication overloads and other problems. How much these issues matter will vary depending on the criticality of the system and the risk tolerance of a CIO, Tracy says. Security is especially important at RollsRoyce, which makes such items as jet engines for military aircraft and power systems for

Navy ships. (The fancy cars are made by BMW.) As a defense contractor, the company is bound by strict federal technology and physical security regulations. He contemplated cloud computing but not with Amazon or Google partly because, he says, they won't let customers inspect their datacenters — and that's a show-stopper for Tracy. "You say you want to try cloud computing, but it's only a few hundred bucks a month to them and they say it's not cost effective to allow this tour," he says. Google, for one, has heard this criticism before. Its response is that customers can feel comfortable with Google Apps because its systems and processes have passed a SAS 70 Type II audit of controls in place to protect data. Google has also published on its enterprise blog some of the ways it manages customer information. That helps a little, Tracy says, but it's far from enough when he worries about

“We have deployed the cloud for some internal consumption but found that there are significant security risks; significant contractual, legal, and disruption risks.” — satish Das CSO, Cognizant Technology Solutions

exporting sensitive data. "That requires us to understand where the data is hosted and who has access, [even] the nationality of everyone who is a system administrator," he explains. "That's not feasible in cloud computing, where processing could be in any datacenter around the country at any given moment."

the people CoStS Adopting cloud whole hog could cut IT staff by 10 percent to 15 percent, according to McKinsey. That's just what no one below the CIO wants to hear. At Hamilton Beach, which simply handed over e-mail to Google, Hodge says he saw fear. "My team was apprehensive about the cloud. Thought it would put them out of a job." But no one has lost his job because of cloud computing, he adds. Instead, he's been able to reassign duties to let staffers do more productive work in areas such as business continuity. At a CIO Perspectives gathering of IT leaders, the enthusiasm about cloud computing's potential was tempered by sobering worries about early-stage hurdles. Still, the group estimated that within five years, between 25 and 30 percent of most companies' IT strategies will include cloud services. "The will to experiment is there," notes Shiva Swamy, executive vice president of IT services firm ZSL and one of the attendees. "Surely the bad economy provides the impetus, but there are many unknowns that we all have to figure out together." CIO Kim s. Nash is senior editor. Jarina D'Auria is a bostonbased freelance writer. send feedback on this feature to

Vol/4 | ISSUE/20

REAL CIO WORLD | s e p T e m b e r 1 , 2 0 0 9


Cover Story | Cloud Computing

As more IT leaders turn to the cloud, they will be faced by rumors and hearsay floating around the technology. We clear up the fog. By RoBeRt L. ScheieR

Wherever you turn,

someone's ready to tell (or sell) you something related to cloud computing. Cutting through the myths is essential to deciding whether, when, and how the cloud is right for you. Here's our top list of myths.

Myth No. 1

There's one single ‘cloud’

There are at least three forms of cloud computing, each with different benefits and risks. They are: Infrastructure as a service (bare-metal virtual servers available on demand from the likes of Amazon's Elastic Compute Cloud) Web services providers, or ‘platform as a service’, which are APIs or development platforms that let customers create and run apps in the cloud Software as a service, applications such as's CRM software that users access over the Internet with little or no code running on their own machines The type of application you're running and the kinds of data you're generating also make a big difference in whether — and how — to move to the cloud. Which leads to: 28

s e p T e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Reader ROI:

Why the cloud isn’t as easy as vendors claim How its different from virtualization What to expect in the future

Vol/4 | ISSUE/20

Cover Story | Cloud Computing

Myth No. 2

All you need is your crediT cArd

If you're a lone developer with time to burn, configuring a virtual bare-metal server from the command prompt may be no problem. But if you have a business to run, installing and configuring the OS, multiple applications, and database connections could get in the way of generating revenue. And if you're big enough to have any standards for security, data formats, or data quality, someone has to do that work, too. Some vendors imply that a business user "can just go in and buy a development server in 15 minutes that's as good as the one it would take their IT department three or four days to provision," says Michael Kollar, chief architect at Siemens IT Solutions and Services North America, which virtualizes about 2,500 servers to provide cloud-based application services to internal users as well as external customers. However, he says, that cloud-based server may not be secure, meet corporate standards, or be integrated into the wider IT environment. For example, even a Web server thrown up in the cloud for a short-term marketing campaign might need to meet corporate security and data format standards. That's because the customer data it gathers is subject to the same corporate and legal standards as ‘real’ IT systems, says Kollar, and it must be usable by corporate analytic or customer tracking systems. Many infrastructure-as-a-service players also can't meet the needs of enterprise applications. Phil Calvin, founder and CTO of Sitemasher, tried to find a cloud provider to manage the servers he now manages himself in a collocation facility. However, he says, "we couldn't find anyone to scale our standard servers" on demand. Nor could the cloud vendors provide the low-latency performance he requires or do global load balancing across datacenters. recently announced a public beta of new features that include auto-scaling, monitoring, and load balancing. In a blog post, cloud management vendor RightScale said the new capabilities were a step in the right direction but appeared to lack necessary capabilities such as configuration management and lifecycle management.

Il lUStrat Ion by MM Shan It h

Myth No. 3

The cloud reduces your workloAd

In the long run, maybe. But to get started, you have to figure out which model of cloud computing is right for you; which applications or services are best suited to it; and how to ensure the proper levels of security, compliance, and uptime. And remember, monitoring the performance of any vendor takes extra time. "When you're running production applications, there's a lot of thinking that goes on in terms of redundancy, in terms of reliability, in terms of performance and latencies," says Thorsten von Eicken, CTO and founder of RightScale. Before moving applications to the cloud, customers need to ensure those requirements are met, he says, calling it "wishful thinking" that cloud-based systems automatically manage themselves.

Vol/4 | ISSUE/20

In addition, not all apps are right for the cloud. Those relying on clustered servers, for example, aren't good fits for cloud environments where they share resources with other customers, says James Staten, a principal analyst at Forrester Research. That's because they require identical configuration of each server and large dedicated bandwidth among servers, which can't always be guaranteed by a cloud vendor. Again, thinking through these issues requires work, at least up front.

Myth No. 4

you cAn seAmlessly blend privATe And public clouds

Some cloud evangelists hold out the promise of the best of both worlds: the control provided by an in-house datacenter and the low cost and flexibility provided by the cloud, with the ability to drag and drop applications, storage, and servers among them as needed. But it's not yet that easy, at least for a complex multi-tier application that depends on internal databases and that serves thousands of users with ever-changing access rights. "Currently, it takes a lot of footwork, and a lot of manual re-configuration, and lots of engineering effort" to move applications among public and private clouds, says Staten. And even then, "we're still in the 'I hope it works' phase." Seamless integration is easier if customers are running the same platforms in both the public and private clouds, he says, but for the typical, more complex environments standards efforts such as the Open Virtualization Format are still "very basic" attempts to ease interoperability. The key requirements, says Siemens' Kollar, are a security infrastructure that can span both environments, secure and cost-effective ways to either replicate data or access it across the public and private clouds, and orchestration software to ensure that services are working as required and proper steps taken to repair them if they aren't. Renata Budko, vice president of marketing at virtualization management vendor HyTrust, says the best candidates for movement are those with relatively few modules and tiers, that are relatively "stateless" (not overly dependent on the timing and sequence of processing events), and those with relatively few user profiles to track. "If it's an internal cloud, you can access the policy database within the same cloud," she says, while customers may be reluctant to host sensitive security data in an external cloud or allow external access to their internal security data. Having said that, beware of:

Myth No. 5

you won'T ever be Able To seAmlessly blend your public And privATe clouds

Vendors are scrambling to provide such seamless blending. Kollar, for example, expects to provide it to his customers within 12 to 18 months. Until it's widely available, RightScale's Von Eicken recommends standardizing configurations, data models, and REAL CIO WORLD | s e p T e m b e r 1 , 2 0 0 9


Cover Story | Cloud Computing

automated deployment policies for both public and private clouds. That allows you to take advantages of the public cloud when it makes sense today, while building a foundation to do more sharing of public and private resources as the technology, standards and processes mature.

Myth No. 6

cloud compuTing AlwAys sAves you money

McKinsey & Co. recently released a hotly contested white paper claiming customers are only likely to save money when running specific platforms, such as Linux, in the cloud. For an entire datacenter, the report says, you're better off staying in-house. McKinsey declined to comment, but in a blog posting, Google Apps senior product manager Rajen Sheth said that the study erred by only considering the savings of using low-cost servers in a highly redundant architecture. It neglected, he says, the additional money customers save by using "the same scalable application server and database that Google uses for its own applications" and not having to purchase, install, maintain, and scale their own databases and application servers. Another wild card, say Staten, is that under current licensing and support models, customers could pay significantly more to their commercial software vendors by deploying their software in the cloud than they would internally.

Myth No. 7

A cloud provider cAn guArAnTee securiTy

Even if a cloud provider has every security certification in the book, that's no guarantee your specific servers, apps, and networks are secure. When it comes to, say, compliance with the credit card industry's PCI DSS (Payment Card Industry Data Security Standard) a retailer or credit card processor is audited on how well their servers and applications are deployed on the platforms provided by a cloud vendor such as Amazon or Google. "If you set up your applications badly," says Staten, "it doesn't matter how secure the platform you're running on is." Securing Siemens' cloud environment required looking at IT "from the outside in" and securing every conceivable path by which a user could access critical information, says Kollar. Securing each platform was not a significant challenge, he says, but ensuring all the needed security technologies worked together was. Staten says it may require "architect-to-architect" sit-downs to assure a vendor hasn't, for example, cut costs "by simply giving each customer their own table space in the same database," as that would allow any customer to see any other customer's data. In the cloud world, it's easier than in the physical world to assign new network interface cards to a virtual machine that might link it to an insecure network, says HyTrust's Budko. An organization's existing firewalls would have no way of knowing 30

s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

the new NIC exists and that it needs to monitor traffic through it, she says. Potential threats like that make it important to independently assess, rather than blindly trust, a cloud vendor's security infrastructure.

Myth No. 8

if you're running vms, you're doing cloud compuTing

Virtualization — creating logical servers or storage that span multiple physical devices — is one of the requirements of cloud computing. But having VMs doesn't mean you have cloud computing. To reap the full benefits of virtualization, IT or its cloud providers also must provide the ability to grow or shrink capacity as needed, provide pay-as-you-go pricing, and let users easily provision new servers and storage themselves as needed. Letting users do some of the work of ordering virtual servers (especially those preconfigured for specific tasks) is a key moneysaving goal of some cloud customers. But such self-service doesn't automatically happen just because you're running software such as VMware Infrastructure 3. Siemens, for example, had to make "a significant investment" in developing a standard catalog of virtual servers and related services users can order as needed from its private cloud, says Kollar.

Myth No. 9

cloud compuTing is AbouT Technology

Technology makes cloud computing possible, but realizing cost savings and flexibility also requires that you have the right processes. The virtualization that underlies cloud computing "is very dynamic and allows a very high rate of change," says Budko, as customers move data and applications among physical devices. "What's missing is the ability to manage it smoothly," avoiding a sprawl of unused or underused virtual machines that soak up electricity, cooling, and management time and possibly create security risks — just as unmanaged physical servers do. Using standardized processes in the cloud can, on the other hand, increase efficiency. Using the Information Technology Infrastructure Library (ITIL) management framework in combination with technologies such as virtualization, Siemens has reduced its IT management and administration task by 25 to 35 percent, says Kollar.

The TruTh AbouT The cloud What's the takeaway? That the cloud isn't a magic wonderland of carefree computing, but a complex resource that requires understanding and hard work to manage correctly. And that's no myth. CIO

send feedback on this feature to

Vol/4 | ISSUE/20

CEO Vision


In the Air

The upturn is around the corner and once again businesses and their CIOs have the chance to do something extraordinary.

Depending on who you listen to, the good times are back — or are going to be here soon enough. In a couple of months, risk-taking is going to be back in style, which makes it important to remind ourselves to sniff out the opportunities out there. That is why, at its last Leadership Summit of the season, CIO brought together three people who, individually, bring some of the elements needed to pull off the extraordinary. Sanjay Nayak points out the possibilities; Gourav Jaswal tells you how to make the right choices; and Sumit Dutta Chowdhury explains how he pulled of an idea many CIOs would consider unusual.

Vol/4 | ISSUE/20

Scanning for Opportunities Sanjay Nayak, Tejas Networks Page 32

Choice Maker Gourav Jaswal, Synapse Page 34

Big New Idea Sumit Dutta Chowdhury, Reliance Communications Page 36

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9


“People’s mindset is the greatest challenge.” Sanjay Nayak, Co-founder, CEO & MD, Tejas Networks, says that although India is ripe for product development, it still needs to break a few barriers. as told to priyanka 32

CEO_Speaking.indd 32

s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/20

8/28/2009 12:39:16 PM

CEO Vision


he global crisis presents an opportunity for people in India. The technology industry, in particular, works very peculiarly. One company builds something that is cutting-edge and once that technology starts getting old and ROI has already been derived, the technology moves to the third world countries, now called emerging markets. This is how things used to work. But the global market is now beginning to shift. For instance, five years ago, 70 percent of capex in the telecom industry was located in the US, Europe and Japan. Today, the traditional western markets hold about 50 percent of this share and the incremental growth is coming from the emerging markets. Thus, new technologies today have to be driven by these emerging markets to become successful. I also think that innovation now holds the key to a thriving business, and innovations in terms of new product development will gradually move to places where processes are carried out more efficiently. And this is a big opportunity for India.

PhotoS by Srivatsa Sh an dilya

Advantage India India has a fairly large domestic market today with many sectors making huge progress: the telecom sector, consumer electronics, and the Defence industry that is fast becoming the ‘anchor industry’ as it fuels innovation. India is also favourable because it provides the ground to leverage innovation. Work that is done for 100 $ (about Rs 5,000) in the US can be easily done with a quarter of that amount in India. At the same time, this augments prospects for growth because if a company would spend double the amount in R&D, the work would still be done in half of what it would cost in the US. That’s why, apart from a growing talent pool, India also offers investors ‘capital efficiency’. Most of the VCs today would

Vol/4 | ISSUE/20

CEO_Speaking.indd 33

Product Development In India Pros


A large and emerging domestic market.

Restricting mindset that doesn't explore options.

Favorable for leveraging innovation. Offers investors capital efficiency. Ability to maintain long-term partnership with investors.

Lack of an ecosystem conducive for product companies. Absence of manufacturing units. Poor government support to globalize.

want to invest in India because they are likely to make profits with relatively less capital investment. Finally, industries in India have gradually become partnershiporiented as compared to China or other European countries. Most companies that come here invariably talk of a comfort factor. Companies have now mastered the art of sustaining a long-term relationship with potential investors.

The Flip Side These factors together create an environment and an ecosystem for Indian companies to become world leaders in product development. But like in the case of any other proposition, there is a flip side to the great Indian advantage too: There are still not too many Indian world-class product companies. The reasons are many and the underlying factors are not difficult to realize. There is a lack of a 'product company' ecosystem. When we started Tejas Networks, the production of most of the products could not even begin in India. And this is a major problem because when you are building prototypes, you need to be close to a manufacturing unit, which is difficult to get hold of here. But that’s just the tip of the iceberg. The mindset of the people here poses, by far, the greatest challenge of all. Most companies view their problems in a very confined sphere and would solve only that minus-

cule part of the larger problem that is individually handed over to them. For example, they don’t assess whether their product is commercially successful or not. Whereas, product companies usually exhibit the reverse trend. The implementation of the product is definitely important, but the bigger gamble begins with the prospects of using it best for commercial benefit. Most of these challenges are unique to India. Technology is treated as a means and not as an end, and weightage is given to products that provide a higher ROI. In spite of a gradual shift, the Indian market still remains largely capex oriented. Unlike China and other South Asian countries, there is no government support in India to globalize. Despite these challenges, what we did right as a company is not difficult to replicate. We dreamt big from day one. We realized that as long as the direction we are taking is correct, it doesn't matter if we have all the facts and figures right from the beginning. We understood the customer and the market well. We could also modify our actions according to the changing environment, and we realized that the bigger problems eventually precipitated to smaller ones that could be easily taken care of. And once you can do that, you get a sense of accomplishment that is both fulfilling and deeply motivating. CIO Priyanka is trainee journalist. Send feedback on this column to editor

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9


8/28/2009 12:39:17 PM

“Why We Choose What We Choose.” Gourav Jaswal, founder and director of diverse entrepreneurial businesses, talks about how heuristics can shape a CIO’s business decisions. as told to Kanika Goswami


CEO_Speaking.indd 34

s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/20

8/28/2009 12:39:24 PM

CEO Vision


ntrepreneurship is not the easiest of career decisions. The crux of many entrepreneurial decisions lies in an insight of what sells and how to sell it. The trick is to know what makes customers decide to buy the things they do. Often, many of these purchase decisions are based on the science of heuristics. In psychology, heuristics refers to the cognitive shortcuts the human brain takes as it solves problems and makes decisions. These are rules that the mind uses unconsciously and are hard-coded into the human brain by evolution. There are multiple types of heuristics. Here is one example. Most people assume that the more they pack on a retail display (of one type of product, say jams), the more they will sell. The more choice, the better, right? Yet, studies show that 30 percent of people will buy when they are given a choice of six products. Compare that to the meagre 3 percent who buy when they are shown 24 types of the same product. More choice is not always better. A large array of options diminishes the attractiveness of what people actually choose when they are buying, because subliminally they are held back from making a purchase by the thought of the option they didn’t choose. This is called the tyranny of small decisions.

A Multiplicity of Heuristics Heuristics play an integral role in decisions people make — including CIOs. That is why it’s important to understand how it works. Here are some heuristics to watch out for. The anchoring heuristic. This is the human tendency to rely too heavily (or ‘anchor’ their decision-making process) on one piece of information to the exclusion of others. Businessmen employ it to their benefit when they put an extremely expensive shoe on display — one they know they will never sell. It’s sole job is to raise the bar, thus making their other shoes (which would normally seem

Vol/4 | ISSUE/20

CEO_Speaking.indd 35

expensive) seem less expensive. It’s also a trick negotiators use when they start at extreme ends of a price range. “People’s reaction to estimation problems is strongly influenced by a number they have been anchored by, even if they know it to be random,” says Daniel Kahneman, Paul Slovic and Amos Tversky, in Judgement Under Uncertainity: Heuristics and Biases. To avoid falling for this, CIOs should ask themselves: What am I anchored to when deciding what price is reasonable for an enterprise purchase? What are the factors I focus on when deciding which companies to partner with for service contracts? The availability heuristic. This is the propensity people have to base the frequency of an event on how easily they can imagine it. Take for example, how most people are certain that there are far more words that start with ‘r’, than words in which ‘r’ is the third letter — even though the latter outnumbers the former. It’s also why people were so afraid of catching the mad cow disease a few years back (which killed less than 500 people worldwide) — even though they were more likely to die on the way to a restaurant and eating infected beef there. What does that mean for CIOs? Because they are leaders, where CIOs focus their energies is crucial — and open to influence from unjustifiable perceptions. CIOs should ask themselves: am I allocating my time, money, and resources based on the real needs of my organization, or am I being swayed by the opinions of others? Representativeness Heuristic. This is a cognitive bias that compels people to assume commonality between objects of similar appearance, or between an object and a group it appears to fit. Take for example, how most people are more likely to slot someone who's intelligent but uncreative and has a clear and orderly mind as engineer rather than a doctor. This can be a worry for CIOs because they could be basing their decisions on who they partner with — be it colleagues or vendors — based on pre-

conceived notions like so-and-so is ‘antienterprise’. These decisions could limit their choices and those of their organizations. Escalation of commitment. As decision-makers, CIOs also need to watch out for this mental trap. It’s the hard-coded rule in people’s heads that drives them to justify an increased investment in something only because it sits on top of a prior investment — immaterial of whether the decision is sound. To the human mind, losses have more than twice the psychological impact of equivalent gains. So people make a sizeable investment and mentally pass the point of no return after they make that first commitment, forcing them to invest further and add to a bad decision. It explains why some people continue to invest in a losing stock, instead of cutting their losses and moving elsewhere. This pushes them to be economically inefficient and to allocate resources badly. Another example is America’s continued participation in Vietnam from the 60’s to the middle of the 70’s despite knowing better. A CIO should keep their guard up and beware of their own technology Vietnams. Effort heuristic. Another type of commitment that can force people, including CIOs, into pursuing false objectives is effort. According to the effort heuristic, the human mind assigns the value of an object based on the amount of effort that goes into acquiring or creating it. Take for example, how money that comes by without too much work is put in a separate mental account. Some people call this mad money, because people don’t mind parting with it because it was not ‘hard-earned’. For a CIO, this could come in the form of an extra-large budget when things start looking up again. This is not to point out that heuristic decisions are bad. Often, these hard-coded rules work. But like all systems, it is not infallible and being prepared and warned can help people take a step back and ask whether their deductions are correct. CIO Kanika Goswami is assistant editor. Send feedback to

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9


8/28/2009 12:39:25 PM

“Create a personal space at the workplace.” Sumit Dutta Chowdhury, CIO, Reliance Communication, shares how his personalized Web 2.0 initiative dramatically improved efficiency. As told to Sneha Jha


CEO_Speaking.indd 36

s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD


e are in the business of delivering communication to the world. It is obvious then that our internal communication channels should be efficient. And we thought they were. For about seven years, we had been working with an intranet-cum-knowledge management system called Gyan Mandir. But because it was very static, people were not really interested in it. Nevertheless, they used it for want of a better option. The portal lacked the functions needed for increased collaboration. I saw the need to revamp it and I had more reasons than one. We have a very young employee base. For example, in my team of 2,500 people, the average age is 27. That’s the demographic profile of our internal consumers. They have grown up in a complex digital world. The new generation of employees

Vol/4 | ISSUE/20

8/28/2009 12:39:29 PM

CEO Vision

want to communicate using Web 2.0 technologies in the form of blogs, wikis and IM. They needed a platform to share knowledge and make use of corporate information more productively. So, I started looking for an option to boost internal communications, coordination and cooperation.

Welcome to My World

I decided to use Web 2.0 concepts and put it up on our intranet. We started by looking at the kind of datd people are trying to find most of the time. We looked at questions like: How many hours does a person spend in a week looking for information? This gave us a fair idea of what the emplyees need. Using a single window, we wanted to give them small pieces of data that they seek from within the organization. We wanted to create a platform that users can customise according to their needs.

Vol/4 | ISSUE/20

CEO_Speaking.indd 37

And that's why we called it 'My World.' I chose iGoogle as a design framework for this project. We ‘widgetized’ every application. Users could also create new widgets according to their daily needs and build communities. Generally speaking, we don’t have this concept of self-building communities in any organization. I tried to do this in our company and I must say that incorporating this concept has provided the employees with more personal space in the workplace. Take for example, the ‘My Network’ widget. Here, people can create their own network and upload pictures, clips and anything they want to share within the organization. This has brought people closer and created a community feeling. Going forward, it might lead to a significant reduction in attrition. ‘My Place’ widget is a document repository, which is completely password protected. Now, we don’t send any status reports out, we just send a link to My Place. The railway and airline widget — a widely used widget — enables people to check seat availability between a specified source and destination. All the information is gathered and reformatted from the railways or airline website on a periodic basis. This has helped people save a lot of time.

Beyond Your World We now have a total of 200 widgets and dashboards and we have a small widget factory which also allows users to give

Widgetizing the Workplace 18 percent increase in productivity 25-30 percent reduction in Internet bandwidth usage

us suggestions. These user-friendly widgets have created a very different behavior pattern within the organization. It has enhanced visibility and transparency. There is a greater degree of accountability among the employees. The level of employee engagement has gone up by several notches, which is a sign of a healthy organization. Single sign-on access to various applications and reports on the dashboards has increased visibility of time-sensitive information. It has also enabled faster decisionmaking. It has brought down our Internet bandwidth usage by 25-30 percent. The Web 2.0 intranet has ended the paper trail of office applications. Now that information is uploaded on the intranet, paper usage has reduced. We took a look at the 135-networked printers at our campus in Vashi and in the first month we saw a 19-20 percent reduction in paper use. We also saw 40 percent reduction in the load on backend servers. This has futureproofed my back-end applications. With scraps, SMSs and chats — modes of communication that people use these days — instead of waiting for an e-mail response or following up continuously, they can get an instant message going between each other and can resolve problems faster. My World has helped us disseminate information better. It has boosted enterprise efficiency and team synergy. The initiative has resulted in cost optimization on various fronts, especially at a time like this. Today, our employees can do 50-60 percent of their work through this personalized interface. Post-launch, we also conducted a survey on the number of productive hours the users were saving: Users saw an 18 percent improvement in their productivity. These are results that, I can proudly say, are encouraging. CIO

40 percent reduction in the load on backend servers 19-20 percent reduction in printing

Senha Jha is correspondent. Send feedback on this column to editor

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9


8/28/2009 12:39:35 PM


ITNexTLeveL tO the

Ontario’s 13 million citizens get good service from the state via its IT infrastructure, but the local government wanted to do more. So it took a business approach to government IT. Here’s how. By DaviD Carey


Case Study (1).indd 38

s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/20

8/28/2009 12:34:36 PM

Case File


o say that David Nicholl has a lot on his plate as corporate CIO for the Government of Ontario is a considerable understatement. Not only must the province’s I&IT organization support a large and complex group of internal customers, it must also provide the operational underpinnings for a vast array of public services — everything from social assistance programs, to ServiceOntario, to online births, deaths and marriage registrations, to helping police catch the bad guys. All of this is done through a wide variety of technologies and business processes. “We’ve spent the last two-and-a-half years developing the frameworks and the foundation that will enable us to build a world-class service organization within government,” says Nicholl. “Even though we currently have about 70 percent of government services online, we need to do more. Now we need to capitalize on all that groundwork by modernizing applications and driving service levels so that we can provide truly outstanding service to the citizens of Ontario and to the Ontario Public Service.” A key area of focus for Nicholl is meeting internal client expectations — delivering what ministries need, when they need it, in the most effective and efficient way possible. “It’s really important to us that we drive the agenda for excellence in delivery of new and improved services to our ministries through application development and support,” says Nicholl. “So we’ve embraced enterprise architecture as the core foundation of all of our application development techniques and services.”

As a result of the e-Ontario initiative, a common shared services organization now provides such things as hardware, networking, datacenters and telephone systems for all ministries. It operates on a charge-back basis, with no funding of its own, emulating an efficient, effective, privatesector model of recovery. “Each of the clusters had their own infrastructures, and we centralized them into a single shared-services organization, moving about 800 people,” says Nicholl. “We consolidated our help desks and our desk-side support, as well as a vast number of different contracts we had for similar products across different clusters. We also consolidated all of our server support and that allowed us to move into virtualization in a big way, because all of a sudden those servers were owned and managed in one place. I&IT moved very aggressively on its virtualization agenda. Over the last two-and-a-half years, over 1,000 servers have been removed from a total population of about 5,500 to 6,000, and there is a strong commitment towards continuing the trend. The biggest challenge around virtualization has been moving from an “I own it” to an “I’m moving to shared services and I’m buying a service” model, according to Nicholl. “But we’re making great progress because people believe that the model works, and I think we’ve proven that it works.”

New Directions in Modernization

I&IT is building on its successes with a new strategic plan looking forward to 2013. This plan advances the agenda of modernizing I&IT and aligning it with business directions. One of the key goals is to deliver more reliable, cost-effective solutions. Cost reduction has been a major focus for I&IT in the Ontario An important activity for I&IT is the development of government, and this is an area which has met considerable enterprise applications as opposed to point solutions. This success. In fact a major project called e-Ontario, launched is another means of significantly reducing costs. in 2005, is now returning annual savings of $100 million “In areas like finance, for example, we have (about Rs 500 crore), due largely to changes in Reader ROI: basically cleared the decks of the siloed systems the way infrastructure is being managed. how to run that had been in government for years. We’ve In Ontario, I&IT is organized around eight government it now got a single ERP for government finances. clusters of like ministries, each of which has three efficiently responsibilities. The first of these is application Why it is a great place The same thing is true for human resources — a single system,” says Nicholl. It doesn’t stop development and support around business for shared services there. I&IT is now moving on to other areas of solutions; the second is providing service the importance of standardization, such as case management and management to the cluster’s business users; and taking a business approach registration systems. the third is information management.

IllUSt rat Ion by MM Shan Ith

Wringing Out the Costs

Vol/4 | ISSUE/20

Case Study (1).indd 39

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9


Case File

Striving for Project Excellence

“For example, he says, “What we’re looking to do now is come up with a standardized solution to registration. No matter what the registration In such a large and complex IT environment, it is for, we’re going to have a single way of is essential to execute projects as effectively and doing it. By moving along that standardized efficiently as possible. Towards that end, the SNAPSHOT continuum, we feel that we’re going to have a I&IT organization has introduced project gating Government strong impact on time-to-delivery and meeting and regular quarterly report backs to ensure of Ontario our clients’ expectations.” that projects are running properly, timelines Capital: I&IT is rolling out an enterprise standard are being met, budgets are in line, and that the Toronto for public-facing online authentication right level of oversight and governance is in Population: for services to businesses and citizens. An place. The organization has also successfully About 13 million enterprise approach to online authentication implemented a project management Centre Ministries: will help reduce costs, the risk of duplication of Excellence. Its responsibility is to drive the About 25 and security gaps, and accelerate development and implementation of project application development. management and help project teams take on new techniques, Nicholl and the I&IT organization are also looking for a methodologies and tools. standardized solution to information management across With enterprise-wide tools and process, all projects will the Ontario government. “E-mail boxes are the de facto be approached in a common way across all clusters and the document management system for most people, and the first infrastructure organization. That’s especially important step in getting some control over the business’s information because so many projects are now done for a cross-section of is starting the cultural shift away from that,” says Nicholl. ministries, rather than a single ministry. “We have to get people to think about the information they “We identified early on that project management was an have and classify it in a way that will enable them to put area we wanted to really raise the bar on. It’s critical in moving it somewhere that makes sense. Today it all goes into a our agenda forward and key to our success in modernizing bucket in their e-mail and they spend a long time looking both our infrastructure and our applications,” says Nicholl. for old e-mails. We want to get beyond that — information According to Nicholl, good governance has been an management is the key to reducing our storage costs and important factor in I&IT’s success in the Province. improving our ability to access key business data. At the top of the governance pyramid is the I&IT Deputies Driving much of the change agenda is an aging application Committee (IITDC), co-chaired by Nicholl and the Ministry portfolio. Older applications are becoming harder and more of Revenue Deputy Carol Layton. Composed of key Deputy expensive to support, and it’s getting more difficult to find Ministers from across the Ontario government, it provides people to do the work. strategic direction, ensures alignment of I&IT with Secretary of the Cabinet Shelly Jamieson and the government business directions, provides leadership in Government’s previous CIO and current Deputy Minister certain areas, and ensures that information technology is used of Government Services, Ron McKerlie, understand to full effect in supporting public service transformation. the strategic importance of upgrading the Province’s The governing body of the I&IT community is the applications. They are terrific champions for this application Information Technology Executive Leadership Council modernization process, according to Nicholl. (ITELC), chaired by Nicholl and comprising the CIOs of the “We view this as being an incredible opportunity,” he various clusters, along with the corporate chiefs responsible says. “As we modernize chunks of applications we can make for Infrastructure, Strategy, Technology, Information and use of existing common applications, like a registration Privacy and Security. piece or a finance piece, and that will help us further our ITELC is an integral part of everything that the I&IT modernization agenda.” organization does. The governance group sits together

“It’s like any IT organization anywhere. If you get out of step with what your business is doing, then you’re going to be in serious trouble because you won’t be delivering what they need in a timely and efficient manner.” —David Nicholl, corporate CIO for the Government of Ontario


Case Study (1).indd 40

s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/20

8/28/2009 12:34:37 PM

Case File

ontario’s new


The local government of Canada’s second largest province took a multi-pronged approach to better the state’s IT IT.


of its government services are already online. But the province wanted to Better. here’s how:

an enterprIse approaCh Ontario treats government iT like a business, which means it: Has a chargeback system uses enterprise applications like ErP instead of government-typical point solutions.

every two weeks as a board, managing the IT agenda across all of government. There are no areas that it does not represent. Meetings deal with a full agenda of items that are of both common interest as well as individual interest to each of the clusters. “I’ve been sitting on ITELC since I first joined the government six-and-a-half years ago, and even then it was an extremely positive and progressive group of people who wanted to move the agenda forward,” says Nicholl. “To me, ITELC has been the key to what IT in the Ontario government has accomplished. It’s a focused team with strong connections to the ministries and an extraordinary sense of ownership of their business.” Reporting to ITELC is the Solutions Directors Leadership Committee (SDLC), in which all of the business solutions directors, who work for the cluster CIOs, come together with their colleagues from corporate areas to discuss matters relating to their level of operations. ITELC delegates items to SDLC and receives reports from the committee on solutions issues. On the service management side, the IT Service Management Leadership directors from the clusters and corporate areas meet to resolve issues, problems, solutions and develop new ideas. And again, the committee receives delegated items from ITELC and provides regular reports to the executive on service management issues. “As and when we need to do certain things, we can have a group that will come in and report to us,” says Nicholl. “It may sound bureaucratic but it’s actually not that way at all.

Vol/4 | ISSUE/20


1,000 servers of about 6,000 servers. standardIzatIon Ontario does not develop point solutions for each department. For example, it created a single online authentication application for muliple citizen-facing processes.

shared servICes a shared services set up between multiple ministries saves the state about

rs 500 crore a year.

It is a very high functioning way of focusing on issues and getting things done in the right way.”

A Place at the Table When asked what issue he might give top priority to, Nicholl says: “There are many things, but if I had to sum it all up, I’d say it’s ensuring that IT is closely coupled with our business as a contributor to our ministries’ strategies and directions. IT has to be at the table with the key people who are directing where those businesses are going. If we weren’t, it would give me cause for concern.” “It’s like any IT organization anywhere. If you get out of step with what your business is doing, then you’re going to be in serious trouble because you won’t be delivering what they need in a timely and efficient manner”. Says Nicholl, “We’ve built a firm foundation. Moving forward we are focusing on improving service levels — making services more accessible, reliable, and cost effective for our internal and external clients, and maturing the framework that we’ve established.” Nicholl sums it all up by saying, “With one eye on stabilization, the other focus is on modernizing applications. Key to I&IT modernization will be working with our business partners to better meet business objectives. In the end, our goal is to be a service-centered organization. We are focusing on better delivering services internally to ministries, as well as externally, making it easier and simpler for to the citizens of Ontario to obtain government services”. CIO send feedback on this feature to

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9


Is Data an Asset? C I O d i s c u s s io n s

With the amount of data organizations produce, clubbed with rising compliance, the question is: if we aren’t transforming data into intelligence, are we just asking for trouble? Should we then just stop collecting?


Ph otos by Srivatsa Sh an dilya

ccording to Moore’s Law transistor counts on integrated circuits will double every two years. Kryder’s Law states that disk capacity will double every year and Butter's Law of Photonics maintains that optical fiber bandwidth doubles every nine months. But the corresponding growth in memory and disk access speeds sees only a few percent of increase every year. With this handicap, the challenge is turning data into knowledge, without which the question that is begging to be asked is: are we really creating business assets with the data we collect?

“Business is looking at an end result, not data as an element of information. It’s not easy for business to understand and structure it. That needs to be done by an IT person.” — N.Kailasanathan, CIO, Titan Industries


se p te m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Roundtable_Greenplum_01.indd 42

At a CIO roundtable on the subject S. Sridhar, head-IT, Corporate Enterprise Business, Vodafone, maintained that in a telecom company, data is definitely an asset because retaining a customer is much cheaper than acquiring a new one. “With structured data available for analysis, it can be used to make many decisions. Once we applied a number of tools to find a correlation and draw inferences from seemingly disparate data, we have a completely different perspective. It’s given the strategy team a lot to think about,” he said. It’s a point of view that Avinash Arora, director-IS, India & S.E. Asia, New Holland Fiat, stands by. In his opinion, the question of whether data — structured or not — has ever been anything but an asset has never arisen. He points to the way many old economy companies were run purely on data, working on what would today be called management information system — to the point where owners did not even visit their factories or offices. “Sure only 30 percent of data is structured, but a lot of decision-making processes still use unstructured data,” he said. But with every department in every organization creating and storing reams of data, are companies today maintaining too much of it? And, if so, is there a case for chucking some of it away? Sumit Chowdhury, CIO, Reliance Communications, tends to agree with this hypothesis because he says that it is not clear what is to be done with a lot of the data corporations collect. He exemplified from personal experience. “I asked all my business people for five pieces of information they needed at 8 AM to take sound decisions. They don’t know which five!” he said.

“Sure only 30 percent of data is structured, but a lot of decisionmaking processes still use unstructured data.” —Avinash Arora Director-IS, India & S.E. Asia, New Holland Fiat

Vol/4 | ISSUE/20

8/28/2009 12:32:10 PM

CIO Discussions Arora’s own experience differed. “A couple of years ago, when we integrated our messaging system with the ERP, everyday between 8.30 and 9AM, we made sure five or six data points were delivered to decision-makers on their mobile phones to allow them to work without opening their laptops.”

58% of CIOs

CIO dIsCussIOns

said S. Hariharan, Sr. VP, Infrastructure Solutions and Services Group, Oracle Financial Services Software. Which brings up the next problem with hoarding data: compliance. This is especially true for real-time, transactional data. Each said that business industry has a different mandate for storing intelligence would data; the fertilizer industry needs to have subbe a top technology sidy data ready, the telecom industry has to Your Data, My priority in 2009. store customer information for seven years; Responsibility and the automotive companies have to mainIf data is so important to the business, Source: State of the CIO 2008 tain a decade of production data handy. then why is classifying it almost always “Of late we are facing the challenge of the responsibility of the IT department? N. accuracy,” said K. Prem Kumar, chief manager-IT, Zuari Kailasanathan, CIO, Titan Industries, offered an answer. Industries. “We are an old plant so things are running on “Business is looking at an end result, not data as an element pneumatic control. But today the government has become of information. It’s not easy for business to understand and very strict, if there is a question about why something was structure it. That needs to be done by an IT person sitting produced, we can face an uncomfortable situation.” next to them.” Yet, he admitted, this level of collaboration In Reliance Communications, Chowdhury is bound to does not exist in most organizations. maintain data for seven years and it consumes plenty of Umesh Mehta, VP-IT, Asia Motor Works, agreed with the space. “We have a lot of micro transactions. Each call is a fact that it was up to IT departments to design a data structransaction and for each call we have roughly a kilobyte of ture — according to the requirements given by the business. data. We do about 2 billion CDRs everyday. A lot of it is free; He presented another reason for this. While every other asset I don’t even get revenue for it.” of the company has a measurable value data, he said, does Hariharan faced a similar situation. He shared how he had not. It's possibly why “we don’t invest in data management,” to once retrieve data that was fifteen-years-old from a floppy he said. that was no longer readable. To which Sridhar from Vodafone added, “We don’t think of data only as an asset. Some part of Data Gold our data has to be kept for compliance, we have no choice. Yet better data management is possibly what companies need We have 500-600 compliance requests across the country, if they want to be able to extract value from their data. It’s asking at least for 300-400 KB of data.” not something CIOs don’t know. How to get there, however, So how is a CIO to ensure that data is error free? Subrais another question. Every CIO has at least one memorable maniam offered a solution. “We need to ensure the quality of story of when they battled data silos and tried to create sense real-time data. At Otis, we have a call-line which is automated from almost nothing. real-time with real-time data quality checks. Users have been “We had a lot of islands when we started integrating our trained on accurate data entry and generating error-free enterprise systems. We consolidated two customer databases reports. Then we follow the maker-and-checker system. By into one. But during the integration, the biggest challenge was using a quality management principle, we minimize errors data quality. So we formed a dedicated team for data migration at the root.” CIO that attended to cleaning the data. It’s a massive exercise,” said V. Subramaniam, CIO (India & UAE), Otis Elevator Company. When Sundaram Fasteners tried to get to the fabled ‘single version of the truth’ senior GM-business strategy & systems Send feedback on this feature to S.Srinivasan recalled the grief. “The mandate before we got into ERP was to reach data consistency and data integrity. There were no hassles on the business side, but on the data brought to you by: side there were many. Today, there is no disagreement on any figure and that itself is a gigantic step.” Another challenge is data visibility. “Where it came from, and what it translates to in business terms, that’s important,” NOW ONLINE For more presentation and opinions on the importance of data, log on to our companion website. Go to


vol/4 | i SSUE/20

REAL CIO WORLD | S E p T E m b E r 1 , 2 0 0 9


Optimizing IT C I O d i s c u s s io n s

Every CIO worth his salt sees the need to optimize IT operations. What isn’t as clear is how to tackle the challenges this entails.

are making efforts to optimize IT. Consolidation is one way. It improves system performance, allows for backups and disaster recovery, and saves costs like electricity and real estate,” he said. T.G. Dhandapani, CIO, TVS Motors, added his inputs on consolidation, saying that of the eight group companies he is responsible for, three had datacenters which are now consolidated at one location. He said this move had helped tremendously with management and with costs. Uptime had increased and non-availability is now measured in parts per million instead of percentages. The availability of IT services is now taken for granted, like power, and is no longer on the CIO’s agenda. But Dhandapani added that the contribution of IT towards cost savings by consolidating datacenters is “not that significant.” He agreed that there were savings but added that to the business these savings were marginal. He said that IT is expected to “help the business and, if required, invest more so that the business can save much more elsewhere.”


Ph otos by Srivatsa Sh an dilya

ptimizing IT operations to save money for the business is on top of every CIO’s agenda. While the worst of the slowdown might be behind us, there’s still a way to go before businesses can heave a sigh of relief. And that means that IT still has to contribute its share towards cost cutting. At a CIO roundtable on how optimizing IT could do just that, S.C. Mittal, senior executive director (management services and IT) at the Indian Farmers Fertiliser Cooperative (IFFCO), said that despite high employee productivity during the good times, he was seeing a drive to cut costs within the organization — and this applied to IT too. “We are conscious of this and we

“Our business is not comfortable with the concept of running multiple apps off a single server. Virtualization is for active directory or print servers, not for an airport management system. —T.P. Ananteswaran Head-IT, Mumbai International Airport


s e pt e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Roundtable_Wipro_02.indd 44

Virtualization and It’s Challenges With IT optimization on the agenda, the discussion quickly turned to virtualization. A quick show of hands demonstrated that most CIOs had implemented virtualization in some form or the other. But T.P. Ananteswaran, head-IT, Mumbai International Airport, was not very supportive of virtualization, and stated his reasons: “We run mission-critical applications. Our business is not comfortable with the concept of running multiple applications off a single server. Even if we waste

“Optimization is a continuous process. It is an everyday task and not something CIOs should only do to tackle the slowdown.” —Sudesh Agarwal VP-IT, Lifestyle International

Vol/4 | ISSUE/20

8/28/2009 12:31:07 PM

CIO Discussions

3rd the

CPU power, it is better to run applications But many on the roundtable agreed that on separate boxes because they are mission optimization also involved the difficult task critical.” Virtualization, he said, was for active of challenging business requirements. That directory or print servers, not for an airport is the only way that projects, which were management system. strictly not necessary, could be debated. Amit Mukherjee, CIO, RPG Group, “After a vendor makes presentations to the couldn’t agree more. In his opinion, CIOs business, it finally comes to the CIO. At this CIOs gave to should not take chances with customer-facing point, the CIO should be able to say no if he controlling IT costs applications by virtualizing them. He said that feels the need to do so. At a time like this, CIOs in a list of priorities if something failed, a CIO’s decision would should only cater to must-have requirements for 2009. haunt him when the business question his and make nice-to-have requirements wait,” source: state of the CIO 2008 rationale for virtualizing a critical service. says Bahuguna S.S. Soni, executive director (IS), Indian Oil Corporation, took the middle ground and said that in What About Outsourcing? his company virtualization was a “50-50”. By this he meant Outsourcing is another approach many CIOs take to cut costs. that mission critical applications and services had not What isn’t always clear is just what services can be outsourced been virtualized. The big question at this point was: why and what roles must be retained in-house. Mukherjee was is it so difficult to convince business to put mission critical convinced that “the operations people can be outsourced, applications on a virtual server? but the critical applications people like architects should be Soni said that it wasn’t the business’s fault. When retained.” Mukherjee, who also oversees his company’s supplyvirtualization becomes an IT decision, he said, and CIOs were chain, brought an important perspective to the table. “Once convinced of the technology, the business would back them. “If you sit on the business side, the issues related to business are we CIOs feel virtualization is the way to go for mission critical so huge that IT occupies only a small space of your radar. Most applications, the management will listen to IT’s advice.” of the time, you are happy when IT delivers what it is supposed Echoing him was Sudhir Kumar Bahuguna, CIO, Reliance to,” he said. Gas Transportation Infrastructure, who strongly felt that CIOs Ranganathan Iyer, AVP-IT and CIO, JBML, had another tip themselves first needed to be convinced about virtualization. for his peers. “CIOs should talk business and not technicalities All management required was uptime, he said, just how that is when interacting with management. If CIOs are in a position achieved should be handled by IT. In his case, he said, he was to convert IT into a business scenario and present it, things shocked to see that process utilization for applications was should work fine,” he said. between 1 and 23 percent. What’s perhaps most important is to have the business Anantheswaran found it hard to agree with Soni and believe in IT and look at it not merely as a support function, Bahuguna. “It is business need that drives virtualization and but as a business enabler. Once management sees the fruits not IT,” he said. of IT optimization, they will be more than willing to spend Mukherjee said that the decision to virtualize also depends on IT. In the case of IFFCO, Mittal said, business is actually on the culture of an organization. He said that companies that open to the idea of hiring IT personnel, while they were not are part of a larger group may not necessarily have to follow doing so elsewhere in the organization. He said that this was the same route the group follows. because when IT introduced consolidation across departments Taking the optimization discussion beyond virtualization the benefits were easy to see. CIO Sudesh Agarwal, VP-IT, Lifestyle International, said that the consolidation approach could also bear fruit. Besides virtualization, Agarwal had consolidated servers in various send feedback on this feature to warehouses. From his experience, accessibility and the ease of maintenance were immediate benefits. He also said that “optimization is a continuous process. It is an everyday task and brought to you by: not something CIOs should only do to tackle the slowdown.”


CIO dIsCussIOns

At Indian Oil, Soni said that the group companies that were running different systems were all brought under SAP and this alone introduced a healthy dose of optimization. NOW ONLINE For more presentation and opinions on IT optimization, log on to our companion website. Go to


vOl/4 | IssUE/20

REAL CIO WORLD | s e P T e M b e r 1 , 2 0 0 9


People Power C I O d i s c u s s io n s

As the importance of information grows, so has its safety. A CIO roundtable on the challenges of ensuring data security re-opened an old truth: data security is about people. The problem is more palpable at the operations level. For instance, a BPO requires that sensitive data is shared even with new recruits. For a CIO, that thought can be scary. “We have very tight methodologies to prevent unauthorized access of information as well as unauthorized use of information,” said P.V. Ramadas, VP-technology, HCL Technologies, at a CIO roundtable organized to find out how Indian IT leaders tackle the information security challenge. “At the managerial level, we allow access only to a limited number of shared files and folders, which automatically prevents them from using paper or documents. At the same time, different values are assigned to all information and ownership of these documents is strictly defined,” he said.

It’s About People


Ph otos by Srivatsa Sh an dilya

f you are a bank or a credit card company and have ever lost customer information — even for accounts that are no longer valid — you know the impact it has on your brand. This is what’s driving the concept behind identity crisis management, says Amit Sood, manager-enterprise risk services at Deloitte & Touche. But in their eagerness to put up walls to protect data, most organizations find that they’ve hampered their employees from doing their work and ultimately their businesses. The battle is to strike a balance between protecting data and allowing access.

“We send a very clear message to all members, whether they are the older or the younger generation: security policies are non-negotiable. This is a zerotolerance zone.” —V. Subramaniam CIO, Otis Elevator Company


s ep t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Roundtable_Novell_03.indd 46

Inevitably, most information security conversations boil down to managing staff and how cautiously each member of a team handles information. Many CIOs believe that of the three components to successful IT (people, process and technology) people is most critical — especially for security. “Security has nothing to do with the physical or technical control,” said Satish Das, CSO & director-ERM, Cognizant Technology Solutions. “It is about people’s behaviour.” It is difficult, he said, to clearly ascertain whether it’s the new entrants or the older players who are more disciplined about security processes. The younger generation, in his opinion, though tech savvy, is more willing to share a physical document, whereas their older counterparts are more careful. “The online behavior of older staff members is clearly very

“We started many surprise audits of potential risks of what can go wrong within an organization, and began brainstorming sessions where staffers could figure out other possible security lapses.” —B.L.V. Rao VP, Infotech Enterprises

Vol/4 | ISSUE/20

8/28/2009 12:27:45 PM

CIO Discussions

87% of CIOs

CIO dIsCussIOns

different from the younger ones. So, there are CIO, Syntel. But even with these processes in a completely different set of controls that one place, it’s easy for employees to let their guard needs to put in place for each. Controls have down in the rush of their daily routines. to be segregated,” said Das. It’s a fact CIOs are aware of and some have But Das also knows that controls are not taken steps to ensure complacency is kept the silver bullet that eliminate data security at bay. “We started many surprise audits of report that current challenges. “Controls will be broken, we potential risks of what can go wrong within and former employees, have to accept that. The way out is to create an organization, and began brainstorming and contractors were an increased awareness; and remember: sessions where staffers could figure out responsible for keep your instructions simple.” It’s advice other possible security lapses,” said B.L.V. data breaches. he has been following. In the last month, Rao, VP, Infotech Enterprises. source: Indian Information security survey Das has been working on a campaign to Manoj Shrivastava, VP-group IT, Reliance teach senior executives to create stronger ADA Group, reiterated that in certain sectors passwords. Though, the exercise runs the risk of being such as telecom, besides customer’s information security, perceived lightly, maintaining strong passwords and there is also the business risk of not following process employing strategies like constantly changing them are an discipline. This could lead to security breaches, intentional or important tool for data protection, he said. It’s also a way to unintentional. “We are working on various security initiatives, change people’s behaviour. including increasing the sense of an employee’s belonging to It’s an approach many organizations are now taking, albeit the company. It’s a softer issue, but it’s preventive,” he said. at varying degrees. “We use an application called PCR,” said Customer security issues hold far more importance V. Subramaniam, CIO, Otis Elevator Company. “It involves especially in an e-commerce company, where transactions the creation of a process, making people aware of it and then take place often and customer information is available online. training them to use it. It is a continuous process. We introduce In his business, every transaction has a legal consequence, new recruits to it and make them aware of our security policies. said Ankur Basu, head technology, Mjunction Services. “Data This is then reviewed over time,” he said. security is on the top of the list of our priorities,” he said. He also suggested systems to support these security He offered his peers an innovative solution to track operations. IT leaders, he said, can build a common security physical documents with the help of IP-based reporting. module based on .Net, and also incorporate many security Each IP is mapped to a business unit head, and this number parameters like standard passwords, single sign-offs, a is lined to the balance core card parameter. Thus the amount locking mechanism after three attempts of logging in and of visibility is very high. Digital signatures is another option, so on. he said. Recapping the general feeling that data security challenges cannot be solved solely by technology, other Physical Information CIOs at the roundtable said that trusting an organization's What really bothers Subramaniam, however, is the lack of employees was important. In all their attempts to deflect integration between physical and digital data security. And security challenges, CIOs must not forget that by imbibing his worry reflects a real world problem CIOs have to deal certain values in their employees, they stand a better chance with: Forget digital, plenty of data can leave an organization of defeating the problem. It’s an idea Das shared. “Security in a physical form. Participants at the roundtable repeatedly is a factor of an organization’s culture,” he said. CIO voiced their concerns over the challenge. They also shared some measures that they were taking to ensure that hard copies are not used carelessly. One CIO said he used colored printers specifically for documents that are important, send feedback on this feature to and guards at the gate check staff bags for any signs of colored paper. When documents need to be discarded, shredders are used to brought to you by: completely destroy it. Some companies are even limiting the use of printers. “The KPO business has additional constraints like staff not being allowed to carry in their bags. They have to keep them in lockers within the office premises,” said R.Muralidharan, NOW ONLINE For more presentation and opinions on information security, log on to our companion website. Go to


vOl/4 | IssUE/20

REAL CIO WORLD | s E P t E m b E r 1 , 2 0 0 9


l e v e r ag i n g t h e u p t u r n i d eas & i nsi g h ts f ro m t h e c i o Leaders hi p cou nc iL

the cio executive council

A Matter of Security the results of the Indian Information Security Survey 2009 are out, and things do not look very bright. For one, the survey suggests that security threats still loom large over enterprises. What is more disturbing is that a large percentage of IT leaders are not aware of what’s really happening with security. Eighteen percent of respondents, according to the survey, didn’t know how many security breaches their organizations had been subjected to last year, and as many as 31 percent didn’t know the amount of financial loss they suffered as a result of breaches.

Like everything else, security too comes with a price tag. And with the economic depression looming large over organizations, they are less inclined to invest in security. Today, 84 percent of security professionals report that slowdown induced cost cutting has made security harder to do. Many sectors, especially banks are increasingly outsourcing some of their security functions.

Keep It Simple


There seems to be general consensus that security policies are lengthy and vague, making them altogether ineffective. “Practically no one They Don’t Want to Talk About It The number of CIOs reads security documents,” says Hariharan. For most enterprises, security is a sensitive topic. who were unaware of the R.Muralidharan, CIO, Syntel, reiterates the Satish Das, CSO & director-ERM, Cognizant amount of financial loss point. “Security documents use too much jargon Technology Solutions, says, "I don’t agree that they suffered because of and terminology. This confuses people. Yet, enterprises don’t know where breaches are security breaches. making employees sign a security document occurring. I do believe that they would rather not talk about them.” More often than not Source: Indian Information Security Survey 2009 is still the most prevalent and popular security practice in place." security breaches are detected, he believes, but Das of Cognizant backs up this theory. "It is generally agreed enterprises choose not to report them. “It really depends on the that legal documents need to be cut down to size. “The aim culture and the value system of a company,” he says. should be to achieve a one-page security policy.” His views find resonance in S. Hariharan, senior Some CIOs have found a way to make it work. Avinash VP-Infrastructure Solutions & Services Group, Oracle Financial Arora, director-IS, India & South East Asia, New Holland Services. “Even when breaches do occur, we are likely to underplay Fiat, shares an interesting idea from personal experience at his them, because it compromises our brand,” says Hariharan. organization. “Our code of conduct document is Web-based. It's hard to disagree with him. The survey reveals that 32 It takes about 10 minutes to go through it. After reading it, percent believe that a stained reputation is the biggest loss as each employee has to answer a set of questions based on the a result of a breach.

[ one Liner ]

“Our code of conduct document is Web-based and takes about 10 minutes to go through. After reading it, each employee has to answer a set of questions based on the document. Only when they have got all the answers right can employees register.” —Av i n As h A ro rA , D i r ecto r- is, i nD iA & south e Ast Asi A, n ew hol l An D F i At


s e p t e m b e r 1 , 2 0 0 9 | REAL CIO WORLD

Vol/4 | ISSUE/20


l e v e r ag i n g t h e u p t u r n

What’s wrong with today's security policies?

Building Trust IT leaders agree that there is a strong co-relation between employee behavior and how comfortable they feel in their work atmosphere. According to Syntel’s Muralidharan, “establishing trust is the most important step. One should rely on human psychology to create responsible behavior such that each person feels a sense of accountability for his or her actions.” Muralidharan extended his arguments saying that even contractors should be treated like employees to help them develop a sense of belonging to the company. Hariharan, however, disagrees. He advocates a stricter set of rules for contractual employees and a more relaxed one for permanent employees. Nevertheless, both agree that security regulations need to be updated more regularly, incorporating the changes in the environment. “People are constantly devising new and innovative policies to outsmart security,” says Hariharan.

PhotoS by Sr IVAtSA ShAn dIlyA

Crack the Whip or Go Easy? Given how expensive it is to implement security, the use of policy seems like the only way forward. But CIOs agree that these are hard to enforce. Sumit Dutta Chowdhury, CIO, Reliance Communications, says he has the answer to the problem. “None of these security measures can deter a person who is determined to play the bad guy. The only way is to make employees personally and financially liable. Make contractual or legal documents ominous.” Das, however, disagrees with this approach saying that civil liberties will interfere with making people personally liable. S. Srinivasan, senior GM-business strategy & systems, Sundaram Fasteners, has started a unique and proactive practice at his organization. He sends e-mails to his employee’s stating: I am reading your e-mails and I can track your Web browsing. He does this because he says that "unless deterrents are demonstrable, they won’t have the desired effect. In most security measures the demonstrative action is missing.” Two distinct schools of thought emerge when it comees to the enterprise’s attitude toward security. The first opts for an offensive security approach. “We need to take a more pro-active approach, if we want to mitigate threats," says Chowdhury. "We need to be on the offensive and not defensive.” Hariharan, on the other hand, believes in more informal ways of communicating. “We have organized road shows to communicate and remind employees of the consequences of their action in a less threatening way,” he says. CIO v varsha chidambaram is trainee journalist. send feedback to

Enterprises have good policies but what really matters is their effective implementation. Organizations need to get closer to their people and create a sense of accountability and responsibility in them. This should help tackle security issues.

Security policies are explained to recruits when they join and are soon forgotten. We need to remind them by way of street plays and spot questions. Also, when a breach occurs, instead of keeping it hush-hush, we should be open about it and ensure that the culprits are punished.

Satish Das CSO & DirectorERM, Cognizant Technology Solutions

S. Hariharan Sr. VPInfrastructure Solutions & Services Group, Oracle Financial Services

Policy has to be defined to the people at the junior most level. It should address the concerns of customers, employees and stakeholders. It needs to bring out what can go wrong and how the organization will be impacted because of a breach, Also, policies need to change with time because we live in a dynamic environment.

How are you reacting to the slump? Write in to with your thoughts.

The CIO Leadership Council is a professional organization for CIOs founded by CIO India. To learn more about the council, contact program director Alok Anand at

Vol/4 | ISSUE/20

Forum.indd 49

R. Muralidharan CIO, Syntel

the cio executive council

document. Only when they have got a 100 percent of the answers right can employees register." But, is there something fundamentally wrong with the way enterprises approach security? “We’ve noticed that the more restrictive the security policy is, the more curiosity it creates. In the last couple of years, we have actually relaxed security and adopted a more lenient stance with our employees. They are allowed greater freedom, but at the same time, they have to bear in mind the consequences of their actions,” says Hariharan.

REAL CIO WORLD | s e p t e m b e r 1 , 2 0 0 9



Presenting Partner

fit for the


Various leaders from the financial sector came together to evaluate how effectively IT tools and technologies can be used to make the best of the economic upturn.

InformatIon Is one of the most valuable assets an organization can boast of and it can help the enterprise gain competitive advantage over others. In the financial sector, information is the key to generate and sustain business. More and more organizations are now using tools like BI, information tracking, analysis, and performance management to make the best of the economic incline. At the forum of CIOs, organized by SAP Business Objects, various organizational heads exchanged their experiences and best practices. Talking about some of the initiatives taken to identify and simplify processes in his organization, Joydeep Dutta, CTO, ICICI Securities, said, “We have dismantled all the departmental MIS teams by using BI tools. We have completely scheduled and automated our reports and have a dissemination mechanism for all reports that run through schedulers.� In stark contrast, P.A. Kalyanasundar, GM, Bank of India, mentioned, “We have some legacy data, but we are able to do statistical reporting with it. However, we need to deal with data enrichment and updation." Continuing the discussion


on implementation of BI and information tools, Sanjay Deshmukh, VP- business unit, SAP Business Objects, said that enterprise applications could improve business efficiency. He added, “We are empowering employees to obtain information from existing data resources, without any IT support.” Echoing the same thoughts, Sundaram Krishnan, Head – IT, Universal Sompo General Insurance, said, “With BI efficiency can be increased by enabling users to work sanjay deshmukh with user-friendly analytical VP - Business Unit, SAP Business Objects tools.” Countering the popular usage of spreadsheets, Bharat Rele, Director - Solution Engineering, SAP India pointed out that, Excel-like front-end tools allow easy manipulation of data and that this could be avoided by analyzing and creating a single business and database vocabulary for everyone in an organization and thus help build greater visibility. Giving his views on the usage of data processing tools, K.R. Bhat, GM – Department of IT, nABARD, said, “We should not overrate the pros and cons of any data processing tool. Instead, the focus should be on retaining the integrity and granularity of data.” Citing an example of data management in the mutual fund industry, Srinibash Sahoo, Senior VP – Technology, DSP BlackRock Investment Managers, said, “In this segment, one can’t have an integrated platform for all processes and data. Thus, we have reconciled our processes by automating them.” Of course, most companies where business processes have been automated or BI analytics tools have been implemented would have required a strong consent from the top management. Seconding this view, Harnath Babu, Senior VP – IT, Star Union Dai-Ichi Life Insurance Company said, “We need to know the end user’s requirements and convey them to the top management.” Security and reliability of

“We are empowering employees to obtain information from existing data resources, without any IT support.”

From leFt: Bharat rele, Director - Solution Engineering, SAP India, sriniBash sahoo, Senior VP - Technology, DSP BlackRock Investment Managers, harnath BaBu, Senior VP – IT, Star Union Dai-Ichi Life Insurance Company, sundaram krishnan, Head – IT, Universal Sompo General Insurance.

“Analytics is an important feature in understanding and processing of data. the next is forecasting.“ sandeep phanasgaonkar President and CTO, Reliance Capital

“while processing data, the focus should be on retaining the integrity and granularity of data.“ k.r. Bhat GM, Department of IT, NABARD

“we have a control mechanism in place for monitoring the flow of data across the organization.“ p.a. kalyanasundar GM, Bank of India

“we have completely scheduled and automated our reports with the use of Bi tools.“ joydeep dutta CTO, ICICI Securities

corporate data is also a matter of concern for most companies. Citing the case of his company, in the context of risks and legal compliance, Sandeep Phanasgaonkar, President and CTO, Reliance Capital, said, “We have taken steps to manage risks and BI has helped us with that. This influences the way investors, shareholders, customers and the regulators look at us, because sanctity of financial data is important.” As businesses grow they witness data explosion, necessitating data structuring and management. Large unstructured data flowing in and out of organizations, according to Deshmukh, does not allow proper utilization of information. Summing up the role of analytics systems and performance tools in benefiting businesses in the recovery phase, Phanasgaonkar said, “Analytics has become an important feature in terms of understanding and processing of data. The next thing is forecasting, which builds up on analytics and allows you to create business models. We have started focusing on retention of customers and profitable customer segments, and BI is going to help us progress in this direction.”




s e p t e m be r 1 , 2 0 0 9 | REAL CIO WORLD

Essentisl Tec (1).indd 52

Better Performance with Scorecards By Esther Shein

Performance Management | At the 600-bed Maine Medical Center, information comes pouring in faster than ambulances rushing in with the wounded — or at least it can seem that way. Hospital officials felt they needed a more efficient way to gauge their performance in areas including clinical outcome, patient satisfaction, doctor performance and safety, and then coordinate all of the data and make it available 24/7. "We had PowerPoints, paper, Excel worksheets, and nothing was standardized," explains Peter Chingos, data analysis manager at the medical center. Executives wanted to centralize that information and get data to senior-level administrators in a standardized way so it had the same look and feel, he says. The idea of creating balanced scorecards was tossed around, and, after observing an implementation at Boston's Brigham & Women's Hospital, Maine Medical Center decided to deploy Strategic Performance Management software from SAS.

Illustration by MM Shanith

Scorecards let you get to the root of a performance problem and quickly see how you're doing in key areas by linking application data with financial or other business objectives.

From Inception to Implementation — I.T. That Matters

Vol/4 | ISSUE/20

8/28/2009 12:21:52 PM

essential technology

The hospital has created dozens of scorecards. Among the metrics: how often staffers wash their hands and whether a patient with both congestive heart failure and pneumonia is offered a flu vaccination. The scorecards allow hospital staffers to see how these changes — compliance with best practices, process redesign and team building — affect patient care and the hospital's finances. By checking progress on the intranet, staff members can see how their groups are doing on a monthly basis. Today there are between 50 and 60 scorecards in use, each with some 25 metrics that give the ability to do subsequent drilldown to get charts, graphs and tables that provide more granular information, says Chingos. The hospital selects measures where improvement is needed, which makes the scorecards a tool for focusing employees on top priorities. Maine Medical's leadership identifies these measures each year to reflect the hospital's quality- and safety-related strategic priorities. The current batch shows a focus on internal policies as well as regulatory issues, Chingos says. It's an up-and-coming area. Business intelligence is scorecards' "parent on the

Digging Deep Officials at Trican Well Service, an oil and gas well servicing company, found they were spending way too much time organizing and analyzing financial data and then getting the information into a forecasting model for each of the company's worldwide geographic regions. All told, some 80 percent of the time used for financial data was spent organizing the information, and 20 percent was spent on analysis. "The immediate problem was replacing" the old budget-forecasting tool — Pillar from Hyperion — with something that would allow Trican to get information out quickly to the regions, says Randal Wichuk, director of finance corporate development. Executives wanted the different regions to take ownership of their financial performance so they could maximize profitability by looking at how to increase sales and decrease costs in each geographic location, Wichuk says. After looking at performance management software from Cognos and SAS, Trican chose Hyperion's Performance Management Software and implemented it in September 2007. The software lets finance officials enter

Scorecards allow you to see how changes — compliance with best practices,process redesign and team building — can affect your finances. software evolutionary tree," notes Ezra Gottheil, an analyst at Technology Business Research. Performance management software is a refinement and a refocusing of business intelligence data so it is now matched up with goals and budgets, he adds. Companies are using this approach to refine or outright change their current methods for measuring performance. Another way to use the technique is if the competition is gaining market share and they want to figure out what to do about it, Gottheil says.

Vol/4 | ISSUE/20

Essentisl Tec (1).indd 53

the data and run multiple scenarios to do very quick what-if analyses, Wichuk says. He estimates that the tool has saved a minimum of six days each month in terms of loading data into the models and then doing the actual forecasting.

Keeping Score Now, Wichuk says, "what we're doing is measuring our key performance indicators." The software lets Trican analyze the data in multiple ways and drill down to the root cause of most issues.

$2.7 billion

The size of the app performance management software market by 2013. Source: Forrester

One recent example: the ability to identify an area of the operation where sales were lower than expected. Once staffers drilled down further into the data, they discovered the company was losing market share in that region because salespeople weren't targeting the right customers, Wichuk says. Trican adjusted its prices for the region, "which helped us increase market share and revenues." The real value of the software is its ability to see data in real time and conduct analyses, Wichuk says. "You're not gaining a value-add in terms of organizing the data; it's in terms of analyzing it to make quicker decisions" and react more quickly to the market." Maine Medical's Chingos says the use of the balanced scorecards is voluntary, but in some areas, the metrics have been very high profile and have helped move the hospital in a more positive direction. For example, the hospital has a medication reconciliation metric that tells officials whether hospital staffers are comparing the medications a patient was on when he or she arrived to the medications that were prescribed during their stay. REAL CIO WORLD | s e p t e m be r 1 , 2 0 0 9


8/28/2009 12:21:52 PM

essential technology

"It's a step that would sometimes get done, but not always get documented well," Chingos says. Officials started measuring medication reconciliation about two years ago, and the results were "abysmal." It was in the 40 percent range, but using the scorecard to broadcast the issue has helped raise the number to the 90 percent range. "The scorecard didn't do it per se; people did," notes Chingos — but the scorecard helped staffers track that metric "every step of the way, and that motivated people." The biggest surprise for Chingos has been his end users' appetite for producing data in a more streamlined way, and there is a waiting list for other clinical areas such as the newborn nursery, the digestive disorder program, neurosciences and radiology that want to use scorecards. "It's driven demand beyond my expectations, and the demand for data in health care right now is huge. We're lucky

other essentials. "So there's a pretty high level of expectation around performance and availability because people's livelihood depends on the use of these applications," says CIO Daniel Chan. The OTDA wanted to measure all of the activity coming in to its Web servers and then conduct different levels of analysis on how the public is using different applications, says Dan Donnelly, an OTDA consultant. The agency chose Transaction Performance Management from Precise, which enables IT officials to manage the availability and response time of some 27 internally developed applications. "We'd like [users] to be able to complete a transaction in less than 15 minutes, and we're trying to understand how long it takes them," says Chan. The software also gives IT information about user behavior and demographics, so the Web site can be

Performance management is about trying to find the root cause of poor performance — even the availability of aWeb site or response time. and happy we have a tool that allows us to satisfy that demand."

How Other IT Metrics Fit In In the purest sense, measuring Web site performance and availability may not relate directly to the notion of performance scorecards. Yet it does fall under the umbrella of trying to find the root cause of poor performance — something that enterprises certainly measure and track. The New York Office of Temporary Disability Assistance (OTDA), for example, is in the midst of a yearlong program to provide better services and assistance for families in need. As such, the OTDA developed a Web site,, that allows clients to look for services related to nutrition, federal/state health insurance coverage and other forms of help. These constitute the services and money that people need when they're on disability, to pay for food, fuel and 54

s e p t e m be r 1 , 2 0 0 9 | REAL CIO WORLD

Essentisl Tec (1).indd 54

changed to allow users to find what they want more quickly. "Another component is making sure the Web site continues to be available and performing 24x7 and the response time has to be really in less than one second," Chan explains. The Precise software lets officials proactively monitor the Web site throughout the day so they can detect problems before they occur. For example, last December the OTDA had a problem with one of its redundant servers crashing. That server could not recover cleanly, although it appeared to, which put both Web servers in danger of failing. The Precise software discovered the situation and allowed IT to do a controlled restart of the failed app server and both Web servers, completing everything without user outages. "As long as we could identify that the service was hung up within 24 hours, we could recover the system without having an outage," Donnelly says.

If an outage occurred, Chan explains, users would be forced to call the help desk at a cost of $25 (about Rs 1,250) per call. The myBenefits site receives an average of 25,000 hits a month, and Chan estimates that without the Precision tool, some 10 percent of users would call the help desk. Since much of the site's activity occurs on the weekends, if a server goes down on a Friday, it has the potential to be down all weekend, causing additional strain on the backup server, adds Donnelly. "Performance management is about trying to find the root cause of poor performance, such as availability of a Web site or response time," observes Jean-Pierre Garbani, a vice president at Forrester Research. If IT develops an application that is supposed to have a response time of less than three seconds and an availability of 99.9 percent, and the level of performance is breached, performance management helps get to the root of the problem, says Garbani. The concept is broader than application performance management, however, which delves into code and bandwidth issues. It can also focus on capacity planning, to determine whether the available capacity of servers and storage is being exceeded. "The trend is to bring all of that together into a single dashboard," says Garbani. Forrester projects that the application performance management software market will reach $2.7 billion (about Rs 13,500 crore) a year by 2013, and Garbani calls it one of the fastest growing segments of IT management. While performance management issues are nothing new, they have become more complex as applications have grown exponentially in size, he says. Adds Chan, "Until we had these tools it was difficult to have meaningful dialogue about issues because without data we had a tendency to do a lot of finger pointing about a problem in IT," since the datacenter is managed by another state agency. "Without tools we wouldn't be able to keep applications up." CIO Esther Shein is a freelance writer and editor. Send feedback on this feature to

Vol/4 | ISSUE/20

8/28/2009 12:21:52 PM


essential technology

The Skinny Straw

If you’ve ever sucked on extra-thick milkshake through a common straw you know the frustration bandwidth will create for cloud computing. By Bernard Golden Cloud Computing | Implementers of virtualization found that the key bottleneck to virtual machine density is memory capacity; now there's a whole new slew of servers coming out with much larger memory footprints. For cloud computing, bandwidth to and from the cloud is a bottleneck. Some apps use or generate very large amounts of data, and users may find that there's just not sufficient bandwidth to shove data through. A term often used for this is ‘skinny straw’

computing applications and architectures for the foreseeable future. This is going to be a tricky topic because, as noted earlier, as bottlenecks are addressed, they shift. With respect to cloud bandwidth, one can expect that the bottleneck will be gradually and incrementally relieved, meaning that assumptions about network cost and availability will need rethinking every six months or so. So, what should you do to address the skinny straw issue?

subsequently, there is little data transfer. The download portion of an analytic is typically reports or aggregated data structures, which may not be that expensive. Evaluate application architecture and consider application partitioning: An application may have sections that transfer lots of data and other sections that do not. It may make sense to partition the application so that data transfer-heavy portions reside where data transfer is cheap (i.e., an internal datacenter or a hosting provider), while

You want to avoid ending up with an application which partly resides on an external cloud and has high data traffic along with low latency requirements. inspired by the frustration one experiences when trying to suck an extra-thick milkshake through a common beverage straw. This problem is only going to get more difficult. The excellent UC Berkeley RAD Lab Report on Cloud Computing noted that price/ performance of network capacity lags that of both compute and storage, indicating that this will be an issue well into the future. On the other hand, this is a price/performance issue, which is to say another way it could be addressed is to drop pricing of transit bandwidth through making more available. As a cloud user, the fact that network traffic is becoming a far larger part of application deployment will affect cloud 56

ET-Pundit.indd 56

se p t e m be r 1 , 2 0 0 9 | REAL CIO WORLD

Evaluate and price application data transfer needs: Obviously, the foundation of dealing with the skinny straw is to evaluate how much data you're likely to transfer because cloud providers typically charge a network traffic fee based on volume. Furthermore, because application use changes over time (which is one of the reasons the scalability of the cloud is so desirable), remember to incorporate projections of data use into the evaluation. Another aspect to evaluate is the variability of data transfer. Some applications, particularly those associated with analytics, have large load early in the life of the application, when ETL is performed;

other portions reside with a cloud provider. However, careful evaluation is important because one might run into unexpected surges in data volume causing increased costs. The thing you want to avoid is to end up with an application where part of it resides in an external cloud and has high data traffic along with low latency requirements — that's a recipe for high costs and poor performance. For more ways on dealing with the skinny straw, read Golden’s column in the next issue. CIO Bernard Golden is CEO of a firm which specializes in virtualization, cloud computing and related issues. Send feedback on this column to

Vol/4 | ISSUE/20

8/28/2009 12:18:37 PM

CIO September 1 2009 Issue