FOCAL POINT: Here are some of the innovative techniques exploiting systems of even the savviest users. >>> PAGE 39
ChannelWorld STRATEGIC INSIGHTS FOR SOLUTION PROVIDERS | COVER PRICE Rs. 50
SIDDHARTH MEHTA, CEO, Syndrome Technologies, revamped business strategy, revisited vendor alliances, and reworked sales strategy to steer ahead of competition.
Inside FEBRUARY 2014 VOL. 7, ISSUE 11
What the industryâ€™s top application vendors are likely to do this year. PAGE 15
Quarter game Enterprise channel organizations manage OEM alliances, motivate employees, and gratify end-customers to stay profitableâ€” year after year. >>> Page 26
On Record: Rami Rahim, EVP, Platform Systems Division, Juniper Networks, believes that the company is on a mission to make enterprises SDN-ready. PAGE 24 The Grill: Julie Parrish, SVP and CMO, and the former channel chief of NetApp talks about the rights and wrongs in channel marketing. PAGE 21
Is benchmarking likely to be a waste of money? Some companies that find it to be expensive might think so. PAGE 20
Gurgaon-based solution provider, Foetron, helps CREDAI go paperless with a mobile computing implementation. PAGE 34
n EDITOR’S NOTE
Vijay Ramachandran Leadership Isn’t About You
IKE MANY readers of ChannelWorld, you too might
have beaten the odds to turn entrepreneur, slogged through a bunch of low-margin business, built domain knowledge, established credibility with clients, nurtured a team, and navigated the ebb and flow of economic cycles. You combine experience and expertise. Who better to make decisions regarding your organization, right?
Maybe not. Since the Indian economy slowed down five years ago, I’ve seen solution providers struggle to respond to the changing landscape, blunder about trying to manage in-house talent, and indulge in a quest for the correct path that leads to profits and prosperity. I know quite a few organizations have decided to just hunker down and let the storm blow over. After all, why introduce more risk into the equation than already exists. Why is this? Business has always been cyclical. You have seen crises before. Despite fuzzy horizons the external environment is ever changing. So what makes this economic era so amazingly different than those before? Why are your options so limited? Why is there a dearth of ‘good’ ideas going around? Based on several conversations I’ve had with many of you over the past many
months, I can only conclude that the brains-trust that runs many solution providers are exhibiting critical signs of inertia. The inertia of sticking to well-trodden paths. The inertia of seat-of-the-pants management based on gut instinct. The inertia of placing your bets on only a sure thing. The inertia of ‘experimenting’, but only within ‘acceptable’ constraints. The inertia of only listening to the HiPPO (Highest Paid Person’s Opinion). If you want to break through this current impasse and change your organizations for the bet-
n How can you
be a successful leader if you have little or no space for a colleague’s ideas while backing your individual gut instinct over cold, hard fact?
ter, reduce the influence that boards and managing committees wield in your organization. For, the most innovative ideas in your organization possibly lie outside the boardroom. Also, among your staff are levels of energy that lie untapped, condemned as many of them are in toeing the line. The trouble actually lies with your past record of success. Successful executives often get so convinced of the inherent superiority of their own thoughts that have little space for another’s ideas or require firm data to back their beliefs. Relying on experience, such leaders are quick to undermine contradictory opinions. Can you blame your employees for staying content to follow a lead rather than demonstrating initiative? Data is the new oil. It’s easier to test hunches for feasibility now than ever before. Your clients are deepening their analytics
capabilities to tap customers better. Why then do so many heads of solution provider firms still trust their gut feel? Is it so difficult to encourage employees across levels to test out their thoughts, and let the facts, and not senior management opinions, guide the path forward? Words like delegation or empowerment will mean little more than functional task allocation unless you are willing to trust your colleagues to help your company be successful. For anyone in a leadership position, anyone who’s even marginally ‘arrived’ in life, it’s tough enough admitting that they’re flawed creatures. But, making the leap to realizing that these flaws are impacting others and the organization in a toxic way can be both uplifting and downright depressing. Ford CEO Alan Mulally once said: “Leadership is not about me. It’s about them. And that is hard. For a great achiever, everything is about me; for a great leader, everything is about them.” Have the faith. Make the leap. Are you up to the challenge? Write in and let me know. Vijay Ramachandran is the Editor-in-Chief of ChannelWorld. Contact him at vijay_ramachandran@ idgindia.com
FOR BREAKING NEWS, GO TO CHANNELWORLD.IN
Inside INDIAN CHANNELWORLD n FEBRUARY 2014
■ NEWS DIGEST 11 Riverbed May Go Private|
Investment company Elliott Management has offered to buy Riverbed Technology for just over $3 billion while giving Riverbed a chance to entertain higher bids. 11 Intel to Reduce Workforce |
Intel expects that its workforce will decline by 5 percent as it heads into a
05 Editorial: Vijay Ramachandran
believes some leaders are quick to undermine contradictory opinions. If so, how will it be possible to be a successful leader if you have little space for a colleagues ideas? 44 PlainSpeak: Yogesh Gupta believes that partner organizations consciously have to strike a balance of multiple vendor alliances to avoid hassles in case of shaky M&As. 20 Bart Perkins: Is benchmarking likely to be a waste of money? Some companies that find it to be expensive might think so.
■ THE GRILL
21 Julie Parrish, Senior Vice
year in which revenue is likely to be flat. Intel announced its expectations for a decline in its workforce in the wake of its fourth quarter earnings report. 12 Global IT Spending Will Grow Slightly | Global spending on IT and telecom products and services will grow 3.1 percent between 2013 and 2014, compared to just 0.4 percent a year earlier, with enterprise software spending driving much of the growth, according to Gartner projections.
President and Chief Marketing Officer, and the former channel chief of NetApp talks about the rights and wrongs in channel marketing.
■ NEWS ANALYSIS
■ FAST TRACK
15 What’s in Store for 2014? |
23 Aditya Narain Kakkar, Director, Intensity Global Technologies, says that its “intense” relationship with vendors is its winning ticket. The company has also evolved into a private limited company, making its corporate ambitions clear to the market.
Cover Photograph by: KAPIL SHROFF Cover Design by UNNIKRISHNAN A.V
What the industry’s top application vendors are likely to do this year.
26 ■ COVER STORY
26 Quarter Game
Vendor companies and enterprise channels live by the quarter. It is all important in ensuring that their revenues and profit remain strong as ever. But how do they sustain it? In this edition, partners share their ideas, tips, and experience of holding things together by the quarter. Read how partner organizations manage OEM tie ups, motivate internal employees, and gratify end-customers—year after year.
■ CASE STUDY
34 Mobility Unlimited
Gurgaon-based solution provider, Foetron, helps CREDAI go paperless with a mobile computing implementation.
FOR BREAKING NEWS, GO TO CHANNELWORLD.IN
INDIAN CHANNELWORLD n FEBRUARY 2014
■ ON RECORD
24 Rami Rahim, EVP, Platform Systems
Division, Juniper Networks, believes that the
Think of them as innovations in deviance. Like anything innovative, many are a measure of simplicity. Today’s most ingenious malware and hackers are just as stealthy and conniving. Here are some of the latest techniques of note that have piqued a lot of interest and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users.
42 Work Out a Secure Way
SECURITY: Regulations aimed at protecting the security and privacy of organizations and individuals are well meaning. But sometimes these standards, or how they’re interpreted, can be more than a nuisance—they can actually contribute to weaker security. Here are seven good ways you can fix your security compliance problems.
company is on a mission to make enterprises SDN-ready.
■ FOCAL POINT
39 Tread Carefully
36 Get One Up on Vendors If you think software is getting more expensive, you’re right. Not only that, it’s
SECURITY: Each year anti-malware re-
searchers come across a few techniques that raise eyebrows. Used by malware or
CHANNELWORLD Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India
Publisher, President & CEO Louis D’Mello n EDITORIAL
Editor-in-Chief Vijay Ramachandran Managing Editor T.M. Arun Kumar Executive Editor Gunjan Trivedi Associate Editors Sunil Shah,Yogesh Gupta Features Editor Shardha Subramanian Special Correspondents Gopal Kishore, Radhika Nallayam, Shantheri Mallaya Principal Correspondents Anup Varier, Debarati Roy, Sneha Jha, Varsha Chidambaram Senior Correspondents Aritra Sarkhel, Eric Ernest, Ershad Kaleebullah, Shubhra Rishi, Shweta Rao Senior Copy Editors Shreehari Paliath, Vinay Kumaar Lead Designers Jinan K.V., Pradeep Gulur, Suresh Nair, Vikas Kapoor Senior Designers Sabrina Naresh, Unnikrishnan A.V. n SALES
President Sales & Marketing Sudhir Kamath Vice President Sales Sudhir Argula Vice President Special Projects Parul Singh General Manager Marketing Siddharth Singh General Manager Sales Jaideep M. Manager Key Accounts Runjhun Kulshrestha, Sakshee Bagri Manager Marketing Ajay Chakravarthy Manager Sales Support Nadira Hyder Senior Marketing Associates Anuradha H. Iyer, Archana Ganapathy, Benjamin Jeevanraj, Rima Biswas, Saurabh Patil Marketing Associate Arjun Punchappady, Cleanne Serrao, Lavneetha Kunjappa, Margaret DCosta, Nikita Oliver, Shwetha M. Lead Designer Jithesh C.C. Senior Designer Laaljith C.K. n OPERATIONS
hackers, these inspired techniques stretch the boundaries of malicious hacking.
getting harder to even find the price hikes, so you can avoid them or know it’s time to switch to another vendor’s software. Here’s is what you can do to stake your claim.
ADVERTISERS’ INDEX Emerson Network Power India Pvt. Ltd . . . . . . . . BC
Grass Roots India . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Boston Limited(India) . . . . . . . . . . . . . . . . . . . . . IBC
IBM India Pvt. Ltd . . . . . . . . . . . . . . . . . . . . . . . . . IFC
EMC IT Solutions India Pvt Ltd . . . Cover on Cover
NetApp India Marketing & Services Pvt Ltd.,18 & 19
Epson . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Schneider Electric IT Business India Pvt Ltd. . . . 7
This index is provided as an additional service. The publisher does not assume any liability for errors or omissions.
All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company. Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. Editor: Louis D’Mello, Printed At Manipal Press Ltd, Press Corner, Manipal-576104, Karnataka, India.
Vice President HR & Operations Rupesh Sreedharan Financial Controller Sivaramakrishnan T.P. CIO Pavan Mehra Senior Manager Operations: Ajay Adhikari, Chetan Acharya, Pooja Chhabra Senior Manager Accounts Sasi Kumar V. Senior Manager Production T.K. Karunakaran Senior Manager IT Satish Apagundi Manager Operations Dinesh P., Tharuna Paul Manager Credit Control Prachi Gupta Sr. Accounts Executive Poornima n OFFICES
Bangalore IDG Media Pvt. Ltd. Geetha Building, 49, 3rd Cross, Mission Road, Bangalore 560 027, Karnataka Tel: 080-30530300. Fax: 080-30586065 Delhi IDG Media Pvt. Ltd. DLF Corporate Park, Tower 4 B, 3rd Floor, Room 301, MG Road, DLF Phase 3, Gurgaon- 122001, Haryana Tel: 0124- 3881015 Mumbai IDG Media Pvt. Ltd. 201, Madhava, Bandra Kurla Complex, Bandra East, Mumbai 400051, Maharashtra Tel: 022-30685000. Fax: 022-30685023
PAGE 12: Global IT Spending Will Grow Slightly PAGE 12: Citrix Buys Framehawk PAGE 14: SAP’s Revenue Mix Shifting to the Cloud PAGE 15: What’s in Store in 2014?
F I N D M O R E A R T I C L E S AT CHANNELWORLD.IN
Riverbed May Go Private
Elliott Management has offered to buy WAN optimization vendor Riverbed Technology for just over $3 billion (about Rs 18,500 crore) while giving Riverbed a chance to entertain higher bids. Elliott started buying Riverbed stock last September and now owns about 10.5 percent of the company, according to an offer letter that Riverbed filed with the US Securities and Exchange Commission. Elliott said growth is slowing in Riverbed’s core business and the
company’s efforts to diversify so far have hurt its value. Riverbed’s core products are appliances that help enterprises use expensive wide-area networks more efficiently. In recent years, the San Francisco company has acquired other businesses to expand its offerings, most notably buying Opnet in 2012 for about $1 billion (about Rs 6,100 crore) for its tools to gauge and manage the performance of applications and networks. In addition to its Steelhead WAN optimization appliances, Riverbed now offers the Stingray line of ap-
plication delivery controllers and Granite cloud computing technology. Elliott’s buyout plan includes a “go-shop” provision that would let Riverbed’s board seek competing bids for a period after it reached a deal with Elliott. “We are aware that numerous parties have expressed acquisition interest in Riverbed, and this structure guarantees that the Company will secure a healthy premium for its stockholders while holding open the opportunity to obtain an even higher premium,” the letter said. The New York investment company said its offer represents a 29 percent premium over Riverbed’s stock price before Elliott started buying large numbers of shares, a move that Elliott said has driven up Riverbed’s shares. In the quarter ended Sept. 30, Riverbed posted revenue of $262 million (about Rs 1,600 crore), up 20 percent from a year earlier, and a profit of $3.8 million (about Rs 23 crore), down from $24.7 million (about Rs 152 crore). Elliott said it has long been involved with IT and networking companies. It was part of a consortium led by Bain Capital and Golden Capital that bought systems management vendor BMC Software last year for $6.9 billion (about Rs 43,000 crore).
—Stephen Lawson INDIAN CHANNELWORLD
Intel to Reduce Workforce Intel expects that its workforce will decline by 5 percent as it heads into a year in which revenue is likely to be flat. Intel announced its expectations for a decline in its workforce in the wake of its fourth quarter earnings report. The world’s largest chip maker said that it saw signs that the PC market is stabilizing, and announced that fourth quarter profit was
up 6 percent year-over- year, to US$2.6 billion, while revenue increased 3 percent to $13.8 billion. It expects to reduce its workforce by 5 percent in 2014.“Intel will be aligning resources to meet the needs of the business this year,” according to a company statement. “This will include targeted workforce reduction in addition to realignment of resources.” A workforce reduction could be achieved though redeployments, voluntary programs, retirements, and through attrition, the company said. —Marc Ferranti
Global IT Spending Will Grow Slightly
efficient and improve maron IT and telecom keting, said Richard Gorproducts and serdon, Gartner’s managing vices will grow 3.1 vice president. Enterprise percent between 2013 and spending in supply chain 2014, compared to just 0.4 management will grow percent a year earlier, with by 10.6 percent in 2014, he enterprise software spendsaid in a press release. ing driving much of the Device spending will growth, according to Gartrise 4.3 percent to $697 bilner projections. lion, and IT serWorldwide vices spending spending for IT will increase 4.5 and telecom will percent to $963 is the expected growth in enterprise total $3.8 trillion, billion, Gartner software spending in with enterprise predicted. Gart2014 which will total software spendner had projectup to $320 billion. ing driving the ed a 6.3 percent growth, Gartner Source: Gartner growth in device said Monday. Enterprise spending for 2013, but now software spending will says there was a decrease total $320 billion, growing of 1.2 percent. 6.8 percent in 2014, the reTelecom services will search firm said. grow just 1.2 percent durIn January 2013, Gartner ing the year, to $1.7 trilpredicted IT spending lion, Gartner predicted. growth of 4.2 percent for While telecom services the year, but growth ended will see the lowest growth up at 0.4 percent. of five categories meaBusinesses will spend sured by Gartner, it will money on analytics to still improve compared make processes geared to 2013, when it dropped toward consumers more 0.5 percent, Gartner said. LOBAL SPENDING
A year ago, the firm had predicted growth of 2.4 percent in that category. Gartner’s numbers differ from projections released by competitor Forrester Research, which released its IT spending predictions last week. The more optimistic Forrester expects global spending on technology to rise 6.2 percent to $2.2 trillion in 2014, but those numbers don’t include telecom services, as Gartner does. IT spending grew only 1.6 percent in US dollars during 2013, Forrester said. IT spending will grow even faster in 2015, with a 8.1 percent growth rate, Forrester predicted. Since last quarter, Gartner has lowered its IT spending forecast for 2014 from a 3.6 percent increase to 3.1 percent. Much of that decrease is due to a downward revision in telecom spending, with a growth in mobile-only households, declining voice rates in China and a more frugal usage pattern among European customers contributing to a lower growth rate in telecom services, Gartner said. —Grant Gross
Citrix Buys Framehawk Citrix Systems has acquired Framehawk for an undisclosed sum, and will use the company’s technology to improve the performance of virtual desktops and applications over wireless networks. With the increased adoption of tablets and smartphones in enterprises, performance becomes an issue over Wi-Fi and cellular networks where access may be intermittent or poor due to congestion, high packet loss
and or high latency, according to Citrix. To mitigate such problems, Framehawk’s technology will be combined with Citrix HDX in the XenApp and XenDesktop products. Citrix didn’t provide any details on when that work will be finished. Framehawk’s LFP (Lightweight Framebuffer Protocol) was inspired by experiences company engineers had when working in
INDIAN CHANNELWORLD FEBRUARY 2014
ACQUIRED: Citrix is looking to improve its VDI performance.
spacecraft communications at NASA, according to Framehawk. The goal was to enable communication over 24,000 kilometers on mobile networks without the help
Short Takes BlackBerry announced the opening of BlackBerry Enterprise Solutions Centres in Mumbai and Gurgaon. The centers, the first-of-their-kind in India, will cater to the needs of enterprise customers and provide them with a walk-in experience of BlackBerry’s robust enterprise mobility management solutions including BES10, BlackBerry Enterprise Server 5 and BlackBerry Enterprise Server Express, hosted and cloud-based options, etcetera. Fortinet announced that it has appointed a dedicated channel manager to strengthen relationships and better capitalize on business opportunities with its national-level partners in the country. As Senior Manager-Channel Account Management, Bino George will be the single point of contact for Fortinet’s most important system integrator partners, and enable Fortinet to more strategically and cohesively manage them at a country level.
of a customized chipset on each device, it said. The last couple of months have seen vendors step up their efforts to boost the use of virtual desktops and desktop-as-a service offerings, which are based on the same technology. In October VMware acquired desktop-as-a service company Desktone and in November Amazon Web Services announced WorkSpaces, a desktop-as-a service offering based on Teradici’s PCoIP technology, which competes with HDX. —Mikael Ricknäs
CHANNELPARTNERSTRATEGY TRUL YCHANNEL CENTERED?
Wehel por gani s at i onscr eat ecompel l i ngandi mpl ement abl es t r at egi est hatengagewi t hchannel par t ner st obui l dt r us t ,l oy al t y , andcommuni t y–andul t i mat el ydr i v es al es .Fr om benchmar k i ngt odel i v er y ,wehel pourcl i ent st obr i ngt hei rchannel s t r at egyt o l i f e,t hr oughs t r uct ur eddes i gn,dev el opmentanddepl oy ment .
www. gr as s r oot s i ndi a. i n
SAP’s Revenue Mix Shifting to the Cloud
AP’S BUSINESS is gradually shifting to the SaaS model while sales of its Hana in-memory database platform continue to grow quickly, according to preliminary fourth-quarter and year-end results. Software revenue for the quarter ended Dec. 31 fell 2 percent on an IFRS (international financial reporting standards) basis to $2.58 billion (about Rs 16,000 crore), while cloud subscriptions and support jumped 66 percent to $284 million ( about Rs 1,800 crore), SAP said. Software and related services revenue, which includes the lucrative annual maintenance payments on-premises software customers make to SAP, rose 3 percent to $5.94 billion. Total revenue for the quarter was up 2 percent to $6.9 billion, while operating profit grew 13 percent to $2.4 billion. For the full year, revenue grew 4 percent to $22.86 billion (about Rs 1.3 lakh crore), while operating profit rose 10 percent to $6.07 billion, SAP said.SAP’s coCEOs hailed the results in a prepared statement. “We are one of the few global tech companies that has successfully managed the transition to the cloud while growing our core business and improving our profitability at the same time,” said Bill McDermott and Jim Hagemann Snabe . The latter will be stepping down this year. Hana revenues served as 14
“a major growth engine” in SAP’s fiscal 2013, rising 69 percent to $903 million, the company said. Customers are “showing strong interest” in running their SAP Business Suite implementations on Hana, as well as on SAP’s Hana-powered hosting service, according to the company. SAP is hoping to convince customers that have long used Oracle’s database underneath Business Suite to switch over to Hana, but must contend with a looming Oracle database upgrade cycle as well as an upcoming in-memory option for the rival product. Databases serve as an anchor for applications
TheWorld Juniper Announces Firefly Suite
Juniper Networks announced its Firefly Suite for virtualmachine security, a set of software-based products for VMware and KVM that contain the security and switching capabilities found in Juniper’s SRX Series Services Gateway, as well as Junos Space Virtual Director. The suite includes Firefly Perimeter, which depending on a datacenter’s topology, could be used for segmentation in lieu of a physical firewall or in conjunction with it, —Ellen Messmer
INDIAN CHANNELWORLD FEBRUARY 2014
vendors, given they can not only support the company’s packaged products but also bespoke applications customers might build to fit a specialized business need, making the task of shifting to an alternative that much more difficult.
HID Opens Global Operations Center
HID Global announced the opening of its new World Headquarters and North American Operations Center in Austin, Texas. HID Global has initiated its first phase of operations at the state-of-the-art facility ahead of schedule and expects it to be fully operational by Q3 2015. The plans for the new campus were announced in May 2012, with almost 400 employees expected to be at work in the new facility by 2015. —ChannelWorld Bureau
McAfee Rebadged ‘Intel Security’
Intel has removed eccentric programmer and former
The preliminary earnings announcement didn’t mention any notable wins for Hana over Oracle’s database, but more details could come with the finalized fourth-quarter and yearend results on Jan. 21 —Chris Kanaracus
fugitive John McAfee’s name from the eponymous security company it bought for $7.6 billion in 2010. .The McAfee brand name will be phased out and rebranded Intel Security. The announcement follows John McAfee’s constant criticism of the software he created.Last year he released a ‘guide’ video on how to uninstall the software. The re-branding will begin immediately and is expected to take a year to complete. —Brian Karlovsky
NEWS ANALYSIS n
Store for 2014?
What the industry’s top application vendors are likely to do this year. By Chris Kanaracus
F RECENT history is
any indication, 2014 will be a busy year for the enterprise applications industry as vendors jockey for position and customers ponder moves from legacy ERP (enterprise resource planning) and CRM (customer relationship management) implementations to cloudbased services. Here’s a look at what some of the sector’s main players are likely to do as the year unfolds. Oracle: A big area of investment lately for Oracle has been in “customer experience” software, which spans sales automation, marketing, service and support. Most recently, it
bought Responsys, a maker of business-to-consumer marketing software, and plans to pair it with technologies gained through the acquisitions of Eloqua and Compendium. Expect Oracle to fine-tune its customer experience messaging this year in order to differentiate its offerings from that of Salesforce. com, Adobe and SAP. Oracle is also girding for a fight against rivals in the database market with the recently released version 12c. The company is planning to release an in-memory option for 12c sometime next year that it says will provide dramatic performance improvement. SAP: For a few years now,
the most frequently heard word emanating from SAP’s marketing department has been HANA, its in-memory database. If anything, customers should expect to hear even more about HANA this year as SAP continues to build out support platform services and development tools for it. It will be telling to see whether SAP manages to come up with a significant number of public customer references who have begun using HANA underneath their SAP Business Suite installations instead of Oracle. This is a key goal for SAP but it could face a challenge getting many customers to make such a switch given the timing of Oracle’s database release, as well as the pending inmemory option. SAP will have to give customers confidence that a move to HANA won’t be risky, and will reap major rewards. This year, SAP will also return to a sole CEO model, with Bill McDermott taking the helm as co-CEO Jim Hagemann Snabe steps down. McDermott will be the first American to become sole CEO of the German vendor; customers and partners will be watching to see whether McDermott pushes for significant strategy changes as he makes his initial stamp on the job. Salesforce.com: There are several reasons to keep close watch on Salesforce. com in 2014, according to independent enterprise applications analyst China Martens. One is Salesforce1, the new development platform Salesforce. com announced at the Dreamforce conference in November. “[Will]
n NEWS ANALYSIS Salesforce1 resonate with customers, partners, and developers or is there another reworking to come?” Martens said via email. Salesforce.com will also be pushing its Marketing Cloud product family, which it built out through acquisitions such as Buddy Media and ExactTarget. The question is whether Salesforce. com is done buying. One area where Salesforce.com has lagged in some observers’ eyes is analytics. This year, it might be wise to watch for a stronger analytics product push from Salesforce. com, whether through acquisitions or partnerships, Martens said. Microsoft: Martens is also keeping watch on Microsoft, which will soon have a new CEO after the pending departure of longtime chief Steve Ballmer. Ballmer has treated Microsoft’s Dynamics ERP and CRM business with deference, preserving it as a separate entity as part of the company reorganization he pushed through last year. Dynamics is seen as a means for Microsoft’s sales force to have more conversations with C-level executives in companies, rather than just IT, and therefore as a conduit for other Microsoft products. There are four ERP products in the Dynamics family, something Microsoft tried to streamline but ultimately gave up on some years ago. The new CEO will be faced with “the age-old question of how to balance the needs of four ERP product families and integrate them to one CRM product,” Martens said. Workday: The HCM (human capital management) 16
IBM Pumps $1.2 billion into Global Cloud Datacenters
ISPELLING any lingering doubt that IBM sees cloud computing as the way of the future, the company announced that it will invest $1.2 billion (about Rs 7,400 crore) this year in expanding its global cloud infrastructure. “Having lots of datacenters in lots of different countries around the world will be important in the long-term,” said IBM SoftLayer CEO Lance Crosby. “We want the world to understand that cloud is transformational for IBM.” The company plans to open 15 new datacenters this year, more than doubling the cloud capacity it acquired when it purchased SoftLayer last year for $2 billion. It plans to combine the new data centers, the existing SoftLayer data centers, and the data centers it already ran before the SoftLayer purchase into a single operation that would provide public and private cloud services to its customers, as well as provide services for internal operations. While IBM has remained relatively quiet about its cloud plans, at least in comparison to Microsoft and Amazon Web Services, it has been busy preparing for the cloud-centric future, said Rebecca Wettemann, a vice president at the enterprise IT analysis firm Nucleus Research. This announcement is the logical next step for the company, Wettemann said. “IBM has always taken a measured approach to announcements. But IBM has quietly been running datacenters for a long time, and the IBM cloud has been established,” she said. “We’ve seen a slow transformation of IBM from a services company to a software company, and now to a cloud company.”
software vendor remains hot coming off its late 2012 IPO and will look to ride the momentum through 2014 as it builds out its financial software product line and sells it into large enterprises that have traditionally been Oracle and SAP shops. On the company’s thirdquarter earnings call in November, co-CEO Aneel Bhusri said Workday now has more than 550 customers around the world. Bhusri also revealed that Workday had landed 10 new financials customers in the quarter, but said none were in the
INDIAN CHANNELWORLD FEBRUARY 2014
Since 2007, IBM has acquired more than 15 companies with cloud computing software or expertise, spending more than $7 billion in the process. “Through acquisition, IBM has really done a good job of retaining people who can grow this business,” Wettemann said. In fact, the SoftLayer acquisition of last August plays a key role in the new expansion. Thanks to its easy scalability, the architecture and supporting software that SoftLayer developed for its own operations will serve as the foundation for this unified IBM cloud. “Everything at IBM going forward will reside on the SoftLayer infrastructure-asa-service,” Crosby said. Building on SoftLayer’s services, IBM will offer a global IaaS (infrastructure-as-a-service) as well as the hundreds of IBM PaaS (platform-as-a-service) and SaaS (software-as-a-service) offerings. IBM’s recently announced initiative to commercialize Watson-style cognitive computing, for example, will take advantage of the global cloud. Initially, IBM will opendata centers in Washington, London, Hong Kong, Toronto, Mexico City and Dallas, as well as in cities in Japan and India. Additional locations will be announced later in the year. IBM plans further expansions next year, setting up new locations in the Middle East and Africa. IBM is estimating that global cloud revenue will grow to $200 billion per year by 2020. IBM hopes to generate $7 billion in cloud revenue in 2015. —Joab Jackson
Fortune 1000. NetSuite: The cloud-based ERP vendor may have a busy year. Of particular interest could be the evolution of its HCM strategy. NetSuite has taken a two-tier approach, with its recent TribeHR acquisition serving smaller companies, and partnerships with Oracle and others for large enterprise deals, Martens said. Infor: Under the leadership of ex-Oracle president Charles Phillips, Infor has retooled its user interface, added hundreds of developers and formed partnerships with cloud vendors such as
Salesforce.com. But some might argue the company’s profile is still fairly low. This year, Infor will be ramping up its marketing machine in an effort to change that. “We feel the technology is in place, and now it’s time to tell the story,” said Infor spokesman Dan Barnhardt. On the product end of things, it wouldn’t be surprising to also see Infor take further steps into HCM, whether through partnerships with companies such as Cornerstone on Demand and Ultimate Software, or acquisitions.
THORNTON A. MAY
The Future Needs CIOs The growing opinion is that CIOs are a dying breed. Well, think again. Their survivability might just surprise you.
Thornton A. May is author of The New Know: Innovation Powered by Analytics and executive director of the IT Leadership Academy at Florida State College in Jacksonville. You can contact him at email@example.com or follow him on Twitter (@deanitla).
EVERAL WEEKS ago, a group of enterprise CIOs gath-
ered to celebrate the 32nd birthday of CIO-ness. That’s right, the “chief information officer” job title is 32 years old. There are several origin myths associated with the CIO position floating around our industry, but all of them roughly place the moment of CIO conception as sometime during 1981. I asked the hundred-plus CIOs in attendance to think back to what they were doing when they were 32. Doing pattern recognition on the responses revealed much. The most important observation was that by age 32, the executives in the room emphatically concluded that their careers were not over. They unanimously agreed that from age 32, their jobs got bigger, better, and different. We should all be able to conclude with equal certainty that at age 32, CIO job is not over either. Not even close. Things are going to get bigger, better, and different on a massive scale. But for some reason, subscription research firms in our industry insist that the role of the CIO is in decline and will soon be relegated to the dust heap of history. This is patently absurd. Think about it. We are on the cusp of a digital renaissance. Yet the CIO will have no role to play in the new era that is dawning? The boffins at Cisco and GE prophesy that “waking up” the things of our lives has the potential of unleashing $14.4 trillion in economic value. Peter Weill and his merry band of geniuses at the MIT Sloan School of Management’s Center for Information Systems Research are deep into research describing the various paths by which modern enterprises are becoming digitized. Scholars at Oxford University forecast that by 2033, 47 percent of the jobs in America may be eliminated by computerization. You don’t have to be a crystal-ball-packing futurist to know that IT is going to be a big part of whatever comes next. No one
doubts that technology is going to be a big part of the future. Why do so many people think the CIO is going to disappear just when the party starts to get interesting? I’m not saying that every CIO should be at that party. I admit that there are a few bad apples in the CIO bushel basket. They are the folks who interview well, last about 18 months, and then slink off quietly to destroy value at some other unsuspecting enterprise, leaving the organization that hired them to clean up their mess. But the vast majority of CIOs are amazing. They understand the business better than just about anyone else. They have mad relationship skills and actually care about their people. They are wicked smart and scary funny. I am so tired of academics, consultants, and vendors beating the “they only speak geek” drum. The empirical evidence does not support this misconception. The path ahead is exciting and requires leadership. To posit that incumbent CIOs are wholly not up to the constantly morphing tasks associated with a rapidly digitizing civilization is a fallacy being foisted upon enterprises by revenuescrounging executive search firms. The reality is—just as it has been for the past 32 years—hat organizations get the IT they deserve. FEBRUARY 2014
Insight NetApp’s strategies to improve channel partners’ businesses is absolutely resultoriented. It’s a one-stop shop for fruitful global opportunities.
S.T. Muneer Ahamed, Managing Director, Digital Track Solutions, talks about how associating with NetApp has helped the systems integrator leapfrog to a higher league. By Aritra Sarkhel
What are the big opportunities you foresee with NetApp? Our engagement with NetApp cuts across many verticals. Its strategies for channel partners’ businesses is absolutely resultoriented and it’s a one-stop shop for global opportunities for us to collaborate on storage solutions for both large enterprises and SMBs alike. Our alliance with NetApp in the storage space has delivered significant positive business outcomes year on year. How has NetApp helped you expand your storage portfolio over the years? NetApp consistently conducts pre-sales activities every quarter and many collaborative activities among partners. It has also been a great source of enablement for our resources to effectively service our customer base. On the products side, NetApp’s scalable infrastructure solutions, especially FlexPod, have thrown open a wide array of opportunities for us. Based on NetApp and Cisco’s joint venture, FlexPod caters to the increasing need for a more automated system with lower cost of operations. Through the years, NetApp has been extending excellent support to us in terms of performing all these activities. Tell us about some of your major wins with NetApp which catapulted you to the big league. Over the years, we have focused on large enterprises and global opportunities with NetApp. We have bagged many important customer wins including the likes of Hyderabad-based Xilinx India Technology Services and AMD India, based on NetApp’s unified, customized storage solutions. These were a few huge opportunities for us, and using NetApp’s wide range of solutions, we were able to get those customers on board. For these customers, we have been doing technology refresh on a quarterly basis and helping them upgrade to newer
technological ecosystems altogether. Also, we have installed storage-related enclosures for these customers. NetApp’s storage ecosystem is highly resilient and it’s sure to sustain its legacy in the technology for years to come.
“Our comprehensive, expanded portfolio and product leadership are propelling our partners to address more customers and workloads across industries. There are over 660 certified FlexPod partners across the world today who are helping customers achieve positive business outcomes consistently.” — Krithiwas Neelakantan, Director Channel & Alliances, India & SAARC, NetApp India
How will collaborating with NetApp help channel partners in a competitive market like India? NetApp’s quarterly deal registration in and around its existing storage infrastructure has been very good so far. They keep us duly informed about any advancements on their present set of solutions and help us plan accordingly when it comes to pitching the same to customers. Also, whenever there is a different plan arising from its existing portfolio of systems, NetApp gets in touch with us, giving rise to opportunities to acquire new customers. Besides, NetApp can add value in terms of consultation regarding a solution. Having said that, another important area of opportunity is the SMB space, where NetApp has been investing extensively of late. We expect to see a good deal of business happening around storage there as well in the near future. What key trends according to you will impact the enterprise storage market in 2014? The market of surveillance has been doing very well for the last four to five years. People have been widely talking about surveillance and they want a good amount of storage to manage it. Also, there is good scope for cloud storage in the coming years because private cloud is on the rise and a great deal of storage is required for the same. How has NetApp’s association helped your organization tackle partner-related challenges so far? We hold regular video meetings with NetApp to discuss what implementations we have done in the past and how we can improve on their offerings, besides tackling customer-related issues that might arise in the future. We also get to see what value addition NetApp is bringing to the table on a continual basis. The great frequency of these meetings help us understand each other better.
Is Benchmarking Worth it?
E ALL know the arguments for benchmarking:
Is benchmarking likely to be a waste of money? Some companies that find it to be expensive might think so.
It lets you compare your costs and service levels against those of similar organizations. It helps you focus your resources on improving any processes that have higher costs or lower service levels than industry norms. It can provide a solid foundation for comprehensive improvement plans. Here’s an argument against benchmarking: It can waste money.
Bart Perkins is managing partner at Louisville, Ky.based Leverage Partners, which helps organizations invest well in IT. Contact him at BartPerkins@ LeveragePartners.com.
True apples-to-apples comparisons don’t come easily. You have to dig around to find out, for example, which accounting rules are used. Does a programmer’s hourly cost include bonus and benefits? How about facility, technology and administrative support costs? You also have to make sure you understand how the various organizations in your benchmarking cohort calculate things like application response time, network availability and the percentage of incidents resolved on the first call. Accounting for all of those differences takes a lot of effort and many hours of work—in other words, a lot of money. Is benchmarking likely to be a waste of money? The answer could very well be yes if these factors come into play: Weak IT management processes. It takes several years to fully implement ITIL or to achieve significant improvement from a PMP program, and any benchmarking data gathered will be unfavorable (and likely inaccurate) until the new processes are fully adopted. Premature benchmarking merely indicates the size of the improvement opportunity. While this may motivate some organizations, the same information can be gathered more quickly by consulting someone who’s an expert in ITIL, PMP, Cobit, or other control process. Poor IT accounting and weak metrics. When internal processes are weak, data collection becomes quite complex. The
INDIAN CHANNELWORLD FEBRUARY 2014
benchmarking team needs to make assumptions about data allocation and must combine data from multiple sources. While this may be sufficient for planning purposes, true benchmarking implies a high degree of precision. Even minor allocation errors make the analysis less precise and allow skeptics and critics to challenge the data and associated conclusions. Executives who aren’t yet committed to change. Benchmarks help organizations determine how to change, but not why. IT leaders frequently base decisions on logic and rigorous analysis and will understand the need for process changes merely from benchmark results. But many executives want compelling arguments in addition to data; they want passion, energy and inspiration. With such executives, benchmarking is insufficient, and perhaps even irrelevant. A need for radical restructuring. Benchmarking only identifies opportunities to make incremental improvements to existing processes. When you need to rethink your mission, redesign the organizational structure, increase customer engagement or alter the way you deliver products and services, benchmarking is a total waste. Benchmarking requires a stable context, a significant investment of resources and periodic refreshes. Use them wisely. It’s a diagnostic tool, not a replacement for sound business decisions. And certainly not a magic potion.
Dossier Name: Julie Parrish Designation: Senior vice president and chief marketing officer Company: NetApp Present role: In her role as CMO she is responsible for driving the company’s global marketing strategy to create preference, awareness, and demand of the NetApp brand. She leads the NetApp’s global marketing, corporate communications, and product and solutions marketing groups.
P h o t o g r a p h b y D E LT R I M E D I A
Career graph: Before becoming CMO, Julie was SVP of Global Partner Sales at NetApp. Under her leadership, NetApp’s channel program grew to 82 percent of the company’s total business. Prior to NetApp, she was VP of the global channel office at Symantec. She has also held other senior leadership roles at 3Com, Veritas, and Nokia. Julie has served as a guest lecturer for both Stanford and UC-Berkeley MBA and executive leadership programs.
n THE GRILL
SVP and CMO, and the former channel chief of NetApp talks about the rights and wrongs in channel marketing.
Before stepping into the CMO’s role at NetApp, you were a channel person for more than a decade. How tough or easy is the new responsibility? How well could you utilize your channel sales experience in your new capacity? I would say that the new role has been tough in interesting ways. The toughest part of my new job is that if you’re not careful, you can be very ‘internal’. A lot of marketing is very internally focused. They are focused on getting products to the market and how you want to position the company. But most of them talk to themselves. As the channel head, I used to continuously talk to customers, sales, channels, and industry analysts. So my biggest fear was that I would not get to talk to customers as often as I would want to. So that was one area I worked on. The other challenge, which I believe that our marketing team has gradually transitioned through, is
n THE GRILL | JULIE PARRISH between the two functions in the industry? The common mistake that lot of marketing folks make is that they think the channel can do ‘marketing’ for them. But that is not true. For the most part, the channel is much more like a company’s sales team. They need leads and training. Very few of them really have the capability to be marketers. That is one of the biggest disconnects that exists in the industry. I have never been a believer of the philosophy that you can train the channel to do marketing.
I have never been a believer of the philosophy that you can train the channel to do marketing for vendors.
to get them think a lot like sales. Sales teams are measured quarterly, monthly, weekly, or may be even hourly on what they are delivering. Trying to get our marketing team to be faster, and helping them think about which decision is going to move the needle faster was a challenge. But the basic mechanics of the marketing was not surprisingly challenging for me because I have marketing experience from my previous jobs. You recently mentioned that you would personally strive to incorporate the channel business into NetApp’s marketing strategy. Now, that’s interesting. Do you see some sort of a disconnect 22
INDIAN CHANNELWORLD FEBRUARY 2014
However, don’t you think NetApp’s channel, especially, would assume that you’re going to earmark a lot of marketing money for them as a CMO who knows them closely? I understand that our channel probably expected that somehow there was going to be a lot of marketing money for them when I step into the CMO’s shoes. But the market development fund (MDF) discussion is a very short one, because most of them don’t even have the customer database to do marketing. I have seen first-hand that even if you give the channel a lot of marketing money or put together a program and hand it over to them (with the money), they are just not good marketers. So when you really get right down to it, they would rather I give them more demand and more leads from the market. So, are you saying that MDF is not a relevant discussion for the channel? NetApp has always had very healthy market development fund programs for our partners. The percentage of MDF that we give to our channel has remained the same, but the dollars they get have gone up because of the increased revenue they generate. So I did not have to do anything really different. My focus has been on how they are going to effectively utilize that money. What the channel really needs from the marketing is to drive awareness in the market, drive demand, get some quality leads, and provide them with the right sales tools so that they can put across the right message to their customers and get business. As long as I stay focused on that, they
are fairly happy. The focus I took when I came into the job was to ensure that the channel was well included in our demand generation efforts, and our sales and enablement initiatives. I ensured that as we launch our product, the channel is integrated just like how our sales team is integrated with it and making sure that our partners have access to all the tools that our sales teams do. Let’s move to something more specific to storage. Do you think with the buzz around software-defined storage and cloud, the commodity hardware shipment is declining continuously? It is a difficult to predict a trend. We don’t seem to be getting the correlation. There was a time when the capacity shipment was not growing as fast as it was expected. That is when the analysts suspected that everything is going to the cloud. Two quarters later, it started coming back! At this point, it appears to be a mix and I suspect that the hardware shipment is going to go up. The growth in data is not changing. If anything, there is more data getting generated every day. The question is, where does the storage hardware sit and how does the software that manages all that evolve. NetApp seems to be quite ambitious about flash storage, so are most of the other big guns involved in storage. But it’s the large ecosystem of flash storage start-ups that are now in the limelight. Is it a tough game for you? Our story around flash is quite compelling. First of all, we went from not having a presence to being number one or two in the flash market really fast. Our portfolio is full-fledged. NetApp, IBM, EMC, and Cisco have all placed their bet on flash. They have either bought a company or have invested in this technology like we did. Then there are about 12 or 13 start-ups in this space. A couple of them have already been funded. Companies like Nimble, Pure, and Violin have interesting technologies. Besides that, how many of these start-ups are going to make it! How many customers would want to go with a brand new start-up! I would say, not many. —Radhika Nallayam
n FAST TRACK
Intensity Global Technologies
Founded: 2004 Headquarters: New Delhi JAN) Revenue 2013-14 (Expected): Rs 59 crore Revenue 2012-13: Rs 40 crore Revenue 2011-12 : Rs 33 crore Key Executives: Ravinder Singh, VP-Govt Sector; Anshul Singh VPChannels; Ranjan Pandita, HeadServices; Sumit Dua, AGM–Sales (Enterprise & SMB); Ateek Ahmad, Head-Support; Neeraj Singh, Head-Operations Key Principals: HP–EG, ATEN, IBM, Fortinet, Emerson, Adobe, Microsoft, EMC, VMware Key Business Activities: Infrastructure impelmentation and managment
P h o t o g r a p h b y S U M E E T S AW N E Y
Intensity’s “intense” relationship with vendors is its winning ticket, says Director, Aditya Narain Kakkar.
ROUND A decade old, New Delhi’s Intensity Global Technologies lives up to its name. Placed in the heart of Delhi’s business hub, the company had to position itself as a player with a difference. And this, it has achieved by cultivating a strong relationship with HP. Aditya Narain Kakkar, Founder-Director, muses, “We were doing SI business with a few vendors, till HP happened.” In 2007, Intensity commenced its relationship with HP as a Registered Partner. Soon, the vendor saw a reliable ally in the solution provider and in a matter of six odd years, the company has risen to the status of Platinum Partner, showcasing the entire HP enterprise portfolio right from networking, storage, servers
to security and software solutions. Intensity calls itself a one-stop-shop of sorts for HP enterprise customers. This didn’t happen overnight or without sweat and hard work. Says Kakkar with pride, “HP saw the kind
VERTICAL SPLIT 5%
Retail and utilities
of work we did, our strong value proposition to customers, and most importantly, our employees’ loyalty to us. These qualities have helped us forge a long-term bond, making us a core partner in the bargain.” Intensity’s HP business has been growing steadily at 100 percent year-on-year and has helped contribute significantly to the SI’s overall business year-on-year growth of 25-30 percent. The company has also evolved into a private limited company, making its corporate ambitions clear to the market. With SMB mandates, Intensity focuses on this segment without too much dilution. Says Kakkar, “Large enterprise is a good proposition but customers such as the telcos are not prompt in payments, and margins are abysmal; hence SMB remains the key.” Even with government, the company has restricted itself to defence as a conscious decision. In 2014, Intensity hopes to sign up with new OEMs. With strong vendor and employee loyalty quotients high, there is no stopping Intensity from reaching its goals. —Shantheri Mallaya
SOURCE: INTENSITY GLOBAL TECHNOLOGIES
ON RECORD n
Rami Rahim, EVP, Platform Systems Division, Juniper Networks, believes that the company is on a mission to make enterprises SDN-ready. By Shantheri Mallaya
INDIAN CHANNELWORLD FEBRUARY 2014
est BU within PSD that is the Edge Aggregation BU. Since the time I have taken up this role, the last year or so has centred on simplifying the organization and setting up ourselves up for driving maximum efficiency and execution around the enterprise and service provider segments by aligning our Edge and Core portfolios into a single cluster. On the switching side, we have combined several BUs focusing on the datacenter into a single BU. From a strategy standpoint, over the last year, while talking to the industry and our customers about SDN, we are also working actively with our colleagues in the Software Solutions Division for articulating our SDN strategy as well. You came into your current role in the Platform Systems Division (PSD) at a time when Juniper Networks was on the verge of making some significant announcements regarding its SDN strategy. What have been the developments since then? RAHIM: I have been with the company for about 16 years. Over the last year, I have been involved with the PSD. This entails all the strategy, innovation, and product development in the routing and switching portfolio. The strategy that we have devised and executed over the last couple of years remains steady. I didn’t have to make any major changes while acting upon the strategy in our focus areas. Prior to taking up the current role, I was the GM of the larg-
It is evident that Juniper Networks’ enterprise and service provider segments have distinct approaches and go-tomarket strategies. Can you elaborate a little on these? RAHIM: We, at Juniper Networks, believe all progress in IT centers around one of the fundamental building blocks— high performance computing (HPC). Juniper Networks is focused on ensuring that the industry sees the progress in HPC. Customers, both enterprises and service providers, have started to recognize the importance of agility. So, there are similarities and differences in the enterprise and the service provider strategy. Our SDN strategy will be compatible with both. The enterprise still rests
RAMI RAHIM | ON RECORD n with the datacenter, where there is a realization that the server techniques that were being used till date, have to now accelerate, and that is where we step in. Juniper Networks has announced the availability of ‘Contrail’. We believe we have a very compelling controller in Contrail. The hooks and the programmability that will result in a Contrail-plus-Juniperswitching solution, delivering value to customers, is part of what we’ve been working on. Though SDN is being hailed as a game-changer in the datacenter, players prefer to play the wait- and –
is Juniper Networks’ R&D spend as a percent of revenue. SOURCE:
With the goal of making it as easy as possible for our customers to deploy our own infrastructure, we want to work very well with the VMware architecture. Service providers see a more direct application of SDN, while in the enterprise segment, it remains that SDN will take off only when they acceler-
Around APAC, particularly in China and India, what does the SDN discussion look like? RAHIM: The discussions are the same, as the promise of SDN will not change dramatically. In these geographies, I would still say that the datacenter would, as in the case of the rest of the world, be first big use case. In any scenario, the question of money is all the more relevant and if you are investing a few million dollars. As a CIO, it is important to ask questions. The conversation is on with each and every engagement. The customers, particularly, in markets such
equipped to deliver the entire package. Juniper Networks also recognizes this and works closely with the operators. The other driver is that the service provider segment in India is witnessing a spurt of growth in mobile voice. In effect, as voice revenues now become key at the subscriber point, service providers have to look at diversifying revenue streams to their enterprise customers as well. This is like a value chain that will eventually fuel change, and will get more buyers for the SDN discussion. What is your unique value proposition?
The customers, particularly, in markets such as India, are not so taken by the technology as by the economics. Business led conversations are the norm. CIOs have distinct painpoints around the network, and SDN should be a long-term solution.” watch mode. What are the deterrents in looking at a sound SDN strategy? RAHIM: While we do maintain that SDN is real, it will be some time before industry see largescale adoption. The datacenter will possibly be one of the first huge use cases that the industry will see. What we are doing is providing the level of networking that will enable to capture SDN protocols, techniques, and solutions effectively without having to replace their network infrastructure The last thing, we are working closely with partners such as VMware, who are the key players in server virtualization.
ate the rate at which they provide resources to their customers. SDN provides the framework for automation in their existing infrastructure. Juniper Networks has also spoken about services chaining as the way to go as part of its SDN plan. What does this entail? RAHIM: The service chain is configured and administered in software that can adapt. Chaining of services, as we well know, earlier was labour intensive. The vision around SDN is to automate all of that; a centralized console that will be Juniper Networks’ value proposition to customers.
as India, are not so taken by the technology as by the economics. Business led conversations are the norm. CIOs have distinct painpoints around the network and SDN should be a long-term solution. Telcos are already a strong force of partnership for competition such as Cisco. What is Juniper Networks’ go-to-market approach? RAHIM: It is the not about Cisco and Juniper Networks, but in the way customers buy. The approach is the enterprise takes the responsibility of the entire IT spend, be it bandwidth or otherwise. Bandwidth forms the major chunk of the IT spend. The telcos are best FEBRUARY 2014
RAHIM: The unique thing
is about Juniper Networks is that everything we have has evolved into “Architecture of Tomorrow.” The important message to customers is that we will be delivering a durable, larger cycle for services. The same software license can work into the cloud. Juniper Networks talks about an open standards solution to the SDN controller. The coming year is going to see Juniper Networks outline more conversations around this. With our operational experience in SDN and our comprehensive partnerships, one of them being with VMware, we are ready to set the rules for SDN. INDIAN CHANNELWORLD
n COVER STORY
Siddharth Mehta, CEO, Syndrome Technologies envisions an immaculate business strategy and robust technology roadmap to clock healthy fiscal numbers.
Quarter game It seldom is a stress-free task for enterprise channels to manage OEM alliances, motivate the employees and gratify end-customers—each year.
By Yogesh Gupta
IDDHARTH MEHTA has less sleepless nights over the quarterly numbers earmarked for his SI company. “I underwent stressful bouts couple of years ago,” says Siddharth Mehta, CEO, Syndrome Technologies. The domain or vertical strategy in practice in the last 18 months catapulted Syndrome to swell its revenue by 23 percent this fiscal versus the previous one. Mumbai headquartered Syndrome, in FY2013-14, expects to garner revenues of Rs 90 crore with healthy bottom lines. “I do get peaceful sleep now,” says Mehta. The quarter game at Syndrome was becoming a tad difficult as the synergy between the various OEMs and the sales teams at Syndrome was getting diluted. In 2012, the company developed six main verticals—datacenter build, networking, collaboration, vir-
tualization, computing/ storage, and managed services. The vertical team leads that domain to sell the particular technology in tune with the sales team that works across the verticals to accomplish their numbers. “The domain experts help the business forecast of the respective OEM in a much better manner. The six vertical heads we created to streamline the process often get sleepless nights now,” he says. “Being a managed or focused partner of a principal company leads to pressure for numbers every week,” says Sachin S. Rao, Director and CEO, Archon Consulting Systems. “In the first year of inception in 2010, our presumption was to live and die for quarter numbers. Working with multiple principals (during different quarters), Archon often missed the numbers. Quarterly numbers are very important for Avaya as well as our partners, says
Hrishi Parthasarathy, Director-Channels, Avaya. “It demonstrates predictability of our business, and reflects on the credibility of our leadership. For partners, this is linked to raising cash flows to meet overhead, keeping sales teams energized, and since many of our partners are listed, they are required to meet expectations of the street as well,” he says. Bangalore-based Vitage Systems works more on a monthly basis. “The yearly numbers are broken into quarterly ones, but internally we drive them as monthly targets—which are more realistic—for clear visibility on the deals. The longer period might spring a surprise at times,” says Gojer. “There was difficulty to hit the earmarked numbers regularly and my company mission got a bit skewed. Our main goal is to double the customer base each year and hence the
n COVER STORY the pressure comes in terms of how we (vendors and partners) work with each other to help the end-customers benefit from technology,” says Gojer. Avaya works with network of platinum, gold, silver, and authorized partners with clear business plans locked well in advance with quarterly seasonality built in. “Our forecasting process is very tightly linked to our partner rhythms. Every deal has collaborating partners clearly identified, and where there are existing incumbent relationships, or customers have indicated partner preference. The alignment is even tighter,” says Parthasarathy at Avaya. The vertical strategy implemented at Syndrome imparted more stickiness with the customer. “If a sales person is selling networking in an account, the vertical team—a datacenter or collaboration person can enter that account—which at times amounts to 2x the usual business,” says Mehta.
I don’t want to be master of all technologies. This is our clear message to vendors too as we strive to be recognized as a competent partner especially in fast-moving domains like security and storage. SACHIN S.RAO, DIRECTOR AND CEO, ARCHON CONSULTING SYSTEMS
products become largely insignificant in that context,” says Rao at Archon. Some vendors are unrealistic in terms of their number expectations from their partners, he says . Ajay Kaul, general manager, Global Commercial Channel, Dell India comments, “The objective is to stay focused on the overall business as the time frame can vary from month to quarter to half yearly. We have streamlined the processes and systems in the dynamic market to ensure clear visibility for our team and partners to close the deals.”
PRESSURE TO SCORE The pressure from different OEMs every month means we live by the quarter admits Mehta. The different financial years of various vendors compared to partners’ April to March cycle escalates the sales momentum throughout the year, he says. “The different quarterly cycles of vendors keeps our team on their toes,” agrees 28
Gojer of Vitage Systems. Doesn’t the varied fiscal cycles of partners and vendors lead to confusion? Kaul at Dell feels, “The overall numbers get balanced out through the extensive product portfolio of Dell and its partners from SMB to large enterprise to government. Thus it becomes more yearly based than being a quarterly led pressure game.” Every quarter brings its set of pressure tactics and escalation processes according to Sudhir Sharma, director of Versatile Infosecurity. “It is more of a monthly pressure as it is directly propositional to their (vendor’s) business. Partners play a vital role in their commitments to the vendors and hence responding to these pressures is natural process,” he says. There is extra pressure from vendors on companies that play a higher role in volume based business like servers etcetera, believes Gojer. “We do little back-to-back business. Hence
INDIAN CHANNELWORLD FEBRUARY 2014
STRATEGY PLAY Versatile Infosecurity is engaged more towards strengthening the support in terms of short-term and long-term projects. Its DNA is more of a techno sales driven solution provider than a sales driven company. “A better funnel ensures a steady inflow of orders to meet our sales numbers. For big projects demanding quick closure, we add more people. This ad hoc and flexible strategy is crucial to clock your numbers,” says Sharma. “It is more of building a healthy funnel and maintain a ‘direct touch’ with customers. We understand the buying patterns of the industry working with enterprise customers and principals,” says Gojer at Vitage Systems. It was becoming a tad difficult for Syndrome as the business growth across the six verticals demanded a streamlined process in place. Microsoft Dynamics (now in Beta stage) was implemented few quarters ago for delivering better forecast to various OEMs. “It will add more intelligence than the varied tools like tally or excel used by the team,” says Mehta. CRM/ ERP integrated with Dynamics will become a single platform. This will fasten our plans to expand multi fold from Mumbai, Pune, and Chennai to
other Indian cities apart from the global footprint that we aspire for, he says. For the past few years, Aryan Computers & Peripherals is doubling its revenues in software and services than its hardware business. “Our two teams—pre sales and sales—work in tandem across different divisions like structured network, IBM solution. Every solution has an incentive attached to the quarterly target,” says Jain. Vendor companies too upgrade their engagement with partners though innovative initiatives. Dell Engineers club launched a year ago has now trained and certified a large number of pre sales teams of partner companies. We launched online solutions configurator few months ago that allows partners to customize multiple solutions in quick time for their customers,” says Kaul at Dell. Avaya Force, introduced six months ago, is a consistent way for partner sales and tech resources to be rewarded for certifications, driving pipeline, and closing revenue. This also provides us a way to be in consistent touch, meet regularly over quick networking events, and swap notes on jointly driven deals, says Parthasarathy.
Idea#1 Lead the Leads ARCHON Consulting & Services focuses hard on generating more leads in existing accounts or new ones. My commitment to different BUs is generating leads based on MDF allocated by OEMs to respective unit,”says Sachin S.Rao, its Director and CEO. In 2013, Archon developed a robust mechanism wherein the lead generation activity, exclusively for its internal team, was outsourced to an agency. “Leads per week swelled with a separate engine working within the team. Many of them were potential prospects,” he says. Archon is clued-in with the market trend. For example, from October last year, VDI was becoming mainstream across Indian enterprises. Archon signed an agency to deliver leads on VDI. “We even trained them on our value proposition and solution offerings in this space. For partners to live by the quarter, more leads is the way forward,” says Rao.
SHARPENING SKILLSETS Archon Consulting wants to establish a niche. “I don’t want to be master of all technologies. This is our messaging to vendors too as we want to reign as partners with a competent implementation team and dedicated services team especially in domains like security and storage, “says Rao. The biggest challenge for Kanpurbased Aryan Computers & Peripherals is constantly catering to the new business demands of their customers with BI and cloud. Sandeep Jain its
director says, “We work with vendors like IBM to focus more on software and services. There is a big shift from hardware to turnkey as big enterprises want to deploy IaaS and PaaS at main locations while it’s more hardware driven at their locations in tier-2 and tier-3 cities.” Over the past two years, Vitage Systems is clearly aggressive on technologies around networking and security. “We scan the customer set regularly to understand the gap (if any) in our portfolio before we structure the
Quarterly Performance Accelerates Healthy Pipeline And Conversion Rates Symantec encompasses a widespread product portfolio and a wellentrenched channel ecosystem in India. Amitabh Jacob, Channel Director, India, Symantec talks about the importance of quarterly numbers enterprise channels. How does Symantec India work in sync with channel partners to reach the quarterly numbers for a fiscal year? Channel partners are an extension of Symantec and we have designated teams internally in Symantec as well as through distribution route to support the partners. These teams work in sync, right from the business planning stage, through to execution on the ground. The
objective is to work together to achieve mutual goals (both quantitative and qualitative). We also support these objectives through programs and promotions designed specifically for partners. Does your team spend more time in planning activities for the quarterly or yearly numbers? Yes, most certainly. We have a comprehensive planning exercise every year and we review the same on a quarterly basis with our enterprise channel partners. A recent initiative to keep track of each other’s numbers has been a dedicated executive team which diligently follows with the partners to ensure that both of us do not falter on numbers.
Haven’t the tough market conditions compelled vendor companies to increase the pressure on channel partners? Everyone—both vendor and partners alike—is focused to meet their objectives and to grow the business Under tougher market conditions, more than applying additional pressure, we consistently look at how sound our partner specific strategies are and how well we are executing in the competitive landscape. Accordingly, we make improvements to help partners to win the deal. Quarterly performance is a function of health of the pipeline and conversion rates. We work on both those aspects, along with our partners, through a vigorous weekly review process. —Yogesh Gupta
n COVER STORY
The overall numbers get balanced out through the extensive product portfolio of Dell and its partners from SMB to large enterprise to government. Thus, it becomes more yearly based than being a quarterly led pressure game. AJAY KAUL, GENERAL MANAGER, GLOBAL COMMERCIAL CHANNEL, DELL INDIA
vendor alliances. The recent association with FireEye, LogRhythm, and Go-Global has definitely helped the numbers and importantly enhanced the company’s value proposition at the customer end,” says Gojer. Incepted in 2007, Versatile Infosecurity which is 100 percent focused on security solutions adds one or two new vendors to its fold. “We added DLP, SIEM, content security and IRM in past few years than our core expertise around network security. These new products add to the numbers and further complement our existing portfolio,” says Sharma Syndrome ventured into collaboration two years back primarily to drive the bottom-lines. “But it now adds significantly to the top lines as well. Collaboration has been accepted by companies as people want to cut travel cost, see each other, converse fast and close deals,” reasons Mehta. Today one-fifth of the revenues for Syndrome Technologies emerges from unified 30
communication, video and telepresence. We work closely with multiple OEM’s in the collaboration space now than what we had earlier ventured with, he adds. Rao at Archon supports different BU in his company irrespective of the principal alliance. “The leads generated usually transform into a funnel in four to five weeks. Hence we work more on a half yearly target to justify our value-proposition at customerend. Two quarters is the typical period in enterprise segment for a good deal to prove beneficial to vendor, customer, and us,” says Rao. Syndrome added Palo Alto in its security portfolio few quarters ago. Many global customers were keen for this company’s offerings. When Palo Alto was aligning with partners last year, Syndrome saw this big opportunity for next generation security firewalls. “There was no great vendor who could turn tables in that space. The customer dependency becomes
INDIAN CHANNELWORLD FEBRUARY 2014
more on us and their (vendor) strategy of having limited partners helped win good deals and decent margins for us,” he says.
WINNING COMBINATION Enough work goes into the vendor team spending time in finalizing the quarterly or yearly numbers with their partners. “We revisit our entire view of the market, look at which customers and partners deserve deeper management, and how our sales and tech resources can be best combined with our partners to maximize impact. Typically these are frozen and locked well in advance so we can hit the ground running well in advance on day one,”says Parthasarathy at Avaya. Over the last six quarters, various OEMS collaborate at right time along with Syndrome team to close the opportunity. Earlier the engagement was need-based, says Mehta. “There are end of life and end of support products at the customer place and the
OEM can churn that database which becomes a big opportunity for new solutions of OEMs to sell through partners,” he says. With the market getting tough, OEMs can help especially with their market penetration, market intelligence, and customer information. “We stay connected to ground reality with a good engagement between our team and partners for a clear visibility during various stages of the deal. The customers feel comfortable with the presence of Dell or its partner as the point of contact,” says Kaul at Dell. Vendor companies throughout the year work closely with our team on all deals—small and big—to fasten the closure rates, says Sharma at Versatile. There are more closed meetings with vendor companies and there is a good amount of alignment for every sales deal, agrees Gojer. In the collaboration space for example we try to approach customers
Idea#2 Sniff the Incentive Syndrome Technologies introduced its ‘Sniff Program’ in mid2013 for its employees. Unlike regular incentive schemes, this extends from a week to a month. Some examples to offer incentives to employees included executives selling highest number of routers, liquidating in-house stocks to promote new technologies or payment collection in terms of percentage of the recovery. “These programs need to be spinned around fast. All the stakeholders (sales, technical, and vertical) in this program get the bonus as it is synergy of team work,” says Siddharth Mehta, CEO, Syndrome Technologies. It has worked well for past three quarters as these ad hoc sales numbers added 3 to 5 percent of the total company revenues. “This was not factored in the yearly forecast for FY 2013-14. Such programs keep the sales momentum alive at all times, he says. of Nortel, Siemens, and Ericsson who have an install base of traditional telephony and pitch an upgrade option to the new environment of IP Telephony and Contact Centre says Mehta at Syndrome. This type of integration built on their network infrastructure gets the customer to use the best in class
solutions offered by Cisco at a minimal investment. With different approaches from vendors and us, coupled with efforts by sales team and domain experts, we added 40 new customers. “We increased our sales team which engages into new accounts and break boundaries, while the pre sales team deep dives into these accounts. The ice is broken as they upsell new technologies,” says Mehta. “If a senior vendor executive handling say 20 accounts quits, the void is filled quickly. But a similar attrition at our end snowballs into a huge turmoil and impacting the quarter numbers,” says Rao at Archon.
THE HOT SPOT
A better funnel ensures a steady inflow of orders to clock the revenues. For big projects demanding a quick closure, we add more people. This ad hoc strategy is crucial to clock your numbers. SUDHIR SHARMA, DIRECTOR, VERSATILE INFOSECURITY
For quarterly numbers, upselling the technology creates an urge for customer to buy something on his wish list, according to Mehta. Selling a technology concept helps a partner leverage at the customer side which in turn leads to a productive sell of newer technologies, he says. Syndrome derives close to 30 percent of its business from current customers year-on-year. Our domain experts technically align solutions based on the customers’ business needs,” he says. More than 60 percent of revenues at Versatile are from its existing customer base. They trust us and we trust them over the years to add new technologies like DLP and IRM, says Sharma. Versatile primarily works with WatchGuard, Kaspersky, Kemp, SnoopWall (web security). The new alliance with Exinda (network optimization) has been good FEBRUARY 2014
n COVER STORY
Our forecasting process is very tightly linked to our partner rhythms. Every deal has collaborating partners clearly identified, and in case of existing incumbent relationships, or customers with partner preference – the alignment is even tighter. HRISHI PARTHASARATHY, DIRECTOR -CHANNELS, AVAYA
in past few quarters, he says. Increase the wallet share at a customer and addition of new customers help profitability on top lines and bottom lines for a partner company. “We do business which is value added in networking and security which has attached services. More than 60 percent revenues is derived from upsell in the existing customer base,” says Gojer. Targets from each OEM are increasing every year but the margins are not increasing in that proportion. Hence achieving top lines becomes a must, says Jain at Aryan. From Rs 37 crore revenue last fiscal, Archon will register Rs 45 crore in FY2013-14. “Two quarters were good, one decent, and one bad this fiscal. We are much focused on bottom lines. However delayed payments from customers often cripple the quarter numbers,” says Rao. Sharma at Versatile agrees, “While the top lines keep OEMs content, healthy bottom lines 32
will ensure our survival in the long run.” Versatile Infosecurity is expected to touch Rs 10 crore revenues for FY 2013-14. We recruited service engineers last year as 10 to 15 percent of the product value is added as services component, he says. Syndrome measures the goals every quarter with bi-weekly reviews to give them desired push and direction needed to get close to their targets. “Top lines grow with more vendor alliances and the pressure to achieve numbers too increases. The expansion of teams accountable for different OEMs gives the needed boost and speedy momentum,” says Mehta. Distributors and OEMs often gives discounts on particular products from time to time specially during quarter and year ends. One can pick them against pending orders to increases the bottom lines. It has worked for us, says Mehta. In these days, things do not hap-
INDIAN CHANNELWORLD FEBRUARY 2014
pen through extra pressure according to Kaul at Dell. “Partners need to articulate and pitch a ‘scalable and customized solution. Business outcome based IT permits partners to add more value in the deal vis a vis product sale,” he says. “We think tough times have strengthened our relationships. Just applying pressure blindly without enablement, direction, or emotional connect is useless and can be extremely counterproductive,” says Parthasarathy at Avaya. Our partners are extremely innovative entrepreneurs as they are driving unique ways to build new opportunities. One good example is our sales of video solutions, which partners are using in every conversation to drive messaging with customers around reducing their travel budgets, he adds. Right from healthy funnel to progression to closure, there needs to be accurate time frame for each activity says Kaul. “If due diligence is not done, then the process break down leads to pressure on both sides. Partners today are more planned with modern tools like CRM, ERP or tools from vendors to add more efficiency to their company,” he says. Avaya One Source consolidates all pricing, tools, and processes into one easy-to-access model. “New automation capabilities, real-time access to standardized pricing and an integrated and centralized Web-based system significantly reduces order cycle times— all of which demonstrate better commitment to customer and partner satisfaction,” says Parthasarathy. Multiple people from OEMs requesting too many periodic reports is time consuming for Archon team as per Rao. “Internal CRM like ZOHO or Salesforce can be implemented by vendors to the internal team of their set of focused partner organisations. Vendor companies can automate lead generation process through partner portal for channels to offer specific product bundles to the prospective deals, he says.
BULLS EYE Syndrome realised the danger to work with single OEM for a particular technology early one in its journey. As
Mehta comments, “No OEM has an end-to-end story from the modern day demand perspective at customer end and also customers seldom have one single vendor across their IT infrastructure.” Hence as a SI, we need to work with different technologies by different vendors to give right solution to the customer, he adds. With Nortel collapsing in 200809, the huge numbers by Syndrome (with Nortel) took a temporary beating. “We competed with various OEM’s at that point of time. The moment we realised the brand erosion, then survival become an issue and we realigned our strategies to facilitate a multi OEM environment,” says Mehta. This not only got us OEM redundancy but ensured technology redundancy in this fit to fittest work space, he says. In FY 2013-14, Q1 and Q3 was good but Q2 was bit slack for Syndrome as Mehta says, we are optimistic of
Idea#3 Stick to Loyals More than 70 percent of business revenues emerge from the existing customer base and reference customers for Kanpur-based Aryan Computers & Peripherals. The additional 30 percent in terms of new customers is important to sustain both the sets and stay profitable. Aryan’s team introduces new offerings like BCS and cloud to the loyal customer base. There is constant emphasis to add new customers via social media too. “There is a huge challenge to sustain the loyal customer base today as there are multiple vendors with attractive pricing and multiple channel partners in an account,” says Sandeep Jain,Director,Aryan Computers & Peripherals. There is additional focus on the services team as the customer satisfaction and a direct touch becomes the sustainable model at existing customers. The biggest asset for Aryan Computers & Peripherals is the loyal customer base they have served over the years, affirms Jain. Q4 which is usually 2x of the best quarter of that fiscal. “Many Indian customers exhaust their budgets and tend to spend on newer technologies. Also our sales team extends maximum efforts for their yearly numbers with appraisals due in April,” he says. The alternate
The yearly numbers are broken into quarterly ones, but internally we drive them as monthly targets which are more realistic for clear visibility on the deals. The longer period might spring a surprise. JAYANTH GOJER, COO, VITAGE SYSTEMS
Saturdays (holidays for three quarters) at Syndrome become working days in Q4. Syndrome founded in 2005 faced the usual pressure from vendor companies in its initial years. “As you get closer to the OEM and clock in the numbers, their dependency grows on you. It goes as a commitment and it helps raise the bar in the OEM organization,” says Mehta. Sleepless nights at start of the new fiscal are a given, believes Gojer. “The first quarter is usually slow with the new yearly numbers. MNCs and Indian companies close books in OND and JFM respectively. Hence the second half sees the majority of action according to per him. Most of the times, loyal OEMs and loyal customers reach us in an adversity as they trust us over the years, says Sharma at Versatile. The pressure mounts at times, sometimes its unbearable as per Mehta but he adds,” The vendor executives’ extra support to accomplish your numbers in turn adds up significantly to their quota. This push emulates the much desired momentum and inertia to hit the bull’s eye.” Achieving the quarterly numbers helps to pocket some additional rebates which coupled with decent margins acts like a cherry on the cake as per Mehta. As the new fiscal kicks in and the yearly numbers get drawn out, Siddharth Mehta might have few sleepless nights—if not too many.
Gurgaon-based solution provider, Foetron, helps CREDAI go paperless with a mobile computing implementation. By Shreehari Paliath
NDIA IS an anomaly when it comes to Internet connections. It is probably one of the few countries—if not the only country—where Internet usage on mobile devices far exceeds usage on desktops or laptops. It was only a matter 34
INDIAN CHANNELWORLD FEBRUARY 2014
of time before companies leveraged this reality; solely depending on mobile computing advantage. This translation happened when the Confederation of Real Estate Developers Association of India (CREDAI), an
Ph o t o g ra p h by D. R . LO H I A
SUNNY SHARMA, CEO and co-founder, Foetron, delivered a comprehensive mobile solution at the CREDAI Conclave 2013.
autonomous body that represents the real estate industry of India, decided to organize the CREDAI Conclave 2013 recognizing the role of the industry in being a game changer. To drive in the point, it envisioned a paperless event with top-ofthe-line mobile technology to enhance participation and make it more inclusive for all delegates. For Gurgaon-based Foetron, this was to be their moment to shine. The company had been working with customers in the real-estate sector. It had approached CREDAI for some other IT implementation projects when CREDAI’s council members asked Foetron to consider this mobile computing initiative for the upcoming conclave. This had the potential to change the outlook of the industry. “CREDAI wanted to observe how IT could be seen in architecture, building, and other aspects of real estate. To enhance this concept it looked at a paperless conference by focusing on the best in mobile computing,” says Sunny Sharma, CEO and co-founder, Foetron. Additionally, this move could also tear down the notion that real-estate industry was traditionally technology shy. The solution provider was confident about delivering beyond what was expected. “What CREDAI had envisioned was immense and the logistics complex. But we were not worried about not being able to deliver to the needs of such an important conference,” he says. CREDAI’s vision was to make an impact: To create a strong impression on the biggest names in real-estate attending the event. “Paperless conferences, the world-over, look to solve problems in a very linear way. When we had the vision of organizing one of India’s largest conferences, we went into it with an open mind inviting creative and out-ofthe-box ideas,” says Ankush Sayal, Hon. Secretary CREDAI HR (NCR). The couple of interactions Sayal had with Foetron’s team during past conventions gave CREDAI an insight to take it mobile. “We wanted to provide them with a vision and a long-term mobile strategy,” says Sharma.
BEYOND COMPETITION Foetron was not the only solution provider that CREDAI was considering. There were few other well established solution providers who were being eval-
CASE STUDY n uated. But the strength of its experience and solutions were loading the project in Foetron’s favour. “While other solution providers focused primarily on ‘selling’ their products, Foetron’s approach was to be more of a partner who could be on our side of the table and deliver the contents that were conceptualized. Foetron’s vision of integrating technology with our industry made all the difference,” says Sayal. Some of the competitors could develop only native apps that could be downloaded from Google Store or on to an iOS. This would make it difficult or close to impossible to ensure complete participation as each individual could have devices that were not compatible. This could, in turn, derail the objective of going paperless. Foetron had developed platforms and apps that had lakhs of users, including one for an up and coming political party. Therefore, it understood the requirements for the conclave and backed itself to predict user-behaviour no matter how big the user numbers were. “We got a mobile optimization done and the simplicity in the solutions they provided, coupled with the professionalism in their approach instilled that confidence in us,” says Sayal.
STAYING THE COURSE But no matter how adept a company is at implementing solutions, the challenges are unique to the prevailing circumstances. The first and foremost challenge was that this was a special requirement a standard application couldn’t solve. The updates had to be real-time. As the case is for any large-scale event, there are always last-minute changes which had to be reflected on the paperless platform. Moreover, all the tablets, which were to be provided to all delegates, were sealed and it was not possible to manually create application store accounts and download anything to the tablets that were provided. “Our solution was simple and one that most people would find familiarity with, without struggling. The paperless platform proposed was through a mobile Web application, i.e., a smart application that runs on the browser of a device. This solved a multitude of problems. It did not need to be downloaded, it was device independent, and by way of live backups being main-
“The event Webapp, which indicated the current session’s details, speaker profiles, and the upcoming sessions, was a raging success with the delegates.” Ankush Sayal, Hon.Secretary, CREDAI HR (NCR) tained, we could make live changes while providing a seamless experience,” says Sharma. It was also decided that the network would be open to personal devices only on the second day of the event as there could be practical issues like delegates not coming with the tablets or some possibly forgetting to charge it. This also allowed the organizers to ensure that all participants were on the same page on the first day owing to the tablets that were provided to each of them. “As a result of our previous analysis, we had surmised that there would be people who would struggle to use the device, owing
Snapshot Key Parties: Foetron, CREDAI Location: Delhi, Gurgaon Implementation Time: 45 days Cost of Implementation: Rs 1.5 crore Key Technologies: Cloud services, mobile Web app
People Involved: Sunny Sharma, CEO and co-Founder, Pranay Mehrotra, Product Marketing Manager (both from Foetron); Ankush Sayal, Hon. Secretary, CREDAI HR (NCR) Key Vendors: Microsoft, Amazon Key Products: Microsoft Azure, Amazon Web Services, Google Nexus, Mobile Web App (Foetron) Post–Implementation ROI: Ensured
usage by everyone, was most sellable inventory slot for the event, enabled interactivity between the delegates, offered unique way of branding for sponsors
to the adoption time for a new device. To combat this problem, the URL to mobile web application was accessible from the user’s existing mobile device as well. Our programming ensured cross device support and a seamless experience across any screen size, operating system or browser version,” says Sharma. Once the Wi-Fi network was connected, all the user had to do was click on the icon and could view all the options that could possibly be needed during an event. Even if there were issues with the mobile connectivity, it was easy to sync the devices to Wi-Fi. This way no one was left to fend for themselves for the lack of a connectivity Foetron checked all the hardware beforehand, and in the eventuality of hardware failure there was back up. So there would be no time wasted or dillydallying about getting back to the participant. “Our platform was ready well in time except for certain customizations that needed to be done,” says Sharma. The business case that Foetron prepared before the event was to always to overdeliver on CREDAI’s expectations. This is what it accomplished. “The challenge was to make the conference totally paperless and convey all the information to the participants in real time. This challenge, thanks to Foetron’s efforts became the paperless conclave’s biggest asset. The event Webapp, which indicated the current session’s details, speaker profiles and the upcoming sessions, was a raging success with the delegates,” says Sayal. This has resonated strongly in the realestate sector and Foetron’s seeing bigger opportunities to raise its game. Mobile computing’s conspicuously changing the IT landscape. Foetron has shown how.
n FEATURE | VENDOR MANAGEMENT NPI. They’re hiding price hikes within “changes to their licensing programs that are complex and multifaceted.” To get the best price on the software you need, do a better job of understanding exactly what you need now and in the future—and what you could replace with a competitive offering. Such self-knowledge also tells you when it makes sense to buy more or different products or services if that will get you a better deal. The more you learn beforehand about the tweaks in each vendor’s approach, the better you’ll know when a seemingly good deal might come back to bite you.
HOW MICROSOFT, ORACLE, AND SAP SQUEEZE YOU
Get One Up on Vendors
Between complex licenses and the cloud, Microsoft, Oracle, and SAP have lots of ways to hike up prices. Here’s how to fight back. Robert L. Scheier
F YOU think software is getting more expensive, you’re right. Not only that, it’s getting harder to even find the price hikes, so you can avoid them or know it’s time to switch to another vendor’s software. It’s only natural vendors will pull out all the stops to maximize their revenue. IT organizations need to do the same to maximize the value they get from their tight IT budgets. More vendors are building hidden price increases into complex new variations to on-site licensing models, 36
INDIAN CHANNELWORLD FEBRUARY 2014
as well as to their newer cloud and subscription offerings. “Licensing is getting to be more sophisticated,” and the complexity is driving price increases, says Daryl Ulman, chief consulting officer of the Emerset Consulting Group, which offers negotiating services to IT for Microsoft and Oracle licenses. Rather than having “clear-cut, outright, aggressive price increases,” vendors are becoming “more subtle and devious,” says Jeff Muscarella, executive vice president of the IT and Telecom Division at sourcing consultancy
As an example of the kind of priceincrease-hiding complexity vendors are using today, Muscarella cites Microsoft’s elimination of the Enrollment for Application Platform (EAP) and Enrollment for Core Infrastructure (ECI) licensing programs that had saved customers “a lot of money” on software such as Windows Server, SQL Server, BizTalk, and SharePoint. He estimates the replacement program, Server and Cloud Enrollment (SCE), “means 9 to 12 percent price increases” —but figuring out that hidden price hike required complex analysis and modeling for each customer’s environment under both the old and new programs. Ulman says that, rather than impose direct price increases, SCE “requires organizations (to make) a higher up-front commitment” to receive the same discounts as the earlier programs offered. In another example, he says Microsoft has changed how Microsoft prices the combined Windows Server Standard and Enterprise Editions from the number of physical servers to the number of processors in each server. Because most servers now ship with at least four processors, he says, “you’re paying double the amount, or higher” without a formal price hike. (EMC VMware tried a similar tactic in 2012 that Microsoft ironically decried at the time, but customer outcry forced VMware to reverse course.) Microsoft declined to be interviewed, but its PR firm says Microsoft bases pricing on “market conditions,
increasing product value, customer deployment scenarios, and other factors.” Microsoft is not alone in playing the hidden-price-hike game. Businesses that don’t pay attention to Oracle’s “very specific” terms around licensing software for testing and backup “will be exposed to Oracle audits,” according to a September 2013 post on the Wikibon advisory site by David Vellante based on interviews with Oracle customers and consultants. This shows “the importance of simplifying agreements with Oracle and eliminating unnecessary terms and conditions.” Oracle declined to comment for this story. Because maintenance fees are calculated as a percentage (usually between 17 and 22 percent) of a customer’s software license fees, some vendors try to raise long-term maintenance revenue by artificially bundling as many products as possible into a licensing deal, says David Blake, CEO of sourcing advisory firm Upper Edge. At the very least, he advises using “the next purchase as an opportunity to negotiate a cap on maintenance increases going forward” or at least stop paying maintenance on software you’re not using. Virtualization—running multiple virtual servers on a single physical server —can also result in nasty surprise price hikes if the vendor requires a separate license for each virtual server. SAP customers face particularly large and unpredictable price hikes courtesy of its Indirect Access license fees for anyone who uses data generated by SAP, even if they don’t use SAP software itself. That could mean major new costs for the many organizations that use SAP as the information-sharing backbone for multiple non-SAP applications. “We’ve been involved in about eight compliance claims tied to Indirect Access, and the fees are huge,” says Blake. Those involve not only license but maintenance fees. A company that has licensed SAP to 1,000 users for 15 years could be told, he says, “You owe SAP back maintenance for 15 years,” at 22 percent of its $2 million (about Rs 12.2 crore) license fee, or $6.6 million (about Rs 41 crore). Trying to understand Indirect Access drove one client “absolutely
Tips for Better Deals from IBM, Oracle, and SAP
onsultants say that when it comes to price hikes, the most aggressive vendors are those with a large suite of interconnected products on which customers have come to rely. For customers of companies like IBM, Oracle, and SAP, this can make shifting to a competitor too expensive, difficult, or risky. Negotiation consultants offered these tips for negotiating with several such vendors: IBM: Customers can get the best deals on agreements for software and services (and combinations of both) because “these represent strategic growth areas with recurring annuity streams” for IBM, says a 2013 Upper Edge PDF report. Companies like IBM are under heavy pressure to show rising earnings per share (EPS), and recurringrevenue deals do that the best, so publicly traded vendors will favor them. Customers that can provide faster payments to IBM “can use this as leverage in negotiations for additional concessions on price and other terms,” the report says. IBM declined to comment. Oracle: Some users delay negotiating with Oracle hoping for end-of-the-quarter deals. But in his September 2013 Wikibon post, Vellante advised against it, at least for customers negotiating deals under $2 million. It instead says such customers should “negotiate hard early in the quarter” when sales reps are less busy chasing larger deals
bananas,” recalls Muscarella. That client’s CEO asked SAP about his potential exposure but was told estimating those costs would require examining every one of the applications that interfaced with SAP. That, to the client, sounded like “a paid shopping trip” for SAP to look for new licensing opportunities, Muscarella says. Blake recommends that SAP customers “look at their application environment, their landscape, and where they have everything interfaced. From that, determine what the potential magnitude of the impact could be.” Then, he says, consider other SAP products they might need “and use that as a leverage opportunity to negotiate” down the
and are trying to build their sales pipeline. The post also said Oracle was offering “extremely competitive” deals for its Exadata storage hardware, especially for customers buying large bundles of Oracle products and services. But it warned Exadata’s appeal will fade “as competitive offerings enter the market and Oracle’s terms become more onerous” once users are locked in to it. SAP: In a blog post, Upper Edge predicts that SAP will begin annual support fee increases after Dec. 21, 2016, the date on which many current “locks” on maintenance fees expires. At that point, Blake predicts, SAP will try to make up for its lower-than-usual maintenance increases during the recent recession. It may do this, he says, by raising maintenance fees based on cumulative increases in the Consumer Price Index (CPI) since the last renewal, not just since the CPI increase in the previous year. This means, he says, that if SAP did not raise its support fees for five years, and assuming the CPI increases 3 percent each year, SAP could argue for a nearly 16 percent increase in year six. Both Oracle and SAP are also “making it very attractive” for customers to move to their cloud HR platforms (SAP SuccessFactors and Oracle in the Cloud, respectively) due to competition from Workday, says ISG’s Feuless. —Robert L. Scheier Indirect Access fees. SAP declined to comment, but its website says any access to SAP “directly and through any intermediary technology layer” requires an SAP license. Many software vendors are aggressively promoting software-as-a-service (SaaS) cloud offerings and subscription pricing, in which the customer never owns the software but pays for its use (and for updates) as long as it need the software. Both models can save you money, at least in the short run, but analysts warn they can also carry hidden costs and dangers of lock-in. With an on-premises implementation, you can stop paying maintenance and still run your current version. But
n FEATURE | VENDOR MANAGEMENT SaaS Contract Language Regarding Security is Lacking
HE large majority of people working in IT procurement are “significantly dissatisfied” with the way SaaS vendors define contract language related to security, a feeling likely to persist through 2015, according to a Gartner report. “Contractually, very little security language appears in the body of SaaS contracts,” Gartner analysts Jay Heiser and Alexa Bona wrote in the report. “Typically the security section contains little more than platitudes, stating that the provider will use ‘commercially reasonable efforts to establish and maintain security safeguards.’ These are often declared to be ‘in line with industry standards,’ which are mostly never defined.” SaaS vendors also tend to give themselves the right to change security language at will, rather than adhere to a specific version, according to Gartner. Gartner reviewed more than 100 SaaS vendors’ “master service agreements or service contracts and [service level agreements]” for the report, and found that providers “are extremely vague about the forms of service, and especially the levels of it.” “They accept little or no financial responsibil-
if you want to leave a SaaS platform over a price hike, you own neither the software nor the infrastructure on which to run it. That makes moving off the SaaS vendor more complex, expensive, and risky. Also, don’t assume SaaS is always cheaper, says Scott Feuless, a principal consultant at Information Services Group (ISG), an IT consultancy. Be careful to factor in the full implementation costs, such as for configuration and building interfaces to other systems. Also factor in the expected future price hikes. If the ability to scale up and scale down is important to you, push back on vendors that urge long contracts with baseline volume commitments and limited options to terminate for convenience, he advises. Microsoft, for example, “is doing a very good job of getting a foothold for Office 365,” its subscription version of Office, SharePoint, and Exchange, says Ulman. The risk, however, is that the price can go up in the future “and you’re 38
INDIAN CHANNELWORLD FEBRUARY 2014
ity for fulfillment of these vague commitments, so even if it is determined that these obligations were not met, the buyer has no recourse,” the report adds. While a set of standards for SaaS vendor transparency are emerging, “they cannot be considered adequately mature,” Gartner said. Customers signing SaaS deals should seek to include an array of protective language, including the ability to conduct periodic audits of the vendor’s security measures; vulnerability testing; “ongoing background checks for administrative personnel”; and the classification of security incidents or service losses “according to severity with differing response and notification requirements according to the level of security,” according to Gartner. “If a failure simultaneously affected 1,000 customers, and each was entitled to $2 million of compensation, it would amount to a total payout of $2 billion. Ask service providers what their total liability would be in the case of a failure impacting all of their tenants, and demand evidence of adequately underwritten insurance.” —Chris Kanaracus locked in.” That doesn’t mean Office 365 is always a bad choice, he says, but “overall, Microsoft is increasing its longterm recurring revenue, and you need to be aware of this.”Feuless recommends fighting for the option of moving your current licenses at will from your onpremises infrastructure to the cloud (a shift that open source vendor Red Hat recently made easier). He also recommends making sure your charges for the cloud service begins only when you enroll users, not before.
GET A GOOD DEAL Knowing whether and when you can walk away is essential to any negotiation. But with today’s more complex terms and changing delivery models, IT customers need to do more and better preparation than historically have. Most consultants recommend starting three to six months in advance to understand exactly what functionality you need now and in the future, and how hard and expensive it would be to
shift vendors in each case. The preparation might include deciding if your users can skip a generation or two of software upgrades to avoid a price hike, or whether a desktop virtualization license justifies the cost of continuing Microsoft’s Software Assurance program. Ulman recommends including business, financial, and legal staff members who can examine every possible scenario. For example, if the organization divests a business unit, must it keep paying licensing fees for the software that unit used until the end of its contract? And can the new owner of the business get the same discounts the seller had? Another piece of knowledge many customers lack is how many of their users work with multiple devices (such as a notebook and a tablet) or access software through a shared device such as a kiosk, says Mike Hogan, general manager for Microsoft at IT advisory En Pointe Technologies. That’s important, he says, because a user Client Access License (CAL) that allows software to be accessed on multiple devices costs 15 percent more than a device CAL that limits such connectivity to one device. Muscarella warns users of “friendly” vendor-paid services that assess how well a customer is managing its software. These are often “really not that friendly once you start,” he says, because if the vendor finds unlicensed software, the result is an audit. In 80 percent of such engagements he’s seen, “the vendor winds up asking for more money.” If you threaten to shift suppliers, prove you’re serious, says Blake. Rather than just put together a list of competitors, invest the time to do it right. When an incumbent provider starts seeing proposals from competitors and hears a customer ask about termination rights, “you’re really getting its attention” and making it more likely it will compromise, he says. If you can’t realistically threaten to abandon your core software, consider switching subcomponents. Although migrating a large organization from Oracle’s ERP applications to SAP’s is “pretty audacious,” says Blake, an Oracle customer could threaten to move from Oracle to a competitor for just the database that underlies the ERP apps.
Focal Point EVERYTHING ABOUT SECURITY
TREAD CAREFULLY Innovative techniques are exploiting systems and networks of even the savviest users. By Roger A. Grimes
pieces of malware and thousands of malicious hacker gangs roam today’s online world preying on easy dupes. Reusing the same tactics that have worked for years, if not decades, they do nothing new or interesting in exploiting our laziness, lapses in judgment, or plain
idiocy. But each year antimalware researchers come across a few techniques that raise eyebrows. Used by malware or hackers, these inspired techniques stretch the boundaries of malicious hacking. Think of them as innovations in deviance. Like anything innovative, many are a measure of simplicity.
Take the 1990s Microsoft Excel macro virus that silently, randomly replaced zeros with capital O’s in spreadsheets, immediately transforming numbers into text labels with a value of zero—changes that went, for the most part, undetected until well after backup systems contained nothing but bad data. Today’s most ingenious malware and hackers are just as stealthy and conniving. Here are some of the latest techniques of note that have piqued my interest as a security researcher and the lessons learned. Some stand on the shoulders of past malicious innovators, but all are very much in vogue today as ways to rip off even the savviest users. Stealth attack #1: Fake wireless points No hack is easier to accomplish than a fake WAP (wireless access point). Anyone using a bit of software and a wireless network card can advertise their computer as an available WAP that is then connected to the real, legitimate WAP in a public location. Think of all the times you—or your users—have gone to the local coffee shop, airport, or public gathering place and connected to the “free wireless” network. Hackers at Starbucks who call their fake WAP “Starbucks Wireless Network” or at the Atlanta airport call it “Atlanta Airport Free Wireless” have all sorts of people connecting to their computer in minutes. The hackers can then sniff unprotected data from the data streams sent between the unwitting victims and
their intended remote hosts. You’d be surprised how much data, even passwords, are still sent in clear text. The more nefarious hackers will ask their victims to create a new access account to use their WAP. These users will more than likely use a common log-on name or one of their email addresses, along with a password they use elsewhere. The WAP hacker can then try using the same log-on credentials on popular websites—Facebook, Twitter, Amazon, iTunes, and so on—and the victims will never know how it happened. Lesson: You can’t trust public wireless access points. Always protect confidential information sent over a wireless network. Consider using a VPN connection, which protects all your communications, and don’t recycle passwords between public and private sites. Stealth attack #2: Cookie theft Browser cookies are a wonderful invention that preserves “state” when a user navigates a Website. These little text files, sent to our machines by a Website, help the Website or service track us across our visit, or over multiple visits, enabling us to more easily purchase jeans, for example. What’s not to like? Answer: When a hacker steals our cookies, and by virtue of doing so, becomes us—an increasingly frequent occurrence these days. Rather, they become authenticated to our Websites as if they were us and had supplied a valid log-on name and password. Sure, cookie theft has
n FOCAL POINT | SECURITY been around since the invention of the Web, but these days tools make the process as easy as click, click, click. Firesheep, for example, is a Firefox browser add-on that allows people to steal unprotected cookies from others. When used with a fake WAP or on a shared public network, cookie hijacking can be quite successful. Firesheep will show all the names and locations of the cookies it is finding, and with a simple click of the mouse, the hacker can take over the session. Worse, hackers can now steal even SSL/TLSprotected cookies and sniff them out of thin air. In September 2011, an attack labeled “BEAST” by its creators proved that even SSL/TLS-protected cookies can be obtained. Further improvements and refinements this year, including the well-named CRIME,
few years, you’re probably at risk. Lessons: Even encrypted cookies can be stolen. Connect to Websites that utilize secure development techniques and the latest crypto. Your HTTPS websites should be using the latest crypto, including TLS Version 1.2. Stealth attack #3: File name tricks Hackers have been using file name tricks to get us to execute malicious code since the beginning of malware. Early examples included naming the file something that would encourage unsuspecting victims to click on it (like AnnaKournikovaNudePics) and using multiple file extensions (such as AnnaKournikovaNudePics.Zip. exe). Until this day, Microsoft Windows and other operating systems readily hide “well known” file ex-
Web developers must use secure development techniques to reduce cookie theft. If your Website hasn’t updated its encryption protection in a few years, you’re probably at risk. Your HTTPS Websites should be using the latest crypto, including TLS Version 1.2. have made stealing and reusing encrypted cookies even easier. With each released cookie attack, Websites, and application developers are told how to protect their users. Sometimes the answer is to use the latest crypto cipher; other times it is to disable some obscure feature that most people don’t use. The key is that all Web developers must use secure development techniques to reduce cookie theft. If your Website hasn’t updated its encryption protection in a 40
tensions, which will make AnnaKournikovaNudePics. Gif.Exe look like AnnaKournikovaNudePics.Gif. Years ago, malware virus programs known as “twins,” “spawners,” or “companion viruses” relied on a little-known feature of Microsoft Windows/DOS, where even if you typed in the file name Start.exe, Windows would look for and, if found, execute Start. com instead. Companion viruses would look for all the .exe files on your hard drive, and create a virus
INDIAN CHANNELWORLD FEBRUARY 2014
with the same name as the EXE, but with the file extension .com. This has long since been fixed by Microsoft, but its discovery and exploitation by early hackers laid the groundwork for inventive ways to hide viruses that continue to evolve today. Among the more sophisticated file-renaming tricks currently employed is the use of Unicode characters that affect the output of the file name users are presented. For example, the Unicode character (U+202E), called the Right to Left Override, can fool many systems into displaying a file actually named AnnaKournikovaNudeavi. exe as AnnaKournikovaNudexe.avi. Lesson: Whenever possible, make sure you know the real, complete name of any file before executing it. Stealth attack #4: Location Another interesting stealth trick that uses an operating system against itself is a file location trick known as “relative versus absolute.” In legacy versions of Windows (Windows XP, 2003, and earlier) and other early operating systems, if you typed in a file name and hit Enter, or if the operating system went looking for a file on your behalf, it would always start with your current folder or directory location first, before looking elsewhere. This behavior might seem efficient and harmless enough, but hackers and malware used it to their advantage. For example, suppose you wanted to run the built-in, harmless Windows calculator (calc.exe). It’s easy enough (and often faster than using several
mouse clicks) to open up a command prompt, type in calc.exe and hit Enter. But malware could create a malicious file called calc.exe and hide it in the current directory or your home folder; when you tried to execute calc.exe, it would run the bogus copy instead. I loved this fault as a penetration tester. Often times, after I had broken into a computer and needed to elevate my privileges to Administrator, I would take an unpatched version of a known, previously vulnerable piece of software and place it in a temporary folder. Most of the time all I had to do was place a single vulnerable executable or DLL, while leaving the entire, previously installed patched program alone. I would type in the program executable’s filename in my temporary folder, and Windows would load my vulnerable, Trojan executable from my temporary folder instead of the more recently patched version. I loved it—I could exploit a fully patched system with a single bad file. Linux, Unix, and BSD systems have had this problem fixed for more than a decade. Microsoft fixed the problem in 2006 with the releases of Windows Vista/2008, although the problem remains in legacy versions because of backwardcompatibility issues. Microsoft has also been warning and teaching developers to use absolute (rather than relative) file/path names within their own programs for many years. Still, tens of thousands of legacy
programs are vulnerable to location tricks. Hackers know this better than anyone. Lesson: Use operating systems that enforce absolute directory and folder paths, and look for files in default system areas first. Stealth attack #5: Hosts file redirect Unbeknownst to most of today’s computer users is the existence of a DNS-related file named Hosts. Located under C:\ Windows\System32\ Drivers\Etc in Windows, the Hosts file can contain entries that link typedin domain names to their corresponding IP addresses. The Hosts file was originally used by DNS as a way for hosts to locally resolve name-to-IP address lookups without having to contact DNS servers and perform recursive name resolution. For the most part, DNS functions just fine, and most people never interact with their Hosts file, though it’s there. Hackers and malware love to write their own malicious entries to Hosts, so that when someone types in a popular domain name—say, bing.com— they are redirected to somewhere else more malicious. The malicious redirection often contains a near-perfect copy of the original desired website, so that the affected user is unaware of the switch. This exploit is still in wide use today. Lesson: If you can’t figure out why you’re being maliciously redirected, check out your Hosts file. Stealth attack # 6: Waterhole attacks
downloading or running one thing, and temporarily they are, but it is then switched out with a malicious item. Examples abound. It is common for malware spreaders to buy advertising space on popular websites. The Websites, when confirming the order, are shown a nonmalicious link or content. The website approves the advertisement and takes the money. The bad guy then switches the link or content with something more malicious. Often they will code the new malicious website to redirect viewers back to the original link or content if viewed by someone from an
Waterhole attacks became big news this year when several high-profile tech companies, including Apple, Facebook, and Microsoft, among others, were compromised because of popular application development websites their developers visited. IP address belonging to the original approver. This complicates quick detection and take-down. The most interesting baitand-switch attacks I’ve seen as of late involve bad guys who create “free” content that can be downloaded and used by anyone. (Think administrative console or a visitor counter for the bottom of a Web page.) Often these free applets and elements contain a licensing clause that says to the effect, “May be freely reused as long as original link remains.” Unsuspecting users employ the content in good faith, leaving the original link untouched. Usually the original link will contain nothing but a graphics file emblem or something else trivial and small. Later, after the bogus element has been included
Pakistani Brain, from 1986, redirected inquiring eyes to a copy of the unmodified boot sector when viewed by disk editors. When a hacker modifies your system in a stealthy way, it isn’t your system anymore—it belongs to the hackers. The only defenses against stealth attacks are the same defenses recommended for everything (good patching, don’t run untrusted executables, and so on), but it helps to know that if you suspect you’ve been compromised, your initial forensic investigations may be circumvented and fought against by the more innovative malware out there. What you think is a clean system and what really is a clean system may all be controlled by the wily hacker.
Work Out a Secure Way Here are seven good ways you can fix your security compliance problems. By Bob Violino
at protecting the security and privacy of organizations and individuals are well meaning. But sometimes these standards, or how they’re interpreted, can be more than a nuisance—they can actually contribute to weaker security. Here are few examples, from security executives and analysts, of internal and external compliance standards that are potentially problematic, and how they can be addressed so that they don’t cause problems while they’re trying to provide solutions.
ENCRYPTION AND HIPAA Many organizations and security executives are under the mistaken impression that compliance with the Health Insurance Portability and Accountability Act (HIPAA) requires encryption, and this can actually lead to security problems, says Paul Proctor, vice president and distinguished analyst at Gartner. In fact, HIPAA requires the appropriate use of encryption, which is quite a different standard and can mean the difference of millions of dollars, Proctor says. Aside from the overspending of time and energy on encryption, the misunderstanding related to HIPAA can have a negative impact on certain business processes, affect application perfor42
mance and even cause users to bypass certain controls because they’re annoyed at security, he says. Decisions such as overencrypting data “tend to have a ripple effect, of which lowering security is only one,” Proctor says. “The answer is to develop a risk management process that allows thoughtful consideration of what you should do” to be compliant with regulations.
PASSWORD -PROTECTED PDFS Sometimes the regulatory environment has companies spending money on tools that aren’t effective, and makes life more difficult for customers. When Tony Hildesheim, now senior vice president of IT at Redwood Credit Union, was working at another organization, internal regulations mandated that no account information be printed on any document. “This also required that if you emailed a customer information, it had to be in a password-protected PDF,” Hildesheim says. This caused multiple problems. “Many financial institutions truncate the account number so that the whole number is not printed on any material,” Hildesheim says. “Without an account number present on a piece of paper, it is hard to help the customer, many of whom no longer can tell you their account number.” The other issue is that
INDIAN CHANNELWORLD FEBRUARY 2014
with the company’s e-mail scanning solution, it was having a difficult time scanning the password-protected PDF. “Therefore, the security measure we put in place to ensure no data [such as credit card numbers] is emailed out of the company is rendered useless because the system cannot break into a PDF,” Hildesheim says. Regulations “are often written in response to a very specific or perceived risk that may or may no longer exist, has other mitigations or whose likelihood is so remote that it is a non-threat,” Hildesheim says.
OVERZEALOUS VIRUS SCANNING Several years ago Proctor and other Gartner analysts were visiting a large credit union to discuss security strategy. The firm had just experienced a computer virus attack when a user had connected an infected PC to its corporate network and inadvertently spread the virus. “So they created a blunt rule that said every machine the comes into the organization from outside had to have a full virus scan,” Proctor says. “This was done at the security desk and it took two hours for each machine. When we showed up for our meeting we couldn’t get in” because of the delays. “The meeting was cancelled because of this silly decision.
And who knows how many pieces of the business were impacted because of this rule.” It likely had a negative impact on the organization’s security posture because of increased resentment toward security, Proctor says. The solution, again, is to more clearly think through how compliance standards should be implemented and their potential impact on all aspects of the business.
VULNERABILITY SCORING AND PCI The PCI standard requirement for a “clean scan” is a huge burden on businesses, says Adrian Sanabria, senior security analyst at 451 Research. “It steals focus away from more effective risk-reduction work and encourages a dangerously false sense of security,” he says. Earlier versions of the PCI security standards “required businesses to show that all vulnerabilities rated a ‘CVSS score of 4.0 or higher’ be resolved,” Sanabria says. “This is a hugely labor-intensive process that yields very little return on security.” The key issue here is the ineffective nature of vulnerability scoring, Sanabria says. “The automatic score given to a vulnerability—provided it isn’t a false positive—is often highly inaccurate,” he says. “It is simply a best guess’ without some extra work to factor in each organization’s unique context. The vast majority of effort often goes into fixing vulnerabilities that aren’t a threat at all, and potentially ignoring ones that could be critical, but were scored under PCI’s threshold.” Many times larger organizations have a person entirely dedicated to coordinating tasks and obtaining clean scans, Sanabria says. “That’s
SECURITY | FOCAL POINT n one person’s time dedicated to a tiny fraction of PCI,” he says. “Newer versions of PCI have tried to correct this issue by implementing a new requirement in which each organization applies custom rankings to each vulnerability that affects them. Now these organizations will have to dedicate a second person to the task of vulnerability management.”
ENCRYPTED DATA BACKUPS One compliance effort that makes a difficult situation even more difficult is the requirement for encrypted backups. Hildesheim knows of companies required to maintain such backups of data. “This sounds like a reasonable precaution if you are storing your [backup] tapes in a public store,” Hildesheim says. “But consider that management and likelihood that seven years from today the encryption is able to be decrypted. Never mind that the password or key would have to be stored somewhere securely and cataloged. The encryption algorithm or software would have to still be in a form that could decrypt the data.” This is even more confounded when regulators require that backup media be encrypted, even if it is stored in a controlled storage vault to which only your company has access, Hildesheim says. “One of the answers that many of the regulators are wanting to see in place is encrypted electronic backups,” he says. “This again sounds good, until you realize that most have a local store and offsite store which is in a shared environment, or cloud.”
ISACA Resolutions for Tackling 2014 Trends
T professionals must prepare for a year of accelerated change and complexity as 2014 gears up to place increasing pressure on cybersecurity, data privacy, and Big Data, according to ISACA. With attitudes towards data privacy unlikely to reach consensus in 2014, the organisation claims the first is readiness for ‘Privacy 2.0’ to accommodate both those with little expectation of privacy, and those who view personal data as currency, and demand control on the manner in which it is spent. Explosive data volumes was the top issue posed by Big Data in ISACA’s
MULTIPLE INTERNATIONAL REGULATIONS For companies that offer their services primarily through the cloud, such as learning and talent management solutions provider Saba, the need to comply with a host of federal and industry regulations can create complexities that potentially hinder security. Saba complies with standards such as ISO27001; privacy requirements such as Safe Harbor, EU Directive and other geographic privacy requirements; Life Science Validation Environments; FISMA, etc., says Randy Barr, chief security and information officer. Some of these regulations are stricter than others and create challenges that are important to address in order to provide adequate security, Barr says. For example, some require employees to work in the U.S., or have U.S. citizenship. “It’s difficult to keep track of individuals who work abroad, and having to do so for some of the groups
2013 IT Risk and Rewards Barometer. Slimming down on Big Data is therefore the second resolution as unmanageable volumes create redundancies and prove difficult to secure. It recommends eliminating the excess and consolidating what remains through 2014 to promote sharing and protect using better controls. The organisation’s third point concerns creating a plan to compete for cybersecurity and data analytics experts as it predicts the need for smart analytics personnel and cybersecurity defenders with the right certifications will grow in 2014, marking what it calls “the year within our company can be challenging,” Barr says. “If Saba wasn’t prepared for such regulations, our ability to provide security across the board would be in jeopardy. It’s important that all departments take the time to understand the security programs that we’ve communicated rather than just reviewing compliance requirements and saying it must be done.” It’s working with the Cloud Security Alliance to find more effective ways to comply with standards without draining resources. In addition, it has formed a Saba Security Council to provide a consensus-based forum to support the overall Saba Security program.
ISO REGULATIONS AND ROADBLOCKS The ISO/IEC 15408 regulations requiring Common Criteria testing can hinder security, says Robert Schadey, CISO and director of infrastructure services at 1901 Group, an IT services management provider. “The
of the data professional.” ISACA also advises a rethink of how the enterprise is utilising information security experts as the outsourcing of some elements of IT security operational responsibility to Cloud providers is enabling internal security experts to become ‘hunters’ rather than ‘defenders’. Final resolution is ramping up for what it calls the “Internet of even more things” on the back of the Cisco prediction that 50 billion devices are expected to be connected to the Internet by 2020. This involves developing a policy governing connected devices if not already in place. —Nermin Bajric Common Criteria guidelines and specifications developed for evaluating the security within a product ensure that security standards are agreed upon and [testing is] in place,” Schadey says. For the most part, Common Criteria validates the claims of vendors’ security features with an assessment of potential threats, he says. “However, the overall length of time for testing and costs has caused a roadblock for most of the industry,” Schadey says. “Our focus has shifted to providing a services-based approach for our federal customers. Services are delivered via dynamic hosting environments whereby the infrastructure layer may not be under a customer’s control.” “The loss of control at the infrastructure layer can cause security problems,” he says. “The other issue that hinders security is the timeframe it takes to test the products and have them available for selection off the Common Criteria Products List.”
Shaken and Stirred Partner organisations consciously have to strike a balance of mutliple vendor alliances—old and startsups—in a specific domain to averse the risk in case of a ‘shaky’ M&A deal.
Yogesh Gupta is associate editor at ChannelWorld. He is a computer engineer from Mumbai University. You can contact him at yogesh_ firstname.lastname@example.org 44
NE IN four cloud providers (vendor companies) will
be gone by 2015 for whatever reason—acquisition, bankruptcy according to William Maurer, a Gartner analyst. Most of the time, the changes will come through acquisition. Consolidation, one would argue, is a robust sign for any ecosystem. But the research agency predicts that the portion of organizations using cloud services will reach 80 percent by the end of this year. A scary Catch-22. The ‘rapidly maturing’ cloud turns mainstream and there is uncertainty
about the existence of that cloud provider in near future! Every enterprise vendor on this planet is aggressive about big data, SDN, mobility, and cloud. But risks are aplenty for the stakeholders—top management, channels, and enterprise customers—to keep pace with M&As. Oracle acquisition of Corente, maker of SDN, seems a regular buy. But it causes a worry or two for the solution providers and their customers that trust Cisco or IBM and never thought Oracle as a strong contender in SDN game. The shakeup extends into the traditional landscape dominated by erstwhile big boys. McAfee becoming Intel Security was inevitable ever since the security giant was guzzled for a whopping $7.7 billion in 2009. But these ‘new and big’ entities face another threat from lesser known companies or start-ups inking big acquisitions too. FireEye buying Madrant for $1 billion comes a few quarters after the seven-yearold FireEye announced an IPO. Does Intel Security possess the arsenal to beat FireEye or ‘McAfee’ brand would have been much more lethal? Tough to say. The acquisitions of different sizes, varied proportions, and diverse technologies burden the enterprise channels of the vendor company that got acquired or did the acquisition or both. The joint GTM of the merged entity takes time to take shape product-wise, culture-wise, and partner-
INDIAN CHANNELWORLD FEBRUARY 2014
wise. But today’s business environment does not wait. Capex model is turning opex. Channel- customer engagement cycle has shortened. SLAs are stricter. And the ‘loyal’ customer switches to competition. All M&A deals are not disasters, but I believe the channel companies would proactively need ‘checks and balances’ in place. They consciously have to strike a balance of mutliple vendor alliances—old and starts-ups—in a specific domain to averse the risk in case of a ‘shaky’ M&A deal. Channels, if possible, should have a clear discussion with the vendors about their support and other issues in case of a future acquisition. They should have enough hindsight to distinguish between a fly-bynight set up and a serious company before investing time, money, and resources in an alliance. And the recent news of Intel laying off 5 percent of its global workforce in 2014 rings in more alarms to the industry. Channel-friendly EMC, Cisco,HP, to name a few, are reducing their workforce too. There’s no halt to the acquisitions and shakeups. Keep your ears wide open and the strategies flexible enough to react to these rumblings in the market. ‘Shaken, not stirred”, to quote James Bond’s preference for his martini, is untrue in the modern tech world. The erosion of ‘not’ has left the industry folks high and dry.
HPC Solutions Optimized with Intel® Many Integrated Core (MIC) Architecture New!
• Up to 120 Xeon Phi™ and 120 CPUs in 42U Rack • FDR/QDR InfiniBand or 10GbE connectivity optional • Server management & Intel® Xeon Phi™ coprocessor status monitoring through IPMI 2.0 • Non-Blocking PCI-E 3.0 x16 connections maximize I/O bandwidth • Up to 768GB DDR3-1866MHz in 24 DIMMs • Redundant Platinum Level Digital (95%+) Power Supplies available • Supports Dual and Single Intel® Xeon® Processor E5-2600 and E5-2600 v2 product families
Oil & Gas Exploration
www.supermicro.com/Xeon_Phi © Super Micro Computer, Inc. Specifications subject to change without notice. Intel, the Intel logo, the Intel Inside logo, Xeon, and Intel Xeon Phi are trademarks of Intel Corporation in the U.S. and/or other countries. All other brands and names are the property of their respective owners.
SYS-1027GR Series (shown) SYS-1017GR Series SYS-5017GR Series Financial Simulation
Level 9, Platina, Bandra Kurla Complex, Bandra (East), Mumbai 400 051 India Telephone +91 22 67000897 Facsimile +91 22 39530600 email@example.com
1/21/2014 3:27:17 PM